Jump to content


Photo

Possible Infection


  • This topic is locked This topic is locked
22 replies to this topic

#1 sickofhijackers

sickofhijackers

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 29 August 2012 - 02:43 AM

I would ask that you check my PC for anything suspicious. Please have someone inspect and clean my computer. My operating system (OS) is Windows Vista Home Premium SP2. The issue is my internet, which is a high-speed connection, has been much slower in displaying and navigating pages. Also when I attempt to stream any videos or cam it is constantly buffering and is at best very choppy.

I should mention I read up extensively on the "Instructions for Posting Requested Logs" page. I was somewhat confused however with regards to what logs besides Malwarebytes' Anti-Malware, DDS, and Security Check I was to include and/or what programs I was to run. For instance it indicates to use Spybot-Search and Destroy for older versions of Windows, but I was unsure if by "older" it meant anything besides the current OS (Windows 7) or rather "older" than the operating systems listed prior (Windows 2000, XP, Vista, or 7). In another instance it mentions if you have Windows 98 to please use HijackThis, so my thinking was because I don't operate under that version of Windows it didn't concern me...that is until I read further down and it indicated to copy and paste the entire HijackThis log along with the 3 others (Malwarebytes', DDS, and Security Check). I apologize in advance if I make life difficult by including extra logs. **I know it says NOT to post a Spybot log file unless specifically requested, but I thought I would let you know I ran a search and it returned with the following message/report "Congratulations! No immediate threats were found". As instructed I will use Add Reply to post my logs, each log in its own reply and also separate from this initial post.

Edited by sickofhijackers, 29 August 2012 - 03:24 PM.


#2 sickofhijackers

sickofhijackers

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 29 August 2012 - 02:55 AM

Prompted with message when selected scan option "For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this".

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:49:43 AM, on 29/08/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
c:\PROGRA~1\mcafee\SITEAD~1\saui.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/w...2"&"ver=9.0.872
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://download.windowsupdate.com
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\WINDOWS\System32\avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10704 bytes

#3 sickofhijackers

sickofhijackers

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 29 August 2012 - 02:57 AM

DDS Log

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.6.2
Run by Trevor at 3:21:51 on 2012-08-29
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2037.928 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
c:\PROGRA~1\mcafee\SITEAD~1\saui.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.ca/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=71&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/w...2"&"ver=9.0.872
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpconn~1.lnk - c:\program files\hp connections\6811507\program\HP Connections.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: windowsupdate.com\download
TCP: DhcpNameServer = 64.71.255.198
TCP: Interfaces\{544B2005-A287-42E7-B56C-14E9BE21379C} : DhcpNameServer = 64.71.255.198
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 74.208.10.249 gs.apple.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\trevor\appdata\roaming\mozilla\firefox\profiles\nvimp1dq.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - google.ca
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cd3867c&v=6.010.006.004&i=26&tp=ab&iy=&ychte=ca&lng=en-US&q=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 171064]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-12-14 21504]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-1-16 95232]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2011-8-26 227896]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 ST50220;Sonix ST50220 USB Video Camera Driver;c:\windows\system32\drivers\ST50220.sys [2008-12-2 34224]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 113120]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-08-29 07:03:40 -------- d-----w- c:\users\trevor\appdata\roaming\Malwarebytes
2012-08-29 07:03:20 -------- d-----w- c:\programdata\Malwarebytes
2012-08-29 07:03:18 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-29 07:03:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-29 06:35:34 7022536 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{74da41a3-e062-407c-a89f-e0395de1c89e}\mpengine.dll
2012-08-28 20:34:35 7022536 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-08-16 20:36:01 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-14 21:15:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-14 21:15:01 194560 ----a-w- c:\program files\internet explorer\ieproxy.dll
2012-08-14 21:15:01 140920 ----a-w- c:\program files\internet explorer\sqmapi.dll
2012-08-14 21:15:00 194048 ----a-w- c:\program files\internet explorer\IEShims.dll
2012-08-14 20:02:00 623616 ----a-w- c:\windows\system32\localspl.dll
.
==================== Find3M ====================
.
2012-08-23 20:45:35 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-23 20:45:35 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-16 20:35:47 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-16 20:35:47 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-04 14:02:46 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-07 00:59:42 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-05 16:47:28 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47:27 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26:04 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 00:04:25 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03:42 204288 ----a-w- c:\windows\system32\ncrypt.dll
.
============= FINISH: 3:22:38.03 ===============

#4 sickofhijackers

sickofhijackers

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 29 August 2012 - 02:58 AM

Security Check Log

Results of screen317's Security Check version 0.99.49
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
McAfee SiteAdvisor
Malwarebytes Anti-Malware version 1.62.0.1300
HijackThis 2.0.2
Java 7 Update 6
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.4.402.265
Adobe Reader 9 Adobe Reader out of Date!
Adobe Reader X (10.1.4)
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````

#5 sickofhijackers

sickofhijackers

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 29 August 2012 - 03:02 AM

Malwarebytes' Anti-Malware Log

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.29.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Trevor :: VISTA-PC [administrator]

29/08/2012 3:06:08 AM
mbam-log-2012-08-29 (03-06-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202248
Time elapsed: 7 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#6 sickofhijackers

sickofhijackers

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 29 August 2012 - 03:18 PM

I wanted to add that now even when loading applications such as Microsoft Office, I have the 2007 version, it takes more time than it did before.

Also this problem seems to all date back to this past Saturday, August 25th, when I launched a "Full Scan" with Microsoft Security Essentials (4.0.1526.0) which took upwards of 3hrs to complete and if I recall correctly it detected a Java TrojanDownloader. I followed the recommended instructions, which was to remove the file. It then prompted me that its removal was a success.

I don't know if this is a coincidence to the timing of my problem or not, but I thought it was worth mentioning.

#7 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 30 August 2012 - 06:33 PM

Hello sickofhijackers. Yes, it's good to tell me everything odd you notice. You were right in thinking that HijackThis doesn't work well with Vista and gives that odd line about hosts.

Please download ComboFix.exe to your Desktop. Visit this webpage for download links, and instructions for running the tool:
how-to-use-combofix. Be sure to read the whole page and note the graphics so you know what to expect.

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review, and let me know what problems remain. If ComboFix caused any error message, reboot again should fix it.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#8 sickofhijackers

sickofhijackers

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 31 August 2012 - 04:03 PM

I downloaded ComboFix and ran it. I made sure to disable Microsoft Security Essential's Real-Time Protection as well as Windows Firewall. The only other thing I have as prevention is McAfee SiteAdvisor, which I don't believe I needed to worry about. **Immediately following running ComboFix I turned back on Windows Firewall and Security Essential's Real-Time Proctection, I hope that was implied**

The only thing worth mentioning is after the scan was complete I noticed my desktop had an Internet Explorer icon labeled "The Internet". I myself prefer Mozilla Firefox (currently v14.0.1) and when I double clicked the icon to bring it up it prompted me that Firefox was not my default browser anymore, so I simply selected the option to make it so again.

I was curious if you came across anything in the initial logs I submitted? Is the ComboFix suggestion just preventative?

Also I was wondering if I could delete all the programs and accompanying log files (e.g. Malwarebytes, DDS) that I've been asked to download?

Here's the log file (.txt) that was requested for further review.

