Can't rid myself of google redirect virus/rootkit

bfrivers · September 13, 2012

I've read tons of forums, websites, etc. I've followed all the advice, and still can't rid myself of a google redirect virus/rootkit. It's not getting picked up by Malwarebytes, microsoft security or a few other services I've tried. I've also tried the kaspersky tdss removal tool, and it didn't find anything. Any help,advice, etc. would be greatly appreciated. Below is my most recent ComboFix log:

ComboFix 12-09-12.03 - bill 09/12/2012 20:26:24.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8140.5737 [GMT -4:00]

Running from: c:\users\bill\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Install.exe

c:\programdata\Roaming

c:\users\bill\AppData\Roaming\0ad

c:\users\bill\AppData\Roaming\0ad\config\user.cfg

c:\users\bill\AppData\Roaming\0ad\data\saves\quicksave-0001.0adsave

c:\users\bill\AppData\Roaming\0ad\data\saves\quicksave-0002.0adsave

.

((((((((((((((((((((((((( Files Created from 2012-08-13 to 2012-09-13 )))))))))))))))))))))))))))))))

.

2012-09-13 00:30 . 2012-09-13 00:30 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-09-12 23:28 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8AF08226-6BE0-4011-AACF-83AE9F4FFADF}\mpengine.dll

2012-09-12 23:26 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-09-12 16:13 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-09-12 16:13 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys

2012-09-12 16:13 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-09-12 16:13 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll

2012-09-12 16:13 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2012-09-12 16:13 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-09-12 16:13 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-09-11 23:22 . 2012-09-13 00:24 -------- d-----w- c:\users\bill\AppData\Roaming\Anvisoft

2012-09-11 23:22 . 2012-09-11 23:22 -------- d-----w- c:\programdata\Anvisoft

2012-09-11 23:22 . 2012-09-13 00:24 -------- d-----w- c:\program files (x86)\Anvisoft

2012-09-11 21:03 . 2012-09-11 21:03 -------- d-----w- c:\users\bill\AppData\Roaming\Malwarebytes

2012-09-11 21:03 . 2012-09-11 21:03 -------- d-----w- c:\programdata\Malwarebytes

2012-09-11 21:02 . 2012-09-11 21:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-09-11 21:02 . 2012-09-07 21:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-31 20:58 . 2012-08-31 20:58 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-08-31 20:57 . 2012-08-31 20:57 -------- d-----w- c:\programdata\McAfee

2012-08-18 16:31 . 2012-08-18 16:31 -------- d-----w- c:\program files\DIFX

2012-08-18 16:28 . 2012-08-18 16:31 -------- d-----w- c:\program files (x86)\LeapFrog

2012-08-18 16:28 . 2012-08-18 16:28 -------- d-----w- c:\programdata\Leapfrog

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-12 20:00 . 2011-08-15 11:59 64462936 ----a-w- c:\windows\system32\MRT.exe

2012-08-31 20:58 . 2011-04-08 20:56 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-08-14 18:35 . 2012-04-12 11:55 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-14 18:35 . 2011-08-15 14:03 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-25 20:04 . 2012-06-25 20:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"googletalk"="c:\users\bill\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-21 1174016]

"CLRHost"="c:\blp\API\Office Tools\bbxlcmd.exe" [2011-11-16 102400]

"Spotify Web Helper"="c:\users\bill\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-31 1193176]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-11-30 113288]

"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]

"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]

"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2011-08-24 651832]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-07-11 574008]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-15 336384]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2012-07-05 295304]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

c:\users\bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"EnableShellExecuteHooks"= 1 (0x1)

.

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056]

R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 299008]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-08 114144]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-15 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-11-30 89600]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-06 204288]

S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-31 1166848]

S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]

S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]

S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-18 265544]

S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-07-11 26680]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]

S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-11-30 2413056]

S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-08-24 430136]

S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-06 9981952]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-06 310272]

S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 299008]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2012-06-06 12289472]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-08-03 8604672]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-11-30 91648]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-11-30 208896]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-11-30 338536]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2011-02-17 42392]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-09-13 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 18:35]

.

2012-09-11 c:\windows\Tasks\HPCeeScheduleForbill.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

2012-09-11 c:\windows\Tasks\HPCeeScheduleForLAPTOP$.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP Color LaserJet CM1312 MFP Series Fax"="c:\program files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe" [2009-09-23 3700736]

"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]

"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-11-30 1128448]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-06-06 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-06-06 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-06-06 416024]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.votervault3.com/votervault30/login/login.aspx

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local;192.168.*.*

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\bill\AppData\Roaming\Mozilla\Firefox\Profiles\p896zt35.default\

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe

SafeBoot-66379825.sys

SafeBoot-80186927.sys

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-Bloomberg Keyboard v11.1 - c:\windows\System32\drivers\UNWISE.EXE

AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe

AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Juniper Networks\Common Files\dsNcService.exe

c:\windows\SysWOW64\ezSharedSvcHost.exe

c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2012-09-12 20:39:45 - machine was rebooted

ComboFix-quarantined-files.txt 2012-09-13 00:39

.

Pre-Run: 582,575,108,096 bytes free

Post-Run: 584,039,911,424 bytes free

.

- - End Of File - - 2EE2DEBD135BB820EF93F9FD20D1C3EE

CatByte · September 13, 2012

Please do the following:

download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

- Startup Repair
  System Restore
  Windows Complete PC Restore
  Windows Memory Diagnostic Tool
  Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to the disclaimer.

[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there

[*]Press Scan button.

[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:

services.exe

[*]now press the search button

[*]when the search is complete, search.txt will also be written to your USB

[*]type exit and reboot the computer normally

[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)

bfrivers · September 13, 2012

Thank you for your help!

I have posted the frst.txt file below:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-09-2012

Ran by SYSTEM at 13-09-2012 09:30:38

Running from H:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)

HKLM\...\Run: [HP Color LaserJet CM1312 MFP Series Fax] C:\Program Files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe "HP Color LaserJet CM1312 MFP Series Fax" [3700736 2009-09-22] (Hewlett-Packard Company)

HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.)

HKLM\...\Run: [intelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray [1935120 2011-07-27] (Intel® Corporation)

HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-11-30] (IDT, Inc.)

HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)

HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)

HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2011-11-30] (Renesas Electronics Corporation)

HKLM-x32\...\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35768 2012-07-27] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-03-16] (EasyBits Software AS)

HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)

HKLM-x32\...\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [651832 2011-08-24] (Sony Corporation)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)

HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)

HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-03-15] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [295304 2012-07-05] (LeapFrog Enterprises, Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)

HKU\bill\...\Run: [googletalk] C:\Users\bill\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart [3739648 2007-01-01] (Google)

HKU\bill\...\Run: [CLRHost] C:\blp\API\Office Tools\bbxlcmd.exe [102400 2011-11-16] ()

HKU\bill\...\Run: [spotify Web Helper] "C:\Users\bill\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1193176 2012-07-31] ()

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

Startup: C:\Users\bill\Start Menu\Programs\Startup\Adobe Gamma.lnk

ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Services ====================

2 BTHSSecurityMgr; "C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe" [134928 2011-06-03] (Intel® Corporation)

2 HPAuto; "C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe" [682040 2011-02-16] (Hewlett-Packard)

3 hpCMSrv; "C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe" [1071160 2011-02-15] (Hewlett-Packard Development Company L.P.)

2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)

3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()

3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)

2 MDM; "C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe" [x]

==================== Drivers =================================

3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) =================

==================== One Month Created Files and Folders ======================

2012-09-12 19:14 - 2012-09-12 19:14 - 01453755 ____A (Farbar) C:\Users\bill\Downloads\FRST64.exe

2012-09-12 16:39 - 2012-09-12 16:39 - 00020448 ____A C:\ComboFix.txt

2012-09-12 15:59 - 2012-09-12 15:59 - 04014897 ____A (BlogDesk ) C:\Users\bill\Downloads\blogdesk-284-en.exe

2012-09-12 13:19 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe

2012-09-12 13:19 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe

2012-09-12 13:19 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2012-09-12 13:19 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2012-09-12 13:19 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2012-09-12 13:19 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe

2012-09-12 13:19 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe

2012-09-12 13:19 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe

2012-09-12 13:17 - 2012-09-12 16:39 - 00000000 ____D C:\Qoobox

2012-09-12 13:17 - 2012-09-12 16:38 - 00000000 ____D C:\Windows\erdnt

2012-09-12 13:15 - 2012-09-12 13:16 - 04749988 ____R (Swearware) C:\Users\bill\Desktop\ComboFix.exe

2012-09-12 12:19 - 2012-09-12 12:19 - 00000000 ____D C:\Windows\pss

2012-09-12 08:13 - 2012-08-22 10:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2012-09-12 08:13 - 2012-08-22 10:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys

2012-09-12 08:13 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys

2012-09-12 08:13 - 2012-08-22 10:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS

2012-09-12 08:13 - 2012-08-02 09:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll

2012-09-12 08:13 - 2012-08-02 08:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll

2012-09-12 08:13 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys

2012-09-11 16:55 - 2012-09-11 16:56 - 00000000 ____D C:\Users\bill\Documents\tdsskiller

2012-09-11 15:22 - 2012-09-12 16:24 - 00000000 ____D C:\Users\bill\AppData\Roaming\Anvisoft

2012-09-11 15:22 - 2012-09-12 16:24 - 00000000 ____D C:\Program Files (x86)\Anvisoft

2012-09-11 15:22 - 2012-09-11 15:22 - 00000000 ____D C:\Users\All Users\Anvisoft

2012-09-11 15:21 - 2012-09-11 15:21 - 00352960 ____A (Softonic) C:\Users\bill\Downloads\SoftonicDownloader_for_anvi-smart-defender.exe

2012-09-11 15:18 - 2012-09-11 15:18 - 00000422 ____A C:\Users\bill\Desktop\scour.txt

