Help with infection

jpdhe · August 1, 2012

Hi there! I have been trying to rid my computer of the zero access and now apparently the Dos/Alureon.J (per Microsoft Security Essentials). All of the topics have been very helpful, and I have loaded several anti-malware programs, but I just can't seem to get this done on my own. Your help is greatly appreciated!!!

Here is the dds log:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Mike at 9:10:50 on 2012-08-01

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3002.1588 [GMT -5:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Acer\Registration\GregHSRW.exe

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Windows\system32\mfevtps.exe

C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Windows\system32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\PLFSetI.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

C:\Program Files (x86)\Intuit\QuickBooks 2009\QBW32.EXE

C:\Windows\system32\igfxext.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Ask.com\Updater\Updater.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\system32\taskhost.exe

c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE

C:\Program Files (x86)\Microsoft MapPoint 2010\StreetsOlkShim.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\McAfee\Core\mchost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://my.aol.com/

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5732z&r=27360110a155l03f4z115t5992x720

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: HP Smart Print BHO: {1658d3a1-9e13-4196-a82a-d70d70880f36} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120622174835.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"

mRun: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup

mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2009\QBW32.EXE

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\HPQuickPrintLauncher.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://apps.devilsheadresort.com/snowcam/AxisCamControl.ocx

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=724

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{766809E0-036C-4DCB-BA6F-4F0A58F4C878} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{766809E0-036C-4DCB-BA6F-4F0A58F4C878}\26C657261697 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{766809E0-036C-4DCB-BA6F-4F0A58F4C878}\35B6978496768623 : DhcpNameServer = 192.168.4.1

TCP: Interfaces\{766809E0-036C-4DCB-BA6F-4F0A58F4C878}\C696E6B6379737 : DhcpNameServer = 75.75.75.75 75.75.76.76

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO-X64: 0x1 - No File

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: HP Smart Print BHO: {1658D3A1-9E13-4196-A82A-D70D70880F36} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll

BHO-X64: QpBHO Class - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120622174835.dll

BHO-X64: scriptproxy - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO-X64: Ask Toolbar BHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun-x64: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"

mRun-x64: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe

mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun-x64: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup

mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

IE-X64: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\HPQuickPrintLauncher.exe

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]

R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]

R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]

R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-11-6 844320]

R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-2-17 13336]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2012-7-31 101048]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-2-24 249936]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-2-24 249936]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-2-24 249936]

R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-3-2 199272]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-3-2 210584]

R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]

R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-6-17 144640]

R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-8-19 1248256]

R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-11-6 240160]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

S2 0265411343779605mcinstcleanup;McAfee Application Installer Cleanup (0265411343779605);C:\Windows\TEMP\026541~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> C:\Windows\TEMP\026541~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-21 135664]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-13 250056]

S3 EST_Server;Network USB Device;C:\Windows\system32\DRIVERS\GenHC.sys --> C:\Windows\system32\DRIVERS\GenHC.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-21 135664]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\system32\drivers\mferkdk.sys --> C:\Windows\system32\drivers\mferkdk.sys [?]

S3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\system32\drivers\mfesmfk.sys --> C:\Windows\system32\drivers\mfesmfk.sys [?]

S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-9-10 305448]

S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-17 50432]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-11-6 225280]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 QuickBooksDB22;QuickBooksDB22;C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB22 --> C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB22 [?]

.

=============== Created Last 30 ================

.

2012-07-31 15:42:31 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{03A88A0E-314F-41E3-9DEB-D838570025BD}\offreg.dll

2012-07-31 14:59:40 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{03A88A0E-314F-41E3-9DEB-D838570025BD}\mpengine.dll

2012-07-26 21:20:46 542112 ----a-w- C:\Users\Mike\AppData\Roaming\Microsoft\Internet Explorer\Hewlett-Packard\SmartPrint\SmartPrintUpdate.exe

2012-07-24 08:10:57 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-23 23:18:26 -------- d-----w- C:\Program Files (x86)\ESET

2012-07-23 22:56:43 -------- d-----w- C:\TDSSKiller_Quarantine

2012-07-23 22:38:43 -------- d-sh--w- C:\$RECYCLE.BIN

2012-07-23 20:34:59 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll

2012-07-23 20:34:59 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll

2012-07-23 20:34:59 1019904 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll

2012-07-23 20:34:58 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-07-23 20:34:58 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll

2012-07-23 20:34:58 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll

2012-07-23 20:34:57 57344 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msador15.dll

2012-07-23 20:34:57 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll

2012-07-23 20:34:56 61440 ----a-w- C:\Program Files\Common Files\System\ado\msador15.dll

2012-07-23 20:34:56 212992 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll

2012-07-23 20:34:55 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll

2012-07-23 20:34:55 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll

2012-07-23 20:34:55 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-07-23 00:56:48 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-07-23 00:56:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-22 23:21:01 208896 ----a-w- C:\Windows\MBR.exe

2012-07-22 23:20:58 98816 ----a-w- C:\Windows\sed.exe

2012-07-22 23:20:58 518144 ----a-w- C:\Windows\SWREG.exe

2012-07-22 23:20:58 256000 ----a-w- C:\Windows\PEV.exe

2012-07-18 20:31:24 -------- d-----w- C:\Users\Mike\AppData\Roaming\SUPERAntiSpyware.com

2012-07-18 20:31:06 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2012-07-18 20:31:06 -------- d-----w- C:\Program Files\SUPERAntiSpyware

.

==================== Find3M ====================

.

2012-07-27 03:24:27 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-27 03:24:27 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-31 17:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

.

============= FINISH: 9:11:53.53 ===============

Here is the attach log:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 1/26/2010 7:45:43 PM

System Uptime: 8/1/2012 5:06:57 AM (4 hours ago)

.

Motherboard: Acer | | Aspire 5732Z

Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHz | uPGA-478 | 2200/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 286 GiB total, 228.314 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Description: Photosmart C6200 series

Device ID: ROOT\IMAGE\0000

Manufacturer: HP

Name: Photosmart C6200 series

PNP Device ID: ROOT\IMAGE\0000

Service: StillCam

.

Class GUID:

Description: Photosmart C6200 series

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer:

Name: Photosmart C6200 series

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

Class GUID:

Description: Officejet Pro 8500 A910

Device ID: ROOT\MULTIFUNCTION\0001

Manufacturer:

Name: Officejet Pro 8500 A910

PNP Device ID: ROOT\MULTIFUNCTION\0001

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart C6200 series

Device ID: ROOT\MULTIFUNCTION\0002

Manufacturer: HP

Name: Photosmart C6200 series

PNP Device ID: ROOT\MULTIFUNCTION\0002

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet Pro 8500 A910

Device ID: ROOT\MULTIFUNCTION\0003

Manufacturer: HP

Name: Officejet Pro 8500 A910

PNP Device ID: ROOT\MULTIFUNCTION\0003

Service:

.

==== System Restore Points ===================

.

RP318: 7/22/2012 10:12:42 AM - Restore Operation

RP319: 7/23/2012 3:00:50 AM - Windows Update

RP320: 7/23/2012 11:09:07 PM - Windows Update

RP321: 7/24/2012 3:00:52 AM - Windows Update

RP322: 7/27/2012 4:33:31 AM - Windows Update

RP323: 7/31/2012 9:56:40 AM - Windows Update

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

470_Help

470_Readme

Acer Arcade Deluxe

Acer Assist

Acer Crystal Eye Webcam

Acer ePower Management

Acer eRecovery Management

Acer Games

Acer GridVista

Acer Registration

Acer ScreenSaver

Acer Updater

Acrobat.com

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Reader 9.5.1 MUI

AIO_Scan

Ask Toolbar

Ask Toolbar Updater

AT&T Unified Messaging

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

BPDSoftware

BPDSoftware_Ini

BufferChm

C6200

C6200_Help

Compatibility Pack for the 2007 Office system

Copy

Crystal Reports for .NET Framework 2.0 (x86)

D3DX10

Destinations

DeviceDiscovery

DocProc

ESET Online Scanner v3

eSobi v2

Fax

Google Toolbar for Internet Explorer

Google Update Helper

GoToMeeting 4.5.0.457

GPBaseService2

H470

Hewlett-Packard ACLM.NET v1.1.0.0

HP LaserJet P1000 series

HP Officejet Pro 8500 A910 Help

HP Product Detection

HP Smart Print 1.1.2.0

HP Update

HPDiagnosticAlert

HPPhotoGadget

HPPhotoSmartDiscLabel_PaperLabel

HPPhotoSmartDiscLabel_PrintOnDisc

HPPhotoSmartDiscLabelContent1

hpphotosmartdisclabelplugin

HPPhotosmartEssential

HPProductAssistant

HPSSupply

I.R.I.S. OCR

Identity Card

Intel® Rapid Storage Technology

Internet TV for Windows Media Center

Java Auto Updater

Java Media Framework 2.1.1e

Java 6 Update 31

Junk Mail filter update

Launch Manager

Malwarebytes Anti-Malware version 1.62.0.1300

MarketResearch

McAfee SecurityCenter

Microsoft .NET Framework 1.1

Microsoft Access 2002 Runtime

Microsoft MapPoint North America 2010

Microsoft Office 2007 Primary Interop Assemblies

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access database engine 2007 (English)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Small Business 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word 2007

Microsoft Office Word MUI (English) 2007

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable Package

Microsoft Visual Studio 2005 Tools for Office Runtime

Microsoft Works

MPM

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MyWinLocker

NTI Backup Now 5

NTI Backup Now Standard

NTI Media Maker 8

ProductContext

PS_AIO_02_ProductContext

PS_AIO_02_Software

PS_AIO_02_Software_Min

QuickBooks

QuickBooks Pro 2012

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Scan

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

SmartWebPrinting

SolutionCenter

Status

SupportSoft Assisted Service

Toolbox

TrayApp

UnloadSupport

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Visual Studio 2005 Tools for Office Second Edition Runtime

WebReg

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Center Add-in for Flash

Windows Media Center Add-in for Silverlight

Wintac

Wintac (C:\Wintac\)

Wintac (C:\Wintac\) #3

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

7/31/2012 8:19:05 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee SiteAdvisor Service service to connect.

7/31/2012 8:19:05 AM, Error: Service Control Manager [7000] - The McAfee SiteAdvisor Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/29/2012 1:40:19 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The pipe has been ended.

7/29/2012 1:40:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "109" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

7/28/2012 11:48:06 AM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

.

==== End Of File ===========================

Thanks Again!

D-FRED-BROWN · August 1, 2012

Hello and welcome to Malwarebytes!

I am D-FRED-BROWN and I will be helping you.

Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.

----------Step 1----------------

I know you've already run TDSSKiller before, but please run it one more time so we have an up-to-date idea of what may be remaining on the computer.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.
If TDSSKiller does not run, try renaming it.
To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
Click the Start Scan button.
Do not use the computer during the scan
If the scan completes with nothing found, click Close to exit.
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Skip is selected, then click Continue > Reboot now to finish the cleaning process.
Note: Do not choose Cure or Delete unless instructed.
A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
Copy and paste the contents of that file in your next reply.

----------Step 2----------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

----------Step 3----------------

Please download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 4----------------

In your next reply, please include the following:

TDSSKiller's logfile
ComboFix's report (C:\ComboFix.txt)
Security Check checkup.txt

After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask.

jpdhe · August 1, 2012

Hi D-FRED-BROWN, thanks so much for taking the time to look into this for me. Your instructions were extremely helpful to the novice computer person that I am. After I ran the things that you requested, I did a little surfing and it appears to run a lot faster than before, it didn't take me anywhere I didn't want to go, and I didn't receive a message saying that my antivirus software was not up to date. So it looks like we are going in the right direction - if we aren't there totally! Here are the logs you requested:

tdss:

15:24:40.0017 3032 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

15:24:41.0447 3032 ============================================================

15:24:41.0447 3032 Current date / time: 2012/08/01 15:24:41.0447

15:24:41.0447 3032 SystemInfo:

15:24:41.0447 3032

15:24:41.0447 3032 OS Version: 6.1.7601 ServicePack: 1.0

15:24:41.0447 3032 Product type: Workstation

15:24:41.0447 3032 ComputerName: MIKE-PC

15:24:41.0447 3032 UserName: Mike

15:24:41.0447 3032 Windows directory: C:\Windows

15:24:41.0447 3032 System windows directory: C:\Windows

15:24:41.0447 3032 Running under WOW64

15:24:41.0447 3032 Processor architecture: Intel x64

15:24:41.0447 3032 Number of processors: 2

15:24:41.0447 3032 Page size: 0x1000

15:24:41.0447 3032 Boot type: Normal boot

15:24:41.0447 3032 ============================================================

15:24:42.0607 3032 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

15:24:42.0617 3032 ============================================================

15:24:42.0617 3032 \Device\Harddisk0\DR0:

15:24:42.0617 3032 MBR partitions:

15:24:42.0617 3032 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1801F5F, BlocksNum 0x32FCD

15:24:42.0617 3032 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1834F2C, BlocksNum 0x23BF9384

15:24:42.0617 3032 ============================================================

15:24:42.0647 3032 C: <-> \Device\Harddisk0\DR0\Partition1

15:24:42.0647 3032 ============================================================

15:24:42.0647 3032 Initialize success

15:24:42.0647 3032 ============================================================

15:25:04.0795 6124 ============================================================

15:25:04.0795 6124 Scan started

15:25:04.0795 6124 Mode: Manual;

15:25:04.0795 6124 ============================================================

15:25:06.0189 6124 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

15:25:06.0189 6124 !SASCORE - ok

15:25:06.0329 6124 0265411343779605mcinstcleanup - ok

15:25:06.0439 6124 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

15:25:06.0439 6124 1394ohci - ok

15:25:06.0479 6124 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

15:25:06.0489 6124 ACPI - ok

15:25:06.0539 6124 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

15:25:06.0609 6124 AcpiPmi - ok

15:25:06.0739 6124 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

15:25:06.0739 6124 AdobeFlashPlayerUpdateSvc - ok

15:25:06.0809 6124 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

15:25:06.0819 6124 adp94xx - ok

15:25:06.0869 6124 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

15:25:06.0879 6124 adpahci - ok

15:25:06.0909 6124 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

15:25:06.0919 6124 adpu320 - ok

15:25:06.0949 6124 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

15:25:06.0959 6124 AeLookupSvc - ok

15:25:07.0009 6124 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

15:25:07.0019 6124 AFD - ok

15:25:07.0059 6124 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

15:25:07.0069 6124 agp440 - ok

15:25:07.0089 6124 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

15:25:07.0099 6124 ALG - ok

15:25:07.0159 6124 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

15:25:07.0159 6124 aliide - ok

15:25:07.0179 6124 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

15:25:07.0179 6124 amdide - ok

15:25:07.0209 6124 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

15:25:07.0219 6124 AmdK8 - ok

15:25:07.0229 6124 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

15:25:07.0229 6124 AmdPPM - ok

15:25:07.0289 6124 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

15:25:07.0289 6124 amdsata - ok

15:25:07.0349 6124 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

15:25:07.0349 6124 amdsbs - ok

15:25:07.0369 6124 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

15:25:07.0369 6124 amdxata - ok

15:25:07.0439 6124 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

15:25:07.0439 6124 AppID - ok

15:25:07.0469 6124 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

15:25:07.0479 6124 AppIDSvc - ok

15:25:07.0529 6124 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

15:25:07.0529 6124 Appinfo - ok

15:25:07.0619 6124 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

15:25:07.0619 6124 arc - ok

15:25:07.0649 6124 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

15:25:07.0649 6124 arcsas - ok

15:25:07.0759 6124 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

15:25:07.0759 6124 aspnet_state - ok

15:25:07.0799 6124 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

15:25:07.0799 6124 AsyncMac - ok

15:25:07.0839 6124 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

15:25:07.0839 6124 atapi - ok

15:25:07.0947 6124 athr (88a02b6046356e6be4e387faa7451439) C:\Windows\system32\DRIVERS\athrx.sys

15:25:07.0962 6124 athr - ok

15:25:08.0071 6124 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

15:25:08.0087 6124 AudioEndpointBuilder - ok

15:25:08.0103 6124 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

15:25:08.0103 6124 AudioSrv - ok

15:25:08.0149 6124 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

15:25:08.0165 6124 AxInstSV - ok

15:25:08.0243 6124 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

15:25:08.0243 6124 b06bdrv - ok

15:25:08.0290 6124 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

15:25:08.0290 6124 b57nd60a - ok

15:25:08.0446 6124 BCM43XX (b44879610f2dc4a046b14befa3ae72de) C:\Windows\system32\DRIVERS\bcmwl664.sys