ComboFix 12-08-31.01 - Trevor 31/08/2012 17:16:29.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2037.1072 [GMT -4:00]
Running from: c:\users\Trevor\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-31 )))))))))))))))))))))))))))))))
.
.
2012-08-31 21:27 . 2012-08-31 21:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-31 20:31 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E6A39FD-6EFB-4F9C-B450-8FB333A508C7}\mpengine.dll
2012-08-29 21:07 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-29 08:39 . 2012-08-29 08:39 388096 ----a-r- c:\users\Trevor\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-29 07:45 . 2012-08-29 08:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-08-29 07:45 . 2012-08-29 07:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-08-29 07:03 . 2012-08-29 07:03 -------- d-----w- c:\users\Trevor\AppData\Roaming\Malwarebytes
2012-08-29 07:03 . 2012-08-29 07:03 -------- d-----w- c:\programdata\Malwarebytes
2012-08-29 07:03 . 2012-08-29 07:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-29 07:03 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-16 20:36 . 2012-08-16 20:36 -------- d-----w- c:\program files\Common Files\Java
2012-08-16 20:36 . 2012-08-16 20:35 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-14 21:15 . 2012-06-29 00:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-14 21:15 . 2012-06-29 01:00 140920 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-08-14 21:15 . 2012-06-29 00:06 194560 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2012-08-14 21:15 . 2012-06-29 00:06 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-08-14 20:02 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-23 20:45 . 2012-03-28 20:07 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-23 20:45 . 2011-05-13 20:54 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-16 20:35 . 2011-12-14 03:55 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-16 20:35 . 2010-04-17 21:15 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-07 00:59 . 2012-06-07 00:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-05 16:47 . 2012-07-11 14:38 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-11 14:38 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26 . 2012-07-11 14:38 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-21 20:33 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 20:33 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 20:32 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 20:32 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 20:33 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 20:33 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 20:32 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-07-19 16:23 . 2011-07-15 20:28 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2009-08-01_02.35.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-24 03:42 . 2009-11-08 14:55 99176 c:\windows\winsxs\x86_wpf-presentationhostproxy_31bf3856ad364e35_6.1.6001.18242_none_f290a8a118b9134c\PresentationHostProxy.dll
+ 2010-06-24 03:42 . 2010-03-30 11:59 99176 c:\windows\winsxs\x86_wpf-presentationhostproxy_31bf3856ad364e35_6.0.6002.22377_none_2cb6816f90457914\PresentationHostProxy.dll
+ 2010-06-24 03:42 . 2010-04-05 12:19 99176 c:\windows\winsxs\x86_wpf-presentationhostproxy_31bf3856ad364e35_6.0.6002.18236_none_2c57240a7708502f\PresentationHostProxy.dll
+ 2009-10-28 03:47 . 2009-10-01 01:01 40448 c:\windows\winsxs\x86_wpdmtp.inf_31bf3856ad364e35_6.0.6002.18112_none_2177efcb83dd35a0\wpdusb.sys
+ 2009-10-28 03:47 . 2009-10-01 01:01 61952 c:\windows\winsxs\x86_wpdmtp.inf_31bf3856ad364e35_6.0.6002.18112_none_2177efcb83dd35a0\wpdmtpus.dll
+ 2009-10-28 03:47 . 2009-10-01 01:01 68608 c:\windows\winsxs\x86_wpdmtp.inf_31bf3856ad364e35_6.0.6002.18112_none_2177efcb83dd35a0\wpdmtpip.dll
+ 2009-10-28 03:47 . 2009-10-01 01:01 78336 c:\windows\winsxs\x86_wpdmtp.inf_31bf3856ad364e35_6.0.6002.18112_none_2177efcb83dd35a0\wpdmtpbt.dll
+ 2009-10-28 03:47 . 2009-10-01 01:01 33280 c:\windows\winsxs\x86_wpdmtp.inf_31bf3856ad364e35_6.0.6002.18112_none_2177efcb83dd35a0\wpdconns.dll
+ 2010-06-09 03:38 . 2010-04-12 12:22 17256 c:\windows\winsxs\x86_wcf-m_svc_mon_sup_dll_31bf3856ad364e35_6.0.6002.22380_none_a7f79e1e62233116\ServiceMonikerSupport.dll
+ 2010-06-09 03:38 . 2010-04-12 12:21 17256 c:\windows\winsxs\x86_wcf-m_svc_mon_sup_dll_31bf3856ad364e35_6.0.6002.18239_none_a7ad138948d4e9a6\ServiceMonikerSupport.dll
+ 2010-06-24 03:42 . 2009-11-08 14:55 11600 c:\windows\winsxs\x86_netfx-mscorees_dll_31bf3856ad364e35_6.1.6001.18242_none_e15f1c362a176592\mscorees.dll
+ 2010-06-24 03:42 . 2009-11-08 14:55 49472 c:\windows\winsxs\x86_netfx-fw_netfxperf_dll_31bf3856ad364e35_6.1.6001.18242_none_5c993a771a2304b1\netfxperf.dll
+ 2012-01-10 20:38 . 2011-12-26 12:55 31504 c:\windows\winsxs\x86_netfx-aspnet_wp_exe_b03f5f7f11d50a3a_6.0.6002.22764_none_adfccd08a63cb045\aspnet_wp.exe
+ 2010-10-02 18:03 . 2010-09-23 13:31 30544 c:\windows\winsxs\x86_netfx-aspnet_wp_exe_b03f5f7f11d50a3a_6.0.6002.22493_none_adffe51aa639e1b6\aspnet_wp.exe
+ 2010-06-09 03:38 . 2010-03-25 11:54 30544 c:\windows\winsxs\x86_netfx-aspnet_wp_exe_b03f5f7f11d50a3a_6.0.6002.22372_none_adfdfb72a63b9516\aspnet_wp.exe
+ 2012-01-10 20:38 . 2011-12-27 02:51 31504 c:\windows\winsxs\x86_netfx-aspnet_wp_exe_b03f5f7f11d50a3a_6.0.6002.18558_none_c4c918828c969d1b\aspnet_wp.exe
+ 2010-10-02 18:03 . 2010-09-25 18:34 30544 c:\windows\winsxs\x86_netfx-aspnet_wp_exe_b03f5f7f11d50a3a_6.0.6002.18315_none_c4c55bfa8c99ea3a\aspnet_wp.exe
+ 2010-06-09 03:38 . 2010-03-25 11:53 30544 c:\windows\winsxs\x86_netfx-aspnet_wp_exe_b03f5f7f11d50a3a_6.0.6002.18232_none_c4c7a10a8c97cfb4\aspnet_wp.exe
+ 2011-06-14 23:48 . 2011-06-14 23:48 65536 c:\windows\winsxs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.6195_none_3b1209fdc9ac7774\vcomp.dll
+ 2011-06-14 23:48 . 2011-06-14 23:48 49152 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80KOR.dll
+ 2011-06-14 23:48 . 2011-06-14 23:48 49152 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80JPN.dll
+ 2011-06-14 23:48 . 2011-06-14 23:48 61440 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ITA.dll
+ 2011-06-14 23:48 . 2011-06-14 23:48 61440 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80FRA.dll
+ 2011-06-14 23:48 . 2011-06-14 23:48 61440 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ESP.dll
+ 2011-06-14 23:48 . 2011-06-14 23:48 57344 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ENU.dll
+ 2011-06-14 23:48 . 2011-06-14 23:48 65536 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80DEU.dll
+ 2011-06-14 23:48 . 2011-06-14 23:48 45056 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80CHT.dll
+ 2011-06-14 23:48 . 2011-06-14 23:48 40960 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80CHS.dll
+ 2011-06-14 23:48 . 2011-06-14 23:48 57856 c:\windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfcm80u.dll
+ 2011-06-14 23:48 . 2011-06-14 23:48 69632 c:\windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfcm80.dll
+ 2011-06-14 23:47 . 2011-06-14 23:47 97280 c:\windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de\ATL80.dll
+ 2009-10-28 03:47 . 2009-10-01 01:02 87552 c:\windows\winsxs\x86_microsoft-windows-wpd-shellextension_31bf3856ad364e35_6.0.6002.18112_none_130696d2c3f64ac4\WPDShServiceObj.dll
+ 2009-10-28 03:48 . 2009-10-01 01:02 30208 c:\windows\winsxs\x86_microsoft-windows-wpd-shellextension_31bf3856ad364e35_6.0.6002.18112_none_130696d2c3f64ac4\WPDShextAutoplay.exe
+ 2009-10-28 03:47 . 2009-10-01 01:01 60928 c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18112_none_4cde706de936888c\PortableDeviceConnectApi.dll
+ 2009-10-28 03:48 . 2009-10-01 01:01 81920 c:\windows\winsxs\x86_microsoft-windows-wpd-busenumservice_31bf3856ad364e35_6.0.6002.18112_none_79dbda7dc92efc79\wpdbusenum.dll
+ 2009-09-10 02:37 . 2009-07-11 19:10 68096 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\wlanhlp.dll
+ 2009-09-10 02:37 . 2009-07-11 19:10 65024 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\wlanapi.dll
+ 2008-12-15 02:53 . 2008-01-05 11:34 15181 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\gatherWirelessInfo.vbs
+ 2009-06-02 20:01 . 2009-04-11 06:28 68096 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\wlanhlp.dll
+ 2009-09-10 02:37 . 2009-07-11 19:01 65024 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\wlanapi.dll
+ 2008-12-15 02:53 . 2008-01-05 11:34 15181 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\gatherWirelessInfo.vbs
+ 2009-09-10 02:37 . 2009-07-11 19:17 68096 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\wlanhlp.dll
+ 2009-09-10 02:37 . 2009-07-11 19:17 64512 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\wlanapi.dll
+ 2008-12-15 02:53 . 2008-01-05 11:34 15181 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\gatherWirelessInfo.vbs
+ 2008-12-15 02:54 . 2008-01-19 07:36 68096 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\wlanhlp.dll
+ 2008-12-15 02:54 . 2008-01-19 07:36 64512 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\wlanapi.dll
+ 2008-12-15 02:53 . 2008-01-05 11:34 15181 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\gatherWirelessInfo.vbs
+ 2009-09-10 02:37 . 2009-07-11 19:24 67584 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7\wlanhlp.dll
+ 2009-09-10 02:37 . 2009-07-11 19:24 47104 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7\wlanapi.dll
+ 2006-11-02 12:34 . 2006-11-02 12:34 14827 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7\gatherWirelessInfo.vbs
+ 2009-09-10 02:37 . 2009-07-11 19:32 67584 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79\wlanhlp.dll
+ 2009-09-10 02:37 . 2009-07-11 19:32 47104 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79\wlanapi.dll
+ 2006-11-02 12:34 . 2006-11-02 12:34 14827 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79\gatherWirelessInfo.vbs
+ 2010-06-24 04:02 . 2009-10-09 21:56 10240 c:\windows\winsxs\x86_microsoft-windows-winrsplugins_31bf3856ad364e35_7.0.6001.18181_none_0751757cbccdee84\winrssrv.dll
+ 2010-06-24 04:02 . 2009-10-09 21:56 20480 c:\windows\winsxs\x86_microsoft-windows-winrsplugins_31bf3856ad364e35_7.0.6001.18181_none_0751757cbccdee84\winrshost.exe
+ 2010-06-24 04:02 . 2009-10-09 21:56 40448 c:\windows\winsxs\x86_microsoft-windows-winrsplugins_31bf3856ad364e35_7.0.6001.18181_none_0751757cbccdee84\winrs.exe
+ 2011-11-09 04:12 . 2011-09-30 16:03 41984 c:\windows\winsxs\x86_microsoft-windows-wab-core_31bf3856ad364e35_6.0.6002.22722_none_577fedfa601b69cd\wabimp.dll
+ 2006-11-02 08:48 . 2006-11-02 09:46 41984 c:\windows\winsxs\x86_microsoft-windows-wab-core_31bf3856ad364e35_6.0.6002.18521_none_56f54eff46feb385\wabimp.dll
+ 2010-12-19 00:04 . 2010-10-12 14:50 66048 c:\windows\winsxs\x86_microsoft-windows-wab-app_31bf3856ad364e35_6.0.6002.22503_none_451c7a5bedd3cb66\wabmig.exe
+ 2010-12-19 00:04 . 2010-10-12 17:00 33280 c:\windows\winsxs\x86_microsoft-windows-wab-app_31bf3856ad364e35_6.0.6002.22503_none_451c7a5bedd3cb66\wabfind.dll
+ 2010-12-19 00:04 . 2010-10-12 13:41 66048 c:\windows\winsxs\x86_microsoft-windows-wab-app_31bf3856ad364e35_6.0.6002.18324_none_447e3c1cd4c57fae\wabmig.exe
+ 2010-12-19 00:04 . 2010-10-12 15:53 33280 c:\windows\winsxs\x86_microsoft-windows-wab-app_31bf3856ad364e35_6.0.6002.18324_none_447e3c1cd4c57fae\wabfind.dll
+ 2010-12-19 00:04 . 2010-10-12 13:54 66048 c:\windows\winsxs\x86_microsoft-windows-wab-app_31bf3856ad364e35_6.0.6001.22774_none_42eb5763f0e55609\wabmig.exe
+ 2010-12-19 00:04 . 2010-10-12 15:28 33280 c:\windows\winsxs\x86_microsoft-windows-wab-app_31bf3856ad364e35_6.0.6001.22774_none_42eb5763f0e55609\wabfind.dll
+ 2010-12-19 00:04 . 2010-10-12 13:52 66048 c:\windows\winsxs\x86_microsoft-windows-wab-app_31bf3856ad364e35_6.0.6001.18535_none_428df8acd7a662ab\wabmig.exe
+ 2010-12-19 00:04 . 2010-10-12 15:48 33280 c:\windows\winsxs\x86_microsoft-windows-wab-app_31bf3856ad364e35_6.0.6001.18535_none_428df8acd7a662ab\wabfind.dll
+ 2012-06-21 20:33 . 2012-06-02 22:19 45080 c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.256_none_79d6786e99338140\wups2.dll
+ 2012-06-21 20:33 . 2012-06-02 22:19 53784 c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.256_none_79d6786e99338140\wuauclt.exe
+ 2009-10-20 04:21 . 2009-08-07 02:24 44768 c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.4.7600.226_none_e979223d5b9c821b\wups2.dll
+ 2009-10-20 04:21 . 2009-08-07 02:24 53472 c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.4.7600.226_none_e979223d5b9c821b\wuauclt.exe
+ 2012-06-21 20:32 . 2012-06-02 19:12 33792 c:\windows\winsxs\x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.6.7600.256_none_09f272fb52ab0c3f\wuapp.exe
+ 2009-10-20 04:20 . 2009-08-06 22:44 33792 c:\windows\winsxs\x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.4.7600.226_none_79951cca15140d1a\wuapp.exe
+ 2012-06-21 20:32 . 2012-06-02 22:19 35864 c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.6.7600.256_none_5fe7b2baacf3da43\wups.dll
+ 2012-06-21 20:32 . 2012-06-02 22:12 88576 c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.6.7600.256_none_5fe7b2baacf3da43\wudriver.dll
+ 2009-10-20 04:21 . 2009-08-07 02:24 35552 c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.4.7600.226_none_cf8a5c896f5cdb1e\wups.dll
+ 2009-10-20 04:21 . 2009-08-07 01:44 87552 c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.4.7600.226_none_cf8a5c896f5cdb1e\wudriver.dll
+ 2010-06-24 04:02 . 2009-10-09 21:55 54272 c:\windows\winsxs\x86_microsoft-windows-w..for-management-core_31bf3856ad364e35_7.0.6001.18181_none_bb807475382e6b2a\WsmRes.dll
+ 2010-06-24 04:02 . 2009-10-09 21:56 12800 c:\windows\winsxs\x86_microsoft-windows-w..for-management-core_31bf3856ad364e35_7.0.6001.18181_none_bb807475382e6b2a\wsmprovhost.exe
+ 2010-06-24 04:02 . 2009-10-09 21:56 10240 c:\windows\winsxs\x86_microsoft-windows-w..for-management-core_31bf3856ad364e35_7.0.6001.18181_none_bb807475382e6b2a\wsmplpxy.dll
+ 2010-02-10 05:49 . 2009-12-28 12:05 31744 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22295_none_9445b91c9f4a779f\msvidc32.dll
+ 2010-02-10 05:49 . 2009-12-28 12:04 13312 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22295_none_9445b91c9f4a779f\msrle32.dll
+ 2010-02-10 05:49 . 2009-12-28 12:04 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22295_none_9445b91c9f4a779f\mciavi32.dll
+ 2010-02-10 05:49 . 2009-12-28 12:02 91136 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22295_none_9445b91c9f4a779f\avifil32.dll
+ 2010-02-10 05:49 . 2009-12-28 12:02 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22295_none_9445b91c9f4a779f\avicap32.dll
+ 2009-08-11 17:55 . 2009-06-10 11:44 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22150_none_946bf5749f2e8c01\msvidc32.dll
+ 2009-08-11 17:55 . 2009-06-10 11:44 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22150_none_946bf5749f2e8c01\msrle32.dll
+ 2009-08-11 17:55 . 2009-06-10 11:44 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22150_none_946bf5749f2e8c01\mciavi32.dll
+ 2009-08-11 17:55 . 2009-06-10 11:42 91136 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22150_none_946bf5749f2e8c01\avifil32.dll
+ 2009-08-11 17:55 . 2009-06-10 11:42 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22150_none_946bf5749f2e8c01\avicap32.dll
+ 2010-02-10 05:49 . 2009-12-04 18:28 31744 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18158_none_93ea5cdf8609b416\msvidc32.dll
+ 2010-02-10 05:49 . 2009-12-04 18:28 13312 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18158_none_93ea5cdf8609b416\msrle32.dll
+ 2010-02-10 05:49 . 2009-12-04 18:28 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18158_none_93ea5cdf8609b416\mciavi32.dll
+ 2010-02-10 05:49 . 2009-12-04 18:27 91136 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18158_none_93ea5cdf8609b416\avifil32.dll
+ 2006-11-02 09:03 . 2006-11-02 09:46 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18158_none_93ea5cdf8609b416\avicap32.dll
+ 2008-12-15 02:53 . 2008-01-19 07:35 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\msvidc32.dll
+ 2006-11-02 09:03 . 2006-11-02 09:46 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\msrle32.dll
+ 2006-11-02 09:03 . 2006-11-02 09:46 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\mciavi32.dll
+ 2009-08-11 17:55 . 2009-06-10 11:38 91136 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\avifil32.dll
+ 2006-11-02 09:03 . 2006-11-02 09:46 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\avicap32.dll
+ 2010-02-10 05:49 . 2009-12-28 13:40 31744 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22590_none_925a45c2a228a3c8\msvidc32.dll
+ 2010-02-10 05:49 . 2009-12-28 13:40 13312 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22590_none_925a45c2a228a3c8\msrle32.dll
+ 2010-02-10 05:49 . 2009-12-28 13:40 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22590_none_925a45c2a228a3c8\mciavi32.dll
+ 2010-02-10 05:49 . 2009-12-28 13:38 91136 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22590_none_925a45c2a228a3c8\avifil32.dll
+ 2010-02-10 05:49 . 2009-12-28 13:38 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22590_none_925a45c2a228a3c8\avicap32.dll
+ 2009-08-11 17:55 . 2009-06-10 11:58 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22447_none_9297557ea1f9cc4d\msvidc32.dll
+ 2009-08-11 17:55 . 2009-06-10 11:57 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22447_none_9297557ea1f9cc4d\msrle32.dll
+ 2009-08-11 17:55 . 2009-06-10 11:56 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22447_none_9297557ea1f9cc4d\mciavi32.dll
+ 2009-08-11 17:55 . 2009-06-10 11:52 91136 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22447_none_9297557ea1f9cc4d\avifil32.dll
+ 2009-08-11 17:55 . 2009-06-10 11:52 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22447_none_9297557ea1f9cc4d\avicap32.dll
+ 2010-02-10 05:49 . 2009-12-28 12:32 31744 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18389_none_91e4799788facef5\msvidc32.dll
+ 2010-02-10 05:49 . 2009-12-28 12:32 13312 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18389_none_91e4799788facef5\msrle32.dll
+ 2010-02-10 05:49 . 2009-12-28 12:31 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18389_none_91e4799788facef5\mciavi32.dll
+ 2010-02-10 05:49 . 2009-12-28 12:28 91136 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18389_none_91e4799788facef5\avifil32.dll
+ 2010-02-10 05:49 . 2009-12-28 12:28 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18389_none_91e4799788facef5\avicap32.dll
+ 2008-12-15 02:53 . 2008-01-19 07:35 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\msvidc32.dll
+ 2006-11-02 09:03 . 2006-11-02 09:46 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\msrle32.dll
+ 2006-11-02 09:03 . 2006-11-02 09:46 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\mciavi32.dll
+ 2009-08-11 17:55 . 2009-06-10 12:07 91136 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\avifil32.dll
+ 2006-11-02 09:03 . 2006-11-02 09:46 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\avicap32.dll
+ 2010-02-10 05:49 . 2009-12-28 12:29 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21188_none_9086af94a4f2f7b9\msvidc32.dll
+ 2010-02-10 05:49 . 2009-12-28 12:29 13312 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21188_none_9086af94a4f2f7b9\msrle32.dll
+ 2010-02-10 05:49 . 2009-12-28 12:29 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21188_none_9086af94a4f2f7b9\mciavi32.dll
+ 2010-02-10 05:49 . 2009-12-28 12:26 88576 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21188_none_9086af94a4f2f7b9\avifil32.dll
+ 2010-02-10 05:49 . 2009-12-28 12:26 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21188_none_9086af94a4f2f7b9\avicap32.dll
+ 2009-08-11 17:55 . 2009-06-10 12:03 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21065_none_90994ca8a4e576ab\msvidc32.dll
+ 2009-08-11 17:55 . 2009-06-10 12:03 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21065_none_90994ca8a4e576ab\msrle32.dll
+ 2009-08-11 17:55 . 2009-06-10 12:00 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21065_none_90994ca8a4e576ab\mciavi32.dll
+ 2009-08-11 17:55 . 2009-06-10 11:57 88576 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21065_none_90994ca8a4e576ab\avifil32.dll
+ 2009-08-11 17:55 . 2009-06-10 11:57 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21065_none_90994ca8a4e576ab\avicap32.dll
+ 2010-02-10 05:49 . 2009-12-28 12:34 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16986_none_8ffb3a138bd6f1ff\msvidc32.dll
+ 2010-02-10 05:49 . 2009-12-28 12:34 13312 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16986_none_8ffb3a138bd6f1ff\msrle32.dll
+ 2010-02-10 05:49 . 2009-12-28 12:33 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16986_none_8ffb3a138bd6f1ff\mciavi32.dll
+ 2010-02-10 05:49 . 2009-12-28 12:30 88576 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16986_none_8ffb3a138bd6f1ff\avifil32.dll
+ 2010-02-10 05:49 . 2009-12-28 12:30 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16986_none_8ffb3a138bd6f1ff\avicap32.dll
+ 2009-08-11 17:55 . 2009-06-10 12:10 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16868_none_9012d8998bc4efa4\msvidc32.dll
+ 2009-08-11 17:55 . 2009-06-10 12:09 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16868_none_9012d8998bc4efa4\msrle32.dll
+ 2009-08-11 17:55 . 2009-06-10 12:07 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16868_none_9012d8998bc4efa4\mciavi32.dll
+ 2009-08-11 17:55 . 2009-06-10 12:04 88576 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16868_none_9012d8998bc4efa4\avifil32.dll
+ 2009-08-11 17:55 . 2009-06-10 12:04 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16868_none_9012d8998bc4efa4\avicap32.dll
+ 2010-08-13 03:52 . 2010-05-28 16:14 81920 c:\windows\winsxs\x86_microsoft-windows-vcm-core-codecs_31bf3856ad364e35_6.0.6002.22414_none_6f0c0c64eeb82f1d\iccvid.dll