2012-09-11 15:13 - 2012-09-11 15:13 - 00600064 ____A (OldTimer Tools) C:\Users\bill\Downloads\OTL.exe

2012-09-11 15:06 - 2012-09-11 15:06 - 01932256 ____A (Symantec Corporation) C:\Users\bill\Downloads\FixTDSS.exe

2012-09-11 13:03 - 2012-09-11 13:03 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-09-11 13:03 - 2012-09-11 13:03 - 00000000 ____D C:\Users\bill\AppData\Roaming\Malwarebytes

2012-09-11 13:03 - 2012-09-11 13:03 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-09-11 13:02 - 2012-09-11 13:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-09-11 13:02 - 2012-09-11 13:02 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\bill\Downloads\mbam-setup-1.65.0.1400.exe

2012-09-11 13:02 - 2012-09-07 13:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-09-07 17:00 - 2012-09-07 17:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2012-09-06 16:59 - 2012-09-11 13:03 - 00000000 ____D C:\Users\bill\Desktop\Osprey

2012-09-04 03:36 - 2012-09-04 03:37 - 00000000 ____D C:\Users\bill\AppData\Local\{2E7EAB09-3933-4792-8B5F-55968A5F9636}

2012-08-31 12:58 - 2012-08-31 12:58 - 00477168 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll

2012-08-31 12:58 - 2012-08-31 12:58 - 00157680 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe

2012-08-31 12:58 - 2012-08-31 12:58 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe

2012-08-31 12:58 - 2012-08-31 12:58 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe

2012-08-31 12:57 - 2012-08-31 12:57 - 00000000 ____D C:\Users\All Users\McAfee

2012-08-27 09:06 - 2012-08-27 09:06 - 01244499 ____A C:\Users\bill\Downloads\8thind.zip

2012-08-27 08:57 - 2012-09-10 15:02 - 22413312 ____A C:\Users\bill\Documents\B-R.accdb

2012-08-27 08:56 - 2012-08-27 08:56 - 00965249 ____A C:\Users\bill\Downloads\8th.zip

2012-08-27 08:09 - 2012-08-27 09:06 - 06050107 ____A C:\Users\bill\Documents\8thind.csv

2012-08-27 05:44 - 2012-08-27 08:57 - 04468637 ____A C:\Users\bill\Documents\8th.csv

2012-08-26 12:14 - 2012-08-26 12:15 - 00000000 ____D C:\Users\bill\AppData\Local\{FB81D580-3141-4668-A041-DB87F5B3166D}

2012-08-24 09:40 - 2012-08-24 09:40 - 00000000 ____D C:\Users\bill\AppData\Local\{BC532101-70D4-4DDD-A5B3-E30072CD6000}

2012-08-22 15:31 - 2012-08-22 15:32 - 00000000 ____D C:\Users\bill\AppData\Local\{1ACDE1EA-E43A-42B6-8E4B-6B554D9BB07C}

2012-08-22 03:31 - 2012-08-22 03:31 - 00000000 ____D C:\Users\bill\AppData\Local\{3BE32315-0BDB-4175-8B7F-968A386B2C47}

2012-08-21 15:24 - 2012-08-21 15:24 - 00000000 ____D C:\Users\bill\AppData\Local\{DB28C5EE-819C-4C7C-89D7-7D7A040E523C}

2012-08-21 03:23 - 2012-08-21 03:24 - 00000000 ____D C:\Users\bill\AppData\Local\{96657DE7-B495-4784-8C5F-81FF92F993DD}

2012-08-20 09:20 - 2012-08-20 09:21 - 35101696 ____A C:\Users\bill\Downloads\freecol-0.10.5-installer.exe

2012-08-20 04:34 - 2012-08-20 04:35 - 00000000 ____D C:\Users\bill\AppData\Local\{F3DC307D-049C-4F26-97E7-32885FEC1E7B}

2012-08-18 08:31 - 2012-08-18 08:31 - 00000950 ____A C:\Users\Public\Desktop\LeapFrog Connect.lnk

2012-08-18 08:31 - 2012-08-18 08:31 - 00000000 ____D C:\Program Files\DIFX

2012-08-18 08:30 - 2012-08-18 08:30 - 00000000 ____D C:\Users\bill\AppData\Local\{4F68C277-D9CD-45A4-93E4-7C4B9F031ECD}

2012-08-18 08:29 - 2012-08-18 08:30 - 00000000 ____D C:\Users\bill\AppData\Local\{EB96ABC9-4ADA-4A28-8E54-2185D2A71EE1}

2012-08-18 08:28 - 2012-08-18 08:31 - 00000000 ____D C:\Program Files (x86)\LeapFrog

2012-08-18 08:28 - 2012-08-18 08:28 - 00000000 ____D C:\Users\bill\Downloads\log

2012-08-18 08:28 - 2012-08-18 08:28 - 00000000 ____D C:\Users\All Users\Leapfrog

2012-08-18 08:27 - 2012-08-18 08:28 - 10716552 ____A (LeapFrog Enterprises, Inc.) C:\Users\bill\Downloads\LeapFrogConnectSetup_Leapster2.exe

2012-08-18 05:15 - 2012-08-18 05:15 - 00000000 ____D C:\Users\bill\AppData\Local\{397F1D4D-48A5-4223-8881-64FDB15F195C}

2012-08-17 05:57 - 2012-08-17 05:58 - 00000000 ____D C:\Users\bill\AppData\Local\{77E2196B-41FC-4261-8CDA-911763B6143E}

2012-08-17 05:56 - 2012-08-17 05:57 - 00000000 ____D C:\Users\bill\AppData\Local\{BD56BDA9-2B0D-4EC9-A7BE-E2CCDC4CE6B8}

2012-08-16 09:46 - 2012-08-16 09:47 - 00000000 ____D C:\Users\bill\AppData\Local\{5344CF5E-8D1B-4422-A35E-F72F45862DB7}

2012-08-16 09:46 - 2012-08-16 09:46 - 00000000 ____D C:\Users\bill\AppData\Local\{AABFEF9E-A83B-4578-8ADC-207C56DB66A4}

2012-08-16 03:30 - 2012-06-28 20:55 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-08-16 03:30 - 2012-06-28 20:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-08-16 03:30 - 2012-06-28 19:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-08-16 03:30 - 2012-06-28 19:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-08-16 03:30 - 2012-06-28 19:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-08-16 03:30 - 2012-06-28 19:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-08-16 03:30 - 2012-06-28 19:47 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-08-16 03:30 - 2012-06-28 19:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-08-16 03:30 - 2012-06-28 19:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-08-16 03:30 - 2012-06-28 19:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-08-16 03:30 - 2012-06-28 19:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-08-16 03:30 - 2012-06-28 19:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-08-16 03:30 - 2012-06-28 19:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-08-16 03:30 - 2012-06-28 19:35 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-08-16 03:30 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-08-16 03:30 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-08-16 03:30 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-08-16 03:30 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-08-16 03:30 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-08-16 03:30 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-08-16 03:30 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-08-16 03:30 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-08-16 03:30 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-08-16 03:30 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-08-16 03:30 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-08-16 03:30 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-08-16 03:30 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-08-16 03:30 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-08-15 16:49 - 2012-08-15 16:49 - 00000000 ____D C:\Users\bill\AppData\Local\{79DD92FA-9086-4A9F-B4DF-D530D8FD2003}

2012-08-15 16:48 - 2012-08-15 16:49 - 00000000 ____D C:\Users\bill\AppData\Local\{7E651C0F-DF79-4A48-BE72-D31E2C818AE3}

2012-08-15 03:16 - 2012-07-18 10:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-08-15 03:16 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll

2012-08-15 03:16 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll

2012-08-15 03:16 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll

2012-08-15 03:16 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll

2012-08-15 03:16 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll

2012-08-15 03:16 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll

2012-08-15 03:16 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll

2012-08-15 03:16 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2012-08-15 03:16 - 2012-02-10 22:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll

2012-08-15 03:16 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe

2012-08-15 03:16 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe

2012-08-15 03:16 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll

2012-08-15 03:04 - 2012-08-15 03:05 - 00000000 ____D C:\Users\bill\AppData\Local\{6DFB0789-721F-4D99-AEC0-13BF106DCC27}

2012-08-15 03:04 - 2012-08-15 03:04 - 00000000 ____D C:\Users\bill\AppData\Local\{7614779D-8BC3-449A-BD3E-5EDCC824A08D}

2012-08-14 10:06 - 2012-08-14 10:06 - 00000000 ____D C:\Users\bill\AppData\Local\{5B0CAF6B-33C3-40F6-BCBB-BDF9F682FFD5}

2012-08-14 10:05 - 2012-08-14 10:06 - 00000000 ____D C:\Users\bill\AppData\Local\{3FA95CC0-09B5-43CD-A589-297C1C2837DA}

==================== 3 Months Modified Files ================================

2012-09-13 05:26 - 2011-07-18 04:51 - 02032194 ____A C:\Windows\WindowsUpdate.log

2012-09-13 05:24 - 2009-07-13 20:51 - 00079500 ____A C:\Windows\setupact.log

2012-09-13 05:10 - 2012-04-12 03:55 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-09-12 19:23 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-09-12 19:23 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-09-12 19:14 - 2012-09-12 19:14 - 01453755 ____A (Farbar) C:\Users\bill\Downloads\FRST64.exe

2012-09-12 16:48 - 2009-07-13 21:13 - 00729880 ____A C:\Windows\System32\PerfStringBackup.INI

2012-09-12 16:45 - 2011-08-15 04:25 - 00170592 ____A C:\Users\bill\AppData\Local\GDIPFONTCACHEV1.DAT

2012-09-12 16:43 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-09-12 16:39 - 2012-09-12 16:39 - 00020448 ____A C:\ComboFix.txt