15:25:08.0524 6124 BCM43XX - ok

15:25:08.0617 6124 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

15:25:08.0664 6124 BDESVC - ok

15:25:08.0711 6124 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

15:25:08.0711 6124 Beep - ok

15:25:08.0805 6124 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

15:25:08.0851 6124 BFE - ok

15:25:08.0914 6124 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll

15:25:08.0929 6124 BITS - ok

15:25:08.0992 6124 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

15:25:08.0992 6124 blbdrive - ok

15:25:09.0054 6124 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

15:25:09.0054 6124 bowser - ok

15:25:09.0070 6124 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

15:25:09.0070 6124 BrFiltLo - ok

15:25:09.0101 6124 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

15:25:09.0101 6124 BrFiltUp - ok

15:25:09.0163 6124 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

15:25:09.0163 6124 BridgeMP - ok

15:25:09.0210 6124 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

15:25:09.0210 6124 Browser - ok

15:25:09.0241 6124 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

15:25:09.0257 6124 Brserid - ok

15:25:09.0273 6124 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

15:25:09.0288 6124 BrSerWdm - ok

15:25:09.0319 6124 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

15:25:09.0319 6124 BrUsbMdm - ok

15:25:09.0335 6124 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

15:25:09.0335 6124 BrUsbSer - ok

15:25:09.0366 6124 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

15:25:09.0366 6124 BTHMODEM - ok

15:25:09.0429 6124 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys

15:25:09.0444 6124 BTHPORT - ok

15:25:09.0491 6124 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

15:25:09.0491 6124 bthserv - ok

15:25:09.0522 6124 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys

15:25:09.0522 6124 BTHUSB - ok

15:25:09.0569 6124 catchme - ok

15:25:09.0600 6124 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

15:25:09.0600 6124 cdfs - ok

15:25:09.0663 6124 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

15:25:09.0725 6124 cdrom - ok

15:25:09.0771 6124 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

15:25:09.0771 6124 CertPropSvc - ok

15:25:09.0831 6124 cfwids (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys

15:25:09.0831 6124 cfwids - ok

15:25:09.0871 6124 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

15:25:09.0871 6124 circlass - ok

15:25:09.0911 6124 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

15:25:09.0921 6124 CLFS - ok

15:25:09.0981 6124 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

15:25:09.0981 6124 clr_optimization_v2.0.50727_32 - ok

15:25:10.0021 6124 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

15:25:10.0031 6124 clr_optimization_v2.0.50727_64 - ok

15:25:10.0111 6124 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

15:25:10.0121 6124 clr_optimization_v4.0.30319_32 - ok

15:25:10.0171 6124 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

15:25:10.0171 6124 clr_optimization_v4.0.30319_64 - ok

15:25:10.0211 6124 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

15:25:10.0221 6124 CmBatt - ok

15:25:10.0271 6124 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

15:25:10.0271 6124 cmdide - ok

15:25:10.0321 6124 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys

15:25:10.0331 6124 CNG - ok

15:25:10.0361 6124 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

15:25:10.0371 6124 Compbatt - ok

15:25:10.0421 6124 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

15:25:10.0421 6124 CompositeBus - ok

15:25:10.0431 6124 COMSysApp - ok

15:25:10.0461 6124 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

15:25:10.0461 6124 crcdisk - ok

15:25:10.0521 6124 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

15:25:10.0521 6124 CryptSvc - ok

15:25:10.0591 6124 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

15:25:10.0591 6124 DcomLaunch - ok

15:25:10.0631 6124 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

15:25:10.0641 6124 defragsvc - ok

15:25:10.0691 6124 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

15:25:10.0701 6124 DfsC - ok

15:25:10.0751 6124 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

15:25:10.0761 6124 Dhcp - ok

15:25:10.0781 6124 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

15:25:10.0781 6124 discache - ok

15:25:10.0821 6124 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

15:25:10.0821 6124 Disk - ok

15:25:10.0911 6124 DKbFltr (d5bcb77be83cf99f508943945d46343d) C:\Windows\SysWOW64\Drivers\DKbFltr.sys

15:25:10.0911 6124 DKbFltr - ok

15:25:10.0961 6124 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

15:25:10.0971 6124 Dnscache - ok

15:25:11.0031 6124 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

15:25:11.0031 6124 dot3svc - ok

15:25:11.0091 6124 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys

15:25:11.0091 6124 Dot4 - ok

15:25:11.0141 6124 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys

15:25:11.0201 6124 Dot4Print - ok

15:25:11.0261 6124 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys

15:25:11.0261 6124 dot4usb - ok

15:25:11.0321 6124 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

15:25:11.0331 6124 DPS - ok

15:25:11.0381 6124 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

15:25:11.0381 6124 drmkaud - ok

15:25:11.0521 6124 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

15:25:11.0541 6124 DXGKrnl - ok

15:25:11.0591 6124 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

15:25:11.0591 6124 EapHost - ok

15:25:11.0781 6124 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

15:25:11.0863 6124 ebdrv - ok

15:25:11.0957 6124 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

15:25:11.0957 6124 EFS - ok

15:25:12.0035 6124 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

15:25:12.0050 6124 ehRecvr - ok

15:25:12.0097 6124 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

15:25:12.0097 6124 ehSched - ok

15:25:12.0175 6124 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

15:25:12.0191 6124 elxstor - ok

15:25:12.0284 6124 ePowerSvc (8e910f796f5f30281cdd24aba47ddea2) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

15:25:12.0300 6124 ePowerSvc - ok

15:25:12.0425 6124 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

15:25:12.0425 6124 ErrDev - ok

15:25:12.0440 6124 EST_BusEnum - ok

15:25:12.0503 6124 EST_Server (b63cb796f3fc7df6db5c0dd7e4a6f16d) C:\Windows\system32\DRIVERS\GenHC.sys

15:25:12.0565 6124 EST_Server - ok

15:25:12.0674 6124 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

15:25:12.0690 6124 EventSystem - ok

15:25:12.0721 6124 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

15:25:12.0721 6124 exfat - ok

15:25:12.0737 6124 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

15:25:12.0752 6124 fastfat - ok

15:25:12.0815 6124 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

15:25:12.0830 6124 Fax - ok

15:25:12.0861 6124 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

15:25:12.0861 6124 fdc - ok

15:25:12.0893 6124 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

15:25:12.0893 6124 fdPHost - ok

15:25:12.0908 6124 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

15:25:12.0908 6124 FDResPub - ok

15:25:12.0939 6124 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

15:25:12.0939 6124 FileInfo - ok

15:25:12.0939 6124 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

15:25:12.0939 6124 Filetrace - ok

15:25:12.0971 6124 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

15:25:12.0971 6124 flpydisk - ok

15:25:13.0017 6124 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

15:25:13.0033 6124 FltMgr - ok

15:25:13.0095 6124 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

15:25:13.0158 6124 FontCache - ok

15:25:13.0267 6124 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

15:25:13.0267 6124 FontCache3.0.0.0 - ok

15:25:13.0345 6124 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

15:25:13.0345 6124 FsDepends - ok

15:25:13.0376 6124 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

15:25:13.0376 6124 Fs_Rec - ok

15:25:13.0439 6124 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

15:25:13.0439 6124 fvevol - ok

15:25:13.0485 6124 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

15:25:13.0485 6124 gagp30kx - ok

15:25:13.0579 6124 GameConsoleService (73a2ec1a8dd15f85f92f8ac303a7e39b) C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe

15:25:13.0579 6124 GameConsoleService - ok

15:25:13.0641 6124 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

15:25:13.0657 6124 gpsvc - ok

15:25:13.0985 6124 Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe

15:25:14.0016 6124 Greg_Service - ok

15:25:14.0125 6124 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

15:25:14.0125 6124 gupdate - ok

15:25:14.0156 6124 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

15:25:14.0172 6124 gupdatem - ok

15:25:14.0219 6124 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

15:25:14.0219 6124 gusvc - ok

15:25:14.0343 6124 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

15:25:14.0359 6124 hcw85cir - ok

15:25:14.0406 6124 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

15:25:14.0421 6124 HdAudAddService - ok

15:25:14.0437 6124 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

15:25:14.0437 6124 HDAudBus - ok

15:25:14.0468 6124 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

15:25:14.0484 6124 HidBatt - ok

15:25:14.0499 6124 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

15:25:14.0499 6124 HidBth - ok

15:25:14.0515 6124 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

15:25:14.0515 6124 HidIr - ok

15:25:14.0546 6124 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

15:25:14.0546 6124 hidserv - ok

15:25:14.0593 6124 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

15:25:14.0593 6124 HidUsb - ok

15:25:14.0640 6124 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

15:25:14.0640 6124 hkmsvc - ok

15:25:14.0687 6124 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

15:25:14.0687 6124 HomeGroupListener - ok

15:25:14.0718 6124 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

15:25:14.0718 6124 HomeGroupProvider - ok

15:25:14.0874 6124 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll

15:25:14.0874 6124 hpqcxs08 - ok

15:25:14.0952 6124 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll

15:25:14.0952 6124 hpqddsvc - ok

15:25:15.0014 6124 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

15:25:15.0014 6124 HpSAMD - ok

15:25:15.0123 6124 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL

15:25:15.0139 6124 HPSLPSVC - ok

15:25:15.0217 6124 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

15:25:15.0233 6124 HTTP - ok

15:25:15.0248 6124 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

15:25:15.0248 6124 hwpolicy - ok

15:25:15.0295 6124 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

15:25:15.0295 6124 i8042prt - ok

15:25:15.0357 6124 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys

15:25:15.0357 6124 iaStor - ok

15:25:15.0435 6124 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

15:25:15.0435 6124 IAStorDataMgrSvc - ok

15:25:15.0498 6124 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

15:25:15.0498 6124 iaStorV - ok

15:25:15.0623 6124 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

15:25:15.0638 6124 idsvc - ok

15:25:16.0075 6124 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys

15:25:16.0340 6124 igfx - ok

15:25:16.0449 6124 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

15:25:16.0449 6124 iirsp - ok

15:25:16.0527 6124 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

15:25:16.0543 6124 IKEEXT - ok

15:25:16.0652 6124 IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\Windows\system32\drivers\RTKVHD64.sys

15:25:16.0668 6124 IntcAzAudAddService - ok

15:25:16.0793 6124 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

15:25:16.0793 6124 intelide - ok

15:25:16.0839 6124 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

15:25:16.0839 6124 intelppm - ok

15:25:16.0871 6124 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

15:25:16.0871 6124 IPBusEnum - ok

15:25:16.0917 6124 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

15:25:16.0917 6124 IpFilterDriver - ok

15:25:16.0980 6124 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

15:25:16.0995 6124 iphlpsvc - ok

15:25:17.0042 6124 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

15:25:17.0042 6124 IPMIDRV - ok

15:25:17.0082 6124 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

15:25:17.0092 6124 IPNAT - ok

15:25:17.0112 6124 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

15:25:17.0112 6124 IRENUM - ok

15:25:17.0142 6124 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

15:25:17.0142 6124 isapnp - ok

15:25:17.0182 6124 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

15:25:17.0182 6124 iScsiPrt - ok

15:25:17.0242 6124 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

15:25:17.0242 6124 kbdclass - ok

15:25:17.0292 6124 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

15:25:17.0292 6124 kbdhid - ok

15:25:17.0322 6124 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

15:25:17.0322 6124 KeyIso - ok

15:25:17.0352 6124 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys

15:25:17.0362 6124 KSecDD - ok

15:25:17.0392 6124 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys

15:25:17.0392 6124 KSecPkg - ok

15:25:17.0432 6124 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

15:25:17.0432 6124 ksthunk - ok

15:25:17.0472 6124 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

15:25:17.0482 6124 KtmRm - ok

15:25:17.0502 6124 L1C (2377ec4cc3e356655b996f39b43486b6) C:\Windows\system32\DRIVERS\L1C62x64.sys

15:25:17.0502 6124 L1C - ok

15:25:17.0562 6124 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

15:25:17.0572 6124 LanmanServer - ok

15:25:17.0612 6124 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

15:25:17.0622 6124 LanmanWorkstation - ok

15:25:17.0672 6124 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

15:25:17.0672 6124 lltdio - ok

15:25:17.0712 6124 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

15:25:17.0722 6124 lltdsvc - ok

15:25:17.0742 6124 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

15:25:17.0742 6124 lmhosts - ok

15:25:17.0782 6124 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

15:25:17.0792 6124 LSI_FC - ok

15:25:17.0812 6124 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

15:25:17.0822 6124 LSI_SAS - ok

15:25:17.0832 6124 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

15:25:17.0832 6124 LSI_SAS2 - ok

15:25:17.0872 6124 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

15:25:17.0872 6124 LSI_SCSI - ok

15:25:17.0912 6124 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

15:25:17.0912 6124 luafv - ok

15:25:18.0022 6124 McAfee SiteAdvisor Service (b4726deec4c27d47f9141d45504dce29) c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe

15:25:18.0032 6124 McAfee SiteAdvisor Service - ok

15:25:18.0182 6124 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

15:25:18.0192 6124 McMPFSvc - ok

15:25:18.0222 6124 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

15:25:18.0232 6124 mcmscsvc - ok

15:25:18.0242 6124 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

15:25:18.0242 6124 McNaiAnn - ok

15:25:18.0252 6124 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

15:25:18.0252 6124 McNASvc - ok

15:25:18.0352 6124 McODS (dd2321925274f2902929d76ce2b0eb45) C:\Program Files\McAfee\VirusScan\mcods.exe

15:25:18.0422 6124 McODS - ok

15:25:18.0432 6124 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

15:25:18.0432 6124 McProxy - ok

15:25:18.0502 6124 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

15:25:18.0502 6124 McShield - ok

15:25:18.0552 6124 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

15:25:18.0552 6124 Mcx2Svc - ok

15:25:18.0612 6124 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

15:25:18.0612 6124 megasas - ok

15:25:18.0642 6124 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

15:25:18.0652 6124 MegaSR - ok

15:25:18.0692 6124 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys

15:25:18.0702 6124 mfeapfk - ok

15:25:18.0752 6124 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys

15:25:18.0762 6124 mfeavfk - ok

15:25:18.0802 6124 mfeavfk01 - ok

15:25:18.0842 6124 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

15:25:18.0842 6124 mfefire - ok

15:25:18.0902 6124 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys

15:25:18.0902 6124 mfefirek - ok

15:25:19.0012 6124 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys

15:25:19.0022 6124 mfehidk - ok

15:25:19.0082 6124 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys

15:25:19.0082 6124 mfenlfk - ok

15:25:19.0123 6124 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys

15:25:19.0123 6124 mferkdet - ok

15:25:19.0170 6124 mferkdk (624d717b11e5004f68442b5740f17f21) C:\Windows\system32\drivers\mferkdk.sys

15:25:19.0170 6124 mferkdk - ok

15:25:19.0201 6124 mfesmfk (0cd9de7b96735f33f078c4ea044e8b34) C:\Windows\system32\drivers\mfesmfk.sys

15:25:19.0201 6124 mfesmfk - ok

15:25:19.0233 6124 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Windows\system32\mfevtps.exe

15:25:19.0248 6124 mfevtp - ok

15:25:19.0295 6124 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys

15:25:19.0295 6124 mfewfpk - ok

15:25:19.0326 6124 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

15:25:19.0326 6124 MMCSS - ok

15:25:19.0357 6124 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

15:25:19.0373 6124 Modem - ok

15:25:19.0389 6124 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

15:25:19.0389 6124 monitor - ok

15:25:19.0435 6124 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

15:25:19.0435 6124 mouclass - ok

15:25:19.0482 6124 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

15:25:19.0482 6124 mouhid - ok

15:25:19.0513 6124 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

15:25:19.0513 6124 mountmgr - ok

15:25:19.0560 6124 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

15:25:19.0576 6124 mpio - ok

15:25:19.0591 6124 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

15:25:19.0607 6124 mpsdrv - ok

15:25:19.0654 6124 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

15:25:19.0669 6124 MpsSvc - ok

15:25:19.0716 6124 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

15:25:19.0732 6124 MRxDAV - ok

15:25:19.0763 6124 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

15:25:19.0763 6124 mrxsmb - ok

15:25:19.0810 6124 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

15:25:19.0825 6124 mrxsmb10 - ok

15:25:19.0841 6124 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

15:25:19.0857 6124 mrxsmb20 - ok

15:25:19.0888 6124 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

15:25:19.0888 6124 msahci - ok

15:25:19.0919 6124 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

15:25:19.0935 6124 msdsm - ok

15:25:19.0966 6124 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

15:25:19.0966 6124 MSDTC - ok

15:25:20.0013 6124 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

15:25:20.0013 6124 Msfs - ok

15:25:20.0028 6124 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

15:25:20.0028 6124 mshidkmdf - ok

15:25:20.0059 6124 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

15:25:20.0059 6124 msisadrv - ok

15:25:20.0091 6124 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

15:25:20.0091 6124 MSiSCSI - ok

15:25:20.0106 6124 msiserver - ok

15:25:20.0137 6124 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

15:25:20.0137 6124 MSKSSRV - ok

15:25:20.0153 6124 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

15:25:20.0153 6124 MSPCLOCK - ok

15:25:20.0153 6124 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

15:25:20.0169 6124 MSPQM - ok

15:25:20.0215 6124 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

15:25:20.0215 6124 MsRPC - ok

15:25:20.0262 6124 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

15:25:20.0262 6124 mssmbios - ok

15:25:20.0293 6124 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

15:25:20.0293 6124 MSTEE - ok

15:25:20.0309 6124 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

15:25:20.0309 6124 MTConfig - ok

15:25:20.0356 6124 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

15:25:20.0356 6124 Mup - ok

15:25:20.0387 6124 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys

15:25:20.0387 6124 mwlPSDFilter - ok

15:25:20.0403 6124 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys

15:25:20.0403 6124 mwlPSDNServ - ok

15:25:20.0418 6124 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys

15:25:20.0418 6124 mwlPSDVDisk - ok

15:25:20.0512 6124 MWLService (2f139207f618ec2933830227eeffddb4) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe

15:25:20.0527 6124 MWLService - ok

15:25:20.0574 6124 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

15:25:20.0574 6124 napagent - ok

15:25:20.0640 6124 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

15:25:20.0650 6124 NativeWifiP - ok

15:25:20.0730 6124 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

15:25:20.0750 6124 NDIS - ok

15:25:20.0790 6124 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

15:25:20.0790 6124 NdisCap - ok

15:25:20.0830 6124 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

15:25:20.0830 6124 NdisTapi - ok

15:25:20.0850 6124 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

15:25:20.0850 6124 Ndisuio - ok

15:25:20.0890 6124 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

15:25:20.0890 6124 NdisWan - ok

15:25:20.0900 6124 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

15:25:20.0900 6124 NDProxy - ok

15:25:21.0000 6124 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll

15:25:21.0000 6124 Net Driver HPZ12 - ok

15:25:21.0040 6124 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

15:25:21.0040 6124 NetBIOS - ok

15:25:21.0090 6124 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

15:25:21.0090 6124 NetBT - ok

15:25:21.0120 6124 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

15:25:21.0120 6124 Netlogon - ok

15:25:21.0180 6124 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

15:25:21.0190 6124 Netman - ok

15:25:21.0320 6124 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

15:25:21.0330 6124 NetMsmqActivator - ok

15:25:21.0350 6124 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

15:25:21.0360 6124 NetPipeActivator - ok

15:25:21.0400 6124 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

15:25:21.0410 6124 netprofm - ok

15:25:21.0420 6124 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

15:25:21.0420 6124 NetTcpActivator - ok

15:25:21.0430 6124 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

15:25:21.0440 6124 NetTcpPortSharing - ok

15:25:21.0480 6124 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

15:25:21.0480 6124 nfrd960 - ok

15:25:21.0530 6124 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

15:25:21.0540 6124 NlaSvc - ok

15:25:21.0560 6124 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

15:25:21.0560 6124 Npfs - ok

15:25:21.0600 6124 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

15:25:21.0600 6124 nsi - ok

15:25:21.0630 6124 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

15:25:21.0630 6124 nsiproxy - ok

15:25:21.0740 6124 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

15:25:21.0770 6124 Ntfs - ok

15:25:21.0860 6124 NTIBackupSvc (fd324cce1d4d5bb5af65f8e55b462c7e) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

15:25:21.0860 6124 NTIBackupSvc - ok

15:25:21.0990 6124 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys

15:25:21.0990 6124 NTIDrvr - ok

15:25:22.0020 6124 NTISchedulerSvc (3f6268a2ec33cd38cf75c880af8ded42) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

15:25:22.0040 6124 NTISchedulerSvc - ok

15:25:22.0070 6124 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

15:25:22.0070 6124 Null - ok

15:25:22.0120 6124 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

15:25:22.0130 6124 nvraid - ok

15:25:22.0150 6124 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

15:25:22.0160 6124 nvstor - ok

15:25:22.0190 6124 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

15:25:22.0210 6124 nv_agp - ok

15:25:22.0280 6124 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

15:25:22.0290 6124 odserv - ok

15:25:22.0330 6124 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

15:25:22.0330 6124 ohci1394 - ok

15:25:22.0360 6124 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

15:25:22.0360 6124 ose - ok

15:25:22.0410 6124 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

15:25:22.0420 6124 p2pimsvc - ok

15:25:22.0470 6124 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

15:25:22.0480 6124 p2psvc - ok

15:25:22.0510 6124 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

15:25:22.0510 6124 Parport - ok

15:25:22.0550 6124 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

15:25:22.0560 6124 partmgr - ok

15:25:22.0580 6124 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

15:25:22.0590 6124 PcaSvc - ok

15:25:22.0620 6124 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

15:25:22.0630 6124 pci - ok

15:25:22.0640 6124 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

15:25:22.0640 6124 pciide - ok

15:25:22.0687 6124 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

15:25:22.0687 6124 pcmcia - ok

15:25:22.0702 6124 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

15:25:22.0702 6124 pcw - ok

15:25:22.0733 6124 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

15:25:22.0749 6124 PEAUTH - ok

15:25:22.0827 6124 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

15:25:22.0827 6124 PerfHost - ok

15:25:22.0921 6124 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

15:25:22.0936 6124 pla - ok

15:25:23.0014 6124 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

15:25:23.0014 6124 PlugPlay - ok

15:25:23.0092 6124 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll

15:25:23.0092 6124 Pml Driver HPZ12 - ok

15:25:23.0139 6124 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

15:25:23.0139 6124 PNRPAutoReg - ok

15:25:23.0170 6124 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

15:25:23.0186 6124 PNRPsvc - ok

15:25:23.0233 6124 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

15:25:23.0233 6124 PolicyAgent - ok

15:25:23.0279 6124 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

15:25:23.0295 6124 Power - ok

15:25:23.0357 6124 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

15:25:23.0357 6124 PptpMiniport - ok

15:25:23.0393 6124 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

15:25:23.0393 6124 Processor - ok

15:25:23.0443 6124 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

15:25:23.0453 6124 ProfSvc - ok

15:25:23.0473 6124 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

15:25:23.0473 6124 ProtectedStorage - ok

15:25:23.0543 6124 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

15:25:23.0543 6124 Psched - ok

15:25:23.0693 6124 QBCFMonitorService (291e76c02c0994e4e6f1f97a4bcf6c0e) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

15:25:23.0693 6124 QBCFMonitorService - ok

15:25:23.0753 6124 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

15:25:23.0753 6124 QBFCService - ok

15:25:23.0853 6124 QBVSS (25fc19badf78b7fb1d835aac4b0b91a5) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe

15:25:23.0873 6124 QBVSS - ok

15:25:24.0183 6124 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

15:25:24.0203 6124 ql2300 - ok

15:25:24.0323 6124 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

15:25:24.0323 6124 ql40xx - ok

15:25:24.0413 6124 QuickBooksDB22 - ok

15:25:24.0443 6124 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

15:25:24.0453 6124 QWAVE - ok

15:25:24.0473 6124 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

15:25:24.0473 6124 QWAVEdrv - ok

15:25:24.0493 6124 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

15:25:24.0503 6124 RasAcd - ok

15:25:24.0533 6124 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

15:25:24.0533 6124 RasAgileVpn - ok

15:25:24.0563 6124 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

15:25:24.0563 6124 RasAuto - ok

15:25:24.0593 6124 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

15:25:24.0603 6124 Rasl2tp - ok

15:25:24.0633 6124 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

15:25:24.0643 6124 RasMan - ok

15:25:24.0693 6124 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

15:25:24.0693 6124 RasPppoe - ok

15:25:24.0713 6124 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

15:25:24.0713 6124 RasSstp - ok

15:25:24.0763 6124 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

15:25:24.0763 6124 rdbss - ok

15:25:24.0803 6124 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

15:25:24.0803 6124 rdpbus - ok

15:25:24.0823 6124 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

15:25:24.0823 6124 RDPCDD - ok

15:25:24.0843 6124 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

15:25:24.0843 6124 RDPENCDD - ok

15:25:24.0873 6124 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

15:25:24.0873 6124 RDPREFMP - ok

15:25:24.0913 6124 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

15:25:24.0923 6124 RDPWD - ok

15:25:24.0983 6124 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

15:25:24.0983 6124 rdyboost - ok

15:25:25.0023 6124 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

15:25:25.0023 6124 RemoteAccess - ok

15:25:25.0063 6124 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

15:25:25.0063 6124 RemoteRegistry - ok

15:25:25.0083 6124 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

15:25:25.0083 6124 RpcEptMapper - ok

15:25:25.0113 6124 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

15:25:25.0113 6124 RpcLocator - ok

15:25:25.0163 6124 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

15:25:25.0173 6124 RpcSs - ok

15:25:25.0213 6124 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

15:25:25.0213 6124 rspndr - ok

15:25:25.0273 6124 RSUSBSTOR (db30aa4daa0d492fa5d7717d8181ffa1) C:\Windows\system32\Drivers\RtsUStor.sys

15:25:25.0273 6124 RSUSBSTOR - ok

15:25:25.0313 6124 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

15:25:25.0313 6124 SamSs - ok

15:25:25.0383 6124 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

15:25:25.0383 6124 SASDIFSV - ok

15:25:25.0403 6124 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

15:25:25.0403 6124 SASKUTIL - ok

15:25:25.0443 6124 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

15:25:25.0443 6124 sbp2port - ok

15:25:25.0483 6124 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

15:25:25.0483 6124 SCardSvr - ok

15:25:25.0533 6124 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

15:25:25.0533 6124 scfilter - ok

15:25:25.0603 6124 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

15:25:25.0623 6124 Schedule - ok

15:25:25.0633 6124 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

15:25:25.0633 6124 SCPolicySvc - ok

15:25:25.0673 6124 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

15:25:25.0673 6124 SDRSVC - ok

15:25:25.0723 6124 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

15:25:25.0723 6124 secdrv - ok

15:25:25.0743 6124 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

15:25:25.0743 6124 seclogon - ok

15:25:25.0783 6124 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll

15:25:25.0793 6124 SENS - ok

15:25:25.0803 6124 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

15:25:25.0813 6124 SensrSvc - ok

15:25:25.0853 6124 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

15:25:25.0863 6124 Serenum - ok

15:25:25.0883 6124 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

15:25:25.0883 6124 Serial - ok

15:25:25.0943 6124 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

15:25:25.0943 6124 sermouse - ok

15:25:26.0003 6124 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

15:25:26.0053 6124 SessionEnv - ok

15:25:26.0093 6124 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

15:25:26.0093 6124 sffdisk - ok

15:25:26.0113 6124 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

15:25:26.0113 6124 sffp_mmc - ok

15:25:26.0123 6124 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

15:25:26.0173 6124 sffp_sd - ok

15:25:26.0203 6124 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

15:25:26.0203 6124 sfloppy - ok

15:25:26.0273 6124 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

15:25:26.0273 6124 SharedAccess - ok

15:25:26.0323 6124 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

15:25:26.0333 6124 ShellHWDetection - ok

15:25:26.0363 6124 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

15:25:26.0373 6124 SiSRaid2 - ok

15:25:26.0403 6124 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

15:25:26.0403 6124 SiSRaid4 - ok

15:25:26.0433 6124 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

15:25:26.0443 6124 Smb - ok

15:25:26.0493 6124 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

15:25:26.0503 6124 SNMPTRAP - ok

15:25:26.0533 6124 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

15:25:26.0543 6124 spldr - ok

15:25:26.0603 6124 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

15:25:26.0613 6124 Spooler - ok

15:25:26.0773 6124 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

15:25:26.0843 6124 sppsvc - ok

15:25:26.0943 6124 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

15:25:26.0953 6124 sppuinotify - ok

15:25:27.0023 6124 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

15:25:27.0033 6124 srv - ok

15:25:27.0063 6124 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

15:25:27.0063 6124 srv2 - ok

15:25:27.0113 6124 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

15:25:27.0113 6124 srvnet - ok

15:25:27.0163 6124 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

15:25:27.0173 6124 SSDPSRV - ok

15:25:27.0193 6124 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

15:25:27.0193 6124 SstpSvc - ok

15:25:27.0223 6124 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

15:25:27.0223 6124 stexstor - ok

15:25:27.0263 6124 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys

15:25:27.0273 6124 StillCam - ok

15:25:27.0313 6124 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

15:25:27.0323 6124 stisvc - ok

15:25:27.0363 6124 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

15:25:27.0373 6124 swenum - ok

15:25:27.0423 6124 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

15:25:27.0433 6124 swprv - ok

15:25:27.0473 6124 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys

15:25:27.0473 6124 SynTP - ok

15:25:27.0573 6124 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

15:25:27.0613 6124 SysMain - ok

15:25:27.0713 6124 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

15:25:27.0723 6124 TabletInputService - ok

15:25:27.0773 6124 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

15:25:27.0783 6124 TapiSrv - ok

15:25:27.0823 6124 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

15:25:27.0833 6124 TBS - ok

15:25:27.0963 6124 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

15:25:27.0993 6124 Tcpip - ok

15:25:28.0193 6124 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

15:25:28.0203 6124 TCPIP6 - ok

15:25:28.0323 6124 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

15:25:28.0323 6124 tcpipreg - ok

15:25:28.0353 6124 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

15:25:28.0353 6124 TDPIPE - ok

15:25:28.0373 6124 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

15:25:28.0435 6124 TDTCP - ok

15:25:28.0467 6124 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

15:25:28.0467 6124 tdx - ok

15:25:28.0513 6124 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

15:25:28.0513 6124 TermDD - ok

15:25:28.0576 6124 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

15:25:28.0576 6124 TermService - ok

15:25:28.0607 6124 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

15:25:28.0623 6124 Themes - ok

15:25:28.0654 6124 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

15:25:28.0654 6124 THREADORDER - ok

15:25:28.0669 6124 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

15:25:28.0685 6124 TrkWks - ok

15:25:28.0747 6124 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

15:25:28.0747 6124 TrustedInstaller - ok

15:25:28.0779 6124 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

15:25:28.0841 6124 tssecsrv - ok

15:25:28.0872 6124 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

15:25:28.0872 6124 TsUsbFlt - ok

15:25:28.0919 6124 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

15:25:28.0919 6124 tunnel - ok

15:25:28.0950 6124 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

15:25:28.0950 6124 uagp35 - ok

15:25:28.0981 6124 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys

15:25:28.0981 6124 UBHelper - ok

15:25:29.0028 6124 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

15:25:29.0028 6124 udfs - ok

15:25:29.0075 6124 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

15:25:29.0091 6124 UI0Detect - ok

15:25:29.0169 6124 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

15:25:29.0169 6124 uliagpkx - ok

15:25:29.0215 6124 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

15:25:29.0293 6124 umbus - ok

15:25:29.0325 6124 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

15:25:29.0325 6124 UmPass - ok

15:25:29.0387 6124 Updater Service (70dde3a86dbeb1d6c3c30ad687b1877a) C:\Program Files\Acer\Acer Updater\UpdaterService.exe