+ 2010-08-13 03:52 . 2010-05-27 20:08 81920 c:\windows\winsxs\x86_microsoft-windows-vcm-core-codecs_31bf3856ad364e35_6.0.6002.18263_none_6e4b5dcdd5c4048a\iccvid.dll
+ 2010-08-13 03:52 . 2010-05-27 19:11 81920 c:\windows\winsxs\x86_microsoft-windows-vcm-core-codecs_31bf3856ad364e35_6.0.6001.22702_none_6d2e69d4f18b8b5a\iccvid.dll
+ 2010-08-13 03:52 . 2010-05-27 19:16 81920 c:\windows\winsxs\x86_microsoft-windows-vcm-core-codecs_31bf3856ad364e35_6.0.6001.18483_none_6c4f4a27d8adea21\iccvid.dll
+ 2009-10-28 03:48 . 2009-09-10 02:00 92672 c:\windows\winsxs\x86_microsoft-windows-uianimation_31bf3856ad364e35_7.0.6002.18108_none_7edc01bff7a1cb45\UIAnimation.dll
+ 2010-04-17 20:52 . 2010-02-18 11:51 22016 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\netiougc.exe
+ 2010-04-17 20:52 . 2010-02-18 14:00 49152 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\netiomig.dll
+ 2010-02-10 05:49 . 2009-12-08 17:44 22016 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\netiougc.exe
+ 2010-02-10 05:49 . 2009-12-08 20:01 49152 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\netiomig.dll
+ 2009-09-10 02:37 . 2009-08-15 21:30 22016 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\netiougc.exe
+ 2009-09-10 02:37 . 2009-08-15 23:56 49152 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\netiomig.dll
+ 2010-04-17 20:52 . 2010-02-18 12:04 22016 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\netiougc.exe
+ 2010-04-17 20:52 . 2010-02-18 14:21 49152 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\netiomig.dll
+ 2010-02-10 05:49 . 2009-12-08 17:57 22016 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\netiougc.exe
+ 2010-02-10 05:49 . 2009-12-08 20:18 49152 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\netiomig.dll
+ 2009-09-10 02:37 . 2009-08-14 14:23 22016 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\netiougc.exe
+ 2009-09-10 02:37 . 2009-08-14 16:40 49152 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\netiomig.dll
+ 2009-09-10 02:37 . 2009-08-14 13:52 17920 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.22200_none_353709f565220c3d\ROUTE.EXE
+ 2009-09-10 02:37 . 2009-08-14 13:52 27136 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.22200_none_353709f565220c3d\NETSTAT.EXE
+ 2009-09-10 02:37 . 2009-08-14 13:52 11264 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.22200_none_353709f565220c3d\MRINFO.EXE
+ 2009-09-10 02:37 . 2009-08-14 13:52 10240 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.22200_none_353709f565220c3d\finger.exe
+ 2009-09-10 02:37 . 2009-08-14 13:52 19968 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.22200_none_353709f565220c3d\ARP.EXE
+ 2009-09-10 02:37 . 2009-08-14 13:49 17920 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.18091_none_344d1c424c4c841c\ROUTE.EXE
+ 2009-09-10 02:37 . 2009-08-14 13:49 27136 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.18091_none_344d1c424c4c841c\NETSTAT.EXE
+ 2009-09-10 02:37 . 2009-08-14 13:49 11264 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.18091_none_344d1c424c4c841c\MRINFO.EXE
+ 2009-09-10 02:37 . 2009-08-14 13:49 10240 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.18091_none_344d1c424c4c841c\finger.exe
+ 2009-09-10 02:37 . 2009-08-14 13:49 19968 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.18091_none_344d1c424c4c841c\ARP.EXE
+ 2009-09-10 02:37 . 2009-08-14 14:11 17920 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.22497_none_32f648e1683e66cc\ROUTE.EXE
+ 2009-09-10 02:37 . 2009-08-14 14:11 27136 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.22497_none_32f648e1683e66cc\NETSTAT.EXE
+ 2009-09-10 02:37 . 2009-08-14 14:11 11264 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.22497_none_32f648e1683e66cc\MRINFO.EXE
+ 2009-09-10 02:37 . 2009-08-14 14:11 10240 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.22497_none_32f648e1683e66cc\finger.exe
+ 2009-09-10 02:37 . 2009-08-14 14:11 19968 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.22497_none_32f648e1683e66cc\ARP.EXE
+ 2009-09-10 02:37 . 2009-08-14 14:16 17920 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18311_none_32bd29ba4ee54f70\ROUTE.EXE
+ 2009-09-10 02:37 . 2009-08-14 14:16 27136 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18311_none_32bd29ba4ee54f70\NETSTAT.EXE
+ 2009-09-10 02:37 . 2009-08-14 14:16 11264 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18311_none_32bd29ba4ee54f70\MRINFO.EXE
+ 2009-09-10 02:37 . 2009-08-14 14:16 10240 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18311_none_32bd29ba4ee54f70\finger.exe
+ 2009-09-10 02:37 . 2009-08-14 14:16 19968 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18311_none_32bd29ba4ee54f70\ARP.EXE
+ 2009-09-10 02:37 . 2009-08-15 21:31 17920 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.21108_none_317231f36ace26fb\ROUTE.EXE
+ 2009-09-10 02:37 . 2009-08-15 21:31 27136 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.21108_none_317231f36ace26fb\NETSTAT.EXE
+ 2009-09-10 02:37 . 2009-08-15 21:31 11264 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.21108_none_317231f36ace26fb\MRINFO.EXE
+ 2009-09-10 02:37 . 2009-08-15 21:31 10240 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.21108_none_317231f36ace26fb\finger.exe
+ 2009-09-10 02:37 . 2009-08-15 21:31 19968 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.21108_none_317231f36ace26fb\ARP.EXE
+ 2009-09-10 02:37 . 2009-08-14 14:25 17920 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.16908_none_30e8bd0651b053ef\ROUTE.EXE
+ 2009-09-10 02:37 . 2009-08-14 14:25 27136 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.16908_none_30e8bd0651b053ef\NETSTAT.EXE
+ 2009-09-10 02:37 . 2009-08-14 14:25 11264 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.16908_none_30e8bd0651b053ef\MRINFO.EXE
+ 2009-09-10 02:37 . 2009-08-14 14:25 10240 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.16908_none_30e8bd0651b053ef\finger.exe
+ 2009-09-10 02:37 . 2009-08-14 14:25 19968 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.16908_none_30e8bd0651b053ef\ARP.EXE
+ 2012-05-12 14:03 . 2012-02-01 14:48 47104 c:\windows\winsxs\x86_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.0.6002.22789_none_19d42b54bb14d4c9\NBMapTIP.dll
+ 2009-06-02 20:01 . 2009-04-11 06:28 47104 c:\windows\winsxs\x86_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.0.6002.18579_none_19555c8fa1ef1be7\NBMapTIP.dll
+ 2011-03-12 20:50 . 2010-12-17 17:07 53248 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6002.22550_none_3228141ddc14a331\tsgqec.dll
+ 2009-08-11 17:55 . 2009-06-04 10:52 53248 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6002.22146_none_3238de2ddc072aae\tsgqec.dll
+ 2009-06-02 20:01 . 2009-04-11 06:28 53248 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6002.18356_none_31a47728c2f19e4a\tsgqec.dll
+ 2009-06-02 20:01 . 2009-04-11 06:28 53248 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6002.18045_none_31ae4118c2ea718d\tsgqec.dll
+ 2011-03-12 20:50 . 2010-12-17 14:55 53248 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.22815_none_3071e357dec95cfc\tsgqec.dll
+ 2009-08-11 17:55 . 2009-06-04 12:35 53248 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.22443_none_304f6b67dee38985\tsgqec.dll
+ 2008-12-15 02:54 . 2008-01-19 07:36 53248 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.18564_none_2fb132dac5d53542\tsgqec.dll
+ 2008-12-15 02:54 . 2008-01-19 07:36 53248 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.18266_none_2fb32dbcc5d3707b\tsgqec.dll
+ 2009-08-11 17:55 . 2009-06-04 12:34 36352 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6000.21061_none_2e516291e1cf33e3\tsgqec.dll
+ 2009-08-11 17:55 . 2009-06-04 12:47 36352 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6000.16865_none_2dcbeeccc8adc633\tsgqec.dll
+ 2012-05-12 14:03 . 2012-02-01 14:47 22528 c:\windows\winsxs\x86_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.0.6002.22789_none_4fbadd1495216d8a\jnwppr.dll
+ 2012-05-12 14:03 . 2012-02-01 14:47 19968 c:\windows\winsxs\x86_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.0.6002.22789_none_4fbadd1495216d8a\jnwmon.dll
+ 2012-05-12 14:03 . 2012-02-01 14:47 83968 c:\windows\winsxs\x86_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.0.6002.22789_none_4fbadd1495216d8a\jnwdui.dll
+ 2006-11-02 12:35 . 2006-11-02 12:35 22528 c:\windows\winsxs\x86_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.0.6002.18579_none_4f3c0e4f7bfbb4a8\jnwppr.dll
+ 2006-11-02 12:35 . 2006-11-02 12:35 19968 c:\windows\winsxs\x86_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.0.6002.18579_none_4f3c0e4f7bfbb4a8\jnwmon.dll
+ 2008-12-15 02:53 . 2008-01-19 07:34 83968 c:\windows\winsxs\x86_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.0.6002.18579_none_4f3c0e4f7bfbb4a8\jnwdui.dll
+ 2011-03-12 20:50 . 2010-12-17 15:11 63488 c:\windows\winsxs\x86_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.0.6002.22550_none_501659f63783fcb2\tscupgrd.exe
+ 2009-06-02 20:01 . 2009-04-11 06:28 63488 c:\windows\winsxs\x86_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.0.6002.18356_none_4f92bd011e60f7cb\tscupgrd.exe
+ 2011-03-12 20:50 . 2010-12-17 13:35 63488 c:\windows\winsxs\x86_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.0.6001.22815_none_4e6029303a38b67d\tscupgrd.exe
+ 2008-12-15 02:53 . 2008-01-19 07:33 63488 c:\windows\winsxs\x86_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.0.6001.18564_none_4d9f78b321448ec3\tscupgrd.exe
+ 2012-05-12 14:03 . 2012-02-01 13:43 47104 c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.0.6002.22789_none_4487926d63821c10\PDIALOG.exe
+ 2012-05-12 14:03 . 2012-02-01 14:47 22528 c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.0.6002.22789_none_4487926d63821c10\jnwppr.dll
+ 2012-05-12 14:03 . 2012-02-01 14:47 19968 c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.0.6002.22789_none_4487926d63821c10\jnwmon.dll
+ 2012-05-12 14:03 . 2012-02-01 14:47 83968 c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.0.6002.22789_none_4487926d63821c10\jnwdui.dll
+ 2012-05-12 14:03 . 2012-02-01 13:58 47104 c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.0.6002.18579_none_4408c3a84a5c632e\PDIALOG.exe
+ 2006-11-02 12:35 . 2006-11-02 12:35 22528 c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.0.6002.18579_none_4408c3a84a5c632e\jnwppr.dll
+ 2006-11-02 12:35 . 2006-11-02 12:35 19968 c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.0.6002.18579_none_4408c3a84a5c632e\jnwmon.dll
+ 2008-12-15 02:53 . 2008-01-19 07:34 83968 c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.0.6002.18579_none_4408c3a84a5c632e\jnwdui.dll
+ 2010-02-10 05:50 . 2009-12-11 12:01 98816 c:\windows\winsxs\x86_microsoft-windows-smbserver-common_31bf3856ad364e35_6.0.6002.22286_none_05f5c6db26a677d3\srvnet.sys
+ 2010-02-10 05:50 . 2009-12-11 11:43 98816 c:\windows\winsxs\x86_microsoft-windows-smbserver-common_31bf3856ad364e35_6.0.6002.18164_none_057fc9540d7a6d79\srvnet.sys
+ 2010-08-13 03:50 . 2010-06-18 14:50 99328 c:\windows\winsxs\x86_microsoft-windows-smbserver-common_31bf3856ad364e35_6.0.6001.22715_none_045a07e92948400f\srvnet.sys
+ 2010-02-10 05:50 . 2009-12-11 12:13 98816 c:\windows\winsxs\x86_microsoft-windows-smbserver-common_31bf3856ad364e35_6.0.6001.22581_none_040a53812984a3fc\srvnet.sys
+ 2009-10-15 15:52 . 2009-09-14 09:48 98816 c:\windows\winsxs\x86_microsoft-windows-smbserver-common_31bf3856ad364e35_6.0.6001.22522_none_044c3353295315ad\srvnet.sys
+ 2010-02-10 05:50 . 2009-12-11 12:07 98304 c:\windows\winsxs\x86_microsoft-windows-smbserver-common_31bf3856ad364e35_6.0.6001.18381_none_0380b4d01067070b\srvnet.sys
+ 2010-02-10 05:50 . 2009-12-11 12:01 84992 c:\windows\winsxs\x86_microsoft-windows-smbserver-common_31bf3856ad364e35_6.0.6000.21179_none_0236bd532c4ef7ed\srvnet.sys
+ 2010-02-10 05:50 . 2009-12-11 12:15 84992 c:\windows\winsxs\x86_microsoft-windows-smbserver-common_31bf3856ad364e35_6.0.6000.16977_none_01ab47d21332f233\srvnet.sys
+ 2011-06-14 23:44 . 2011-04-29 13:00 80384 c:\windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6002.22634_none_8d2ea4e2a01e784b\mrxsmb20.sys
+ 2011-04-16 19:54 . 2011-02-22 14:56 80384 c:\windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6002.22594_none_8cedc374a04f22ca\mrxsmb20.sys
+ 2010-04-17 20:53 . 2010-02-23 11:16 79360 c:\windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6002.22346_none_8d25cfd8a024cf75\mrxsmb20.sys
+ 2011-06-14 23:44 . 2011-04-29 13:24 79872 c:\windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6002.18462_none_8c8295d9871afc7f\mrxsmb20.sys
+ 2011-04-16 19:54 . 2011-02-22 13:24 79360 c:\windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6002.18409_none_8cca776786e4063a\mrxsmb20.sys
+ 2010-04-17 20:53 . 2010-02-23 11:10 79360 c:\windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6002.18213_none_8cb9a1f386f18fd3\mrxsmb20.sys
+ 2011-06-14 23:44 . 2011-04-29 12:51 79872 c:\windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6001.22910_none_8b59d1aaa2eb85e9\mrxsmb20.sys
+ 2011-04-16 19:54 . 2011-02-22 12:51 79872 c:\windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6001.22859_none_8b3792aea303dc95\mrxsmb20.sys
+ 2010-04-17 20:53 . 2010-02-23 11:30 79360 c:\windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6001.22641_none_8b3a5c7ea302fb9e\mrxsmb20.sys
+ 2011-06-14 23:44 . 2011-04-29 12:49 79360 c:\windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6001.18644_none_8ab3c27789e2a500\mrxsmb20.sys
+ 2011-04-16 19:54 . 2011-02-22 12:52 79360 c:\windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6001.18604_none_8adf022789c2353c\mrxsmb20.sys
+ 2010-04-17 20:53 . 2010-02-23 11:32 78848 c:\windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6001.18431_none_8abb8db989dd42bc\mrxsmb20.sys
+ 2010-04-17 20:53 . 2010-02-23 11:30 58368 c:\windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6000.21230_none_895dc3b6a5d56b80\mrxsmb20.sys
+ 2010-02-10 05:48 . 2009-12-04 16:14 58368 c:\windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6000.21173_none_893582fea5f32a22\mrxsmb20.sys
+ 2010-04-17 20:53 . 2010-02-23 13:14 58368 c:\windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6000.17025_none_88e3f6638cab3151\mrxsmb20.sys
+ 2011-01-17 01:44 . 2010-12-14 18:29 98816 c:\windows\winsxs\x86_microsoft-windows-safedocs-main_31bf3856ad364e35_6.0.6002.22547_none_27559a9f7d2695f0\sdshext.dll
+ 2008-12-15 02:54 . 2008-01-19 07:36 98816 c:\windows\winsxs\x86_microsoft-windows-safedocs-main_31bf3856ad364e35_6.0.6002.18353_none_26bd2ada6414af94\sdshext.dll
+ 2011-01-17 01:44 . 2010-12-14 17:50 98816 c:\windows\winsxs\x86_microsoft-windows-safedocs-main_31bf3856ad364e35_6.0.6001.22812_none_258a97097fec6e46\sdshext.dll
+ 2008-12-15 02:54 . 2008-01-19 07:36 98816 c:\windows\winsxs\x86_microsoft-windows-safedocs-main_31bf3856ad364e35_6.0.6001.18561_none_24c9e68c66f8468c\sdshext.dll
+ 2010-08-13 03:51 . 2010-06-18 18:00 36864 c:\windows\winsxs\x86_microsoft-windows-rasrtutils_31bf3856ad364e35_6.0.6002.22427_none_0f77105600c85cb8\rtutils.dll
+ 2010-08-13 03:51 . 2010-06-18 17:31 36864 c:\windows\winsxs\x86_microsoft-windows-rasrtutils_31bf3856ad364e35_6.0.6002.18274_none_0eb4612ae7d5ff77\rtutils.dll
+ 2010-08-13 03:51 . 2010-06-18 16:38 36352 c:\windows\winsxs\x86_microsoft-windows-rasrtutils_31bf3856ad364e35_6.0.6001.22715_none_0d996dc6039bb8f5\rtutils.dll
+ 2010-08-13 03:51 . 2010-06-18 16:43 36352 c:\windows\winsxs\x86_microsoft-windows-rasrtutils_31bf3856ad364e35_6.0.6001.18495_none_0cb94dceeabefe65\rtutils.dll
+ 2010-03-15 03:37 . 2010-02-20 23:12 24064 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.22343_none_dce43630c143fd87\wbhstipm.dll
+ 2010-03-15 03:37 . 2010-02-20 23:12 22528 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.22343_none_dce43630c143fd87\wbhst_pm.dll
+ 2010-03-15 03:37 . 2010-02-20 23:12 48128 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.22343_none_dce43630c143fd87\w3wphost.dll
+ 2010-03-15 03:37 . 2010-02-20 23:12 15872 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.22343_none_dce43630c143fd87\w3tp.dll
+ 2009-12-11 20:25 . 2009-11-09 12:32 24064 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.18210_none_dc78084ba810bde5\wbhstipm.dll
+ 2009-12-11 20:25 . 2009-11-09 12:32 22528 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.18210_none_dc78084ba810bde5\wbhst_pm.dll
+ 2009-12-11 20:25 . 2009-11-09 12:32 47616 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.18210_none_dc78084ba810bde5\w3wphost.dll
+ 2009-12-11 20:25 . 2009-11-09 12:32 15872 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.18210_none_dc78084ba810bde5\w3tp.dll
+ 2010-03-15 03:37 . 2010-02-20 23:31 24064 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.22638_none_db0d95a6c4110b25\wbhstipm.dll
+ 2010-03-15 03:37 . 2010-02-20 23:31 22528 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.22638_none_db0d95a6c4110b25\wbhst_pm.dll
+ 2010-03-15 03:37 . 2010-02-20 23:31 46592 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.22638_none_db0d95a6c4110b25\w3wphost.dll
+ 2010-03-15 03:37 . 2010-02-20 23:31 15872 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.22638_none_db0d95a6c4110b25\w3tp.dll
+ 2009-12-11 20:25 . 2009-11-09 13:23 24064 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.18428_none_da8ec6e1aaeb5243\wbhstipm.dll
+ 2009-12-11 20:25 . 2009-11-09 13:23 22528 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.18428_none_da8ec6e1aaeb5243\wbhst_pm.dll
+ 2009-12-11 20:25 . 2009-11-09 13:23 46592 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.18428_none_da8ec6e1aaeb5243\w3wphost.dll
+ 2009-12-11 20:25 . 2009-11-09 13:23 15872 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.18428_none_da8ec6e1aaeb5243\w3tp.dll
+ 2010-03-15 03:37 . 2010-02-20 23:36 25088 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.21227_none_d930fcdec6e37b07\wbhstipm.dll
+ 2010-03-15 03:37 . 2010-02-20 23:36 22016 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.21227_none_d930fcdec6e37b07\wbhst_pm.dll
+ 2010-03-15 03:37 . 2010-02-20 23:36 39424 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.21227_none_d930fcdec6e37b07\w3wphost.dll
+ 2010-03-15 03:37 . 2010-02-20 23:36 15360 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.21227_none_d930fcdec6e37b07\w3tp.dll
+ 2010-03-15 03:37 . 2010-02-20 23:55 25088 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.17022_none_d8a25cbbadca5f63\wbhstipm.dll
+ 2010-03-15 03:37 . 2010-02-20 23:55 22016 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.17022_none_d8a25cbbadca5f63\wbhst_pm.dll
+ 2010-03-15 03:37 . 2010-02-20 23:55 39424 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.17022_none_d8a25cbbadca5f63\w3wphost.dll
+ 2010-03-15 03:37 . 2010-02-20 23:55 15360 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.17022_none_d8a25cbbadca5f63\w3tp.dll
+ 2010-06-24 04:02 . 2009-10-09 21:56 24064 c:\windows\winsxs\x86_microsoft-windows-powershell-sip_31bf3856ad364e35_7.0.6001.18181_none_59899ff38dd96759\pwrshsip.dll
+ 2010-06-24 04:02 . 2009-10-09 21:56 20480 c:\windows\winsxs\x86_microsoft-windows-powershell-events_31bf3856ad364e35_7.0.6001.18181_none_c9ed22492e2f9a7e\PSEvents.dll
+ 2012-05-12 14:03 . 2012-03-20 23:28 52608 c:\windows\winsxs\x86_microsoft-windows-partitionmanager_31bf3856ad364e35_6.0.6002.22821_none_e3f795acd0c2ba40\partmgr.sys
+ 2012-05-12 14:03 . 2012-03-20 23:28 53120 c:\windows\winsxs\x86_microsoft-windows-partitionmanager_31bf3856ad364e35_6.0.6002.18600_none_e3829689b795cc16\partmgr.sys
+ 2012-01-11 05:40 . 2011-11-18 17:30 66560 c:\windows\winsxs\x86_microsoft-windows-packager_31bf3856ad364e35_6.0.6002.22743_none_f057ef7ae71fb52e\packager.dll
+ 2012-01-11 05:40 . 2011-11-18 17:47 66560 c:\windows\winsxs\x86_microsoft-windows-packager_31bf3856ad364e35_6.0.6002.18542_none_efcd507fce02fee6\packager.dll
+ 2010-06-24 04:02 . 2009-10-09 21:56 41472 c:\windows\winsxs\x86_microsoft-windows-p..rshell-wsman-plugin_31bf3856ad364e35_7.0.6001.18181_none_682a3d6d73eb8b75\pwrshplugin.dll
+ 2012-08-14 20:02 . 2012-05-11 13:59 61440 c:\windows\winsxs\x86_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_6.0.6002.22857_none_f2448e5593d24c2e\ntprint.exe
+ 2011-02-12 21:10 . 2011-01-20 16:10 26112 c:\windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6002.22573_none_2dd506f0f1e0ce02\printfilterpipelineprxy.dll
+ 2009-10-28 03:48 . 2009-09-24 22:54 26112 c:\windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6002.22164_none_2de0cf8ef1d7d6cc\printfilterpipelineprxy.dll
+ 2011-02-12 21:10 . 2011-01-20 16:06 26112 c:\windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6002.18392_none_2d34c81dd8d44f9c\printfilterpipelineprxy.dll
+ 2009-10-28 03:48 . 2009-09-24 22:54 26112 c:\windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6002.18060_none_2d53319bd8bdd1a6\printfilterpipelineprxy.dll
+ 2010-06-09 03:38 . 2010-04-05 17:14 67072 c:\windows\winsxs\x86_microsoft-windows-o..mation-asyncfilters_31bf3856ad364e35_6.0.6002.22377_none_78f4d4e8cf978645\asycfilt.dll
+ 2010-06-09 03:38 . 2010-04-05 17:01 67072 c:\windows\winsxs\x86_microsoft-windows-o..mation-asyncfilters_31bf3856ad364e35_6.0.6002.18236_none_78957783b65a5d60\asycfilt.dll
+ 2010-06-09 03:38 . 2010-04-05 16:28 67072 c:\windows\winsxs\x86_microsoft-windows-o..mation-asyncfilters_31bf3856ad364e35_6.0.6001.22665_none_77173258d26ae282\asycfilt.dll
+ 2010-06-09 03:38 . 2010-04-05 16:07 67072 c:\windows\winsxs\x86_microsoft-windows-o..mation-asyncfilters_31bf3856ad364e35_6.0.6001.18454_none_76976349b9461049\asycfilt.dll
+ 2010-03-15 03:37 . 2010-02-20 23:10 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6002.22343_none_75f500438adc1033\nshhttp.dll
+ 2009-12-10 08:16 . 2009-11-03 21:55 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6002.22258_none_75ef2fe38adfadb0\nshhttp.dll
+ 2010-03-15 03:37 . 2010-02-20 23:06 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6002.18210_none_7588d25e71a8d091\nshhttp.dll
+ 2009-12-10 08:16 . 2009-11-03 21:43 24064 c:\windows