2012-09-12 16:34 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini

2012-09-12 16:32 - 2010-11-20 19:47 - 00247414 ____A C:\Windows\PFRO.log

2012-09-12 15:59 - 2012-09-12 15:59 - 04014897 ____A (BlogDesk ) C:\Users\bill\Downloads\blogdesk-284-en.exe

2012-09-12 13:16 - 2012-09-12 13:15 - 04749988 ____R (Swearware) C:\Users\bill\Desktop\ComboFix.exe

2012-09-12 12:04 - 2011-11-15 15:27 - 00108544 __ASH C:\Users\bill\Desktop\Thumbs.db

2012-09-12 12:00 - 2011-08-15 03:59 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-09-11 15:21 - 2012-09-11 15:21 - 00352960 ____A (Softonic) C:\Users\bill\Downloads\SoftonicDownloader_for_anvi-smart-defender.exe

2012-09-11 15:18 - 2012-09-11 15:18 - 00000422 ____A C:\Users\bill\Desktop\scour.txt

2012-09-11 15:13 - 2012-09-11 15:13 - 00600064 ____A (OldTimer Tools) C:\Users\bill\Downloads\OTL.exe

2012-09-11 15:08 - 2012-07-03 07:22 - 00000328 ____A C:\Windows\Tasks\HPCeeScheduleForbill.job

2012-09-11 15:08 - 2011-11-09 09:57 - 00000338 ____A C:\Windows\Tasks\HPCeeScheduleForLAPTOP$.job

2012-09-11 15:06 - 2012-09-11 15:06 - 01932256 ____A (Symantec Corporation) C:\Users\bill\Downloads\FixTDSS.exe

2012-09-11 13:05 - 2011-09-04 06:34 - 00008877 ____A C:\Users\bill\AppData\Roaming\.freeciv-client-rc-2.3

2012-09-11 13:03 - 2012-09-11 13:03 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-09-11 13:02 - 2012-09-11 13:02 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\bill\Downloads\mbam-setup-1.65.0.1400.exe

2012-09-11 08:27 - 2011-08-16 10:55 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log

2012-09-10 15:02 - 2012-08-27 08:57 - 22413312 ____A C:\Users\bill\Documents\B-R.accdb

2012-09-07 13:04 - 2012-09-11 13:02 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-08-31 12:58 - 2012-08-31 12:58 - 00477168 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll

2012-08-31 12:58 - 2012-08-31 12:58 - 00157680 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe

2012-08-31 12:58 - 2012-08-31 12:58 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe

2012-08-31 12:58 - 2012-08-31 12:58 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe

2012-08-31 12:58 - 2011-04-08 12:56 - 00473072 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll

2012-08-28 11:53 - 2011-09-09 05:31 - 00046592 __ASH C:\Users\bill\Documents\Thumbs.db

2012-08-27 09:06 - 2012-08-27 09:06 - 01244499 ____A C:\Users\bill\Downloads\8thind.zip

2012-08-27 09:06 - 2012-08-27 08:09 - 06050107 ____A C:\Users\bill\Documents\8thind.csv

2012-08-27 08:57 - 2012-08-27 05:44 - 04468637 ____A C:\Users\bill\Documents\8th.csv

2012-08-27 08:56 - 2012-08-27 08:56 - 00965249 ____A C:\Users\bill\Downloads\8th.zip

2012-08-22 10:12 - 2012-09-12 08:13 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2012-08-22 10:12 - 2012-09-12 08:13 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys

2012-08-22 10:12 - 2012-09-12 08:13 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys

2012-08-22 10:12 - 2012-09-12 08:13 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS

2012-08-20 09:21 - 2012-08-20 09:20 - 35101696 ____A C:\Users\bill\Downloads\freecol-0.10.5-installer.exe

2012-08-18 08:31 - 2012-08-18 08:31 - 00000950 ____A C:\Users\Public\Desktop\LeapFrog Connect.lnk

2012-08-18 08:31 - 2011-07-18 04:52 - 00024920 ____A C:\Windows\DPINST.LOG

2012-08-18 08:28 - 2012-08-18 08:27 - 10716552 ____A (LeapFrog Enterprises, Inc.) C:\Users\bill\Downloads\LeapFrogConnectSetup_Leapster2.exe

2012-08-16 11:08 - 2012-04-12 07:23 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk

2012-08-16 10:56 - 2009-07-13 20:45 - 00561112 ____A C:\Windows\System32\FNTCACHE.DAT

2012-08-14 10:40 - 2012-01-09 14:34 - 00274944 __ASH C:\Users\bill\Downloads\Thumbs.db

2012-08-14 10:35 - 2012-04-12 03:55 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-08-14 10:35 - 2011-08-15 06:03 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-08-02 09:58 - 2012-09-12 08:13 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll

2012-08-02 08:57 - 2012-09-12 08:13 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll

2012-07-31 10:40 - 2012-07-31 10:31 - 00001798 ____A C:\Users\bill\Desktop\Spotify.lnk

2012-07-31 10:37 - 2012-07-31 10:36 - 19665520 ____A (Spotify Ltd) C:\Users\bill\Downloads\Spotify Installer.exe

2012-07-31 10:30 - 2012-07-31 10:30 - 00087360 ____A (Spotify Ltd) C:\Users\bill\Downloads\SpotifySetup.exe

2012-07-24 08:05 - 2011-10-25 16:04 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt

2012-07-18 10:15 - 2012-08-15 03:16 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-07-11 12:13 - 2012-07-11 12:13 - 00265136 ____A C:\Windows\msxml4-KB2721691-enu.LOG

2012-07-05 09:17 - 2012-07-05 09:17 - 07341144 ____A C:\Users\bill\Downloads\ld182.zip

2012-07-05 08:57 - 2012-07-05 08:57 - 00891084 ____A C:\Users\bill\Downloads\easton (1).zip

2012-07-04 14:16 - 2012-08-15 03:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll

2012-07-04 14:13 - 2012-08-15 03:16 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll

2012-07-04 14:13 - 2012-08-15 03:16 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll

2012-07-04 13:16 - 2012-08-15 03:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll

2012-07-04 13:14 - 2012-08-15 03:16 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll

2012-07-04 12:26 - 2012-09-12 08:13 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys

2012-07-02 08:59 - 2012-07-02 08:59 - 00780828 ____A C:\Users\bill\Downloads\swift-basic.0.1.3.zip

2012-07-02 08:45 - 2012-07-02 08:45 - 00004663 ____A C:\Users\bill\.recently-used.xbel

2012-07-02 05:12 - 2012-07-02 05:12 - 01157971 ____A C:\Users\bill\Downloads\webfolio.zip

2012-06-30 03:48 - 2012-06-30 03:48 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk

2012-06-28 20:55 - 2012-08-16 03:30 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-06-28 20:09 - 2012-08-16 03:30 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-06-28 19:56 - 2012-08-16 03:30 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-06-28 19:49 - 2012-08-16 03:30 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-06-28 19:49 - 2012-08-16 03:30 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-06-28 19:48 - 2012-08-16 03:30 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-06-28 19:47 - 2012-08-16 03:30 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-06-28 19:45 - 2012-08-16 03:30 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-06-28 19:44 - 2012-08-16 03:30 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-06-28 19:43 - 2012-08-16 03:30 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-06-28 19:42 - 2012-08-16 03:30 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-06-28 19:40 - 2012-08-16 03:30 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-06-28 19:39 - 2012-08-16 03:30 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-06-28 19:35 - 2012-08-16 03:30 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-06-28 16:52 - 2012-08-16 03:30 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-06-28 16:27 - 2012-08-16 03:30 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-06-28 16:16 - 2012-08-16 03:30 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-06-28 16:09 - 2012-08-16 03:30 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-06-28 16:09 - 2012-08-16 03:30 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-06-28 16:08 - 2012-08-16 03:30 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-06-28 16:07 - 2012-08-16 03:30 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-06-28 16:06 - 2012-08-16 03:30 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-06-28 16:04 - 2012-08-16 03:30 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-06-28 16:04 - 2012-08-16 03:30 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-06-28 16:01 - 2012-08-16 03:30 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-06-28 16:01 - 2012-08-16 03:30 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-06-28 16:00 - 2012-08-16 03:30 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-06-28 15:57 - 2012-08-16 03:30 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-06-25 12:04 - 2012-06-25 12:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll

2012-06-19 09:49 - 2012-06-19 09:49 - 00027820 ____A C:\Users\bill\Downloads\MC900437743.WMF

2012-06-19 09:44 - 2012-06-19 09:44 - 00008592 ____A C:\Users\bill\Downloads\MC900009815.WMF

2012-06-19 09:43 - 2012-06-19 09:43 - 00041136 ____A C:\Users\bill\Downloads\MC900154414.WMF

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-08-20 04:49:48

Restore point made on: 2012-08-23 18:49:15

Restore point made on: 2012-08-27 03:29:18

Restore point made on: 2012-08-30 08:09:37

Restore point made on: 2012-08-31 12:57:56

Restore point made on: 2012-09-03 06:28:07

Restore point made on: 2012-09-06 09:58:05

Restore point made on: 2012-09-06 11:56:31

Restore point made on: 2012-09-06 16:19:12

Restore point made on: 2012-09-10 04:02:49

Restore point made on: 2012-09-12 12:00:45

==================== Memory info ===========================

Percentage of memory in use: 11%

Total physical RAM: 8139.86 MB

Available physical RAM: 7210.8 MB

Total Pagefile: 8138.01 MB

Available Pagefile: 7203.69 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

==================== Partitions ============================

1 Drive c: () (Fixed) (Total:684 GB) (Free:543.89 GB) NTFS ==>[system with boot components (obtained from reading drive)]

2 Drive e: (RECOVERY) (Fixed) (Total:14.34 GB) (Free:1.6 GB) NTFS ==>[system with boot components (obtained from reading drive)]

3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32

5 Drive h: () (Removable) (Total:14.9 GB) (Free:14.86 GB) FAT32

6 Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS

7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 698 GB 0 B

Disk 1 Online 14 GB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 199 MB 1024 KB

Partition 2 Primary 684 GB 200 MB

Partition 3 Primary 14 GB 684 GB

Partition 4 Primary 102 MB 698 GB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

==================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 684 GB Healthy

==================================================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 E RECOVERY NTFS Partition 14 GB Healthy

==================================================================================

Disk: 0

Partition 4

Type : 0C

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 F HP_TOOLS FAT32 Partition 102 MB Healthy

==================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 14 GB 16 KB

==================================================================================

Disk: 1

Partition 1

Type : 0C

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 5 H FAT32 Removable 14 GB Healthy

==================================================================================

Last Boot: 2012-09-08 05:31

==================== End Of Log =============================

bfrivers · September 13, 2012

Here is search.txt:

Farbar Recovery Scan Tool (x64) Version: 12-09-2012

Ran by SYSTEM at 2012-09-13 09:33:48

Running from H:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\erdnt\cache64\services.exe

[2012-09-12 16:38] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

CatByte · September 13, 2012

Please run the following:

Download RogueKiller and save it to your desktop.
Quit all other programs
Start RogueKiller.exe
Wait until the Prescan has finished ...
Click on Scan
Wait for the end of the scan
A report will be created on your desktop.
Click on the Delete button
Next click on the ShortcutsFix
another report will be created on your desktop.