15:25:29.0403 6124 Updater Service - ok

15:25:29.0434 6124 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

15:25:29.0449 6124 upnphost - ok

15:25:29.0481 6124 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

15:25:29.0481 6124 usbccgp - ok

15:25:29.0543 6124 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

15:25:29.0559 6124 usbcir - ok

15:25:29.0574 6124 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

15:25:29.0621 6124 usbehci - ok

15:25:29.0652 6124 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

15:25:29.0652 6124 usbhub - ok

15:25:29.0683 6124 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

15:25:29.0730 6124 usbohci - ok

15:25:29.0761 6124 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

15:25:29.0761 6124 usbprint - ok

15:25:29.0793 6124 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

15:25:29.0793 6124 USBSTOR - ok

15:25:29.0839 6124 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys

15:25:29.0886 6124 usbuhci - ok

15:25:29.0933 6124 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

15:25:29.0980 6124 usbvideo - ok

15:25:30.0011 6124 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

15:25:30.0011 6124 UxSms - ok

15:25:30.0042 6124 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

15:25:30.0042 6124 VaultSvc - ok

15:25:30.0105 6124 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

15:25:30.0105 6124 vdrvroot - ok

15:25:30.0167 6124 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

15:25:30.0183 6124 vds - ok

15:25:30.0229 6124 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

15:25:30.0229 6124 vga - ok

15:25:30.0245 6124 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

15:25:30.0245 6124 VgaSave - ok

15:25:30.0292 6124 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

15:25:30.0307 6124 vhdmp - ok

15:25:30.0354 6124 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

15:25:30.0354 6124 viaide - ok

15:25:30.0370 6124 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

15:25:30.0370 6124 volmgr - ok

15:25:30.0432 6124 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

15:25:30.0432 6124 volmgrx - ok

15:25:30.0479 6124 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

15:25:30.0495 6124 volsnap - ok

15:25:30.0526 6124 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

15:25:30.0526 6124 vsmraid - ok

15:25:30.0604 6124 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

15:25:30.0619 6124 VSS - ok

15:25:30.0729 6124 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

15:25:30.0729 6124 vwifibus - ok

15:25:30.0760 6124 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

15:25:30.0760 6124 vwififlt - ok

15:25:30.0807 6124 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

15:25:30.0807 6124 W32Time - ok

15:25:30.0837 6124 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

15:25:30.0847 6124 WacomPen - ok

15:25:30.0887 6124 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

15:25:30.0897 6124 WANARP - ok

15:25:30.0897 6124 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

15:25:30.0907 6124 Wanarpv6 - ok

15:25:31.0007 6124 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

15:25:31.0077 6124 WatAdminSvc - ok

15:25:31.0167 6124 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

15:25:31.0237 6124 wbengine - ok

15:25:31.0337 6124 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

15:25:31.0347 6124 WbioSrvc - ok

15:25:31.0397 6124 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

15:25:31.0407 6124 wcncsvc - ok

15:25:31.0437 6124 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

15:25:31.0437 6124 WcsPlugInService - ok

15:25:31.0487 6124 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

15:25:31.0487 6124 Wd - ok

15:25:31.0527 6124 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

15:25:31.0537 6124 Wdf01000 - ok

15:25:31.0577 6124 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

15:25:31.0587 6124 WdiServiceHost - ok

15:25:31.0587 6124 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

15:25:31.0587 6124 WdiSystemHost - ok

15:25:31.0637 6124 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

15:25:31.0647 6124 WebClient - ok

15:25:31.0677 6124 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

15:25:31.0687 6124 Wecsvc - ok

15:25:31.0697 6124 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

15:25:31.0697 6124 wercplsupport - ok

15:25:31.0747 6124 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

15:25:31.0747 6124 WerSvc - ok

15:25:31.0797 6124 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

15:25:31.0807 6124 WfpLwf - ok

15:25:31.0827 6124 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

15:25:31.0827 6124 WIMMount - ok

15:25:31.0877 6124 WinDefend - ok

15:25:31.0887 6124 WinHttpAutoProxySvc - ok

15:25:31.0947 6124 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

15:25:31.0947 6124 Winmgmt - ok

15:25:32.0057 6124 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

15:25:32.0077 6124 WinRM - ok

15:25:32.0217 6124 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

15:25:32.0227 6124 WinUsb - ok

15:25:32.0287 6124 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

15:25:32.0307 6124 Wlansvc - ok

15:25:32.0537 6124 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

15:25:32.0567 6124 wlidsvc - ok

15:25:32.0697 6124 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

15:25:32.0697 6124 WmiAcpi - ok

15:25:32.0757 6124 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

15:25:32.0767 6124 wmiApSrv - ok

15:25:32.0817 6124 WMPNetworkSvc - ok

15:25:32.0857 6124 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

15:25:32.0857 6124 WPCSvc - ok

15:25:32.0898 6124 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

15:25:32.0898 6124 WPDBusEnum - ok

15:25:32.0929 6124 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

15:25:32.0929 6124 ws2ifsl - ok

15:25:32.0992 6124 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll

15:25:32.0992 6124 wscsvc - ok

15:25:33.0007 6124 WSearch - ok

15:25:33.0116 6124 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

15:25:33.0148 6124 wuauserv - ok

15:25:33.0288 6124 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

15:25:33.0288 6124 WudfPf - ok

15:25:33.0335 6124 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

15:25:33.0335 6124 WUDFRd - ok

15:25:33.0366 6124 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

15:25:33.0366 6124 wudfsvc - ok

15:25:33.0413 6124 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

15:25:33.0428 6124 WwanSvc - ok

15:25:33.0460 6124 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

15:25:33.0631 6124 \Device\Harddisk0\DR0 - ok

15:25:33.0647 6124 Boot (0x1200) (4b760c88bae4c1c2e12245d48b1001e3) \Device\Harddisk0\DR0\Partition0

15:25:33.0647 6124 \Device\Harddisk0\DR0\Partition0 - ok

15:25:33.0662 6124 Boot (0x1200) (8dff0a5ab3a7288c2eadc2a3c4962314) \Device\Harddisk0\DR0\Partition1

15:25:33.0662 6124 \Device\Harddisk0\DR0\Partition1 - ok

15:25:33.0662 6124 ============================================================

15:25:33.0662 6124 Scan finished

15:25:33.0662 6124 ============================================================

15:25:33.0725 6224 Detected object count: 0

15:25:33.0725 6224 Actual detected object count: 0

15:27:21.0500 3700 Deinitialize success

jpdhe · August 1, 2012

Here is the combofix log:

ComboFix 12-07-31.03 - Mike 08/01/2012 15:34:26.4.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3002.1371 [GMT -5:00]

Running from: c:\users\Mike\Desktop\ComboFix1.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\SysWow64\URTTemp

c:\windows\SysWow64\URTTemp\regtlib.exe

.

((((((((((((((((((((((((( Files Created from 2012-07-01 to 2012-08-01 )))))))))))))))))))))))))))))))

.

2012-08-01 20:43 . 2012-08-01 20:43 -------- d-----w- c:\users\QBDataServiceUser22\AppData\Local\temp

2012-08-01 20:43 . 2012-08-01 20:43 -------- d-----w- c:\users\QBDataServiceUser19\AppData\Local\temp

2012-08-01 20:43 . 2012-08-01 20:43 -------- d-----w- c:\users\Eric\AppData\Local\temp

2012-08-01 20:43 . 2012-08-01 20:43 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-31 15:42 . 2012-08-01 14:52 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{03A88A0E-314F-41E3-9DEB-D838570025BD}\offreg.dll

2012-07-31 14:59 . 2012-07-16 07:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{03A88A0E-314F-41E3-9DEB-D838570025BD}\mpengine.dll

2012-07-26 21:20 . 2012-07-26 21:20 542112 ----a-w- c:\users\Mike\AppData\Roaming\Microsoft\Internet Explorer\Hewlett-Packard\SmartPrint\SmartPrintUpdate.exe

2012-07-24 08:10 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-23 23:18 . 2012-07-23 23:18 -------- d-----w- c:\program files (x86)\ESET

2012-07-23 22:56 . 2012-07-23 22:56 -------- d-----w- C:\TDSSKiller_Quarantine

2012-07-23 20:34 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll

2012-07-23 20:34 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2012-07-23 20:34 . 2012-06-06 05:05 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll

2012-07-23 20:34 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll

2012-07-23 20:34 . 2012-06-06 06:05 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll

2012-07-23 20:34 . 2012-06-06 05:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll

2012-07-23 20:34 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll

2012-07-23 20:34 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll

2012-07-23 20:34 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll

2012-07-23 20:34 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll

2012-07-23 20:34 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll

2012-07-23 20:34 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll

2012-07-23 20:34 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll

2012-07-23 00:56 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-23 00:56 . 2012-07-23 00:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-07-18 20:31 . 2012-07-18 20:31 -------- d-----w- c:\users\Mike\AppData\Roaming\SUPERAntiSpyware.com

2012-07-18 20:31 . 2012-07-31 20:59 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-07-18 20:31 . 2012-07-18 20:31 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-07-14 21:09 . 2012-07-14 21:09 -------- d-----w- c:\users\Mike\AppData\Roaming\Hewlett-Packard

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-27 03:24 . 2012-04-13 10:38 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-27 03:24 . 2011-06-10 17:35 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-24 08:05 . 2010-02-22 15:25 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-06-02 22:19 . 2012-06-22 14:51 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-22 14:51 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-22 14:51 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-22 14:51 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-22 14:51 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-22 14:51 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-22 14:51 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 20:19 . 2012-06-22 14:51 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 20:15 . 2012-06-22 14:51 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-05-31 17:25 . 2010-01-26 14:25 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-05-04 11:06 . 2012-06-14 00:14 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 10:03 . 2012-06-14 00:14 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03 . 2012-06-14 00:14 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

.

((((((((((((((((((((((((((((( SnapShot_2012-07-23_22.09.27 )))))))))))))))))))))))))))))))))))))))))

.

- 2012-01-11 19:37 . 2011-11-17 05:28 96768 c:\windows\SysWOW64\sspicli.dll

+ 2012-07-23 20:35 . 2012-06-02 04:34 96768 c:\windows\SysWOW64\sspicli.dll

- 2012-01-11 19:37 . 2011-11-17 05:34 22016 c:\windows\SysWOW64\secur32.dll

+ 2012-07-23 20:35 . 2012-06-02 04:40 22016 c:\windows\SysWOW64\secur32.dll

+ 2012-07-24 08:02 . 2012-06-02 08:17 73216 c:\windows\SysWOW64\mshtmled.dll

- 2012-06-14 13:40 . 2012-05-17 22:25 73216 c:\windows\SysWOW64\mshtmled.dll

- 2012-06-14 13:40 . 2012-05-17 22:31 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll

+ 2012-07-24 08:02 . 2012-06-02 08:22 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll

+ 2012-07-24 08:02 . 2012-06-02 08:21 65024 c:\windows\SysWOW64\jsproxy.dll

- 2012-06-14 13:40 . 2012-05-17 22:31 65024 c:\windows\SysWOW64\jsproxy.dll

+ 2012-07-22 15:35 . 2012-07-23 22:22 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat

- 2012-07-22 15:35 . 2012-07-23 21:46 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat

+ 2009-11-07 03:20 . 2012-07-31 14:36 63096 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-07-31 23:01 43212 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-01-27 01:47 . 2012-07-31 23:01 16098 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2328646528-2302333503-2344070225-1001_UserData.bin

+ 2012-07-24 08:02 . 2012-06-02 11:57 96768 c:\windows\system32\mshtmled.dll

- 2012-06-14 13:40 . 2012-05-18 01:51 96768 c:\windows\system32\mshtmled.dll

+ 2012-07-24 08:02 . 2012-06-02 12:03 86528 c:\windows\system32\migration\WininetPlugin.dll

- 2012-06-14 13:40 . 2012-05-18 01:56 86528 c:\windows\system32\migration\WininetPlugin.dll

- 2012-06-14 13:40 . 2012-05-18 01:56 85504 c:\windows\system32\jsproxy.dll

+ 2012-07-24 08:02 . 2012-06-02 12:03 85504 c:\windows\system32\jsproxy.dll

- 2012-01-11 19:37 . 2011-11-17 06:49 95600 c:\windows\system32\drivers\ksecdd.sys

+ 2012-07-23 20:35 . 2012-06-02 05:48 95600 c:\windows\system32\drivers\ksecdd.sys

+ 2009-12-14 05:46 . 2012-08-01 19:34 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-12-14 05:46 . 2012-07-23 21:44 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-12-14 05:46 . 2012-08-01 19:34 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-12-14 05:46 . 2012-07-23 21:44 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-08-01 19:34 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-07-23 21:44 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:46 . 2012-07-30 19:56 94000 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2010-02-02 17:35 . 2012-07-24 08:10 35088 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\oisicon.exe

- 2010-02-02 17:35 . 2012-06-14 17:24 35088 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\oisicon.exe

+ 2010-02-02 17:35 . 2012-07-24 08:10 18704 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\mspicons.exe

- 2010-02-02 17:35 . 2012-06-14 17:24 18704 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\mspicons.exe

- 2010-02-02 17:35 . 2012-06-14 17:24 20240 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\cagicon.exe

+ 2010-02-02 17:35 . 2012-07-24 08:10 20240 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\cagicon.exe

- 2009-11-07 03:27 . 2012-05-09 11:52 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe

+ 2009-11-07 03:27 . 2012-07-24 08:09 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe

+ 2009-11-07 03:27 . 2012-07-24 08:09 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe

- 2009-11-07 03:27 . 2012-05-09 11:52 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe

+ 2009-11-07 03:27 . 2012-07-24 08:09 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe

- 2009-11-07 03:27 . 2012-05-09 11:52 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe

+ 2010-04-29 22:37 . 2012-07-24 08:09 35088 c:\windows\Installer\{91120000-001B-0000-0000-0000000FF1CE}\oisicon.exe

- 2010-04-29 22:37 . 2012-05-09 11:51 35088 c:\windows\Installer\{91120000-001B-0000-0000-0000000FF1CE}\oisicon.exe

- 2010-04-29 22:37 . 2012-05-09 11:51 18704 c:\windows\Installer\{91120000-001B-0000-0000-0000000FF1CE}\mspicons.exe

+ 2010-04-29 22:37 . 2012-07-24 08:09 18704 c:\windows\Installer\{91120000-001B-0000-0000-0000000FF1CE}\mspicons.exe

+ 2010-04-29 22:37 . 2012-07-24 08:09 20240 c:\windows\Installer\{91120000-001B-0000-0000-0000000FF1CE}\cagicon.exe

- 2010-04-29 22:37 . 2012-05-09 11:51 20240 c:\windows\Installer\{91120000-001B-0000-0000-0000000FF1CE}\cagicon.exe

+ 2011-07-20 12:28 . 2011-07-20 12:28 54104 c:\windows\Installer\$PatchCache$\Managed\00002119AC0000000000000000F01FEC\12.0.6612\SCANOST.EXE

+ 2011-07-20 12:28 . 2011-07-20 12:28 75624 c:\windows\Installer\$PatchCache$\Managed\00002119AC0000000000000000F01FEC\12.0.6612\RM.DLL

+ 2011-07-20 12:28 . 2011-07-20 12:28 38248 c:\windows\Installer\$PatchCache$\Managed\00002119AC0000000000000000F01FEC\12.0.6612\RECALL.DLL

+ 2011-05-27 02:18 . 2011-05-27 02:18 52088 c:\windows\Installer\$PatchCache$\Managed\00002119AC0000000000000000F01FEC\12.0.6612\OUTLVBA.DLL

+ 2011-07-20 12:28 . 2011-07-20 12:28 34208 c:\windows\Installer\$PatchCache$\Managed\00002119AC0000000000000000F01FEC\12.0.6612\DUMPSTER.DLL

+ 2011-07-20 12:28 . 2011-07-20 12:28 87408 c:\windows\Installer\$PatchCache$\Managed\00002119AC0000000000000000F01FEC\12.0.6612\DLGSETP.DLL

+ 2012-07-23 20:35 . 2010-06-26 03:24 2048 c:\windows\SysWOW64\msxml3r.dll

- 2009-07-14 00:19 . 2009-07-14 01:07 2048 c:\windows\SysWOW64\msxml3r.dll

+ 2012-07-28 16:49 . 2012-07-28 16:49 9560 c:\windows\system32\NetworkList\Icons\{E81F250F-1361-4AFB-A8B8-7317EC538CE9}_48.bin

+ 2012-07-28 16:49 . 2012-07-28 16:49 4280 c:\windows\system32\NetworkList\Icons\{E81F250F-1361-4AFB-A8B8-7317EC538CE9}_32.bin

+ 2012-07-28 16:49 . 2012-07-28 16:49 2456 c:\windows\system32\NetworkList\Icons\{E81F250F-1361-4AFB-A8B8-7317EC538CE9}_24.bin

+ 2012-07-23 20:35 . 2010-06-26 03:55 2048 c:\windows\system32\msxml3r.dll

- 2009-07-14 00:41 . 2009-07-14 01:30 2048 c:\windows\system32\msxml3r.dll

+ 2012-08-01 20:45 . 2012-08-01 20:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-07-23 21:44 . 2012-07-23 21:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-08-01 20:45 . 2012-08-01 20:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-07-23 21:44 . 2012-07-23 21:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-06-14 13:40 . 2012-05-17 22:33 231936 c:\windows\SysWOW64\url.dll

+ 2012-07-24 08:02 . 2012-06-02 08:23 231936 c:\windows\SysWOW64\url.dll

+ 2012-07-23 20:35 . 2012-06-02 04:40 225280 c:\windows\SysWOW64\schannel.dll

- 2009-07-13 23:33 . 2009-07-14 01:16 219136 c:\windows\SysWOW64\ncrypt.dll

+ 2012-07-23 20:35 . 2012-06-02 04:39 219136 c:\windows\SysWOW64\ncrypt.dll

+ 2012-07-27 03:24 . 2012-07-27 03:24 686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe

+ 2012-07-27 03:24 . 2012-07-27 03:24 466632 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.dll

- 2012-04-13 10:38 . 2012-07-22 17:24 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

+ 2012-04-13 10:38 . 2012-07-27 03:24 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

- 2012-06-14 13:40 . 2012-05-17 22:29 716800 c:\windows\SysWOW64\jscript.dll

+ 2012-07-24 08:02 . 2012-06-02 08:19 716800 c:\windows\SysWOW64\jscript.dll

- 2012-06-14 13:40 . 2012-05-17 22:29 142848 c:\windows\SysWOW64\ieUnatt.exe

+ 2012-07-24 08:02 . 2012-06-02 08:20 142848 c:\windows\SysWOW64\ieUnatt.exe

+ 2012-07-24 08:02 . 2012-06-02 08:14 176640 c:\windows\SysWOW64\ieui.dll

- 2012-06-14 13:40 . 2012-05-17 22:20 176640 c:\windows\SysWOW64\ieui.dll

- 2010-01-28 22:39 . 2012-07-23 21:46 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2010-01-28 22:39 . 2012-07-23 22:22 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-07-14 04:54 . 2012-07-27 03:24 163840 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-01-26 20:05 . 2012-07-31 13:07 257202 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin

+ 2010-01-26 14:37 . 2012-08-01 13:39 309132 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

- 2012-06-14 13:40 . 2012-05-18 01:58 237056 c:\windows\system32\url.dll

+ 2012-07-24 08:02 . 2012-06-02 12:04 237056 c:\windows\system32\url.dll

+ 2012-07-23 20:35 . 2012-06-02 05:45 340992 c:\windows\system32\schannel.dll

- 2012-01-11 19:37 . 2011-11-17 06:35 340992 c:\windows\system32\schannel.dll

- 2009-07-13 23:49 . 2009-07-14 01:41 307200 c:\windows\system32\ncrypt.dll

+ 2012-07-23 20:35 . 2012-06-02 05:44 307200 c:\windows\system32\ncrypt.dll

+ 2012-07-27 03:24 . 2012-07-27 03:24 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_268_ActiveX.exe