#9 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 31 August 2012 - 05:56 PM

When we're through I will instruct you how to remove all our tools.

ComboFix didn't find anything.
There is no sign in the logs of anything being added, changed, or removed on Saturday, August 25th.

I see no malware, but just in case:

Please download the latest version of tdsskiller.exe and save it to your Desktop. Go here for information.

  • Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
  • If a suspicious file is detected, the default action will be Skip, click on Continue
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file in your next reply.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.


After that you need to do these updates as you are very vulnerable with the old versions.
Please do these important security updates:
Update Adobe Reader (uncheck the option box for McAfee scan)
Update Adobe Flash Player

It's not likely that those updates will speed things up, though.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#10 sickofhijackers

sickofhijackers

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 31 August 2012 - 11:14 PM

Okay so NO reboot was required when I ran TDSSKiller.exe, although as was suggested in the info link provided I changed the name of the file to iexplore.com for it to launch successfully.

I just thought I would mention that I also happened to notice that the Security Check Log I submitted earlier flagged my Adobe Reader and Adobe Flash Player as being outdated, but if you look closely to that same report you'll find that either immediately before or after those entries is the current version. I double checked the links you provided and it came back with the same versions I already have installed, those being Adobe Flash Player 11 (11.4.402.265) and Adobe Reader X (10.1.4). I guess the newer versions simply didn't override the existing ones. Either way I took to bringing up the Control Panel, under the Programs and Features tab, and selected everything listed Adobe and had it uninstalled. I will re-install the two newest versions from Adobe.com once again.