Please post: All RKreport.txt text files located on your desktop.

bfrivers · September 13, 2012

First RKreport.txt file:

RogueKiller V8.0.3 [09/13/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : bill [Admin rights]

Mode : Scan -- Date : 09/13/2012 19:19:04

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++

--- User ---

[MBR] e9a2365bf0edd2221b26dc965c38dc7c

[bSP] 020c9e162599a6e0ef6bf64a048703f7 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 700417 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1434863616 | Size: 14684 Mo

3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1464936448 | Size: 102 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] 1a6b56e3b8874dbce1e7ab81e4003acf

[bSP] 020c9e162599a6e0ef6bf64a048703f7 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 77824 Mo

1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 159793152 | Size: 400 Mo

Finished : << RKreport[1].txt >>

RKreport[1].txt

bfrivers · September 13, 2012

Second RKreport.txt file:

RogueKiller V8.0.3 [09/13/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : bill [Admin rights]

Mode : Remove -- Date : 09/13/2012 19:20:40

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++

--- User ---

[MBR] e9a2365bf0edd2221b26dc965c38dc7c

[bSP] 020c9e162599a6e0ef6bf64a048703f7 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 700417 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1434863616 | Size: 14684 Mo

3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1464936448 | Size: 102 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] 1a6b56e3b8874dbce1e7ab81e4003acf

[bSP] 020c9e162599a6e0ef6bf64a048703f7 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 77824 Mo

1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 159793152 | Size: 400 Mo

Finished : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

bfrivers · September 13, 2012

Third and last RKreport.txt file:

RogueKiller V8.0.3 [09/13/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : bill [Admin rights]

Mode : Shortcuts HJfix -- Date : 09/13/2012 19:22:20

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤

Desktop: Success 1 / Fail 0

Quick launch: Success 1 / Fail 0

Programs: Success 5 / Fail 0

Start menu: Success 0 / Fail 0

User folder: Success 99 / Fail 0

My documents: Success 8 / Fail 8

My favorites: Success 0 / Fail 0

My pictures: Success 0 / Fail 0

My music: Success 460 / Fail 0

My videos: Success 0 / Fail 0

Local drives: Success 75 / Fail 0

Backup: [NOT FOUND]

Drives:

[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored

[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored

[E:] \Device\CdRom0 -- 0x5 --> Skipped

[F:] \Device\HarddiskVolume4 -- 0x3 --> Restored

¤¤¤ Infection : Root.MBR ¤¤¤

Finished : << RKreport[3].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

CatByte · September 13, 2012

Please do the following:

Please download TDSSKiller.zip

Extract it to your desktop
Double click TDSSKiller.exe
when the window opens, click on Change Parameters
under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
click OK
Press Start Scan
- If Malicious objects are found then ensure Cure is selected
- If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
- Then click Continue > Reboot now
[*]Copy and paste the log in your next reply
- A copy of the log will be saved automatically to the root of the drive (typically C:\)

bfrivers · September 13, 2012

Still nothing found when I run this one ... report is below:

19:33:38.0641 9588 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48

19:33:39.0054 9588 ============================================================

19:33:39.0054 9588 Current date / time: 2012/09/13 19:33:39.0054

19:33:39.0054 9588 SystemInfo:

19:33:39.0054 9588

19:33:39.0054 9588 OS Version: 6.1.7601 ServicePack: 1.0

19:33:39.0054 9588 Product type: Workstation

19:33:39.0054 9588 ComputerName: LAPTOP

19:33:39.0055 9588 UserName: bill

19:33:39.0055 9588 Windows directory: C:\Windows

19:33:39.0055 9588 System windows directory: C:\Windows

19:33:39.0055 9588 Running under WOW64

19:33:39.0055 9588 Processor architecture: Intel x64

19:33:39.0055 9588 Number of processors: 8

19:33:39.0055 9588 Page size: 0x1000

19:33:39.0055 9588 Boot type: Normal boot

19:33:39.0055 9588 ============================================================

19:33:39.0639 9588 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

19:33:39.0649 9588 ============================================================

19:33:39.0649 9588 \Device\Harddisk0\DR0:

19:33:39.0650 9588 MBR partitions:

19:33:39.0650 9588 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

19:33:39.0650 9588 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x55800800

19:33:39.0650 9588 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x55864800, BlocksNum 0x1CAE000

19:33:39.0650 9588 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x57512800, BlocksNum 0x336F0

19:33:39.0650 9588 ============================================================

19:33:39.0680 9588 C: <-> \Device\Harddisk0\DR0\Partition2

19:33:39.0723 9588 D: <-> \Device\Harddisk0\DR0\Partition3

19:33:39.0740 9588 F: <-> \Device\Harddisk0\DR0\Partition4

19:33:39.0740 9588 ============================================================

19:33:39.0740 9588 Initialize success

19:33:39.0740 9588 ============================================================

19:33:47.0988 9112 ============================================================

19:33:47.0988 9112 Scan started

19:33:47.0988 9112 Mode: Manual; TDLFS;

19:33:47.0988 9112 ============================================================

19:33:48.0418 9112 ================ Scan system memory ========================

19:33:48.0418 9112 System memory - ok

19:33:48.0419 9112 ================ Scan services =============================

19:33:48.0646 9112 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

19:33:48.0651 9112 1394ohci - ok

19:33:48.0693 9112 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys

19:33:48.0695 9112 Accelerometer - ok

19:33:48.0758 9112 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

19:33:48.0765 9112 ACPI - ok

19:33:48.0801 9112 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

19:33:48.0803 9112 AcpiPmi - ok

19:33:48.0940 9112 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

19:33:48.0942 9112 AdobeARMservice - ok

19:33:49.0101 9112 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

19:33:49.0105 9112 AdobeFlashPlayerUpdateSvc - ok

19:33:49.0172 9112 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

19:33:49.0183 9112 adp94xx - ok

19:33:49.0244 9112 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys

19:33:49.0252 9112 adpahci - ok

19:33:49.0303 9112 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

19:33:49.0308 9112 adpu320 - ok

19:33:49.0340 9112 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

19:33:49.0343 9112 AeLookupSvc - ok

19:33:49.0448 9112 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe

19:33:49.0451 9112 AESTFilters - ok

19:33:49.0504 9112 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

19:33:49.0514 9112 AFD - ok

19:33:49.0551 9112 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

19:33:49.0554 9112 agp440 - ok

19:33:49.0580 9112 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

19:33:49.0583 9112 ALG - ok

19:33:49.0625 9112 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

19:33:49.0627 9112 aliide - ok

19:33:49.0672 9112 [ C53D784D7303C463D004C0D5782917B4 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

19:33:49.0677 9112 AMD External Events Utility - ok

19:33:49.0705 9112 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

19:33:49.0707 9112 amdide - ok

19:33:49.0737 9112 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

19:33:49.0740 9112 AmdK8 - ok

19:33:49.0953 9112 [ 06778049A44C316E8D016039B9D14667 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys

19:33:50.0138 9112 amdkmdag - ok

19:33:50.0205 9112 [ 94B4028F0EEA1F166D78186A254676B5 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys

19:33:50.0211 9112 amdkmdap - ok

19:33:50.0242 9112 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys

19:33:50.0244 9112 AmdPPM - ok

19:33:50.0268 9112 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

19:33:50.0272 9112 amdsata - ok

19:33:50.0305 9112 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys

19:33:50.0310 9112 amdsbs - ok

19:33:50.0337 9112 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

19:33:50.0338 9112 amdxata - ok

19:33:50.0379 9112 [ 7D9E301AB3247765702D0B65E2E47E50 ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys

19:33:50.0386 9112 AMPPAL - ok

19:33:50.0399 9112 [ 7D9E301AB3247765702D0B65E2E47E50 ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys

19:33:50.0404 9112 AMPPALP - ok

19:33:50.0496 9112 [ 576134E43169810B560F0BB6FDEE13F5 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