+ 2012-07-27 03:24 . 2012-07-27 03:24 513224 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_268_ActiveX.dll

+ 2012-07-24 08:02 . 2012-06-02 12:00 818688 c:\windows\system32\jscript.dll

- 2012-06-14 13:40 . 2012-05-18 01:55 818688 c:\windows\system32\jscript.dll

- 2012-06-14 13:40 . 2012-05-18 01:55 173056 c:\windows\system32\ieUnatt.exe

+ 2012-07-24 08:02 . 2012-06-02 12:01 173056 c:\windows\system32\ieUnatt.exe

+ 2012-07-24 08:02 . 2012-06-02 11:54 248320 c:\windows\system32\ieui.dll

- 2012-06-14 13:40 . 2012-05-18 01:47 248320 c:\windows\system32\ieui.dll

- 2009-07-14 04:45 . 2012-06-14 17:35 396944 c:\windows\system32\FNTCACHE.DAT

+ 2009-07-14 04:45 . 2012-07-24 08:29 396944 c:\windows\system32\FNTCACHE.DAT

+ 2012-07-23 20:35 . 2012-06-02 05:48 151920 c:\windows\system32\drivers\ksecpkg.sys

+ 2012-07-23 20:35 . 2012-06-02 05:50 458704 c:\windows\system32\drivers\cng.sys

+ 2009-07-14 05:01 . 2012-08-01 20:44 361996 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-07-23 21:43 361996 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2010-02-02 17:35 . 2012-07-24 08:10 888080 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\wordicon.exe

- 2010-02-02 17:35 . 2012-06-14 17:24 888080 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\wordicon.exe

+ 2010-02-02 17:35 . 2012-07-24 08:10 272648 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\pubs.exe

- 2010-02-02 17:35 . 2012-06-14 17:24 272648 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\pubs.exe

- 2010-02-02 17:35 . 2012-06-14 17:24 922384 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\pptico.exe

+ 2010-02-02 17:35 . 2012-07-24 08:10 922384 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\pptico.exe

+ 2010-02-02 17:35 . 2012-07-24 08:10 845584 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\outicon.exe

- 2010-02-02 17:35 . 2012-06-14 17:24 845584 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\outicon.exe

+ 2010-02-02 17:35 . 2012-07-24 08:10 217864 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\misc.exe

- 2010-02-02 17:35 . 2012-06-14 17:24 217864 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\misc.exe

- 2009-11-07 03:27 . 2012-05-09 11:52 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe

+ 2009-11-07 03:27 . 2012-07-24 08:09 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe

- 2009-11-07 03:27 . 2012-05-09 11:52 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe

+ 2009-11-07 03:27 . 2012-07-24 08:09 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe

- 2009-11-07 03:27 . 2012-05-09 11:52 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe

+ 2009-11-07 03:27 . 2012-07-24 08:09 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe

- 2009-11-07 03:27 . 2012-05-09 11:52 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe

+ 2009-11-07 03:27 . 2012-07-24 08:09 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe

+ 2010-04-29 22:37 . 2012-07-24 08:09 888080 c:\windows\Installer\{91120000-001B-0000-0000-0000000FF1CE}\wordicon.exe

- 2010-04-29 22:37 . 2012-05-09 11:51 888080 c:\windows\Installer\{91120000-001B-0000-0000-0000000FF1CE}\wordicon.exe

- 2010-04-29 22:37 . 2012-05-09 11:51 217864 c:\windows\Installer\{91120000-001B-0000-0000-0000000FF1CE}\misc.exe

+ 2010-04-29 22:37 . 2012-07-24 08:09 217864 c:\windows\Installer\{91120000-001B-0000-0000-0000000FF1CE}\misc.exe

+ 2011-07-20 12:28 . 2011-07-20 12:28 282032 c:\windows\Installer\$PatchCache$\Managed\00002119AC0000000000000000F01FEC\12.0.6612\SCNPST64.DLL

+ 2011-07-20 12:28 . 2011-07-20 12:28 273832 c:\windows\Installer\$PatchCache$\Managed\00002119AC0000000000000000F01FEC\12.0.6612\SCNPST32.DLL

+ 2011-07-27 10:55 . 2011-07-27 10:55 410992 c:\windows\Installer\$PatchCache$\Managed\00002119AC0000000000000000F01FEC\12.0.6612\RTFHTML.DLL

+ 2011-07-20 12:28 . 2011-07-20 12:28 421736 c:\windows\Installer\$PatchCache$\Managed\00002119AC0000000000000000F01FEC\12.0.6612\PSTPRX32.DLL

+ 2011-05-31 22:15 . 2011-05-31 22:15 177040 c:\windows\Installer\$PatchCache$\Managed\00002119AC0000000000000000F01FEC\12.0.6612\OUTLPH.DLL

+ 2011-07-27 10:55 . 2011-07-27 10:55 596888 c:\windows\Installer\$PatchCache$\Managed\00002119AC0000000000000000F01FEC\12.0.6612\OUTLMIME.DLL

+ 2011-05-27 02:18 . 2011-05-27 02:18 136536 c:\windows\Installer\$PatchCache$\Managed\00002119AC0000000000000000F01FEC\12.0.6612\OUTLCTL.DLL

+ 2011-07-27 12:03 . 2011-07-27 12:03 194448 c:\windows\Installer\$PatchCache$\Managed\00002119AC0000000000000000F01FEC\12.0.6612\OMSXP32.DLL

+ 2011-07-27 12:03 . 2011-07-27 12:03 661888 c:\windows\Installer\$PatchCache$\Managed\00002119AC0000000000000000F01FEC\12.0.6612\OMSMAIN.DLL

+ 2011-07-20 12:28 . 2011-07-20 12:28 253824 c:\windows\Installer\$PatchCache$\Managed\00002119AC0000000000000000F01FEC\12.0.6612\OLKFSTUB.DLL

+ 2011-07-20 12:28 . 2011-07-20 12:28 340320 c:\windows\Installer\$PatchCache$\Managed\00002119AC0000000000000000F01FEC\12.0.6612\MIMEDIR.DLL

+ 2011-07-20 12:28 . 2011-07-20 12:28 138088 c:\windows\Installer\$PatchCache$\Managed\00002119AC0000000000000000F01FEC\12.0.6612\IMPMAIL.DLL

+ 2011-05-27 02:18 . 2011-05-27 02:18 115584 c:\windows\Installer\$PatchCache$\Managed\00002119AC0000000000000000F01FEC\12.0.6612\EMABLT32.DLL

+ 2011-07-27 10:55 . 2011-07-27 10:55 128376 c:\windows\Installer\$PatchCache$\Managed\00002119AC0000000000000000F01FEC\12.0.6612\CONTAB32.DLL

+ 2012-07-24 08:02 . 2012-06-02 08:25 1129472 c:\windows\SysWOW64\wininet.dll

- 2012-06-14 13:40 . 2012-05-17 22:35 1129472 c:\windows\SysWOW64\wininet.dll

- 2012-06-14 13:40 . 2012-05-17 22:36 1103872 c:\windows\SysWOW64\urlmon.dll

+ 2012-07-24 08:02 . 2012-06-02 08:26 1103872 c:\windows\SysWOW64\urlmon.dll

+ 2012-07-23 20:35 . 2012-06-06 05:05 1390080 c:\windows\SysWOW64\msxml6.dll

- 2011-06-23 18:12 . 2010-11-20 12:19 1390080 c:\windows\SysWOW64\msxml6.dll

- 2011-06-23 18:12 . 2010-11-20 12:19 1236992 c:\windows\SysWOW64\msxml3.dll

+ 2012-07-23 20:35 . 2012-06-06 05:05 1236992 c:\windows\SysWOW64\msxml3.dll

+ 2012-07-24 08:02 . 2012-06-02 08:33 1800192 c:\windows\SysWOW64\jscript9.dll

- 2012-06-14 13:40 . 2012-05-17 22:45 1800192 c:\windows\SysWOW64\jscript9.dll

- 2012-06-14 13:40 . 2012-05-17 22:27 1793024 c:\windows\SysWOW64\iertutil.dll

+ 2012-07-24 08:02 . 2012-06-02 08:19 1793024 c:\windows\SysWOW64\iertutil.dll

+ 2012-07-24 08:02 . 2012-06-02 08:43 9737728 c:\windows\SysWOW64\ieframe.dll

- 2012-06-14 13:39 . 2012-05-17 22:48 9737728 c:\windows\SysWOW64\ieframe.dll

+ 2009-07-14 04:54 . 2012-07-27 03:24 3948544 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-07-23 21:45 3948544 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-07-27 03:24 4734976 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2012-07-24 08:02 . 2012-06-02 12:05 1392128 c:\windows\system32\wininet.dll

- 2012-06-14 13:40 . 2012-05-18 01:59 1392128 c:\windows\system32\wininet.dll

+ 2012-07-24 08:02 . 2012-06-02 12:05 1346048 c:\windows\system32\urlmon.dll

- 2012-06-14 13:40 . 2012-05-18 01:59 1346048 c:\windows\system32\urlmon.dll

+ 2012-07-23 20:35 . 2012-06-06 06:06 2004480 c:\windows\system32\msxml6.dll

- 2011-06-23 18:06 . 2010-11-20 13:27 2004480 c:\windows\system32\msxml6.dll

+ 2012-07-23 20:35 . 2012-06-06 06:06 1881600 c:\windows\system32\msxml3.dll

+ 2012-07-24 08:02 . 2012-06-02 12:12 2311680 c:\windows\system32\jscript9.dll

- 2012-06-14 13:40 . 2012-05-18 02:06 2311680 c:\windows\system32\jscript9.dll

- 2012-06-14 13:40 . 2012-05-18 01:54 2144768 c:\windows\system32\iertutil.dll

+ 2012-07-24 08:02 . 2012-06-02 11:59 2144768 c:\windows\system32\iertutil.dll

+ 2009-07-14 04:45 . 2012-07-24 08:32 7113171 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

- 2009-07-14 04:45 . 2012-07-23 20:30 7113171 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2010-12-11 12:17 . 2012-08-01 20:44 9550636 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2328646528-2302333503-2344070225-1001-8192.dat

- 2012-07-18 14:50 . 2012-07-23 21:43 3785948 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat

+ 2012-07-18 14:50 . 2012-07-23 22:57 3785948 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat

+ 2012-05-30 12:18 . 2012-05-30 12:18 1739264 c:\windows\Installer\1f0c0fc.msp

+ 2012-06-19 17:54 . 2012-06-19 17:54 2239488 c:\windows\Installer\1f0c0d7.msp

+ 2012-06-19 17:54 . 2012-06-19 17:54 5009920 c:\windows\Installer\1f0c0c6.msp

+ 2012-04-05 03:37 . 2012-04-05 03:37 2540544 c:\windows\Installer\1f0c099.msp

+ 2010-02-02 17:35 . 2012-07-24 08:10 1172240 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\xlicons.exe

- 2010-02-02 17:35 . 2012-06-14 17:24 1172240 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\xlicons.exe

+ 2009-11-07 03:27 . 2012-07-24 08:09 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe

- 2009-11-07 03:27 . 2012-05-09 11:52 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe

+ 2011-07-27 11:09 . 2011-07-27 11:09 5310848 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\IPEDITOR.DLL

+ 2011-07-27 10:55 . 2011-07-27 10:55 3004800 c:\windows\Installer\$PatchCache$\Managed\00002119AC0000000000000000F01FEC\12.0.6612\OLMAPI32.DLL

+ 2006-09-30 05:42 . 2006-09-30 05:42 2583344 c:\windows\Installer\$PatchCache$\Managed\00002119AC0000000000000000F01FEC\12.0.4518\VBE6.DLL

+ 2006-10-27 20:10 . 2006-10-27 20:10 5281592 c:\windows\Installer\$PatchCache$\Managed\00002119AC0000000000000000F01FEC\12.0.4518\IPEDITOR.DLL

+ 2012-07-23 20:35 . 2012-06-09 04:41 12873728 c:\windows\SysWOW64\shell32.dll

- 2012-06-14 13:40 . 2012-05-17 23:11 12314624 c:\windows\SysWOW64\mshtml.dll

+ 2012-07-24 08:02 . 2012-06-02 09:07 12314624 c:\windows\SysWOW64\mshtml.dll

+ 2009-07-14 02:34 . 2012-07-24 08:27 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat

- 2012-02-16 03:03 . 2012-01-04 10:44 14172672 c:\windows\system32\shell32.dll

+ 2012-07-23 20:35 . 2012-06-09 05:43 14172672 c:\windows\system32\shell32.dll

- 2012-06-14 13:39 . 2012-05-18 02:47 17807360 c:\windows\system32\mshtml.dll

+ 2012-07-24 08:02 . 2012-06-02 12:49 17807360 c:\windows\system32\mshtml.dll

- 2012-06-14 13:39 . 2012-05-18 02:16 10924032 c:\windows\system32\ieframe.dll

+ 2012-07-24 08:02 . 2012-06-02 12:17 10924032 c:\windows\system32\ieframe.dll

+ 2012-05-30 12:18 . 2012-05-30 12:18 11885056 c:\windows\Installer\1f0c127.msp

+ 2011-08-04 00:18 . 2011-08-04 00:18 12997488 c:\windows\Installer\$PatchCache$\Managed\00002119AC0000000000000000F01FEC\12.0.6612\OUTLOOK.EXE

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]

.

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2012-01-03 22:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2009-09-10 13:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-07 39408]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 5661056]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 1157128]

"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]

"Acer Assist Launcher"="c:\program files (x86)\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]

"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-12-06 2215768]

"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2012-6-5 5982040]

QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-6-5 1176464]

QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2009\QBW32.EXE [2012-6-5 1181584]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 0265411343779605mcinstcleanup;McAfee Application Installer Cleanup (0265411343779605);c:\windows\TEMP\026541~1.EXE [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-21 135664]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]

R3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\DRIVERS\GenBus.sys [x]

R3 EST_Server;Network USB Device;c:\windows\system32\DRIVERS\GenHC.sys [2009-10-06 199168]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-21 135664]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]

R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]

R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-09 1255736]

R4 QuickBooksDB22;QuickBooksDB22;c:\progra~2\Intuit\QUICKB~1\QBDBMgrN.exe [2011-08-20 679936]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 22576]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 20016]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60464]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-10-29 844320]

S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2011-08-10 102608]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]

S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]

S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-08-20 1248256]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]

S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-07-27 58880]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-01 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 03:24]

.

2012-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-21 22:55]

.

2012-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-21 22:55]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2009-09-10 13:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]

"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-10-29 822816]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-30 200704]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://my.aol.com/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5732z&r=27360110a155l03f4z115t5992x720

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]

@Denied: (A) (Everyone)

"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]

"Key"="ActionsPane"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

c:\windows\SysWOW64\rundll32.exe

.

**************************************************************************

.

Completion time: 2012-08-01 15:56:03 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-01 20:56

ComboFix2.txt 2012-07-23 22:16

ComboFix3.txt 2012-07-23 00:25

.

Pre-Run: 244,274,049,024 bytes free

Post-Run: 244,264,574,976 bytes free

.

- - End Of File - - 484D381D40F8DBA4716EF939888280F8

jpdhe · August 1, 2012

And here is the security check log:

Results of screen317's Security Check version 0.99.43

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Disabled!

McAfee Anti-Virus and Anti-Spyware

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.62.0.1300

Java Media Framework 2.1.1e

Java 6 Update 31

Java version out of Date!

Adobe Flash Player 10 Flash Player out of Date!

Adobe Reader 9 Adobe Reader out of Date!