Here's the contents of the log file as requested:

00:41:43.0543 5864 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
00:41:43.0926 5864 ============================================================
00:41:43.0927 5864 Current date / time: 2012/09/01 00:41:43.0926
00:41:43.0927 5864 SystemInfo:
00:41:43.0927 5864
00:41:43.0927 5864 OS Version: 6.0.6002 ServicePack: 2.0
00:41:43.0927 5864 Product type: Workstation
00:41:43.0927 5864 ComputerName: VISTA-PC
00:41:43.0927 5864 UserName: Trevor
00:41:43.0927 5864 Windows directory: C:\Windows
00:41:43.0927 5864 System windows directory: C:\Windows
00:41:43.0927 5864 Processor architecture: Intel x86
00:41:43.0927 5864 Number of processors: 2
00:41:43.0927 5864 Page size: 0x1000
00:41:43.0927 5864 Boot type: Normal boot
00:41:43.0927 5864 ============================================================
00:41:46.0452 5864 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:41:46.0554 5864 ============================================================
00:41:46.0554 5864 \Device\Harddisk0\DR0:
00:41:46.0554 5864 MBR partitions:
00:41:46.0554 5864 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x11CEBA26
00:41:46.0554 5864 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x11CEBA65, BlocksNum 0xD2D05C
00:41:46.0554 5864 ============================================================
00:41:46.0587 5864 C: <-> \Device\Harddisk0\DR0\Partition1
00:41:46.0682 5864 D: <-> \Device\Harddisk0\DR0\Partition2
00:41:46.0683 5864 ============================================================
00:41:46.0683 5864 Initialize success
00:41:46.0683 5864 ============================================================
00:41:51.0917 0724 ============================================================
00:41:51.0917 0724 Scan started
00:41:51.0917 0724 Mode: Manual;
00:41:51.0917 0724 ============================================================
00:41:52.0570 0724 ================ Scan system memory ========================
00:41:52.0570 0724 System memory - ok
00:41:52.0570 0724 ================ Scan services =============================
00:41:52.0818 0724 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
00:41:52.0825 0724 ACPI - ok
00:41:52.0931 0724 [ E6D2486EC85A36B8336ED456D0317D96 ] AddFiltr C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
00:41:53.0018 0724 AddFiltr - ok
00:41:53.0098 0724 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
00:41:53.0133 0724 AdobeARMservice - ok
00:41:53.0191 0724 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
00:41:53.0201 0724 adp94xx - ok
00:41:53.0214 0724 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
00:41:53.0221 0724 adpahci - ok
00:41:53.0243 0724 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
00:41:53.0274 0724 adpu160m - ok
00:41:53.0325 0724 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
00:41:53.0348 0724 adpu320 - ok
00:41:53.0433 0724 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
00:41:53.0460 0724 AeLookupSvc - ok
00:41:53.0510 0724 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
00:41:53.0518 0724 AFD - ok
00:41:53.0556 0724 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
00:41:53.0558 0724 agp440 - ok
00:41:53.0591 0724 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
00:41:53.0594 0724 aic78xx - ok
00:41:53.0624 0724 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
00:41:53.0626 0724 ALG - ok
00:41:53.0654 0724 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
00:41:53.0656 0724 aliide - ok
00:41:53.0672 0724 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
00:41:53.0675 0724 amdagp - ok
00:41:53.0703 0724 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
00:41:53.0706 0724 amdide - ok
00:41:53.0726 0724 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
00:41:53.0728 0724 AmdK7 - ok
00:41:53.0754 0724 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
00:41:53.0756 0724 AmdK8 - ok
00:41:53.0799 0724 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
00:41:53.0801 0724 Appinfo - ok
00:41:53.0891 0724 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:41:53.0893 0724 Apple Mobile Device - ok
00:41:53.0933 0724 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
00:41:53.0936 0724 arc - ok
00:41:53.0967 0724 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
00:41:53.0971 0724 arcsas - ok
00:41:54.0022 0724 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
00:41:54.0024 0724 AsyncMac - ok
00:41:54.0060 0724 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
00:41:54.0061 0724 atapi - ok
00:41:54.0110 0724 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:41:54.0118 0724 AudioEndpointBuilder - ok
00:41:54.0143 0724 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
00:41:54.0147 0724 Audiosrv - ok
00:41:54.0215 0724 [ CF6A67C90951E3E763D2135DEDE44B85 ] BCM43XV C:\Windows\system32\DRIVERS\bcmwl6.sys
00:41:54.0227 0724 BCM43XV - ok
00:41:54.0281 0724 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
00:41:54.0283 0724 Beep - ok
00:41:54.0340 0724 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
00:41:54.0350 0724 BFE - ok
00:41:54.0414 0724 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
00:41:54.0446 0724 BITS - ok
00:41:54.0455 0724 blbdrive - ok
00:41:54.0554 0724 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
00:41:54.0565 0724 Bonjour Service - ok
00:41:54.0606 0724 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
00:41:54.0609 0724 bowser - ok
00:41:54.0654 0724 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
00:41:54.0656 0724 BrFiltLo - ok
00:41:54.0684 0724 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
00:41:54.0686 0724 BrFiltUp - ok
00:41:54.0720 0724 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
00:41:54.0723 0724 Browser - ok
00:41:54.0740 0724 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
00:41:54.0743 0724 Brserid - ok
00:41:54.0771 0724 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
00:41:54.0773 0724 BrSerWdm - ok
00:41:54.0789 0724 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
00:41:54.0791 0724 BrUsbMdm - ok
00:41:54.0806 0724 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
00:41:54.0807 0724 BrUsbSer - ok
00:41:54.0840 0724 [ A820438255F37AB8BAA2BD59753A8D81 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
00:41:54.0841 0724 BthEnum - ok
00:41:54.0861 0724 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
00:41:54.0863 0724 BTHMODEM - ok
00:41:54.0894 0724 [ B8C3D9DDF85FD197C3E5F849FEF71144 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
00:41:54.0898 0724 BthPan - ok
00:41:54.0922 0724 [ 4A74BBB2B6761789F42A6613479BDB1D ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
00:41:54.0930 0724 BTHPORT - ok
00:41:54.0972 0724 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll
00:41:54.0974 0724 BthServ - ok
00:41:55.0003 0724 [ 1A407F9B707A06F55AA150F9AA072B09 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
00:41:55.0004 0724 BTHUSB - ok
00:41:55.0088 0724 catchme - ok
00:41:55.0118 0724 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
00:41:55.0121 0724 cdfs - ok
00:41:55.0160 0724 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
00:41:55.0162 0724 cdrom - ok
00:41:55.0210 0724 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
00:41:55.0212 0724 CertPropSvc - ok
00:41:55.0234 0724 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
00:41:55.0236 0724 circlass - ok
00:41:55.0267 0724 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
00:41:55.0274 0724 CLFS - ok
00:41:55.0349 0724 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:41:55.0352 0724 clr_optimization_v2.0.50727_32 - ok
00:41:55.0425 0724 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:41:55.0429 0724 clr_optimization_v4.0.30319_32 - ok
00:41:55.0477 0724 CLTNetCnService - ok
00:41:55.0514 0724 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
00:41:55.0558 0724 CmBatt - ok
00:41:55.0610 0724 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
00:41:55.0612 0724 cmdide - ok
00:41:55.0662 0724 [ A4D44AB8423791DB757B38150EC599A4 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
00:41:55.0667 0724 CnxtHdAudService - ok
00:41:55.0699 0724 [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
00:41:55.0705 0724 Com4QLBEx - ok
00:41:55.0738 0724 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
00:41:55.0739 0724 Compbatt - ok
00:41:55.0749 0724 COMSysApp - ok
00:41:55.0758 0724 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
00:41:55.0760 0724 crcdisk - ok
00:41:55.0797 0724 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
00:41:55.0799 0724 Crusoe - ok
00:41:55.0866 0724 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
00:41:55.0868 0724 CryptSvc - ok
00:41:55.0919 0724 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
00:41:55.0927 0724 DcomLaunch - ok
00:41:55.0981 0724 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
00:41:55.0983 0724 DfsC - ok
00:41:56.0093 0724 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
00:41:56.0169 0724 DFSR - ok
00:41:56.0231 0724 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
00:41:56.0235 0724 Dhcp - ok
00:41:56.0281 0724 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
00:41:56.0283 0724 disk - ok
00:41:56.0322 0724 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
00:41:56.0325 0724 Dnscache - ok
00:41:56.0361 0724 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
00:41:56.0366 0724 dot3svc - ok
00:41:56.0412 0724 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
00:41:56.0416 0724 Dot4 - ok
00:41:56.0437 0724 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
00:41:56.0439 0724 Dot4Print - ok
00:41:56.0459 0724 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
00:41:56.0461 0724 dot4usb - ok
00:41:56.0504 0724 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
00:41:56.0508 0724 DPS - ok
00:41:56.0538 0724 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
00:41:56.0540 0724 drmkaud - ok
00:41:56.0583 0724 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
00:41:56.0603 0724 DXGKrnl - ok
00:41:56.0664 0724 [ AC9CF17EE2AE003C98EB4F5336C38058 ] E100B C:\Windows\system32\DRIVERS\e100b325.sys
00:41:56.0668 0724 E100B - ok
00:41:56.0707 0724 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
00:41:56.0710 0724 E1G60 - ok
00:41:56.0762 0724 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
00:41:56.0763 0724 EapHost - ok
00:41:56.0821 0724 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
00:41:56.0825 0724 Ecache - ok
00:41:56.0881 0724 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
00:41:56.0888 0724 ehRecvr - ok
00:41:56.0914 0724 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
00:41:56.0918 0724 ehSched - ok
00:41:56.0930 0724 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
00:41:56.0932 0724 ehstart - ok
00:41:56.0987 0724 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
00:41:56.0995 0724 elxstor - ok
00:41:57.0058 0724 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
00:41:57.0065 0724 EMDMgmt - ok
00:41:57.0103 0724 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
00:41:57.0109 0724 EventSystem - ok
00:41:57.0143 0724 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
00:41:57.0148 0724 exfat - ok
00:41:57.0185 0724 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
00:41:57.0191 0724 fastfat - ok
00:41:57.0226 0724 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
00:41:57.0227 0724 fdc - ok
00:41:57.0259 0724 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
00:41:57.0262 0724 fdPHost - ok
00:41:57.0297 0724 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
00:41:57.0299 0724 FDResPub - ok
00:41:57.0332 0724 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
00:41:57.0334 0724 FileInfo - ok
00:41:57.0366 0724 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
00:41:57.0368 0724 Filetrace - ok
00:41:57.0394 0724 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
00:41:57.0395 0724 flpydisk - ok
00:41:57.0427 0724 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
00:41:57.0433 0724 FltMgr - ok
00:41:57.0499 0724 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
00:41:57.0533 0724 FontCache - ok
00:41:57.0584 0724 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
00:41:57.0585 0724 FontCache3.0.0.0 - ok
00:41:57.0618 0724 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
00:41:57.0620 0724 Fs_Rec - ok
00:41:57.0646 0724 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
00:41:57.0648 0724 gagp30kx - ok
00:41:57.0683 0724 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:41:57.0685 0724 GEARAspiWDM - ok
00:41:57.0737 0724 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
00:41:57.0757 0724 gpsvc - ok
00:41:57.0803 0724 [ 93AEE3434935FC2F805FEFD8DC5ED1B4 ] HBtnKey C:\Windows\system32\DRIVERS\cpqbttn.sys
00:41:57.0804 0724 HBtnKey - ok
00:41:57.0857 0724 [ DE4020F928A2F8A6327F5687F36D361B ] HdAudAddService C:\Windows\system32\drivers\CHDART.sys
00:41:57.0861 0724 HdAudAddService - ok
00:41:57.0919 0724 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
00:41:57.0933 0724 HDAudBus - ok
00:41:57.0969 0724 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
00:41:57.0970 0724 HidBth - ok
00:41:57.0987 0724 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
00:41:57.0989 0724 HidIr - ok
00:41:58.0017 0724 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
00:41:58.0019 0724 hidserv - ok
00:41:58.0041 0724 [ 3C64042B95E583B366BA4E5D2450235E ] HidUsb C:\Windows\system32\drivers\hidusb.sys
00:41:58.0042 0724 HidUsb - ok
00:41:58.0077 0724 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
00:41:58.0080 0724 hkmsvc - ok
00:41:58.0151 0724 [ A19B0BB5A7EB6DF2DD4A0711D36955EE ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
00:41:58.0153 0724 HP Health Check Service - ok
00:41:58.0175 0724 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
00:41:58.0179 0724 HpCISSs - ok
00:41:58.0289 0724 [ E4E285A3766B4A57401FEEAF66CB07B5 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
00:41:58.0596 0724 hpqcxs08 - ok
00:41:58.0630 0724 [ EE4C7A4CF2316701FFDE90F404520265 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
00:41:58.0633 0724 hpqddsvc - ok
00:41:58.0670 0724 [ 1210960FF8928950D2A786895B0C424A ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
00:41:58.0671 0724 HpqKbFiltr - ok
00:41:58.0744 0724 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
00:41:58.0749 0724 hpqwmiex - ok
00:41:58.0843 0724 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
00:41:58.0862 0724 HSFHWAZL - ok
00:41:58.0922 0724 [ 1882827F41DEE51C70E24C567C35BFB5 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
00:41:58.0972 0724 HSF_DPV - ok
00:41:59.0013 0724 [ A44DDF3BA83E4664BF4DE9220097578C ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
00:41:59.0019 0724 HSXHWAZL - ok
00:41:59.0078 0724 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
00:41:59.0090 0724 HTTP - ok
00:41:59.0133 0724 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
00:41:59.0140 0724 i2omp - ok
00:41:59.0206 0724 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
00:41:59.0219 0724 i8042prt - ok
00:41:59.0382 0724 [ 9378D57E2B96C0A185D844770AD49948 ] ialm C:\Windows\system32\DRIVERS\igdkmd32.sys
00:41:59.0480 0724 ialm - ok
00:41:59.0510 0724 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
00:41:59.0517 0724 iaStorV - ok
00:41:59.0592 0724 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
00:41:59.0594 0724 IDriverT - ok
00:41:59.0654 0724 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:41:59.0718 0724 idsvc - ok
00:41:59.0820 0724 [ 9378D57E2B96C0A185D844770AD49948 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
00:41:59.0842 0724 igfx - ok
00:41:59.0861 0724 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
00:41:59.0863 0724 iirsp - ok
00:41:59.0903 0724 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
00:41:59.0913 0724 IKEEXT - ok
00:41:59.0960 0724 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
00:41:59.0962 0724 intelide - ok
00:42:00.0006 0724 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
00:42:00.0008 0724 intelppm - ok
00:42:00.0054 0724 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
00:42:00.0058 0724 IPBusEnum - ok
00:42:00.0087 0724 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:42:00.0089 0724 IpFilterDriver - ok
00:42:00.0130 0724 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
00:42:00.0137 0724 iphlpsvc - ok
00:42:00.0146 0724 IpInIp - ok
00:42:00.0182 0724 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
00:42:00.0184 0724 IPMIDRV - ok
00:42:00.0221 0724 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
00:42:00.0225 0724 IPNAT - ok
00:42:00.0303 0724 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
00:42:00.0338 0724 iPod Service - ok
00:42:00.0371 0724 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
00:42:00.0372 0724 IRENUM - ok
00:42:00.0390 0724 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
00:42:00.0392 0724 isapnp - ok
00:42:00.0452 0724 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
00:42:00.0457 0724 iScsiPrt - ok
00:42:00.0478 0724 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
00:42:00.0480 0724 iteatapi - ok
00:42:00.0517 0724 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
00:42:00.0519 0724 iteraid - ok
00:42:00.0554 0724 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
00:42:00.0556 0724 kbdclass - ok
00:42:00.0596 0724 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
00:42:00.0598 0724 kbdhid - ok
00:42:00.0618 0724 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
00:42:00.0621 0724 KeyIso - ok
00:42:00.0657 0724 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
00:42:00.0683 0724 KSecDD - ok
00:42:00.0738 0724 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
00:42:00.0749 0724 KtmRm - ok
00:42:00.0786 0724 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
00:42:00.0794 0724 LanmanServer - ok
00:42:00.0838 0724 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:42:00.0847 0724 LanmanWorkstation - ok
00:42:00.0903 0724 [ 6E5DAC168D1FF9843E84A59D51D31107 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
00:42:00.0905 0724 LightScribeService - ok
00:42:00.0934 0724 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
00:42:00.0936 0724 lltdio - ok
00:42:00.0973 0724 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
00:42:00.0981 0724 lltdsvc - ok
00:42:01.0014 0724 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
00:42:01.0019 0724 lmhosts - ok
00:42:01.0054 0724 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
00:42:01.0057 0724 LSI_FC - ok
00:42:01.0081 0724 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
00:42:01.0084 0724 LSI_SAS - ok
00:42:01.0107 0724 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
00:42:01.0110 0724 LSI_SCSI - ok
00:42:01.0146 0724 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
00:42:01.0149 0724 luafv - ok
00:42:01.0215 0724 [ C226CE46CD17FCE6261A9DE406F01C8B ] McAfee SiteAdvisor Service C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
00:42:01.0218 0724 McAfee SiteAdvisor Service - ok
00:42:01.0282 0724 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
00:42:01.0289 0724 McComponentHostService - ok
00:42:01.0328 0724 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
00:42:01.0332 0724 Mcx2Svc - ok
00:42:01.0376 0724 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
00:42:01.0378 0724 mdmxsdk - ok
00:42:01.0425 0724 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
00:42:01.0427 0724 megasas - ok
00:42:01.0528 0724 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
00:42:01.0532 0724 Microsoft Office Groove Audit Service - ok
00:42:01.0573 0724 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
00:42:01.0578 0724 MMCSS - ok
00:42:01.0608 0724 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
00:42:01.0610 0724 Modem - ok
00:42:01.0660 0724 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
00:42:01.0662 0724 monitor - ok
00:42:01.0678 0724 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
00:42:01.0680 0724 mouclass - ok
00:42:01.0703 0724 [ A3A6DFF7E9E757DB3DF51A833BC28885 ] mouhid C:\Windows\system32\drivers\mouhid.sys
00:42:01.0705 0724 mouhid - ok