19:33:50.0519 9112 AMPPALR3 - ok

19:33:50.0563 9112 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

19:33:50.0566 9112 AppID - ok

19:33:50.0595 9112 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

19:33:50.0596 9112 AppIDSvc - ok

19:33:50.0626 9112 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

19:33:50.0629 9112 Appinfo - ok

19:33:50.0721 9112 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

19:33:50.0723 9112 Apple Mobile Device - ok

19:33:50.0771 9112 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys

19:33:50.0774 9112 arc - ok

19:33:50.0794 9112 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys

19:33:50.0797 9112 arcsas - ok

19:33:50.0825 9112 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

19:33:50.0826 9112 AsyncMac - ok

19:33:50.0873 9112 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

19:33:50.0874 9112 atapi - ok

19:33:50.0921 9112 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

19:33:50.0934 9112 AudioEndpointBuilder - ok

19:33:50.0951 9112 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

19:33:50.0960 9112 AudioSrv - ok

19:33:50.0991 9112 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

19:33:50.0995 9112 AxInstSV - ok

19:33:51.0030 9112 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys

19:33:51.0041 9112 b06bdrv - ok

19:33:51.0079 9112 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

19:33:51.0085 9112 b57nd60a - ok

19:33:51.0161 9112 [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys

19:33:51.0174 9112 BCM43XX - ok

19:33:51.0217 9112 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

19:33:51.0218 9112 BDESVC - ok

19:33:51.0246 9112 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

19:33:51.0247 9112 Beep - ok

19:33:51.0293 9112 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

19:33:51.0300 9112 BFE - ok

19:33:51.0341 9112 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll

19:33:51.0350 9112 BITS - ok

19:33:51.0376 9112 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys

19:33:51.0377 9112 blbdrive - ok

19:33:51.0443 9112 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

19:33:51.0448 9112 Bonjour Service - ok

19:33:51.0484 9112 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

19:33:51.0485 9112 bowser - ok

19:33:51.0514 9112 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys

19:33:51.0514 9112 BrFiltLo - ok

19:33:51.0539 9112 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys

19:33:51.0540 9112 BrFiltUp - ok

19:33:51.0562 9112 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

19:33:51.0564 9112 BridgeMP - ok

19:33:51.0610 9112 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

19:33:51.0612 9112 Browser - ok

19:33:51.0637 9112 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

19:33:51.0640 9112 Brserid - ok

19:33:51.0665 9112 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

19:33:51.0666 9112 BrSerWdm - ok

19:33:51.0712 9112 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

19:33:51.0713 9112 BrUsbMdm - ok

19:33:51.0742 9112 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

19:33:51.0743 9112 BrUsbSer - ok

19:33:51.0750 9112 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

19:33:51.0751 9112 BTHMODEM - ok

19:33:51.0791 9112 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

19:33:51.0793 9112 bthserv - ok

19:33:51.0814 9112 [ 9E2AF97302B9F4BF97E952A865EB31AE ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

19:33:51.0816 9112 BTHSSecurityMgr - ok

19:33:51.0853 9112 catchme - ok

19:33:51.0881 9112 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

19:33:51.0883 9112 cdfs - ok

19:33:51.0907 9112 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

19:33:51.0909 9112 cdrom - ok

19:33:51.0949 9112 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

19:33:51.0950 9112 CertPropSvc - ok

19:33:51.0972 9112 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys

19:33:51.0973 9112 circlass - ok

19:33:52.0000 9112 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

19:33:52.0008 9112 CLFS - ok

19:33:52.0081 9112 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

19:33:52.0083 9112 clr_optimization_v2.0.50727_32 - ok

19:33:52.0148 9112 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

19:33:52.0150 9112 clr_optimization_v2.0.50727_64 - ok

19:33:52.0233 9112 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

19:33:52.0237 9112 clr_optimization_v4.0.30319_32 - ok

19:33:52.0277 9112 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

19:33:52.0281 9112 clr_optimization_v4.0.30319_64 - ok

19:33:52.0311 9112 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys

19:33:52.0313 9112 clwvd - ok

19:33:52.0340 9112 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys

19:33:52.0341 9112 CmBatt - ok

19:33:52.0360 9112 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

19:33:52.0362 9112 cmdide - ok

19:33:52.0422 9112 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

19:33:52.0432 9112 CNG - ok

19:33:52.0476 9112 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys

19:33:52.0476 9112 Compbatt - ok

19:33:52.0501 9112 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

19:33:52.0503 9112 CompositeBus - ok

19:33:52.0517 9112 COMSysApp - ok

19:33:52.0544 9112 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

19:33:52.0545 9112 crcdisk - ok

19:33:52.0593 9112 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll

19:33:52.0598 9112 CryptSvc - ok

19:33:52.0632 9112 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

19:33:52.0642 9112 DcomLaunch - ok

19:33:52.0673 9112 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

19:33:52.0678 9112 defragsvc - ok

19:33:52.0703 9112 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

19:33:52.0706 9112 DfsC - ok

19:33:52.0738 9112 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

19:33:52.0744 9112 Dhcp - ok

19:33:52.0753 9112 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

19:33:52.0754 9112 discache - ok

19:33:52.0799 9112 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys

19:33:52.0800 9112 Disk - ok

19:33:52.0825 9112 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

19:33:52.0830 9112 Dnscache - ok

19:33:52.0860 9112 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

19:33:52.0867 9112 dot3svc - ok

19:33:52.0895 9112 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

19:33:52.0900 9112 DPS - ok

19:33:52.0927 9112 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

19:33:52.0928 9112 drmkaud - ok

19:33:52.0975 9112 [ 3EEF0B3489EDBF725564E17C77CABAFD ] dsNcAdpt C:\Windows\system32\DRIVERS\dsNcAdpt.sys

19:33:52.0977 9112 dsNcAdpt - ok

19:33:53.0026 9112 [ B9750C064B43C7A3BBC8A74F1127AA4E ] dsNcService C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe

19:33:53.0036 9112 dsNcService - ok

19:33:53.0087 9112 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

19:33:53.0102 9112 DXGKrnl - ok

19:33:53.0149 9112 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

19:33:53.0153 9112 EapHost - ok

19:33:53.0247 9112 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys

19:33:53.0313 9112 ebdrv - ok

19:33:53.0364 9112 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

19:33:53.0368 9112 EFS - ok

19:33:53.0440 9112 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

19:33:53.0454 9112 ehRecvr - ok

19:33:53.0478 9112 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

19:33:53.0482 9112 ehSched - ok

19:33:53.0527 9112 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys

19:33:53.0539 9112 elxstor - ok

19:33:53.0562 9112 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

19:33:53.0564 9112 ErrDev - ok

19:33:53.0620 9112 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

19:33:53.0630 9112 EventSystem - ok

19:33:53.0696 9112 [ E3A96D5AE6E5C7B5472011BA77353368 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe

19:33:53.0723 9112 EvtEng - ok

19:33:53.0751 9112 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

19:33:53.0754 9112 exfat - ok

19:33:53.0770 9112 ezSharedSvc - ok

19:33:53.0791 9112 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

19:33:53.0795 9112 fastfat - ok

19:33:53.0838 9112 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

19:33:53.0847 9112 Fax - ok

19:33:53.0872 9112 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys

19:33:53.0874 9112 fdc - ok

19:33:53.0893 9112 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

19:33:53.0895 9112 fdPHost - ok

19:33:53.0907 9112 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

19:33:53.0908 9112 FDResPub - ok

19:33:53.0943 9112 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

19:33:53.0945 9112 FileInfo - ok

19:33:53.0963 9112 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

19:33:53.0965 9112 Filetrace - ok

19:33:54.0001 9112 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys

19:33:54.0003 9112 flpydisk - ok

19:33:54.0043 9112 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

19:33:54.0048 9112 FltMgr - ok

19:33:54.0085 9112 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

19:33:54.0104 9112 FontCache - ok

19:33:54.0148 9112 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

19:33:54.0150 9112 FontCache3.0.0.0 - ok

19:33:54.0207 9112 [ 2074A85A6B8F84A5A9C60B915B465FAF ] FPLService C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe

19:33:54.0212 9112 FPLService - ok

19:33:54.0244 9112 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

19:33:54.0247 9112 FsDepends - ok

19:33:54.0270 9112 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

19:33:54.0271 9112 Fs_Rec - ok

19:33:54.0317 9112 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

19:33:54.0322 9112 fvevol - ok

19:33:54.0359 9112 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

19:33:54.0362 9112 gagp30kx - ok

19:33:54.0416 9112 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

19:33:54.0421 9112 GamesAppService - ok

19:33:54.0459 9112 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

19:33:54.0460 9112 GEARAspiWDM - ok

19:33:54.0502 9112 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

19:33:54.0519 9112 gpsvc - ok

19:33:54.0600 9112 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

19:33:54.0604 9112 gusvc - ok

19:33:54.0630 9112 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

19:33:54.0632 9112 hcw85cir - ok

19:33:54.0675 9112 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

19:33:54.0684 9112 HdAudAddService - ok

19:33:54.0720 9112 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

19:33:54.0723 9112 HDAudBus - ok

19:33:54.0752 9112 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys

19:33:54.0754 9112 HidBatt - ok

19:33:54.0777 9112 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys

19:33:54.0781 9112 HidBth - ok

19:33:54.0815 9112 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys

19:33:54.0818 9112 HidIr - ok

19:33:54.0891 9112 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll

19:33:54.0894 9112 hidserv - ok

19:33:54.0982 9112 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

19:33:54.0985 9112 HidUsb - ok

19:33:55.0013 9112 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

19:33:55.0018 9112 hkmsvc - ok

19:33:55.0042 9112 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

19:33:55.0049 9112 HomeGroupListener - ok

19:33:55.0075 9112 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

19:33:55.0082 9112 HomeGroupProvider - ok

19:33:55.0198 9112 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

19:33:55.0199 9112 HP Support Assistant Service - ok

19:33:55.0246 9112 [ 7B8C1B09C11E8DB7C4480ABD7D17E821 ] HPAuto C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe

19:33:55.0260 9112 HPAuto - ok

19:33:55.0294 9112 [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

19:33:55.0302 9112 HPClientSvc - ok

19:33:55.0382 9112 [ E040F0064D39F73BB4995D494F3DCBB8 ] hpCMSrv C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe

19:33:55.0400 9112 hpCMSrv - ok

19:33:55.0470 9112 [ B19FF523B533A3F198B9239E1749C940 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