Google Chrome 20.0.1132.57

````````Process Check: objlist.exe by Laurent````````

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

Last night, as I tried Microsoft's Anti-Malware program, it said that I had the trojan:DOS/Alureon.J malware that affects the Master Boot Record. After clicking around to try to figure out how to manually remove it (which it said that I would have to do) I found these instructions:

Recovery

To detect and remove this threat and other malicious software that may be installed in your computer, run a full-system scan with an up-to-date antivirus product.

For more information on antivirus software, see

http://www.microsoft.com/windows/antivirus-partners/.

Additional recovery instructions for DOS/Alureon

This virus may cause damage to the Master Boot Record (MBR) and Boot Configuration Data (BCD). You will need to run the following commands using the "bootrec.exe" tool to ensure a complete repair of your computer:

bootrec /fixmbr

bootrec /fixboot

bootrec /rebuildbcd

For more details on these commands, please refer to

Microsoft Security Article KB927392, with specific focus to the options "/fixmbr", "/fixboot" and "/rebuildbcd".

Well, I was definitely in over my head!!! Do I still need to do any of this, or did running the programs that you recommended take care of it?

I really love the malwarbytes forum...after surfing around it and trying the ideas for other individuals last week, I found that I had a zero access trojan and then a trojan.agent virus from svchost.exe...I think that I took care of them, but then this DOS/Alureon thing showed up. Was I never completely fixed, and will it keep finding a way to work its way around my computer. One of your guys said that with a zero access bug, you can never trust your computer again. What are your thoughts on this?

I don't really know what I did to get it in the first place. I try not to click on fishy things. I keep Windows automatic updates on. I have McAfee firewall up, real time scanning on, and updates current. What else can I do to keep from getting reinfected?

On a complete side note...I have a terrible spam problem with my email going to outlook on another computer. I keep getting emails with the word "office" in the address along with other characters that keep changing. For example, here are two of them: "Life Insurance Choices [office12242@bookeown.info]" and "No More Auto Repair Bills [office12956@lessflower.info]. They only contain links and I, of course, never click them. They do go into my junk email folder automatically (at least I think that most of them do) but they still show up as populating in that folder. Any ideas on this?

Thanks so much for taking the time to do what you do and help those of us with our problems. You Rock!

D-FRED-BROWN · August 2, 2012

Well, I was definitely in over my head!!! Do I still need to do any of this, or did running the programs that you recommended take care of it?

No, please avoid doing any manual fixes on your own. Performing those steps without supervision could actually make your system unbootable, which as you can imagine would be a real mess.

I really love the malwarbytes forum...after surfing around it and trying the ideas for other individuals last week, I found that I had a zero access trojan and then a trojan.agent virus from svchost.exe...I think that I took care of them, but then this DOS/Alureon thing showed up. Was I never completely fixed, and will it keep finding a way to work its way around my computer. One of your guys said that with a zero access bug, you can never trust your computer again. What are your thoughts on this?

From what you're saying, it sounds like it was never completey fixed. ZeroAccess and Alureon are two different families of rootkits- both are pretty complex, and the latter is a little trickier to remove (it's almost impossible to get rid of it using the usual methods).

With that said, my belief is that these two infections are pretty straight-forward- while a reformat and reinstall of the operating system is always the safest possible route, I don't think it's necessary for either the ZeroAccess or the Alureon rootkit (unless things go south and that is the final option we're presented with). These are two of the most high-profile rootkits currently out there, and I haven't seen anything that would indicate an affected system shouldn't ever be trusted again. There's viruses out there that really do render your system unsafe until a reformat, but this just isn't the case for these two.

I hope that clears things up.

I don't really know what I did to get it in the first place. I try not to click on fishy things. I keep Windows automatic updates on. I have McAfee firewall up, real time scanning on, and updates current. What else can I do to keep from getting reinfected?

It's difficult to say what may have brought you here, as literally anything can be a route for malware to spread these days. As we wrap things up, I will provide you with some suggestions for security software to help ensure this sort of thing doesn't happen in the future.

On a complete side note...I have a terrible spam problem with my email going to outlook on another computer. I keep getting emails with the word "office" in the address along with other characters that keep changing. For example, here are two of them: "Life Insurance Choices [office12242@bookeown.info]" and "No More Auto Repair Bills [office12956@lessflower.info]. They only contain links and I, of course, never click them. They do go into my junk email folder automatically (at least I think that most of them do) but they still show up as populating in that folder. Any ideas on this?

Occasional to excessive spam is pretty typical. As long as they're going to your junk mail folder, you should be fine. Since it's being sent to you, there's not much you can do about that. My recommendation is that you be cautious when entering your email address places (especially public websites, etc.) as that's how it sometimes starts.

Please do the following:

Download ListParts64 to a USB flash drive.
Plug the USB drive into the infected machine.

Boot your computer into Recovery Environment

Restart the computer and press F8 repeatedly until the Advanced Options Menu appears.
Select Repair your computer.
Select Language and click Next
Enter password (if necessary) and click OK, you should now see the screen below ...

Select the Command Prompt option.
A command window will open.
- Type notepad then hit Enter.
- Notepad will open.
  - Click File > Open then select Computer.
  - Note down the drive letter for your USB Drive.
  - Close Notepad.
[*]Back in the command window ....
- Type e:/listparts64.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
- ListParts will start to run.
  - Press the Scan button.
  - When finished scanning it will make a log Result.txt on the flash drive.
[*]Close the command window.
[*]Boot back into normal mode and post me the Result.txt log please.

jpdhe · August 2, 2012

Thanks for taking the time to answer the questions...so much has been swimming thru my head. Here is the listparts log:

ListParts by Farbar Version: 25-07-2012

Ran by SYSTEM (administrator) on 02-08-2012 at 14:55:09

Windows 7 (X64)

Running From: G:\

Language: 0409

************************************************************

========================= Memory info ======================

Percentage of memory in use: 16%

Total physical RAM: 3001.98 MB

Available physical RAM: 2507.93 MB

Total Pagefile: 3000.13 MB

Available Pagefile: 2487.09 MB

Total Virtual: 8192 MB

Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

2 Drive d: (Acer) (Fixed) (Total:285.99 GB) (Free:227.52 GB) NTFS

3 Drive e: (PQSERVICE) (Fixed) (Total:12 GB) (Free:2.12 GB) NTFS

5 Drive g: (KINGSTON) (Removable) (Total:7.45 GB) (Free:7.35 GB) FAT32

6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 298 GB 0 B

Disk 1 Online 7639 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Recovery 12 GB 31 KB

Partition 2 Primary 101 MB 12 GB

Partition 3 Primary 285 GB 12 GB

======================================================================================================

Disk: 0

Partition 1

Type : 27

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 E PQSERVICE NTFS Partition 12 GB Healthy Hidden

======================================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 C SYSTEM RESE NTFS Partition 101 MB Healthy

======================================================================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 D Acer NTFS Partition 285 GB Healthy

======================================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 7638 MB 31 KB

======================================================================================================

Disk: 1

Partition 1

Type : 0B

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 G KINGSTON FAT32 Removable 7638 MB Healthy

======================================================================================================

****** End Of Log ******

Another question has just come to my mind...is it possible for whatever was acting up on this particular computer find its way thru my router to other computers in my house or at work? I do have another computer that seems to be running a little slower than usual, but after running a couple of things, it hasn't found anything suspicious.

Thanks again for all that you do!

D-FRED-BROWN · August 2, 2012

Another question has just come to my mind...is it possible for whatever was acting up on this particular computer find its way thru my router to other computers in my house or at work? I do have another computer that seems to be running a little slower than usual, but after running a couple of things, it hasn't found anything suspicious.

It depends on the specific virus, but if scans don't show anything, I'd say it's safe.

Let's get a deeper look at some stuff:

We need to create an OTL Report

Please download OTL from one of the following mirrors:
- This is THE Mirror

Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Push the button.
Two reports will open, copy and paste them in a reply here:
- OTL.txt <-- Will be opened
- Extra.txt <-- Will be minimized

jpdhe · August 2, 2012

Here is the OTL:

OTL logfile created on: 8/2/2012 4:04:14 PM - Run 1

OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Mike\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 51.09% Memory free

5.86 Gb Paging File | 3.41 Gb Available in Paging File | 58.12% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 285.99 Gb Total Space | 227.52 Gb Free Space | 79.56% Space Free | Partition Type: NTFS

Computer Name: MIKE-PC | User Name: Mike | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/02 16:00:32 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe

PRC - [2012/06/05 10:47:18 | 001,176,464 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

PRC - [2012/06/05 10:45:56 | 001,181,584 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2009\QBW32.EXE

PRC - [2012/06/05 10:06:02 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

PRC - [2012/02/26 07:04:56 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

PRC - [2012/01/03 17:31:34 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe

PRC - [2011/08/19 21:31:14 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe

PRC - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2010/03/03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe

PRC - [2009/08/18 04:42:08 | 001,157,128 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe

PRC - [2009/08/04 00:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe

PRC - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe

PRC - [2009/06/22 20:58:05 | 000,039,280 | ---- | M] (Microsoft) -- C:\Program Files (x86)\Microsoft MapPoint 2010\StreetsOlkShim.exe

PRC - [2008/07/29 22:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/14 12:42:49 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll

MOD - [2012/06/14 12:42:01 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll

MOD - [2012/06/14 12:41:52 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll

MOD - [2012/06/05 10:46:50 | 000,138,128 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2009\QBMAPILibrary.dll

MOD - [2012/06/05 10:46:44 | 000,020,880 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2009\QBCompressor.DLL

MOD - [2012/06/05 10:46:30 | 000,042,384 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2009\mbpopup.dll

MOD - [2012/06/05 10:46:06 | 000,176,528 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2009\boost_serialization-vc90-mt-p-1_33.dll

MOD - [2012/06/05 10:46:04 | 000,268,688 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2009\boost_regex-vc90-mt-p-1_33.dll

MOD - [2012/06/05 10:46:02 | 000,380,304 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2009\BackupLib.dll

MOD - [2012/05/09 07:41:01 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\635b3aec298ad5e8c903b2323d79cc5a\IAStorUtil.ni.dll

MOD - [2012/05/09 07:25:51 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll

MOD - [2012/05/09 07:24:52 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll

MOD - [2012/05/09 07:24:45 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll

MOD - [2012/05/09 07:24:40 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll

MOD - [2012/05/09 07:24:38 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll

MOD - [2012/05/09 07:24:30 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll

MOD - [2011/10/05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL

MOD - [2011/08/19 21:30:50 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2009\zlib1.dll

MOD - [2011/06/22 12:46:12 | 000,434,016 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll

MOD - [2009/02/26 14:46:56 | 000,064,344 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll

MOD - [2008/07/29 22:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/04/19 08:22:48 | 000,502,032 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)

SRV:64bit: - [2012/03/20 13:11:30 | 000,162,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)

SRV:64bit: - [2012/03/20 12:56:24 | 000,210,584 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)

SRV:64bit: - [2012/03/20 12:55:54 | 000,199,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)

SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)

SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)

SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)

SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)

SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)

SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)

SRV:64bit: - [2009/10/29 14:10:02 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)

SRV - [2012/07/26 22:24:30 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/06/05 10:06:02 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)

SRV - [2011/08/19 21:31:14 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)

SRV - [2011/08/19 21:30:58 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)

SRV - [2011/08/19 21:30:02 | 000,679,936 | ---- | M] (Intuit, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Intuit\QuickBooks 2009\QBDBMgrN.exe -- (QuickBooksDB22)

SRV - [2011/08/10 11:53:46 | 000,102,608 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)

SRV - [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2010/02/08 15:32:52 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2009/09/10 08:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)

SRV - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/22 13:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)

DRV:64bit: - [2012/02/22 13:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)

DRV:64bit: - [2012/02/22 13:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)

DRV:64bit: - [2012/02/22 13:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)

DRV:64bit: - [2012/02/22 13:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)

DRV:64bit: - [2012/02/22 13:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)

DRV:64bit: - [2012/02/22 13:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)

DRV:64bit: - [2012/02/22 13:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)

DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)

DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)

DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2010/03/03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/11/04 17:54:06 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)

DRV:64bit: - [2009/11/04 17:47:38 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)

DRV:64bit: - [2009/10/06 11:11:38 | 000,199,168 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GenHC.sys -- (EST_Server)

DRV:64bit: - [2009/09/20 22:00:44 | 001,537,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2009/09/01 20:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2009/08/21 04:18:16 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)

DRV:64bit: - [2009/07/27 02:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)

DRV:64bit: - [2009/06/18 07:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/06/02 06:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)

DRV:64bit: - [2009/06/02 06:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)

DRV:64bit: - [2009/06/02 06:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)

DRV:64bit: - [2009/05/05 03:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)

DRV:64bit: - [2009/05/05 03:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)

DRV - [2009/09/01 20:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2009/03/25 22:16:08 | 000,025,608 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\DKbFltr.sys -- (DKbFltr)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5732z&r=27360110a155l03f4z115t5992x720

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5732z&r=27360110a155l03f4z115t5992x720

IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2328646528-2302333503-2344070225-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.aol.com/

IE - HKU\S-1-5-21-2328646528-2302333503-2344070225-1001\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

IE - HKU\S-1-5-21-2328646528-2302333503-2344070225-1001\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

IE - HKU\S-1-5-21-2328646528-2302333503-2344070225-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKU\S-1-5-21-2328646528-2302333503-2344070225-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-2328646528-2302333503-2344070225-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enUS364US364

IE - HKU\S-1-5-21-2328646528-2302333503-2344070225-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\S-1-5-21-2328646528-2302333503-2344070225-1001\..\SearchScopes\{6CBDE7A9-E488-4980-90AA-F64BB9CD8AB3}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=574532B2-64C8-4C32-AEB3-C7549480F23F&apn_sauid=A7269FDE-5FDD-4D94-875C-7D5D89EB9253

IE - HKU\S-1-5-21-2328646528-2302333503-2344070225-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()

FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012/07/22 10:27:28 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/21 21:20:45 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/06/22 18:00:26 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/08/01 15:45:30 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/21 21:20:45 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - homepage: http://www.google.com

CHR - Extension: YouTube = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Gmail = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/01 15:46:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120622174835.dll (McAfee, Inc.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O2 - BHO: (HP Smart Print BHO) - {1658D3A1-9E13-4196-A82A-D70D70880F36} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll (Hewlett-Packard)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120622174835.dll (McAfee, Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)

O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKU\S-1-5-21-2328646528-2302333503-2344070225-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe ()

O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)

O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKU\S-1-5-21-2328646528-2302333503-2344070225-1001..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Toolbars present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Toolbars present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Toolbars present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Toolbars present

O7 - HKU\S-1-5-21-2328646528-2302333503-2344070225-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2328646528-2302333503-2344070225-1001\Software\Policies\Microsoft\Internet Explorer\Toolbars present

O7 - HKU\S-1-5-21-2328646528-2302333503-2344070225-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\HPQuickPrintLauncher.exe (Hewlett-Packard)

O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\HPQuickPrintLauncher.exe (Hewlett-Packard)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://apps.devilsheadresort.com/snowcam/AxisCamControl.ocx (CamImage Class)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=724 (Performance Viewer Activex Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{766809E0-036C-4DCB-BA6F-4F0A58F4C878}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\intu-help-qb5 - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found

O18:64bit: - Protocol\Handler\qbwc - No CLSID value found

O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)

O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/02 15:59:23 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe

[2012/08/02 15:03:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

[2012/08/01 16:01:13 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/08/01 15:30:25 | 004,722,680 | R--- | C] (Swearware) -- C:\Users\Mike\Desktop\ComboFix1.exe

[2012/08/01 15:23:27 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Mike\Desktop\tdsskiller.exe

[2012/08/01 09:08:22 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Mike\Desktop\dds.scr

[2012/07/31 15:59:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2012/07/31 15:58:18 | 018,875,048 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Mike\Desktop\SUPERAntiSpyware.exe

[2012/07/24 03:02:24 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012/07/24 03:02:24 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012/07/24 03:02:23 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012/07/24 03:02:23 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012/07/24 03:02:22 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012/07/24 03:02:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012/07/24 03:02:21 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2012/07/24 03:02:21 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2012/07/24 03:02:20 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2012/07/24 03:02:19 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2012/07/24 03:02:19 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2012/07/24 03:02:19 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2012/07/24 03:02:19 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012/07/23 18:18:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012/07/23 17:56:43 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2012/07/23 17:51:33 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\tdsskiller

[2012/07/23 15:35:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll

[2012/07/23 15:35:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll

[2012/07/23 15:35:09 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll

[2012/07/23 15:34:58 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll

[2012/07/23 15:34:55 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll

[2012/07/22 19:56:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/07/22 19:56:48 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/07/22 19:56:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/07/22 18:21:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/07/22 18:20:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/07/22 18:20:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/07/22 18:17:58 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/07/22 18:13:57 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/07/22 18:13:15 | 004,583,914 | R--- | C] (Swearware) -- C:\Users\Mike\Desktop\ComboFix.exe

[2012/07/22 18:05:41 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Mike\Desktop\aswMBR.exe

[2012/07/18 15:31:24 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\SUPERAntiSpyware.com

[2012/07/18 15:31:06 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2012/07/18 15:31:06 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2012/07/14 16:09:01 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Hewlett-Packard

========== Files - Modified Within 30 Days ==========

[2012/08/02 16:00:32 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe

[2012/08/02 15:57:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/08/02 15:42:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/08/02 15:35:31 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/08/02 15:05:43 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/08/02 15:05:43 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/08/02 14:58:32 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/08/02 14:57:54 | 2360,848,384 | -HS- | M] () -- C:\hiberfil.sys

[2012/08/02 14:46:50 | 000,796,594 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/08/02 14:46:50 | 000,672,218 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/08/02 14:46:50 | 000,126,312 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/08/01 16:05:59 | 000,881,494 | ---- | M] () -- C:\Users\Mike\Desktop\SecurityCheck.exe

[2012/08/01 15:46:42 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/08/01 15:30:26 | 004,722,680 | R--- | M] (Swearware) -- C:\Users\Mike\Desktop\ComboFix1.exe

[2012/08/01 15:23:28 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mike\Desktop\tdsskiller.exe

[2012/08/01 09:08:23 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Mike\Desktop\dds.scr

[2012/07/31 15:59:04 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012/07/31 15:58:26 | 018,875,048 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Mike\Desktop\SUPERAntiSpyware.exe

[2012/07/31 15:56:44 | 000,002,052 | -H-- | M] () -- C:\Users\Mike\Documents\Default.rdp

[2012/07/26 22:24:27 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012/07/26 22:24:27 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012/07/24 07:26:09 | 000,001,141 | ---- | M] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk

[2012/07/24 03:29:18 | 000,396,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/07/23 17:51:00 | 002,116,765 | ---- | M] () -- C:\Users\Mike\Desktop\tdsskiller.zip

[2012/07/23 16:09:15 | 004,583,914 | R--- | M] (Swearware) -- C:\Users\Mike\Desktop\ComboFix.exe

[2012/07/22 19:56:56 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/07/22 18:45:13 | 464,018,051 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012/07/22 18:05:47 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Mike\Desktop\aswMBR.exe

[2012/07/10 09:59:48 | 000,000,090 | ---- | M] () -- C:\Windows\QBChanUtil_Trigger.ini

========== Files Created - No Company Name ==========

[2012/08/01 16:05:42 | 000,881,494 | ---- | C] () -- C:\Users\Mike\Desktop\SecurityCheck.exe

[2012/07/31 15:59:04 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012/07/23 17:50:55 | 002,116,765 | ---- | C] () -- C:\Users\Mike\Desktop\tdsskiller.zip

[2012/07/22 19:56:56 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/07/22 18:45:13 | 464,018,051 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2012/07/22 18:21:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/07/22 18:20:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/07/22 18:20:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/07/22 18:20:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/07/22 18:20:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/05/21 21:17:01 | 000,211,021 | ---- | C] () -- C:\Windows\hpoins21.dat

[2012/05/21 21:17:01 | 000,005,474 | ---- | C] () -- C:\Windows\hpomdl21.dat

[2012/01/11 06:51:02 | 000,002,048 | -HS- | C] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{a9044df0-141c-b4f6-fe1c-7e4fbc3e7efa}\@

[2012/01/11 06:51:02 | 000,002,048 | -HS- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Local\{a9044df0-141c-b4f6-fe1c-7e4fbc3e7efa}\@

[2011/03/06 14:40:42 | 000,215,407 | ---- | C] () -- C:\Windows\hpwins12.dat.temp

[2011/03/06 14:40:42 | 000,000,731 | ---- | C] () -- C:\Windows\hpwmdl12.dat.temp

[2011/02/24 19:49:08 | 000,211,021 | ---- | C] () -- C:\Windows\hpoins21.dat.temp

[2010/09/15 20:46:31 | 000,005,474 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp

[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin

[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin

[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll

[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll

[2010/03/01 19:24:57 | 000,000,313 | ---- | C] () -- C:\Users\Mike\.JMAppsCfg

[2010/02/19 10:01:01 | 000,022,456 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\wklnhst.dat

< End of report >

jpdhe · August 2, 2012

Here is the Extra:

OTL Extras logfile created on: 8/2/2012 4:04:14 PM - Run 1

OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Mike\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 51.09% Memory free

5.86 Gb Paging File | 3.41 Gb Available in Paging File | 58.12% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 285.99 Gb Total Space | 227.52 Gb Free Space | 79.56% Space Free | Partition Type: NTFS

Computer Name: MIKE-PC | User Name: Mike | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"UpdatesDisableNotify" = 0

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{19BFBD31-9736-45DB-9E70-6686C5FD5CEE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{2997A1AC-4334-42CA-93E0-827566B5CECE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{2B9BEA90-459F-4B33-97FE-AA506FCF46A9}" = rport=10243 | protocol=6 | dir=out | app=system |

"{2D8D6A43-64EB-4777-8C7F-672B93676965}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{31451C45-8F61-4333-8325-5C56F49F0D0F}" = rport=445 | protocol=6 | dir=out | app=system |

"{3CB01632-9FF8-462E-AE85-A1DF1D649FA1}" = rport=137 | protocol=17 | dir=out | app=system |

"{4E1D857B-D5F8-4186-A42A-8CE080F4ED7C}" = lport=2869 | protocol=6 | dir=in | app=system |

"{6A302D1E-8381-4688-82F9-EE44DE2E2568}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{6A32FDB2-E77A-4FD9-A73B-A33D1480B9D7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{753AA076-C6B1-43BA-BCFC-C2B0F9F619AB}" = lport=137 | protocol=17 | dir=in | app=system |

"{7CC09513-9636-43E6-9685-5003C3CA36FA}" = lport=138 | protocol=17 | dir=in | app=system |

"{8426C0C2-5A15-49CB-BEAB-1444A1ACE107}" = lport=2869 | protocol=6 | dir=in | app=system |

"{89C2482B-55D0-49FD-ADBE-2CE54A9096B5}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |

"{8A9B97F7-6484-4353-BEEE-0F2DB47A5966}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{A5BF0184-5AAB-4490-B45E-00F57BBD2702}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{BF3AC0DE-EF8D-46B3-9030-2C77C366B611}" = rport=139 | protocol=6 | dir=out | app=system |

"{BFC05E51-7B58-43C0-A95A-52AD80825601}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{C05BFD64-8C12-4BF6-95BA-3075547DE119}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{C4373FF2-A7EE-4BB5-9460-40AFF01A812C}" = lport=445 | protocol=6 | dir=in | app=system |

"{C7AB6247-253A-4A62-9011-FE9E91FA5112}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

"{C9F8E053-B4E8-4F25-9670-03E896D9D5A6}" = rport=138 | protocol=17 | dir=out | app=system |

"{CF3FF0B1-D116-4CA3-8564-E4B6F42BA80B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{D3ED9F70-18C5-464E-A494-3B9EC62378BB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{D5842BE9-7A63-4F8C-8C0D-56BCD27D1F5F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{DEC95DB7-6AF9-41BB-9AF0-0494B2BF44F2}" = lport=139 | protocol=6 | dir=in | app=system |

"{DFA8D4C8-DB26-4A17-AA48-0C13C80FB6B2}" = lport=10243 | protocol=6 | dir=in | app=system |

"{E72F6A56-BF36-461C-A606-7F783827680A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{F7DDC3F5-AC4A-4709-9B87-393FE2160443}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{F80F10A1-DF93-415D-BBC3-01E8130B1D2A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0442DDD0-C0FE-4430-BB77-F1FB3DCD0B7A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{04928C68-7D33-4993-A370-0A8995DD6745}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\hp1006mc.exe |

"{05710195-CC0E-4052-ADB1-A01746F11EE5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |

"{05AFC925-738D-43AB-A939-94A4F52FA15E}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |

"{075B979F-122F-49E7-A3D0-5CDE95A987CE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |

"{07CE7C22-1BF6-4D58-AE3F-EC99E1C0098A}" = protocol=17 | dir=out | app=hpqtra08.exe |

"{08183983-F6AE-4F0D-95EC-482D009BAB92}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |

"{0839D287-193B-4FFE-A83A-F920E6B58EB3}" = protocol=6 | dir=in | app=c:\program files (x86)\intuit\quickbooks 2009\qbdbmgrn.exe |

"{09D6150F-EBF2-4013-8D03-3CB315341E16}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |

"{0AA1D39D-001E-4FC0-A592-C68820C6090E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{0ECD5FC0-A159-45B1-B75E-F2AE567420D9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |

"{126D8FC9-AA8F-4DD6-806C-C16EB98608CB}" = protocol=17 | dir=in | app=hpqste08.exe |

"{12819491-3ADC-4008-A2E3-6C891030ABC6}" = protocol=6 | dir=in | app=hpqste08.exe |

"{176EE0F7-73D1-4721-BAE5-79A5339CAAFB}" = protocol=6 | dir=in | app=hpqkygrp.exe |

"{1BF74547-FC3A-453E-B585-070A5144424D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{1DAA6329-2256-4B68-862A-866C9590FFBA}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\intuit\quickbooks\qblaunch.exe |

"{20249DD1-B6FD-44B7-96DD-EB233D42731B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{2126A5A2-F48B-4710-9606-19F6C1145068}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |

"{227F57A6-33E6-4CDF-A71E-D7E22FA411CD}" = protocol=17 | dir=out | app=hpqkygrp.exe |

"{22A4E963-29DE-43C5-8F29-8F017A8DB07F}" = protocol=6 | dir=in | app=hpqthb08.exe |

"{22C6E0DF-CF52-4292-B128-B2028D296311}" = protocol=6 | dir=in | app=hpqtra08.exe |

"{297C72BC-90C9-4027-96FA-3CC77B66E2F1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |

"{2C305B24-A027-49B4-95CA-F7D7DE9CB84C}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |

"{307832C3-C2C1-43AC-9912-A490C5C0D957}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |

"{3156810D-5063-463C-8530-4DDEAB7FCBEA}" = protocol=17 | dir=in | app=c:\program files (x86)\intuit\quickbooks 2009\filemanagement.exe |

"{3647F559-E9DF-4A01-8676-0A521CCACB20}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |

"{38AC91CA-C227-4778-B29D-18FAC4BB283D}" = protocol=6 | dir=in | app=c:\program files (x86)\intuit\quickbooks 2009\qbw32.exe |

"{3B42BE45-52A9-44E5-9E92-FC09D8564884}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |

"{3DCD318E-64BF-4094-8CE3-A1CE3FAABBF7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |

"{4033E5E9-8E3B-4839-A26F-E81BFA78D3E6}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{41EBB6E7-7E1D-4ECF-83BA-C6588167FDC1}" = protocol=6 | dir=out | app=hpqste08.exe |

"{43AAD226-3098-4EC9-95B5-022AFAD3A5D8}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe |

"{450BCE74-F819-4783-85D8-C3B9D597278A}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |

"{5251C6EE-C0EC-4A9A-84AC-0FE6136E51D8}" = protocol=6 | dir=out | app=system |

"{54A0A376-62AF-4B80-A757-C338C2DCD103}" = dir=in | app=c:\users\mike\appdata\local\temp\7zs6e1a\setup\hpznui40.exe |

"{5842DA24-98C6-4559-AE9C-D87337D9A9DB}" = protocol=17 | dir=in | app=hpqthb08.exe |

"{5C91B1D8-0F8D-433E-885E-2705A88F0110}" = protocol=6 | dir=in | app=c:\program files (x86)\intuit\quickbooks 2009\filemanagement.exe |

"{5DE1BAED-14F2-4C02-8CB8-AA95192EFBE7}" = protocol=17 | dir=in | app=c:\program files (x86)\intuit\quickbooks 2009\dbmanagerexe.exe |

"{5FB8A1BC-FEFD-47F2-BFEA-252501460CEE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |

"{6219DECE-A35F-4339-9428-ACAF404AF8EC}" = protocol=17 | dir=in | app=c:\program files (x86)\intuit\quickbooks 2009\qbdbmgrn.exe |

"{6C5E2CCB-50D2-44C9-A370-8DB3391B2AC1}" = protocol=17 | dir=in | app=hpqscnvw.exe |

"{6DAC27F5-0BA1-4517-8C93-260FA770ADF6}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |

"{723CCE29-9475-44E9-8BD0-8780EA66D253}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{755A412A-0948-4085-ADBA-2D38A6EFDA8D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |

"{76312CE0-D302-4AD5-ACF7-4FA0DF971316}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{769260E4-9F94-4C4E-A1EF-BCBBBC8B99B7}" = protocol=6 | dir=out | app=hpqkygrp.exe |

"{76F8CB77-7CB2-4970-9ED6-7DE16F29D35D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |

"{7C417BE8-DC2A-4C33-8F79-C98A8370A3B0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |

"{7D7DEDC7-39DE-43FC-B9C7-14F6445D135C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{814A001E-AD4A-49BC-8AC8-2AE4FAB4D796}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |

"{82B345A1-8F13-48C7-A339-A0FE4980B8A0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |

"{82D1AAF8-C79B-4BB4-8C49-93EBD4C12D33}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |

"{84D5E057-9C94-4CBD-A79B-DAB492F472CB}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |

"{8B50BF22-9BE3-450F-9599-0774E9E5816F}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\intuit\quickbooks\qbcfmonitorservice.exe |

"{8C4F25E2-FB12-4F95-BBB3-5F62ABFF3DF6}" = protocol=6 | dir=out | app=hpqthb08.exe |

"{8EB448F4-4C93-448F-9078-16B49CC5C929}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{8F7033A5-BE7B-4B87-B08F-F43B957A8157}" = protocol=17 | dir=out | app=hpqthb08.exe |

"{905E0ED5-0C77-4104-8CDD-57BDAEBF76C5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |

"{909A940B-1AC7-46E6-A8DC-CE009C6F06C4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |

"{93A44276-745D-4F8E-895A-6BD66676009F}" = protocol=6 | dir=out | app=hpqscnvw.exe |

"{9AA7CFD8-85C7-4446-ABD3-F6ED92C29683}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{9C30EA34-3125-4513-AC0B-3A871799E230}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{9F2B642F-0E55-428F-8577-CA236E204E00}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{A9F45992-295B-4FC3-B79B-BEBB6D808C07}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |

"{AA08C677-493F-48CD-916A-86117E3FAD89}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |

"{B487FD93-1C06-410E-A716-FA81BAD83561}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{B8B30EFE-C35C-415E-9D27-AA34D0B114C7}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\intuit\quickbooks\qbcfmonitorservice.exe |

"{BBC2C7C2-15FF-4328-A047-E59EBB3E8E80}" = protocol=17 | dir=in | app=hpqkygrp.exe |

"{C0C965FA-2AED-40DE-9631-C678E9DF007E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{C423F95E-9D3D-4D7D-B0C9-DD0734EEA303}" = protocol=17 | dir=out | app=hpqscnvw.exe |

"{C467DFA3-E18A-441B-A118-6EF857FD7532}" = protocol=17 | dir=in | app=hpqtra08.exe |

"{C4C7B90E-DEAC-488C-A729-E12D3A797294}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |

"{C5FAAC4A-4F81-437E-9166-3C34DDA09B22}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |

"{C8B289DC-84FD-4064-B1D2-52DB4C305100}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{CB692740-2E63-45F6-BFB6-0675552977FD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{CF0A7214-382D-4F4E-B44B-F58D111551E3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{D008CFE7-EB06-4615-A24A-E51C9C6AAE8D}" = protocol=6 | dir=out | app=hpqtra08.exe |

"{D144AB3F-E919-436C-9505-E10D78C70059}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{D35DC285-CDBE-4B16-998F-914CE42F4BE8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{D519BFFA-8724-46F9-A750-6812BBB75411}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |

"{D636759F-AC55-4DFA-A28F-2909FD7CBC98}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |

"{D72AA8CD-90C0-4E5E-8FA4-9F807E601C3D}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |

"{D758339C-F7AA-4032-8A55-E8D23A040669}" = protocol=17 | dir=in | app=c:\program files (x86)\intuit\quickbooks 2009\qbw32.exe |

"{DA99CF7A-3031-4733-A851-4B348DF0A86A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{DD61992F-8FA0-4D8D-A357-0D62E7A0A314}" = protocol=6 | dir=in | app=c:\program files (x86)\intuit\quickbooks 2009\dbmanagerexe.exe |

"{E1EFE2D0-6E66-4EDF-AC1B-BC4A094BF5B6}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |

"{E3C83567-DBC2-40D4-9984-E1F1F4A675B9}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |

"{E8BFC48A-E45F-40E2-AD83-1F2CBDBABDC7}" = protocol=6 | dir=in | app=hpqscnvw.exe |

"{E95D5FB7-CB8E-4509-821F-E02CD62E9A35}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\intuit\quickbooks\qblaunch.exe |

"{EE3E2B15-FA9B-4737-B2D8-8152AC87BABD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |

"{EED61E7B-1502-4F3C-B0AA-D4D532C3CF61}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |

"{EF83469F-B5B6-4A17-A17C-1C21FCEAC18F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{F19EF4B6-BA4C-4683-B573-ED44A28DEC48}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{F4F1F3DE-0E85-46EC-9924-3A19296CF660}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{F5A97E50-CBD8-4880-92F2-25604BE99B52}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{F5B01DE0-4AD9-43AB-88B6-BF514C0D2BD1}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe |

"{F6B9E930-C862-40F9-9A07-6510A15FFAB6}" = protocol=17 | dir=out | app=hpqste08.exe |

"{F75E6B7F-668D-451D-92ED-6C1CD7E17883}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\hp1006mc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0308919C-E317-4293-8D3C-97EF307BCDBC}" = HP Officejet Pro 8500 A910 Product Improvement Study

"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{2B71BB94-F52C-4EF2-85E8-45E63296EDF2}" = HP OfficeJet H470

"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector

"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{988329F4-A1A1-4D51-803C-EF2725A97627}" = HP Photosmart All-In-One Driver Software 13.0 Rel. 2

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{EE7C94CC-BECB-4000-B5E3-D895307B9D5E}" = HP Officejet Pro 8500 A910 Basic Device Software

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer

"HDMI" = Intel® Graphics Media Accelerator Driver

"HP Imaging Device Functions" = HP Imaging Device Functions 13.0

"HP Photosmart Essential" = HP Photosmart Essential 3.5

"HP Smart Web Printing" = HP Smart Web Printing 4.51

"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0

"HPExtendedCapabilities" = HP Customer Participation Program 13.0

"HPOCR" = OCR Software by I.R.I.S. 13.0

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Shop for HP Supplies" = Shop for HP Supplies

"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00772F8B-37FF-4704-A47D-72B30BFAF126}" = MPM

"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan

"{08F32589-5E39-42B8-8BC5-6A8126ED2A70}" = Microsoft Visual C++ 2008 Redistributable Package

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight

"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status

"{110DBEFA-B7C5-4191-A8AB-57EEC0E6E0A8}" = HP Smart Print 1.1.2.0

"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard

"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"{162d74e4-7d6d-4949-8018-50e96e314696}" = C6200_Help

"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1A45C65B-6059-4091-8433-D53DDF989FC7}" = H470

"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc

"{22057D8D-7CC8-46FF-AD8C-9BD24F9014F3}" = QuickBooks Pro 2012

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8

"{25E202D1-D8E7-46AF-B4B0-157D9993A93E}" = QuickBooks

"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{2C876BA7-32D3-4DE6-9934-B6A97FA09FCE}" = 470_Help

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update

"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime

"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy

"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg

"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport

"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies

"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service

"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2

"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works

"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker

"{685B0843-6C8D-4E42-B60D-2B86B45526E0}" = PS_AIO_02_Software_Min

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply

"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox

"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam

"{7C05EEDD-E565-4E2B-ADE4-0C784C17311C}" = Crystal Reports for .NET Framework 2.0 (x86)

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Help

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}_WordR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}_WordR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}_WordR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}_WordR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_SMALLBUSINESSR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_WordR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_WordR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}_WordR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}_WordR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_WordR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{901C0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Access 2002 Runtime

"{91120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007

"{91120000-001B-0000-0000-0000000FF1CE}_WordR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007

"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{94F8D42D-BB31-4858-9705-7D756D8D9655}" = PS_AIO_02_Software

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{990635A0-3FCF-4933-AD9B-09CB5C0DC873}" = BPDSoftware

"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc

"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.1 MUI

"{AFFD253D-5CE1-44B5-81DC-E00EF7048770}" = BPDSoftware_Ini

"{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin

"{B4B2096B-B13E-408E-8985-BD07463D5487}" = PS_AIO_02_ProductContext

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C82185E8-C27B-4EF4-2010-1111BC2C2B6D}" = Microsoft MapPoint North America 2010

"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR

"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential

"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan

"{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel

"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{E022C318-BAC9-468D-8731-3C5EE63C7743}" = 470_Readme

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{E805794B-E657-49CD-9110-C5AFEB416D5F}" = ProductContext

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F631F1BE-00B0-49CF-8DFB-9885975B27CD}" = C6200

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Acer Assist" = Acer Assist

"Acer Registration" = Acer Registration

"Acer Screensaver" = Acer ScreenSaver

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"AT&T Unified Messaging" = AT&T Unified Messaging

"ESET Online Scanner" = ESET Online Scanner v3

"GridVista" = Acer GridVista

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"HP LaserJet P1000 series" = HP LaserJet P1000 series

"Identity Card" = Identity Card

"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5

"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8

"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe

"Java Media Framework 2.1.1e" = Java Media Framework 2.1.1e

"LManager" = Launch Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300

"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime

"MSC" = McAfee SecurityCenter

"ODEUNST #1" = Wintac

"ODEUNST #2" = Wintac (C:\Wintac\)

"ODEUNST #3" = Wintac (C:\Wintac\) #3

"SMALLBUSINESSR" = Microsoft Office Small Business 2007

"WildTangent acer Master Uninstall" = Acer Games

"WinLiveSuite" = Windows Live Essentials

"WordR" = Microsoft Office Word 2007

"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2328646528-2302333503-2344070225-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater

"GoToMeeting" = GoToMeeting 4.5.0.457

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 7/22/2012 8:47:53 PM | Computer Name = Mike-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".

Dependent

Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/22/2012 8:54:23 PM | Computer Name = Mike-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".

Dependent

Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/22/2012 8:56:59 PM | Computer Name = Mike-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".

Dependent

Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/23/2012 1:36:22 AM | Computer Name = Mike-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\Program Files (x86)\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program

Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value

"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute

"version" in element "assemblyIdentity" is invalid.

Error - 7/23/2012 1:39:50 AM | Computer Name = Mike-PC | Source = Application Error | ID = 1000

Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time

stamp: 0x4a5bc3c5 Faulting module name: MSHTML.dll, version: 9.0.8112.16446, time

stamp: 0x4fb58407 Exception code: 0xc0000005 Fault offset: 0x0021d98c Faulting process

id: 0xf14 Faulting application start time: 0x01cd686ccba7340e Faulting application

path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\system32\MSHTML.dll

Report

Id: d1ae8de9-d488-11e1-b504-705ab60295be

Error - 7/23/2012 1:48:33 AM | Computer Name = Mike-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".

Dependent

Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/23/2012 1:48:33 AM | Computer Name = Mike-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".

Dependent

Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/23/2012 1:48:34 AM | Computer Name = Mike-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".

Dependent

Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/23/2012 1:48:34 AM | Computer Name = Mike-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".

Dependent

Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/23/2012 3:02:21 AM | Computer Name = Mike-PC | Source = Application Error | ID = 1000

Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time

stamp: 0x4a5bc3c5 Faulting module name: MSHTML.dll, version: 9.0.8112.16446, time

stamp: 0x4fb58407 Exception code: 0xc0000005 Fault offset: 0x0021d98c Faulting process

id: 0x192c Faulting application start time: 0x01cd6896a6d73dea Faulting application

path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\system32\MSHTML.dll

Report

Id: 586da6ff-d494-11e1-b504-705ab60295be

[ Media Center Events ]

Error - 6/21/2010 7:44:29 PM | Computer Name = Mike-PC | Source = MCUpdate | ID = 0

Description = 6:44:23 PM - Error connecting to the internet. 6:44:23 PM - Unable

to contact server..

Error - 6/23/2010 3:10:37 PM | Computer Name = Mike-PC | Source = MCUpdate | ID = 0

Description = 2:10:29 PM - Error connecting to the internet. 2:10:34 PM - Unable

to contact server..

Error - 9/26/2011 7:04:06 PM | Computer Name = Mike-PC | Source = MCUpdate | ID = 0

Description = 6:04:05 PM - Error connecting to the internet. 6:04:05 PM - Unable

to contact server..

Error - 9/26/2011 7:04:18 PM | Computer Name = Mike-PC | Source = MCUpdate | ID = 0

Description = 6:04:11 PM - Error connecting to the internet. 6:04:11 PM - Unable

to contact server..

Error - 9/27/2011 8:28:19 AM | Computer Name = Mike-PC | Source = MCUpdate | ID = 0

Description = 6:38:31 AM - Error connecting to the internet. 6:38:32 AM - Unable

to contact server..

Error - 9/27/2011 8:28:37 AM | Computer Name = Mike-PC | Source = MCUpdate | ID = 0

Description = 7:28:24 AM - Error connecting to the internet. 7:28:24 AM - Unable

to contact server..

Error - 11/25/2011 7:46:58 PM | Computer Name = Mike-PC | Source = MCUpdate | ID = 0

Description = 5:46:54 PM - Failed to retrieve SportsV2 (Error: The underlying connection

was closed: Could not establish trust relationship for the SSL/TLS secure channel.)

Error - 11/25/2011 9:12:38 PM | Computer Name = Mike-PC | Source = MCUpdate | ID = 0

Description = 6:59:16 PM - Error connecting to the internet. 6:59:52 PM - Unable

to contact server..

Error - 12/31/2011 9:25:56 AM | Computer Name = Mike-PC | Source = MCUpdate | ID = 0

Description = 7:25:55 AM - Error connecting to the internet. 7:25:56 AM - Unable

to contact server..

Error - 12/31/2011 9:26:09 AM | Computer Name = Mike-PC | Source = MCUpdate | ID = 0

Description = 7:26:03 AM - Error connecting to the internet. 7:26:03 AM - Unable

to contact server..

[ OSession Events ]

Error - 7/6/2011 8:18:25 PM | Computer Name = Mike-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 52

seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/27/2011 11:52:14 PM | Computer Name = Mike-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 22

seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/14/2012 11:26:06 AM | Computer Name = Mike-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 26

seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 8/2/2012 3:49:45 PM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7023

Description = The Server service terminated with the following error: %%13

Error - 8/2/2012 3:49:46 PM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7000

Description = The hpqcxs08 service failed to start due to the following error: %%1115

Error - 8/2/2012 3:49:46 PM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7038

Description = The netprofm service was unable to log on as NT AUTHORITY\LocalService

with the currently configured password due to the following error: %%50 To ensure

that the service is configured properly, use the Services snap-in in Microsoft

Management Console (MMC).

Error - 8/2/2012 3:49:46 PM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7000

Description = The Network List Service service failed to start due to the following

error: %%1069

Error - 8/2/2012 3:49:46 PM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7038

Description = The HPSLPSVC service was unable to log on as NT AUTHORITY\SYSTEM with

the currently configured password due to the following error: %%50 To ensure that

the service is configured properly, use the Services snap-in in Microsoft Management

Console (MMC).

Error - 8/2/2012 3:49:46 PM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7000

Description = The HP Network Devices Support service failed to start due to the

following error: %%1069

Error - 8/2/2012 3:49:46 PM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7038

Description = The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService

with the currently configured password due to the following error: %%50 To ensure

that the service is configured properly, use the Services snap-in in Microsoft

Management Console (MMC).

Error - 8/2/2012 3:49:46 PM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7000

Description = The Diagnostic Service Host service failed to start due to the following

error: %%1069

Error - 8/2/2012 3:58:53 PM | Computer Name = Mike-PC | Source = NetBT | ID = 4321

Description = The name "WORKGROUP :1d" could not be registered on the interface

with IP address 192.168.1.5. The computer with the IP address 192.168.1.1 did not

allow the name to be claimed by this computer.

Error - 8/2/2012 3:59:21 PM | Computer Name = Mike-PC | Source = DCOM | ID = 10010

Description =

< End of report >

D-FRED-BROWN · August 2, 2012

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the

textbox.

:OTL
[2012/01/11 06:51:02 | 000,002,048 | -HS- | C] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{a9044df0-141c-b4f6-fe1c-7e4fbc3e7efa}\@
[2012/01/11 06:51:02 | 000,002,048 | -HS- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Local\{a9044df0-141c-b4f6-fe1c-7e4fbc3e7efa}\@
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Handler\intu-help-qb5 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

:Files
C:\Windows\System32\config\systemprofile\AppData\Local\{a9044df0-141c-b4f6-fe1c-7e4fbc3e7efa}
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{a9044df0-141c-b4f6-fe1c-7e4fbc3e7efa}
C:\Windows\Installer\{a9044df0-141c-b4f6-fe1c-7e4fbc3e7efa}

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.

jpdhe · August 2, 2012

Here it is:

All processes killed

Error: Unable to interpret <:OTL[2012/01/11 06:51:02 | 000,002,048 | -HS- | C] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{a9044df0-141c-b4f6-fe1c-7e4fbc3e7efa}\@[2012/01/11 06:51:02 | 000,002,048 | -HS- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Local\{a9044df0-141c-b4f6-fe1c-7e4fbc3e7efa}\@O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO18:64bit: - Protocol\Handler\intu-help-qb5 - No CLSID value foundO18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\ms-itss - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\mso-offdap - No CLSID value foundO18:64bit: - Protocol\Handler\qbwc - No CLSID value foundO3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.:FilesC:\Windows\System32\config\systemprofile\AppData\Local\{a9044df0-141c-b4f6-fe1c-7e4fbc3e7efa}C:\Windows\SysWO> in the current context!

Error: Unable to interpret <W64\config\systemprofile\AppData\Local\{a9044df0-141c-b4f6-fe1c-7e4fbc3e7efa}C:\Windows\Installer\{a9044df0-141c-b4f6-fe1c-7e4fbc3e7efa}:Commands[purity][emptytemp][emptyjava][emptyflash][Reboot]> in the current context!

OTL by OldTimer - Version 3.2.55.0 log created on 08022012_171519

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

D-FRED-BROWN · August 2, 2012

Could you run the script again, and this time attach the log please?

jpdhe · August 3, 2012

Sorry, just want to clarify...run the OTL fix with the copy/paste code above again?

D-FRED-BROWN · August 3, 2012

Yes, please do.

jpdhe · August 3, 2012

Here it is again:

All processes killed

Error: Unable to interpret <:OTL[2012/01/11 06:51:02 | 000,002,048 | -HS- | C] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{a9044df0-141c-b4f6-fe1c-7e4fbc3e7efa}\@[2012/01/11 06:51:02 | 000,002,048 | -HS- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Local\{a9044df0-141c-b4f6-fe1c-7e4fbc3e7efa}\@O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO18:64bit: - Protocol\Handler\intu-help-qb5 - No CLSID value foundO18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\ms-itss - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\mso-offdap - No CLSID value foundO18:64bit: - Protocol\Handler\qbwc - No CLSID value foundO3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.:FilesC:\Windows\System32\config\systemprofile\AppData\Local\{a9044df0-141c-b4f6-fe1c-7e4fbc3e7efa}C:\Windows\SysWO> in the current context!

Error: Unable to interpret <W64\config\systemprofile\AppData\Local\{a9044df0-141c-b4f6-fe1c-7e4fbc3e7efa}C:\Windows\Installer\{a9044df0-141c-b4f6-fe1c-7e4fbc3e7efa}:Commands[purity][emptytemp][emptyjava][emptyflash][Reboot]> in the current context!

OTL by OldTimer - Version 3.2.55.0 log created on 08032012_163714

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

D-FRED-BROWN · August 3, 2012

Okay, thanks. Looks like we've made progress.

Before we move on, please let me know: are you still encountering any issues or strange behavior on the computer?

Next,

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats is Unchecked and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

jpdhe · August 3, 2012

So far so good - I am not finding any issues...I will run scan now

D-FRED-BROWN · August 3, 2012

Awesome. Let me know how it goes.

jpdhe · August 3, 2012

Finally done! Good news - the ESET scan reported no threats found. The bad news is that I can't find the log. The one that I found was from 7/23 when I was looking at forums and tried running that program. Do you want me to try it again?

D-FRED-BROWN · August 4, 2012

If it didn't pick up anything, I'd say you're clean.

Before we move on, please take the time to install the following updates. Using outdated applications leaves you vulnerable to getting infected again.

----------------

Java is out of date and older versions contain vulnerabilities. Please update to the newest version.

Download the newest version from here http://www.oracle.com/technetwork/java/javase/downloads/index.html.

It's important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.

Go to Start > Control Panel and open Add or Remove Programs.

Search in the list for all previous installed versions of Java. (J2SE Runtime Environment).

They will have this icon next to them:

Select each in turn and click Remove.

Once old versions are gone, please install the newest version.

----------------

You're using an old version of Adobe Acrobat Reader, this can leave your PC open to vulnerabilities, you can update it here (uninstall version 7.0 first):

Adobe Reader X

Note: I suggest you uncheck an optional, third-party download (eg. McAfee Security Scan Plus).

After successfully installing Adobe Reader X, see this article on how to make this program more secure: Adobe Reader X secures itself by playing in the sandbox.

----------------

Your Flash Player is out of date!

To make sure you have the latest version of Adobe Flash Player installed:

1. To uninstall an older version, visit this link: uninstall_flash_player.exe

2. Quit ALL running applications, including all Internet Explorer or other browser windows, and messenger applications (like AOL Instant Messenger, Yahoo Messenger, MSN Messenger).

3. Double-click on the file you've downloaded to uninstall Flash.

4. If uninstalled successfully, go to this site: Install Adobe Flash Player, and choose Agree and install now. This will install the newest version of Flash for your browser (note: Flash plugins for IE and Firefox must be installed separately).

Note: I recommend you uncheck an optional install (Free McAfee Security Scan or Free Google Toolbar).

----------------

Please let me know how the updates go, as failed updates may indicate additional malware.

jpdhe · August 5, 2012

Whew! All went well! Your directions have been fantastic - very thorough and easy to follow.

jpdhe · August 5, 2012

BTW just FYI..Today McAfee is telling me that the Malwarebytes Forum is not a trusted site.

D-FRED-BROWN · August 5, 2012

Glad the updates went well.

Could you possibly attach a screenshot of the message you get from McAfee?

----------------

I'll now provide you with some suggestions for security software, but first...

We Need to Clean Up our Mess

Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:

First, let's remove ComboFix:

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

-------------

Let's remove OTL as well:

Reopen on your desktop.
Click on
You will be prompted to reboot your system. Please do so.

-------------

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

avast!.

AntiVir

AVG

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy

A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster

A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard

A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

Please, consider maintaining a firewall with HIPS (Host Intrusion Prevention Systems). Firewalls are extremely important and are the first part of your computer's defense. HIPS stops malware by monitoring its behavior and it's very important, too.

A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.

If you are using the Windows Firewall please note that it doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.

These firewalls are good and do have free versions available

A tutorial on understanding and using firewalls may be found here.

If you use Internet Explorer, it is a good idea to use IE-Spyad for ZonedOut which provides protections against malicious websites. (Requires 2 downloads)

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.

If you are interested, Firefox may be downloaded from here

Opera is available here: http://www.opera.com/download/

For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.

jpdhe · August 6, 2012

Here is a copy of the page that McAfee directed me to when I tried to get to the forum:

McAfee SiteAdvisor

Navigation

Utility Navigation

Contact us

Content

Warning: Dangerous Site

Whoa!

Are you sure you want to go there?

http://forums.malwarebytes.org/index.php?showtopic... may be risky to visit.

Why were you redirected to this page?

When we visited this site, we found it exhibited one or more risky behaviors.

McAfee SiteAdvisor keeping me protected!

Back Visit anyway

Footer

Help with infection

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information