00:42:01.0747 0724 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
00:42:01.0750 0724 MountMgr - ok
00:42:01.0804 0724 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
00:42:01.0809 0724 MozillaMaintenance - ok
00:42:01.0859 0724 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
00:42:01.0865 0724 MpFilter - ok
00:42:01.0903 0724 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
00:42:01.0907 0724 mpio - ok
00:42:02.0040 0724 [ A69630D039C38018689190234F866D77 ] MpKslb613a958 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5D397FD1-015E-4DFC-8CEA-EA52370B7C43}\MpKslb613a958.sys
00:42:02.0041 0724 MpKslb613a958 - ok
00:42:02.0080 0724 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
00:42:02.0083 0724 mpsdrv - ok
00:42:02.0133 0724 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
00:42:02.0155 0724 MpsSvc - ok
00:42:02.0193 0724 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
00:42:02.0197 0724 Mraid35x - ok
00:42:02.0230 0724 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
00:42:02.0235 0724 MRxDAV - ok
00:42:02.0267 0724 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
00:42:02.0271 0724 mrxsmb - ok
00:42:02.0320 0724 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:42:02.0328 0724 mrxsmb10 - ok
00:42:02.0352 0724 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:42:02.0356 0724 mrxsmb20 - ok
00:42:02.0405 0724 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys
00:42:02.0406 0724 msahci - ok
00:42:02.0433 0724 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
00:42:02.0437 0724 msdsm - ok
00:42:02.0476 0724 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
00:42:02.0482 0724 MSDTC - ok
00:42:02.0512 0724 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
00:42:02.0516 0724 Msfs - ok
00:42:02.0551 0724 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
00:42:02.0553 0724 msisadrv - ok
00:42:02.0593 0724 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
00:42:02.0600 0724 MSiSCSI - ok
00:42:02.0610 0724 msiserver - ok
00:42:02.0653 0724 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
00:42:02.0655 0724 MSKSSRV - ok
00:42:02.0704 0724 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
00:42:02.0705 0724 MsMpSvc - ok
00:42:02.0716 0724 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
00:42:02.0718 0724 MSPCLOCK - ok
00:42:02.0740 0724 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
00:42:02.0742 0724 MSPQM - ok
00:42:02.0789 0724 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
00:42:02.0796 0724 MsRPC - ok
00:42:02.0808 0724 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
00:42:02.0810 0724 mssmbios - ok
00:42:02.0834 0724 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
00:42:02.0835 0724 MSTEE - ok
00:42:02.0844 0724 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
00:42:02.0846 0724 Mup - ok
00:42:02.0885 0724 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
00:42:02.0894 0724 napagent - ok
00:42:02.0932 0724 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
00:42:02.0936 0724 NativeWifiP - ok
00:42:02.0976 0724 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
00:42:02.0985 0724 NDIS - ok
00:42:03.0006 0724 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
00:42:03.0008 0724 NdisTapi - ok
00:42:03.0026 0724 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
00:42:03.0027 0724 Ndisuio - ok
00:42:03.0044 0724 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
00:42:03.0047 0724 NdisWan - ok
00:42:03.0076 0724 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
00:42:03.0078 0724 NDProxy - ok
00:42:03.0141 0724 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
00:42:03.0142 0724 Net Driver HPZ12 - ok
00:42:03.0177 0724 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
00:42:03.0179 0724 NetBIOS - ok
00:42:03.0218 0724 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
00:42:03.0224 0724 netbt - ok
00:42:03.0236 0724 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
00:42:03.0239 0724 Netlogon - ok
00:42:03.0286 0724 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
00:42:03.0295 0724 Netman - ok
00:42:03.0332 0724 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
00:42:03.0341 0724 netprofm - ok
00:42:03.0372 0724 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:42:03.0376 0724 NetTcpPortSharing - ok
00:42:03.0484 0724 [ ACC6170D80C69E50145B370023B64ED3 ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys
00:42:03.0552 0724 NETw3v32 - ok
00:42:03.0668 0724 [ 38D720E0C8B0ECB9A019980265679798 ] NETw4v32 C:\Windows\system32\DRIVERS\NETw4v32.sys
00:42:03.0739 0724 NETw4v32 - ok
00:42:03.0933 0724 [ 8DE67BD902095A13329FD82C85A1FA09 ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
00:42:04.0067 0724 NETw5v32 - ok
00:42:04.0120 0724 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
00:42:04.0123 0724 nfrd960 - ok
00:42:04.0171 0724 [ B52F26BADE7D7E4A79706E3FD91834CD ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
00:42:04.0175 0724 NisDrv - ok
00:42:04.0220 0724 [ 290C0D4C4889398797F8DF3BE00B9698 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
00:42:04.0229 0724 NisSrv - ok
00:42:04.0276 0724 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
00:42:04.0285 0724 NlaSvc - ok
00:42:04.0323 0724 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
00:42:04.0326 0724 Npfs - ok
00:42:04.0360 0724 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
00:42:04.0366 0724 nsi - ok
00:42:04.0399 0724 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
00:42:04.0401 0724 nsiproxy - ok
00:42:04.0483 0724 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
00:42:04.0527 0724 Ntfs - ok
00:42:04.0557 0724 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
00:42:04.0559 0724 ntrigdigi - ok
00:42:04.0583 0724 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
00:42:04.0585 0724 Null - ok
00:42:04.0610 0724 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
00:42:04.0614 0724 nvraid - ok
00:42:04.0633 0724 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
00:42:04.0635 0724 nvstor - ok
00:42:04.0658 0724 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
00:42:04.0663 0724 nv_agp - ok
00:42:04.0673 0724 NwlnkFlt - ok
00:42:04.0688 0724 NwlnkFwd - ok
00:42:04.0780 0724 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:42:04.0791 0724 odserv - ok
00:42:04.0828 0724 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
00:42:04.0830 0724 ohci1394 - ok
00:42:04.0870 0724 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:42:04.0874 0724 ose - ok
00:42:04.0934 0724 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
00:42:04.0958 0724 p2pimsvc - ok
00:42:04.0976 0724 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
00:42:04.0984 0724 p2psvc - ok
00:42:05.0014 0724 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
00:42:05.0017 0724 Parport - ok
00:42:05.0042 0724 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
00:42:05.0044 0724 partmgr - ok
00:42:05.0059 0724 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
00:42:05.0061 0724 Parvdm - ok
00:42:05.0092 0724 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
00:42:05.0096 0724 PcaSvc - ok
00:42:05.0132 0724 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
00:42:05.0138 0724 pci - ok
00:42:05.0172 0724 [ 3B1901E401473E03EB8C874271E50C26 ] pciide C:\Windows\system32\drivers\pciide.sys
00:42:05.0174 0724 pciide - ok
00:42:05.0221 0724 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
00:42:05.0229 0724 pcmcia - ok
00:42:05.0290 0724 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
00:42:05.0327 0724 PEAUTH - ok
00:42:05.0423 0724 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
00:42:05.0479 0724 pla - ok
00:42:05.0513 0724 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
00:42:05.0522 0724 PlugPlay - ok
00:42:05.0571 0724 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
00:42:05.0574 0724 Pml Driver HPZ12 - ok
00:42:05.0626 0724 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
00:42:05.0639 0724 PNRPAutoReg - ok
00:42:05.0695 0724 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
00:42:05.0708 0724 PNRPsvc - ok
00:42:05.0771 0724 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
00:42:05.0787 0724 PolicyAgent - ok
00:42:05.0830 0724 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
00:42:05.0835 0724 PptpMiniport - ok
00:42:05.0884 0724 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
00:42:05.0886 0724 Processor - ok
00:42:05.0910 0724 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
00:42:05.0917 0724 ProfSvc - ok
00:42:05.0936 0724 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
00:42:05.0938 0724 ProtectedStorage - ok
00:42:05.0964 0724 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
00:42:05.0966 0724 PSched - ok
00:42:05.0987 0724 [ FEFFCFDC528764A04C8ED63D5FA6E711 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
00:42:06.0019 0724 PxHelp20 - ok
00:42:06.0071 0724 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
00:42:06.0102 0724 ql2300 - ok
00:42:06.0132 0724 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
00:42:06.0136 0724 ql40xx - ok
00:42:06.0223 0724 [ BA396D1C71934E22679D3F4DAC17E7AB ] QPCapSvc C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
00:42:06.0231 0724 QPCapSvc - ok
00:42:06.0265 0724 [ 4B455E8C41CAD3219CCF53024DCAD604 ] QPSched C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
00:42:06.0268 0724 QPSched - ok
00:42:06.0314 0724 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
00:42:06.0323 0724 QWAVE - ok
00:42:06.0347 0724 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
00:42:06.0349 0724 QWAVEdrv - ok
00:42:06.0387 0724 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
00:42:06.0389 0724 RasAcd - ok
00:42:06.0424 0724 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
00:42:06.0429 0724 RasAuto - ok
00:42:06.0468 0724 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
00:42:06.0471 0724 Rasl2tp - ok
00:42:06.0509 0724 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
00:42:06.0522 0724 RasMan - ok
00:42:06.0555 0724 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
00:42:06.0557 0724 RasPppoe - ok
00:42:06.0595 0724 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
00:42:06.0598 0724 RasSstp - ok
00:42:06.0632 0724 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
00:42:06.0640 0724 rdbss - ok
00:42:06.0656 0724 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
00:42:06.0657 0724 RDPCDD - ok
00:42:06.0695 0724 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
00:42:06.0702 0724 rdpdr - ok
00:42:06.0711 0724 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
00:42:06.0713 0724 RDPENCDD - ok
00:42:06.0775 0724 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
00:42:06.0781 0724 RDPWD - ok
00:42:06.0839 0724 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
00:42:06.0844 0724 RemoteAccess - ok
00:42:06.0877 0724 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
00:42:06.0882 0724 RemoteRegistry - ok
00:42:06.0905 0724 [ 7EC90C316177BA3F1BCE92005264B447 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
00:42:06.0908 0724 RFCOMM - ok
00:42:06.0945 0724 [ D85E3FA9F5B1F29BB4ED185C450D1470 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
00:42:06.0947 0724 rimmptsk - ok
00:42:06.0974 0724 [ DB8EB01C58C9FADA00C70B1775278AE0 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
00:42:06.0977 0724 rimsptsk - ok
00:42:06.0996 0724 [ 6C1F93C0760C9F79A1869D07233DF39D ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
00:42:06.0999 0724 rismxdp - ok
00:42:07.0111 0724 [ AD1411A7EA50F2F97A73A3F51153066E ] RoxMediaDB9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
00:42:07.0145 0724 RoxMediaDB9 - ok
00:42:07.0168 0724 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
00:42:07.0171 0724 RpcLocator - ok
00:42:07.0217 0724 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
00:42:07.0229 0724 RpcSs - ok
00:42:07.0264 0724 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
00:42:07.0267 0724 rspndr - ok
00:42:07.0276 0724 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
00:42:07.0280 0724 SamSs - ok
00:42:07.0317 0724 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
00:42:07.0320 0724 sbp2port - ok
00:42:07.0442 0724 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
00:42:07.0465 0724 SBSDWSCService - ok
00:42:07.0513 0724 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
00:42:07.0530 0724 SCardSvr - ok
00:42:07.0608 0724 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
00:42:07.0635 0724 Schedule - ok
00:42:07.0662 0724 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
00:42:07.0664 0724 SCPolicySvc - ok
00:42:07.0709 0724 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
00:42:07.0713 0724 sdbus - ok
00:42:07.0749 0724 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
00:42:07.0759 0724 SDRSVC - ok
00:42:07.0800 0724 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
00:42:07.0802 0724 secdrv - ok
00:42:07.0827 0724 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
00:42:07.0831 0724 seclogon - ok
00:42:07.0862 0724 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
00:42:07.0866 0724 SENS - ok
00:42:07.0884 0724 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
00:42:07.0886 0724 Serenum - ok
00:42:07.0907 0724 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
00:42:07.0911 0724 Serial - ok
00:42:07.0938 0724 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
00:42:07.0940 0724 sermouse - ok
00:42:07.0983 0724 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
00:42:07.0989 0724 SessionEnv - ok
00:42:08.0007 0724 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
00:42:08.0011 0724 sffdisk - ok
00:42:08.0027 0724 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
00:42:08.0029 0724 sffp_mmc - ok
00:42:08.0049 0724 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
00:42:08.0050 0724 sffp_sd - ok
00:42:08.0065 0724 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
00:42:08.0066 0724 sfloppy - ok
00:42:08.0088 0724 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
00:42:08.0096 0724 SharedAccess - ok
00:42:08.0156 0724 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:42:08.0163 0724 ShellHWDetection - ok
00:42:08.0182 0724 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
00:42:08.0184 0724 sisagp - ok
00:42:08.0210 0724 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
00:42:08.0212 0724 SiSRaid2 - ok
00:42:08.0241 0724 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
00:42:08.0244 0724 SiSRaid4 - ok
00:42:08.0469 0724 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
00:42:08.0567 0724 slsvc - ok
00:42:08.0611 0724 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
00:42:08.0616 0724 SLUINotify - ok
00:42:08.0653 0724 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
00:42:08.0656 0724 Smb - ok
00:42:08.0705 0724 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
00:42:08.0709 0724 SNMPTRAP - ok
00:42:08.0737 0724 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
00:42:08.0740 0724 spldr - ok
00:42:08.0778 0724 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
00:42:08.0784 0724 Spooler - ok
00:42:08.0824 0724 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
00:42:08.0832 0724 srv - ok
00:42:08.0859 0724 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
00:42:08.0863 0724 srv2 - ok
00:42:08.0874 0724 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
00:42:08.0878 0724 srvnet - ok
00:42:08.0907 0724 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
00:42:08.0912 0724 SSDPSRV - ok
00:42:08.0952 0724 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
00:42:08.0958 0724 SstpSvc - ok
00:42:09.0004 0724 [ 46C20E19F763F72EC14E1864462A9BB8 ] ST50220 C:\Windows\system32\Drivers\ST50220.sys
00:42:09.0006 0724 ST50220 - ok
00:42:09.0055 0724 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
00:42:09.0065 0724 stisvc - ok
00:42:09.0119 0724 [ B254B1434208F280EDF3785613DCC41B ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
00:42:09.0122 0724 stllssvr - ok
00:42:09.0147 0724 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
00:42:09.0149 0724 swenum - ok
00:42:09.0203 0724 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
00:42:09.0215 0724 swprv - ok
00:42:09.0243 0724 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
00:42:09.0245 0724 Symc8xx - ok
00:42:09.0272 0724 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
00:42:09.0275 0724 Sym_hi - ok
00:42:09.0294 0724 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
00:42:09.0296 0724 Sym_u3 - ok
00:42:09.0335 0724 [ F5D926807BD9BC0AF68F9376144DE425 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
00:42:09.0341 0724 SynTP - ok
00:42:09.0398 0724 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
00:42:09.0432 0724 SysMain - ok
00:42:09.0474 0724 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:42:09.0480 0724 TabletInputService - ok
00:42:09.0517 0724 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
00:42:09.0529 0724 TapiSrv - ok
00:42:09.0568 0724 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
00:42:09.0574 0724 TBS - ok
00:42:09.0644 0724 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip C:\Windows\system32\drivers\tcpip.sys
00:42:09.0677 0724 Tcpip - ok
00:42:09.0708 0724 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
00:42:09.0722 0724 Tcpip6 - ok
00:42:09.0782 0724 [ 2C2D4CFF5E09C73908F9B5AF49A51365 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
00:42:09.0785 0724 tcpipreg - ok
00:42:09.0829 0724 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
00:42:09.0831 0724 TDPIPE - ok
00:42:09.0871 0724 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
00:42:09.0874 0724 TDTCP - ok
00:42:09.0911 0724 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
00:42:09.0915 0724 tdx - ok
00:42:09.0950 0724 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
00:42:09.0953 0724 TermDD - ok
00:42:09.0986 0724 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
00:42:10.0003 0724 TermService - ok
00:42:10.0034 0724 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
00:42:10.0044 0724 Themes - ok
00:42:10.0057 0724 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
00:42:10.0062 0724 THREADORDER - ok
00:42:10.0102 0724 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
00:42:10.0111 0724 TrkWks - ok
00:42:10.0172 0724 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:42:10.0174 0724 TrustedInstaller - ok
00:42:10.0218 0724 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
00:42:10.0220 0724 tssecsrv - ok
00:42:10.0268 0724 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
00:42:10.0270 0724 tunmp - ok
00:42:10.0304 0724 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
00:42:10.0307 0724 tunnel - ok
00:42:10.0351 0724 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
00:42:10.0354 0724 uagp35 - ok
00:42:10.0386 0724 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
00:42:10.0394 0724 udfs - ok
00:42:10.0452 0724 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
00:42:10.0460 0724 UI0Detect - ok
00:42:10.0485 0724 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
00:42:10.0488 0724 uliagpkx - ok
00:42:10.0530 0724 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
00:42:10.0538 0724 uliahci - ok
00:42:10.0576 0724 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
00:42:10.0580 0724 UlSata - ok
00:42:10.0604 0724 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
00:42:10.0608 0724 ulsata2 - ok
00:42:10.0653 0724 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
00:42:10.0655 0724 umbus - ok
00:42:10.0697 0724 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
00:42:10.0707 0724 upnphost - ok
00:42:10.0747 0724 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
00:42:10.0810 0724 USBAAPL - ok
00:42:10.0854 0724 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
00:42:10.0857 0724 usbccgp - ok
00:42:10.0879 0724 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
00:42:10.0882 0724 usbcir - ok
00:42:10.0915 0724 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
00:42:10.0917 0724 usbehci - ok
00:42:10.0941 0724 [ 4673BBCB006AF

#11 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 31 August 2012 - 11:30 PM

Good - no rootkit or other malware found.
I was waiting to make sure of that before instructing you to update your Flash Player and Reader - updating in the presence of malware has been known to be disastrous.

As you noted, old versions are often left behind and these continue to be vulnerabilities if not removed.

So far we haven't done anything about the slowness you're having. (It's so much simpler if there is malware to remove!)

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Check all the boxes.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

After that:
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy the contents of these files, one at a time, and post with your next two replies.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#12 sickofhijackers

sickofhijackers

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 01 September 2012 - 01:02 AM

Going back a bit, I wanted to say that while prior to running "Combofix" as instructed as to not interfere with the scan I did disable Microsoft Security Essential's Real-Time protection and the Windows Firewall as previously stated, however I forgot to add that in addition to McAfee SiteAdvisor I also have McAfee Security Scan Plus installed...both of which I did not think had/could to be disabled. Hopefully this doesn't change the outcome of that scan.

Also after the TDSSKiller scan I did go ahead with deleting the old versions of Adobe Flash Player and Reader, while installing new versions. You had stated in the same post that after running the "Killer" scan and posting the associated log file it was in my best interest to do these updates because otherwise I'd be left vulnerable. I had assumed you meant to update the versions immediately following the scan. However, in your most recent reply you stated that you were waiting for the results of said scan before instructing me to update my Player and Reader because updating in the presence of Malware has been known to be disastrous. I guess I just need re-assurance that when I performed the updates wouldn't jeopardize the process as technically at the time you hadn't confirmed whether or not I had Malware.

P.S. - I will get to the other instructions tomorrow and post. Thanks.

Edited by sickofhijackers, 01 September 2012 - 01:19 AM.


#13 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 01 September 2012 - 10:28 AM

Yes, please update. Sorry if I wasn't clear.
Please do these important security updates:
Update Adobe Reader (uncheck the option box for McAfee scan)
Update Adobe Flash Player
There is also a new version of Java.
Updating Java:
  • Go here and download the latest version of Java:
  • Go to Start -> Control Panel -> Add or Remove Programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
    They should have this icon next to any that are there: Posted Image
    Select any found and choose Uninstall.
  • Then install the version you downloaded earlier.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#14 sickofhijackers

sickofhijackers

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 06 September 2012 - 03:00 PM

Farfar Service Scanner results:

Farbar Service Scanner Version: 06-08-2012
Ran by Trevor (administrator) on 06-09-2012 at 16:43:06
Running from "C:\Users\Trevor\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll
[2008-12-14 22:54] - [2008-01-19 03:34] - 0288256 ____A (Microsoft Corporation) E1499BD0FF76B1B2FBBF1AF339D91165

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#15 sickofhijackers

sickofhijackers

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 06 September 2012 - 03:02 PM

OTL Scan #1:

OTL logfile created on: 06/09/2012 4:49:03 PM - Run 1
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\Trevor\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 56.27% Memory free
4.21 Gb Paging File | 3.23 Gb Available in Paging File | 76.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.46 Gb Total Space | 81.19 Gb Free Space | 56.99% Space Free | Partition Type: NTFS
Drive D: | 6.59 Gb Total Space | 0.88 Gb Free Space | 13.43% Space Free | Partition Type: NTFS

Computer Name: VISTA-PC | User Name: Trevor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Trevor\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee Security Scan\3.0.271\SSScheduler.exe (McAfee, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\HP Connections\6811507\Program\HP Connections.exe (Hewlett Packard)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll ()
MOD - C:\Program Files\HP Connections\6811507\6.3.2.139-6811507\Program\bwfiles.dll ()
MOD - C:\Program Files\HP Connections\6811507\6.3.2.139-6811507\Program\FrExt.dll ()
MOD - C:\Program Files\HP Connections\6811507\6.3.2.139-6811507\Program\clntutil.dll ()
MOD - C:\Program Files\HP Connections\6811507\Program\HPClientExt.dll ()


========== Services (SafeList) ==========

SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.0.271\McCHSvc.exe (McAfee, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AddFiltr) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe (Hewlett-Packard Development Company, L.P.)
SRV - (IDriverT) -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Trevor\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (NisDrv) -- C:\WINDOWS\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (HBtnKey) -- C:\WINDOWS\System32\drivers\CPQBttn.sys (Hewlett-Packard Company)
DRV - (HpqKbFiltr) -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (ST50220) -- C:\WINDOWS\System32\drivers\ST50220.sys (Sonix)
DRV - (NETw5v32) -- C:\WINDOWS\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (CnxtHdAudService) -- C:\WINDOWS\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (NETw4v32) -- C:\WINDOWS\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (XAudio) -- C:\WINDOWS\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HdAudAddService) -- C:\WINDOWS\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (rimmptsk) -- C:\WINDOWS\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\System32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\System32\drivers\rixdptsk.sys (REDC)
DRV - (NETw3v32) -- C:\WINDOWS\System32\drivers\NETw3v32.sys (Intel® Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {D7358125-E241-4167-82AF-1C85A473A061}
IE - HKLM\..\SearchScopes\{C877C8CF-0E72-4051-BCB7-7B2ADFA7C762}: "URL" = http://www.ask.com/w...}&l=dis&o=cahpl
IE - HKLM\..\SearchScopes\{D7358125-E241-4167-82AF-1C85A473A061}: "URL" = http://ca.search.yah...ing}&fr=hp-pvnb
IE - HKLM\..\SearchScopes\{DF40A180-EA38-498F-9814-B83F0C4FA754}: "URL" = http://search.live.c...#38;FORM=HVNCS7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {D7358125-E241-4167-82AF-1C85A473A061}
IE - HKCU\..\SearchScopes\{C877C8CF-0E72-4051-BCB7-7B2ADFA7C762}: "URL" = http://www.ask.com/w...}&l=dis&o=cahpl
IE - HKCU\..\SearchScopes\{D7358125-E241-4167-82AF-1C85A473A061}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKCU\..\SearchScopes\{DF40A180-EA38-498F-9814-B83F0C4FA754}: "URL" = http://search.live.c...#38;FORM=HVNCS7
IE - HKCU\..\SearchScopes\{EE6729E2-D81B-4E25-ADBB-11B3E942F4B1}: "URL" = http://ca.search.yah...p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.startup.homepage: "google.ca"
FF - prefs.js..extensions.enabledAddons: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.5.0
FF - prefs.js..extensions.enabledAddons: {972ce4c6-7e08-4474-a285-3208198ce6fd}:15.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.15
FF - prefs.js..keyword.URL: "http://search.avg.co...a&lng=en-US&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/24 15:02:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/09/03 02:27:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/01 01:21:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/01 01:55:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/01 01:21:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/01 01:55:54 | 000,000,000 | ---D | M]

[2008/12/15 21:32:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Trevor\AppData\Roaming\mozilla\Extensions
[2008/12/15 21:32:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Trevor\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/01/16 18:18:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Trevor\AppData\Roaming\mozilla\firefox\profiles\4tt13w8p.default\extensions
[2009/01/18 21:50:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Trevor\AppData\Roaming\mozilla\firefox\profiles\as96hg48.default\extensions
[2008/12/15 21:54:51 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Trevor\AppData\Roaming\mozilla\firefox\profiles\as96hg48.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2012/05/01 22:14:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Trevor\AppData\Roaming\mozilla\firefox\profiles\nvimp1dq.default\extensions
[2010/04/27 00:41:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Trevor\AppData\Roaming\mozilla\firefox\profiles\nvimp1dq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/06/04 16:23:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/01 01:21:28 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/09/03 02:27:30 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2012/09/01 01:21:28 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/04/10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2006/10/26 21:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2012/07/27 16:51:30 | 000,184,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2011/10/27 16:38:05 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2011/10/27 16:38:05 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2011/10/27 16:38:06 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2011/10/27 16:38:06 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2011/10/27 16:38:06 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2011/10/27 16:38:06 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2011/10/27 16:38:06 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2012/09/01 01:21:04 | 000,001,607 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2010/11/05 01:28:19 | 000,002,359 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
[2012/09/01 01:21:04 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/01 01:21:04 | 000,001,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2012/09/01 01:21:04 | 000,003,581 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2010/11/22 03:44:55 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/09/01 01:21:04 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/09/01 01:21:04 | 000,001,391 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2012/09/01 01:21:04 | 000,001,309 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2012/01/02 01:21:03 | 000,000,789 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] https in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{544B2005-A287-42E7-B56C-14E9BE21379C}: DhcpNameServer = 64.71.255.198
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img18.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img18.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/21 08:04:50 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -H-- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/06 16:45:28 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\Trevor\Desktop\OTL.exe
[2012/09/06 16:41:30 | 000,693,235 | ---- | C] (Farbar) -- C:\Users\Trevor\Desktop\FSS.exe
[2012/09/01 02:04:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2012/09/01 02:04:31 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2012/09/01 02:01:24 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012/09/01 02:01:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/09/01 02:01:09 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2012/09/01 01:58:53 | 000,696,520 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/09/01 01:58:53 | 000,073,416 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/09/01 01:50:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/09/01 01:50:30 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/09/01 01:49:59 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/09/01 01:49:59 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/09/01 01:49:59 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/09/01 00:29:07 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Trevor\Desktop\iexplore.com.exe
[2012/08/31 17:35:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/31 17:34:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/31 17:01:01 | 004,741,519 | R--- | C] (Swearware) -- C:\Users\Trevor\Desktop\ComboFix.exe
[2012/08/29 14:51:33 | 000,000,000 | ---D | C] -- C:\Users\Trevor\Desktop\Spyware Info
[2012/08/29 04:39:39 | 000,000,000 | ---D | C] -- C:\Users\Trevor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/08/29 03:46:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/08/29 03:45:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/08/29 03:45:41 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/08/29 03:03:40 | 000,000,000 | ---D | C] -- C:\Users\Trevor\AppData\Roaming\Malwarebytes
[2012/08/29 03:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/29 03:03:18 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/08/29 03:03:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/14 17:15:02 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/08/14 17:15:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/08/14 17:14:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/08/14 17:14:58 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/08/14 17:14:58 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/08/14 17:14:55 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/08/14 17:14:53 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/08/14 17:14:34 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

========== Files - Modified Within 30 Days ==========

[2012/09/06 16:45:30 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Trevor\Desktop\OTL.exe
[2012/09/06 16:41:38 | 000,693,235 | ---- | M] (Farbar) -- C:\Users\Trevor\Desktop\FSS.exe
[2012/09/06 15:57:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/06 15:46:18 | 000,611,742 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/06 15:46:18 | 000,110,118 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/06 15:41:46 | 000,000,279 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012/09/06 15:39:34 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/06 15:39:34 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/06 15:39:23 | 2137,055,232 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/06 02:03:45 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/09/01 02:01:24 | 000,001,949 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/09/01 01:58:54 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/09/01 01:58:53 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/09/01 01:49:36 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/09/01 01:49:29 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/09/01 01:49:29 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/09/01 01:49:29 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/09/01 01:49:28 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2012/09/01 01:49:27 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/09/01 00:29:20 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Trevor\Desktop\iexplore.com.exe
[2012/08/31 17:01:07 | 004,741,519 | R--- | M] (Swearware) -- C:\Users\Trevor\Desktop\ComboFix.exe
[2012/08/14 19:46:45 | 000,435,824 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/09/01 02:01:13 | 000,001,949 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/09/01 01:55:54 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/08/31 17:13:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2010/01/09 15:00:07 | 000,000,680 | ---- | C] () -- C:\Users\Trevor\AppData\Local\d3d9caps.dat
[2008/12/15 01:10:46 | 000,071,168 | ---- | C] () -- C:\Users\Trevor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2010/11/14 23:36:48 | 000,000,000 | ---D | M] -- C:\Users\Trevor\AppData\Roaming\AVG9
[2009/01/16 17:24:05 | 000,000,000 | ---D | M] -- C:\Users\Trevor\AppData\Roaming\CheckPoint
[2012/06/14 02:15:34 | 000,000,000 | ---D | M] -- C:\Users\Trevor\AppData\Roaming\uTorrent
[2010/06/19 13:31:42 | 000,000,000 | ---D | M] -- C:\Users\Trevor\AppData\Roaming\WildTangent
[2012/09/06 02:03:44 | 000,032,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

#16 sickofhijackers

sickofhijackers

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 06 September 2012 - 03:04 PM

OTL Scan #2:

OTL Extras logfile created on: 06/09/2012 4:49:03 PM - Run 1
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\Trevor\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 56.27% Memory free
4.21 Gb Paging File | 3.23 Gb Available in Paging File | 76.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.46 Gb Total Space | 81.19 Gb Free Space | 56.99% Space Free | Partition Type: NTFS
Drive D: | 6.59 Gb Total Space | 0.88 Gb Free Space | 13.43% Space Free | Partition Type: NTFS

Computer Name: VISTA-PC | User Name: Trevor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0158459C-A711-4194-B327-6C331519DFD8}" = lport=138 | protocol=17 | dir=in | app=system |
"{03852710-A93A-46DE-AFA0-5D5653DD8555}" = rport=138 | protocol=17 | dir=out | app=system |
"{11A501D7-F6E9-4913-8FB9-066BFF7E8F49}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{13F0DBA3-0BF6-45CF-8900-600EA4FD535F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{33B326A6-4796-41DA-8BCF-19F93CC25CC1}" = lport=445 | protocol=6 | dir=in | app=system |
"{4BFD0314-9A30-4680-AB58-1746A2B83910}" = lport=139 | protocol=6 | dir=in | app=system |
"{62C24D1C-818B-4D60-8D69-F5BCF43C2E41}" = rport=137 | protocol=17 | dir=out | app=system |
"{66728F8A-DD85-4C5C-85F9-831A41DF969A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8A18DE0F-DD9D-42D0-8ED0-64E687DBDE1C}" = rport=139 | protocol=6 | dir=out | app=system |
"{9E845D2A-9CFF-440C-B4FE-42830F271460}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B6EA2B41-8E00-41FF-AE8D-08C2333C6AD3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EACD6206-B735-4766-8393-F3EA0A87FF3A}" = lport=137 | protocol=17 | dir=in | app=system |
"{EFA2362C-E051-409A-9003-42043B783EBF}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07845E6D-817F-43A7-9E2B-800D005710EE}" = protocol=6 | dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{0D9116E9-1FBB-40F2-AAF4-440ACB0E1110}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0F814222-E91A-416C-87A0-798F6B7A86C5}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{133C6C11-7CE7-49F2-8B5E-C368BBE950F8}" = protocol=17 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{14945EF1-1D49-4CFC-9C85-7380C2C137D6}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{23B33280-F7F7-4812-A2CA-B98BEBD1E143}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{267AFC95-23A1-48F8-8F50-D31B1281B573}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{2B67B79E-2F2D-4946-86BA-270E1E4B22A8}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{36DBA254-7897-44E2-A0E8-6CBED1B1BC98}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3E278358-601D-4215-BF2B-093EFCB84DC7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{52C5EED4-CD8F-4A29-8E4A-95E1CE05AF54}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{57F473EF-2703-4D5E-862F-946CE99731B7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{61F901FD-55F9-4F3D-85B9-906016806A27}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{63094169-5210-4884-BFB9-BFA2DB646F89}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{754BA16D-2CFB-4D5A-AF98-57AA61850FA6}" = protocol=17 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{8078BA6C-1F27-4CCB-BDC9-F5A547BFA74D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{88229602-9CEB-4EB1-BEBA-96853E048338}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{9545AD94-1288-41E2-AE7A-176D6B9AFE33}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{98755564-978B-4CF3-B999-19F41CF246E9}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{9AC0928A-9CBD-4955-89D9-CE9B204268FF}" = dir=in | app=c:\program files\hp connections\6811507\program\hp connections |
"{ABE2021A-88FD-4B95-8C6F-E96B4B64120E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{AF2E5D13-28E1-4FC1-A5DA-B79602D3AF77}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{BA13B216-8B8C-4827-ACF4-CF9985AA24F1}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{BBEF236E-A972-4650-9868-52F42042F0DD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BC0D72BF-9A7F-44DB-8CB6-DAC436451F89}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EA2FC6AF-74EE-4DBC-A28C-E74B98A583BB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F1C0A36B-9ACA-47C6-894D-369AB9373C95}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{F8D8672A-D744-44BC-95BC-B9DC00733985}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{FC820DF1-9A9A-43AB-A822-67C121108DAA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FE3C85B6-678D-4953-B7B4-14C401184389}" = dir=in | app=c:\program files\avg\avg8\avgam.exe |
"TCP Query User{B94DE6CD-D3A4-4832-91D0-76A0CEE3CDC5}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{FD8DA6E3-A8F8-43E5-A80F-E37983B17FA7}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{23DD6DAA-DDEF-41F5-A527-CECF07FA2CAF}" = 1500
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5CA81D12-9EC2-4082-972B-43ECA63F41F2}" = HP Pavilion Webcam Driver for Vista v061.001.00005
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{99C5770C-1C90-42E7-9B74-D47CFAF14621}" = muvee autoProducer 5.0
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A12A3DED-CCDA-4F29-A1BA-00F0C6521CD5}" = HP Total Care Advisor
"{A2101ACC-DC36-42AA-A576-6FD6A8D466DA}" = 1500_Help
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A4C6B32D-5088-40AF-B74D-CDABEF144F04}" = 1500Trb
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}" = HP Help and Support
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{ED4905E3-2B32-4DD8-BC14-7CAFD30E9ECD}" = HP User Guide 0048
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = ASL_HS_Installer32
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ExtractNow_is1" = ExtractNow
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"HPOOVClient-6811507 Uninstaller" = HP Connections (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 15.0 (x86 en-US)" = Mozilla Firefox 15.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PROSet" = Intel® Network Connections Drivers
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"WildTangent hplaptop Master Uninstall" = My HP Games

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 21/04/2012 1:29:24 AM | Computer Name = Vista-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 21/04/2012 1:29:24 AM | Computer Name = Vista-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 26982853

Error - 21/04/2012 1:29:24 AM | Computer Name = Vista-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 26982853

Error - 21/04/2012 1:29:27 AM | Computer Name = Vista-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 21/04/2012 1:29:27 AM | Computer Name = Vista-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 26985412

Error - 21/04/2012 1:29:27 AM | Computer Name = Vista-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 26985412

Error - 27/04/2012 12:03:20 PM | Computer Name = Vista-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: f60 Start Time: 01cd248f31116ef7 Termination Time: 0

Error - 27/04/2012 2:57:07 PM | Computer Name = Vista-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 27/04/2012 2:57:07 PM | Computer Name = Vista-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1343309

Error - 27/04/2012 2:57:07 PM | Computer Name = Vista-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1343309

[ System Events ]
Error - 03/09/2012 6:45:39 PM | Computer Name = Vista-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 03/09/2012 6:47:03 PM | Computer Name = Vista-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 04/09/2012 2:26:40 AM | Computer Name = Vista-PC | Source = bowser | ID = 8003
Description =

Error - 04/09/2012 5:26:50 PM | Computer Name = Vista-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 04/09/2012 5:28:13 PM | Computer Name = Vista-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 05/09/2012 6:39:48 PM | Computer Name = Vista-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 05/09/2012 6:41:12 PM | Computer Name = Vista-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 06/09/2012 1:19:32 AM | Computer Name = Vista-PC | Source = BROWSER | ID = 8032
Description =

Error - 06/09/2012 3:39:38 PM | Computer Name = Vista-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 06/09/2012 3:41:01 PM | Computer Name = Vista-PC | Source = Service Control Manager | ID = 7022
Description =


< End of report >

#17 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 06 September 2012 - 03:18 PM

Please turn Windows Defender back on and set it to automatic scan.
Start > Windows Defender. Tools > Options. Check all the boxes. Check the other options. Under Administrator, check both boxes.

Are you still seeing slow browsing and choppy streaming? Is browsing slow with Firefox or only with IE?
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#18 sickofhijackers

sickofhijackers

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 07 September 2012 - 07:33 PM

Hi,

I have Windows Defender turned off because I was under the impression it was the pre-cursor to Microsoft Security Essentials, which as you are already aware I am running. In fact I tried to remove Windows Defender altogether at one point but I never noticed it under the "add/remove programs" list in the Control Panel.

As for the slow load times of pages and the choppy video streams I was experiencing before, I seem to no longer have that issue. I choose only to browse with Mozilla, as I am not a fan of Explorer, so I couldn't tell you if both were running slow.

The only issue I am experiencing with browsing at this point is with Hotmail.com, it loads slow and I constantly have to refresh in order for it to load properly, otherwise when I click on my inbox there's no response. I would refer to the page as loading in almost a "safe mode", like a stripped down version. I believe this to probably be a browser issue though as it has been asking me of late to use/install Explorer 9 when I try to bring up the page. This page related problem dates back about a week, which coincides with me updating Mozilla to version 15 so I don't know what to think.

#19 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 07 September 2012 - 08:36 PM

Microsoft keeps changing the names. Defender is indeed turned off by MSE on Win 7 and Vista. But for Windows 8, Defender will be pre-installed and MSE will be incompatible.

The current Windows Defender is a descendant of Windows AntiSpyware. http://en.wikipedia....ndows_Defender.
Keep MSE instead. http://answers.micro...4f-0dcedb9ab9fd

About hotmail. I have no experience, being a gmail user.
If other pages load quickly then I would assume that the slowness of hotmail.com is because their site is very busy.
When you go there from another PC is it faster or about the same?
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#20 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 13 September 2012 - 05:48 PM

Are you still with me, sickofhijackers?
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#21 sickofhijackers

sickofhijackers

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 18 September 2012 - 03:26 PM

Hey,

Yes I'm still with you. So I gather that my PC was never infected, which I'm not going to be complaining about. As I had asked prior, and now that there appears to be no issues with my computer, can you instruct me how to go about removing all the applications/executables you had me download and the various log/text documents they generated. When viewing the "Programs & Features" in the Control Panel I noticed 3 of the programs (HijackThis, Malwarebytes, and Spybot - Search & Destroy) installed. The others, found on my desktop, add (DDS, SecurityCheck, ComboFix, TDSSKiller, FSS, and OTL).

#22 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 18 September 2012 - 04:03 PM

Cleanup:

Delete DDS files, TDSSKiller, and Security Check folder from your Desktop.
Run OTL and click the 'CleanUp' button. It will remove itself and its files.



Advice for malware prevention:

Configure Windows to do automatic updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Keep MalwareBytes Anti-Malware updated and run it whenever you suspect a problem.

The free FileHippo Update Checker makes it easy to keep all your programs up to date - run it every few weeks.

IE 9 has a serious vulnerability - avoid using it until Microsoft releases a patch.
Firefox may be downloaded from here (you already have it)
Chrome is available here: http://www.google.co...e/features.html

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here:

http://www.systemloo...p?type=filename

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different from the rogues mentioned above.

For much more old but still useful information, read Tony Klein's excellent article: How did I get infected in the first place
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#23 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 21 September 2012 - 06:41 PM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE




Member of UNITE
Support SpywareInfo Forum - click the button