19:33:55.0474 9112 HPDrvMntSvc.exe - ok

19:33:55.0504 9112 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys

19:33:55.0505 9112 hpdskflt - ok

19:33:55.0618 9112 [ F50F7984FDD151EDD8A70A8DBD9E2A44 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll

19:33:55.0623 9112 hpqcxs08 - ok

19:33:55.0640 9112 [ DF446BA625CC441617843E87798CE048 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll

19:33:55.0643 9112 hpqddsvc - ok

19:33:55.0711 9112 [ 01091B900E15878B4434F9C726C4541D ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

19:33:55.0726 9112 hpqwmiex - ok

19:33:55.0748 9112 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

19:33:55.0750 9112 HpSAMD - ok

19:33:55.0772 9112 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe

19:33:55.0775 9112 hpsrv - ok

19:33:55.0820 9112 [ 491CE9B6321FB74E4B37AF2C47F98434 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

19:33:55.0821 9112 HPWMISVC - ok

19:33:55.0864 9112 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

19:33:55.0879 9112 HTTP - ok

19:33:55.0895 9112 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

19:33:55.0896 9112 hwpolicy - ok

19:33:55.0931 9112 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

19:33:55.0933 9112 i8042prt - ok

19:33:55.0981 9112 [ 2FDAEC4B02729C48C0FD1B0B4695995B ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

19:33:55.0990 9112 iaStor - ok

19:33:56.0075 9112 [ D41861E56E7552C13674D7F147A02464 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

19:33:56.0076 9112 IAStorDataMgrSvc - ok

19:33:56.0120 9112 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

19:33:56.0127 9112 iaStorV - ok

19:33:56.0223 9112 [ D72BF0AE484F88399E8343E821C10D6A ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

19:33:56.0255 9112 IconMan_R - ok

19:33:56.0312 9112 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

19:33:56.0330 9112 idsvc - ok

19:33:56.0358 9112 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys

19:33:56.0360 9112 iirsp - ok

19:33:56.0402 9112 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

19:33:56.0420 9112 IKEEXT - ok

19:33:56.0449 9112 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys

19:33:56.0456 9112 IntcDAud - ok

19:33:56.0491 9112 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

19:33:56.0493 9112 intelide - ok

19:33:56.0771 9112 [ 33FAA40B288002C89529DBD14F3AB72C ] intelkmd C:\Windows\system32\DRIVERS\igdpmd64.sys

19:33:56.0988 9112 intelkmd - ok

19:33:57.0007 9112 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

19:33:57.0008 9112 intelppm - ok

19:33:57.0107 9112 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

19:33:57.0108 9112 IntuitUpdateServiceV4 - ok

19:33:57.0149 9112 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

19:33:57.0151 9112 IPBusEnum - ok

19:33:57.0177 9112 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

19:33:57.0179 9112 IpFilterDriver - ok

19:33:57.0200 9112 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

19:33:57.0206 9112 iphlpsvc - ok

19:33:57.0222 9112 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

19:33:57.0223 9112 IPMIDRV - ok

19:33:57.0246 9112 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

19:33:57.0248 9112 IPNAT - ok

19:33:57.0340 9112 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

19:33:57.0355 9112 iPod Service - ok

19:33:57.0371 9112 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

19:33:57.0372 9112 IRENUM - ok

19:33:57.0398 9112 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

19:33:57.0399 9112 isapnp - ok

19:33:57.0435 9112 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

19:33:57.0440 9112 iScsiPrt - ok

19:33:57.0470 9112 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

19:33:57.0472 9112 kbdclass - ok

19:33:57.0511 9112 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

19:33:57.0513 9112 kbdhid - ok

19:33:57.0531 9112 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

19:33:57.0533 9112 KeyIso - ok

19:33:57.0567 9112 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

19:33:57.0569 9112 KSecDD - ok

19:33:57.0585 9112 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

19:33:57.0589 9112 KSecPkg - ok

19:33:57.0623 9112 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

19:33:57.0624 9112 ksthunk - ok

19:33:57.0668 9112 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

19:33:57.0678 9112 KtmRm - ok

19:33:57.0718 9112 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll

19:33:57.0726 9112 LanmanServer - ok

19:33:57.0750 9112 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

19:33:57.0756 9112 LanmanWorkstation - ok

19:33:57.0983 9112 [ 4CCC8AABE7880C56BA10043B8FBCA3EB ] LeapFrog Connect Device Service C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

19:33:58.0019 9112 LeapFrog Connect Device Service - ok

19:33:58.0055 9112 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

19:33:58.0056 9112 lltdio - ok

19:33:58.0082 9112 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

19:33:58.0092 9112 lltdsvc - ok

19:33:58.0116 9112 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

19:33:58.0119 9112 lmhosts - ok

19:33:58.0176 9112 [ D7E0BED3EA21D7BDDD410ADE51708D90 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

19:33:58.0181 9112 LMS - ok

19:33:58.0220 9112 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

19:33:58.0223 9112 LSI_FC - ok

19:33:58.0258 9112 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

19:33:58.0261 9112 LSI_SAS - ok

19:33:58.0290 9112 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

19:33:58.0293 9112 LSI_SAS2 - ok

19:33:58.0307 9112 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

19:33:58.0310 9112 LSI_SCSI - ok

19:33:58.0349 9112 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

19:33:58.0352 9112 luafv - ok

19:33:58.0399 9112 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

19:33:58.0404 9112 Mcx2Svc - ok

19:33:58.0440 9112 MDM - ok

19:33:58.0468 9112 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys

19:33:58.0470 9112 megasas - ok

19:33:58.0502 9112 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys

19:33:58.0508 9112 MegaSR - ok

19:33:58.0548 9112 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys

19:33:58.0550 9112 MEIx64 - ok

19:33:58.0618 9112 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe

19:33:58.0622 9112 Microsoft Office Groove Audit Service - ok

19:33:58.0656 9112 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

19:33:58.0660 9112 MMCSS - ok

19:33:58.0689 9112 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

19:33:58.0691 9112 Modem - ok

19:33:58.0720 9112 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

19:33:58.0722 9112 monitor - ok

19:33:58.0766 9112 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

19:33:58.0768 9112 mouclass - ok

19:33:58.0807 9112 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

19:33:58.0810 9112 mouhid - ok

19:33:58.0839 9112 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

19:33:58.0842 9112 mountmgr - ok

19:33:58.0896 9112 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

19:33:58.0899 9112 MozillaMaintenance - ok

19:33:58.0987 9112 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys

19:33:58.0992 9112 MpFilter - ok

19:33:59.0018 9112 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

19:33:59.0023 9112 mpio - ok

19:33:59.0052 9112 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

19:33:59.0055 9112 mpsdrv - ok

19:33:59.0097 9112 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

19:33:59.0114 9112 MpsSvc - ok

19:33:59.0133 9112 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

19:33:59.0136 9112 MRxDAV - ok

19:33:59.0160 9112 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

19:33:59.0163 9112 mrxsmb - ok

19:33:59.0176 9112 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

19:33:59.0180 9112 mrxsmb10 - ok

19:33:59.0196 9112 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

19:33:59.0198 9112 mrxsmb20 - ok

19:33:59.0223 9112 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

19:33:59.0224 9112 msahci - ok

19:33:59.0242 9112 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

19:33:59.0246 9112 msdsm - ok

19:33:59.0285 9112 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

19:33:59.0291 9112 MSDTC - ok

19:33:59.0335 9112 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

19:33:59.0336 9112 Msfs - ok

19:33:59.0359 9112 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

19:33:59.0360 9112 mshidkmdf - ok

19:33:59.0384 9112 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

19:33:59.0385 9112 msisadrv - ok

19:33:59.0408 9112 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

19:33:59.0414 9112 MSiSCSI - ok

19:33:59.0419 9112 msiserver - ok

19:33:59.0439 9112 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

19:33:59.0440 9112 MSKSSRV - ok

19:33:59.0505 9112 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe

19:33:59.0506 9112 MsMpSvc - ok

19:33:59.0539 9112 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

19:33:59.0541 9112 MSPCLOCK - ok

19:33:59.0547 9112 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

19:33:59.0549 9112 MSPQM - ok

19:33:59.0573 9112 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

19:33:59.0579 9112 MsRPC - ok

19:33:59.0595 9112 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

19:33:59.0596 9112 mssmbios - ok

19:33:59.0624 9112 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

19:33:59.0625 9112 MSTEE - ok

19:33:59.0657 9112 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys

19:33:59.0659 9112 MTConfig - ok

19:33:59.0681 9112 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

19:33:59.0683 9112 Mup - ok

19:33:59.0736 9112 [ 8F57DB74BF5407A4CDA6C8B005DC8DD0 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

19:33:59.0743 9112 MyWiFiDHCPDNS - ok

19:33:59.0778 9112 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

19:33:59.0790 9112 napagent - ok

19:33:59.0853 9112 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

19:33:59.0860 9112 NativeWifiP - ok

19:33:59.0933 9112 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

19:33:59.0951 9112 NDIS - ok

19:33:59.0978 9112 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

19:33:59.0979 9112 NdisCap - ok

19:34:00.0002 9112 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

19:34:00.0004 9112 NdisTapi - ok

19:34:00.0013 9112 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

19:34:00.0015 9112 Ndisuio - ok

19:34:00.0034 9112 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

19:34:00.0037 9112 NdisWan - ok

19:34:00.0048 9112 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

19:34:00.0050 9112 NDProxy - ok

19:34:00.0089 9112 [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll

19:34:00.0091 9112 Net Driver HPZ12 - ok

19:34:00.0121 9112 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

19:34:00.0123 9112 NetBIOS - ok

19:34:00.0136 9112 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

19:34:00.0140 9112 NetBT - ok

19:34:00.0164 9112 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

19:34:00.0166 9112 Netlogon - ok

19:34:00.0212 9112 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

19:34:00.0222 9112 Netman - ok

19:34:00.0236 9112 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

19:34:00.0245 9112 netprofm - ok

19:34:00.0269 9112 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

19:34:00.0272 9112 NetTcpPortSharing - ok

19:34:00.0470 9112 [ 50AD7F7040C22BB7CAA59A0880875A21 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys

19:34:00.0626 9112 NETwNs64 - ok

19:34:00.0649 9112 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

19:34:00.0650 9112 nfrd960 - ok

19:34:00.0685 9112 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys

19:34:00.0688 9112 NisDrv - ok

19:34:00.0713 9112 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe

19:34:00.0717 9112 NisSrv - ok

19:34:00.0746 9112 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll

19:34:00.0752 9112 NlaSvc - ok

19:34:00.0772 9112 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

19:34:00.0773 9112 Npfs - ok

19:34:00.0802 9112 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

19:34:00.0806 9112 nsi - ok

19:34:00.0821 9112 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

19:34:00.0823 9112 nsiproxy - ok

19:34:00.0903 9112 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

19:34:00.0928 9112 Ntfs - ok

19:34:00.0953 9112 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

19:34:00.0954 9112 Null - ok

19:34:00.0999 9112 [ 9A33100AC62A0463C49E47EE8E77083A ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys

19:34:01.0002 9112 nusb3hub - ok

19:34:01.0032 9112 [ 87C321F7BEE646B7EC6EEDD6EB725741 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys

19:34:01.0036 9112 nusb3xhc - ok

19:34:01.0079 9112 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys

19:34:01.0088 9112 NVENETFD - ok

19:34:01.0141 9112 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

19:34:01.0144 9112 nvraid - ok

19:34:01.0157 9112 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

19:34:01.0160 9112 nvstor - ok

19:34:01.0183 9112 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

19:34:01.0185 9112 nv_agp - ok

19:34:01.0245 9112 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

19:34:01.0251 9112 odserv - ok

19:34:01.0293 9112 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

19:34:01.0295 9112 ohci1394 - ok

19:34:01.0355 9112 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

19:34:01.0359 9112 ose - ok

19:34:01.0397 9112 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

19:34:01.0406 9112 p2pimsvc - ok

19:34:01.0431 9112 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

19:34:01.0443 9112 p2psvc - ok

19:34:01.0482 9112 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys

19:34:01.0486 9112 Parport - ok

19:34:01.0518 9112 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

19:34:01.0520 9112 partmgr - ok

19:34:01.0550 9112 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

19:34:01.0557 9112 PcaSvc - ok

19:34:01.0592 9112 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

19:34:01.0597 9112 pci - ok

19:34:01.0628 9112 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

19:34:01.0630 9112 pciide - ok

19:34:01.0663 9112 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

19:34:01.0669 9112 pcmcia - ok

19:34:01.0699 9112 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

19:34:01.0700 9112 pcw - ok

19:34:01.0731 9112 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

19:34:01.0741 9112 PEAUTH - ok

19:34:01.0825 9112 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

19:34:01.0828 9112 PerfHost - ok

19:34:01.0899 9112 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

19:34:01.0920 9112 pla - ok

19:34:01.0956 9112 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

19:34:01.0964 9112 PlugPlay - ok

19:34:02.0053 9112 [ AE6C778717DE2F6B0C0B5335036D3363 ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

19:34:02.0060 9112 PMBDeviceInfoProvider - ok

19:34:02.0088 9112 [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll

19:34:02.0092 9112 Pml Driver HPZ12 - ok

19:34:02.0113 9112 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

19:34:02.0118 9112 PNRPAutoReg - ok

19:34:02.0141 9112 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

19:34:02.0148 9112 PNRPsvc - ok

19:34:02.0182 9112 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

19:34:02.0192 9112 PolicyAgent - ok

19:34:02.0227 9112 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

19:34:02.0233 9112 Power - ok

19:34:02.0259 9112 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

19:34:02.0262 9112 PptpMiniport - ok

19:34:02.0275 9112 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys

19:34:02.0277 9112 Processor - ok

19:34:02.0310 9112 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

19:34:02.0316 9112 ProfSvc - ok

19:34:02.0331 9112 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

19:34:02.0333 9112 ProtectedStorage - ok

19:34:02.0372 9112 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

19:34:02.0374 9112 Psched - ok

19:34:02.0428 9112 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

19:34:02.0451 9112 ql2300 - ok

19:34:02.0464 9112 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

19:34:02.0465 9112 ql40xx - ok

19:34:02.0492 9112 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

19:34:02.0496 9112 QWAVE - ok

19:34:02.0521 9112 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

19:34:02.0522 9112 QWAVEdrv - ok

19:34:02.0533 9112 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

19:34:02.0534 9112 RasAcd - ok

19:34:02.0547 9112 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

19:34:02.0548 9112 RasAgileVpn - ok

19:34:02.0567 9112 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

19:34:02.0569 9112 RasAuto - ok

19:34:02.0586 9112 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

19:34:02.0587 9112 Rasl2tp - ok

19:34:02.0627 9112 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

19:34:02.0637 9112 RasMan - ok

19:34:02.0652 9112 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

19:34:02.0655 9112 RasPppoe - ok

19:34:02.0683 9112 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

19:34:02.0685 9112 RasSstp - ok

19:34:02.0706 9112 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

19:34:02.0711 9112 rdbss - ok

19:34:02.0729 9112 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys

19:34:02.0731 9112 rdpbus - ok

19:34:02.0765 9112 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

19:34:02.0766 9112 RDPCDD - ok

19:34:02.0784 9112 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

19:34:02.0784 9112 RDPENCDD - ok

19:34:02.0801 9112 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

19:34:02.0802 9112 RDPREFMP - ok

19:34:02.0837 9112 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

19:34:02.0843 9112 RDPWD - ok

19:34:02.0866 9112 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

19:34:02.0871 9112 rdyboost - ok

19:34:02.0960 9112 [ FD11C1287D38A46FB72353E14D50089C ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

19:34:02.0976 9112 RegSrvc - ok

19:34:03.0000 9112 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

19:34:03.0005 9112 RemoteAccess - ok

19:34:03.0030 9112 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

19:34:03.0037 9112 RemoteRegistry - ok

19:34:03.0085 9112 [ 085D18C71AB2611A3D61528132B6501E ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

19:34:03.0091 9112 RoxioNow Service - ok

19:34:03.0113 9112 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

19:34:03.0118 9112 RpcEptMapper - ok

19:34:03.0160 9112 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

19:34:03.0163 9112 RpcLocator - ok

19:34:03.0189 9112 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

19:34:03.0199 9112 RpcSs - ok

19:34:03.0234 9112 [ 1F5E7AF59B390261A85F5BEDB1BB88B3 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys

19:34:03.0239 9112 RSPCIESTOR - ok

19:34:03.0271 9112 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

19:34:03.0274 9112 rspndr - ok

19:34:03.0309 9112 [ ED5873F7DFB2F96D37F13322211B6BDC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

19:34:03.0315 9112 RTL8167 - ok

19:34:03.0331 9112 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

19:34:03.0334 9112 SamSs - ok

19:34:03.0365 9112 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

19:34:03.0368 9112 sbp2port - ok

19:34:03.0405 9112 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

19:34:03.0412 9112 SCardSvr - ok

19:34:03.0431 9112 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

19:34:03.0432 9112 scfilter - ok

19:34:03.0487 9112 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

19:34:03.0507 9112 Schedule - ok

19:34:03.0527 9112 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

19:34:03.0529 9112 SCPolicySvc - ok

19:34:03.0554 9112 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys

19:34:03.0556 9112 sdbus - ok

19:34:03.0585 9112 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

19:34:03.0589 9112 SDRSVC - ok

19:34:03.0621 9112 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

19:34:03.0623 9112 secdrv - ok

19:34:03.0652 9112 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

19:34:03.0656 9112 seclogon - ok

19:34:03.0679 9112 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll

19:34:03.0685 9112 SENS - ok

19:34:03.0710 9112 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

19:34:03.0715 9112 SensrSvc - ok

19:34:03.0741 9112 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys

19:34:03.0742 9112 Serenum - ok

19:34:03.0762 9112 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys

19:34:03.0764 9112 Serial - ok

19:34:03.0795 9112 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys

19:34:03.0797 9112 sermouse - ok

19:34:03.0833 9112 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

19:34:03.0837 9112 SessionEnv - ok

19:34:03.0863 9112 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

19:34:03.0864 9112 sffdisk - ok

19:34:03.0895 9112 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

19:34:03.0896 9112 sffp_mmc - ok

19:34:03.0906 9112 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

19:34:03.0908 9112 sffp_sd - ok

19:34:03.0934 9112 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

19:34:03.0936 9112 sfloppy - ok

19:34:03.0973 9112 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

19:34:03.0980 9112 SharedAccess - ok

19:34:04.0015 9112 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

19:34:04.0024 9112 ShellHWDetection - ok

19:34:04.0059 9112 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

19:34:04.0061 9112 SiSRaid2 - ok

19:34:04.0089 9112 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

19:34:04.0091 9112 SiSRaid4 - ok

19:34:04.0129 9112 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

19:34:04.0133 9112 Smb - ok

19:34:04.0183 9112 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

19:34:04.0187 9112 SNMPTRAP - ok

19:34:04.0207 9112 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

19:34:04.0208 9112 spldr - ok

19:34:04.0268 9112 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

19:34:04.0283 9112 Spooler - ok

19:34:04.0379 9112 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

19:34:04.0461 9112 sppsvc - ok

19:34:04.0489 9112 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

19:34:04.0491 9112 sppuinotify - ok

19:34:04.0524 9112 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

19:34:04.0534 9112 srv - ok

19:34:04.0571 9112 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

19:34:04.0579 9112 srv2 - ok

19:34:04.0605 9112 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS

19:34:04.0612 9112 SrvHsfHDA - ok

19:34:04.0663 9112 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS

19:34:04.0682 9112 SrvHsfV92 - ok

19:34:04.0696 9112 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

19:34:04.0703 9112 SrvHsfWinac - ok

19:34:04.0729 9112 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

19:34:04.0731 9112 srvnet - ok

19:34:04.0753 9112 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

19:34:04.0756 9112 SSDPSRV - ok

19:34:04.0765 9112 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

19:34:04.0767 9112 SstpSvc - ok

19:34:04.0851 9112 [ 20E27AA5BCC01C2149830C05FE22F675 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe

19:34:04.0859 9112 STacSV - ok

19:34:04.0883 9112 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys

19:34:04.0886 9112 stexstor - ok

19:34:04.0925 9112 [ BEB37CE4E7456F5EFA52D783D1E06D8C ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys

19:34:04.0936 9112 STHDA - ok

19:34:04.0967 9112 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys

19:34:04.0969 9112 StillCam - ok

19:34:05.0011 9112 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

19:34:05.0027 9112 stisvc - ok

19:34:05.0044 9112 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

19:34:05.0045 9112 swenum - ok

19:34:05.0069 9112 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

19:34:05.0079 9112 swprv - ok

19:34:05.0119 9112 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys

19:34:05.0123 9112 SynTP - ok

19:34:05.0185 9112 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

19:34:05.0203 9112 SysMain - ok

19:34:05.0223 9112 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

19:34:05.0225 9112 TabletInputService - ok

19:34:05.0261 9112 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

19:34:05.0271 9112 TapiSrv - ok

19:34:05.0287 9112 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

19:34:05.0293 9112 TBS - ok

19:34:05.0377 9112 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys

19:34:05.0401 9112 Tcpip - ok

19:34:05.0455 9112 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

19:34:05.0470 9112 TCPIP6 - ok

19:34:05.0486 9112 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

19:34:05.0487 9112 tcpipreg - ok

19:34:05.0501 9112 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

19:34:05.0502 9112 TDPIPE - ok

19:34:05.0541 9112 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

19:34:05.0544 9112 TDTCP - ok

19:34:05.0577 9112 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

19:34:05.0581 9112 tdx - ok

19:34:05.0611 9112 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

19:34:05.0613 9112 TermDD - ok

19:34:05.0663 9112 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

19:34:05.0680 9112 TermService - ok

19:34:05.0700 9112 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

19:34:05.0703 9112 Themes - ok

19:34:05.0723 9112 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

19:34:05.0725 9112 THREADORDER - ok

19:34:05.0741 9112 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

19:34:05.0745 9112 TrkWks - ok

19:34:05.0800 9112 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

19:34:05.0804 9112 TrustedInstaller - ok

19:34:05.0836 9112 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

19:34:05.0838 9112 tssecsrv - ok

19:34:05.0862 9112 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

19:34:05.0864 9112 TsUsbFlt - ok

19:34:05.0878 9112 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys

19:34:05.0879 9112 TsUsbGD - ok

19:34:05.0932 9112 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

19:34:05.0935 9112 tunnel - ok

19:34:05.0973 9112 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

19:34:05.0976 9112 uagp35 - ok

19:34:06.0008 9112 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

19:34:06.0016 9112 udfs - ok

19:34:06.0039 9112 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

19:34:06.0043 9112 UI0Detect - ok

19:34:06.0064 9112 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

19:34:06.0067 9112 uliagpkx - ok

19:34:06.0091 9112 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

19:34:06.0093 9112 umbus - ok

19:34:06.0120 9112 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys

19:34:06.0122 9112 UmPass - ok

19:34:06.0262 9112 [ A678E5DDD974903DD71F503BDCACA218 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

19:34:06.0280 9112 UNS - ok

19:34:06.0304 9112 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

19:34:06.0308 9112 upnphost - ok

19:34:06.0357 9112 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

19:34:06.0360 9112 USBAAPL64 - ok

19:34:06.0413 9112 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

19:34:06.0417 9112 usbaudio - ok

19:34:06.0467 9112 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

19:34:06.0470 9112 usbccgp - ok

19:34:06.0490 9112 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

19:34:06.0494 9112 usbcir - ok

19:34:06.0532 9112 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys

19:34:06.0534 9112 usbehci - ok

19:34:06.0563 9112 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

19:34:06.0571 9112 usbhub - ok

19:34:06.0586 9112 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

19:34:06.0589 9112 usbohci - ok

19:34:06.0614 9112 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys

19:34:06.0616 9112 usbprint - ok

19:34:06.0646 9112 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

19:34:06.0648 9112 USBSTOR - ok

19:34:06.0678 9112 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

19:34:06.0681 9112 usbuhci - ok

19:34:06.0713 9112 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys

19:34:06.0718 9112 usbvideo - ok

19:34:06.0744 9112 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

19:34:06.0748 9112 UxSms - ok

19:34:06.0765 9112 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

19:34:06.0768 9112 VaultSvc - ok

19:34:06.0776 9112 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

19:34:06.0777 9112 vdrvroot - ok

19:34:06.0813 9112 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

19:34:06.0826 9112 vds - ok

19:34:06.0862 9112 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

19:34:06.0864 9112 vga - ok

19:34:06.0883 9112 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

19:34:06.0885 9112 VgaSave - ok

19:34:06.0910 9112 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

19:34:06.0915 9112 vhdmp - ok

19:34:06.0939 9112 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

19:34:06.0941 9112 viaide - ok

19:34:06.0978 9112 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

19:34:06.0980 9112 volmgr - ok

19:34:07.0012 9112 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

19:34:07.0019 9112 volmgrx - ok

19:34:07.0058 9112 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

19:34:07.0063 9112 volsnap - ok

19:34:07.0089 9112 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

19:34:07.0093 9112 vsmraid - ok

19:34:07.0163 9112 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

19:34:07.0192 9112 VSS - ok

19:34:07.0205 9112 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

19:34:07.0207 9112 vwifibus - ok

19:34:07.0242 9112 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

19:34:07.0243 9112 vwififlt - ok

19:34:07.0271 9112 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys

19:34:07.0273 9112 vwifimp - ok

19:34:07.0327 9112 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

19:34:07.0338 9112 W32Time - ok

19:34:07.0357 9112 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys

19:34:07.0359 9112 WacomPen - ok

19:34:07.0396 9112 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

19:34:07.0398 9112 WANARP - ok

19:34:07.0415 9112 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

19:34:07.0417 9112 Wanarpv6 - ok

19:34:07.0491 9112 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

19:34:07.0517 9112 WatAdminSvc - ok

19:34:07.0580 9112 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

19:34:07.0604 9112 wbengine - ok

19:34:07.0620 9112 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

19:34:07.0623 9112 WbioSrvc - ok

19:34:07.0637 9112 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

19:34:07.0642 9112 wcncsvc - ok

19:34:07.0671 9112 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

19:34:07.0677 9112 WcsPlugInService - ok

19:34:07.0715 9112 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys

19:34:07.0717 9112 Wd - ok

19:34:07.0759 9112 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

19:34:07.0771 9112 Wdf01000 - ok

19:34:07.0788 9112 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

19:34:07.0794 9112 WdiServiceHost - ok

19:34:07.0799 9112 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

19:34:07.0804 9112 WdiSystemHost - ok

19:34:07.0837 9112 [ 5E1640435DD54D00451156CA5340B109 ] wdkmd C:\Windows\system32\DRIVERS\WDKMD.sys

19:34:07.0839 9112 wdkmd - ok

19:34:07.0869 9112 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

19:34:07.0877 9112 WebClient - ok

19:34:07.0890 9112 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

19:34:07.0898 9112 Wecsvc - ok

19:34:07.0916 9112 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

19:34:07.0921 9112 wercplsupport - ok

19:34:07.0959 9112 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

19:34:07.0964 9112 WerSvc - ok

19:34:07.0990 9112 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

19:34:07.0992 9112 WfpLwf - ok

19:34:08.0004 9112 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

19:34:08.0006 9112 WIMMount - ok

19:34:08.0021 9112 WinDefend - ok

19:34:08.0028 9112 WinHttpAutoProxySvc - ok

19:34:08.0071 9112 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

19:34:08.0077 9112 Winmgmt - ok

19:34:08.0148 9112 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

19:34:08.0172 9112 WinRM - ok

19:34:08.0205 9112 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys

19:34:08.0207 9112 WinUsb - ok

19:34:08.0257 9112 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

19:34:08.0275 9112 Wlansvc - ok

19:34:08.0305 9112 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

19:34:08.0306 9112 wlcrasvc - ok

19:34:08.0447 9112 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

19:34:08.0472 9112 wlidsvc - ok

19:34:08.0493 9112 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

19:34:08.0493 9112 WmiAcpi - ok

19:34:08.0509 9112 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

19:34:08.0512 9112 wmiApSrv - ok

19:34:08.0542 9112 WMPNetworkSvc - ok

19:34:08.0566 9112 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

19:34:08.0568 9112 WPCSvc - ok

19:34:08.0578 9112 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

19:34:08.0581 9112 WPDBusEnum - ok

19:34:08.0605 9112 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

19:34:08.0606 9112 ws2ifsl - ok

19:34:08.0619 9112 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll

19:34:08.0622 9112 wscsvc - ok

19:34:08.0648 9112 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys

19:34:08.0649 9112 WSDPrintDevice - ok

19:34:08.0651 9112 WSearch - ok

19:34:08.0735 9112 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

19:34:08.0766 9112 wuauserv - ok

19:34:08.0796 9112 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

19:34:08.0798 9112 WudfPf - ok

19:34:08.0808 9112 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

19:34:08.0811 9112 WUDFRd - ok

19:34:08.0841 9112 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

19:34:08.0847 9112 wudfsvc - ok

19:34:08.0864 9112 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

19:34:08.0872 9112 WwanSvc - ok

19:34:08.0892 9112 ================ Scan global ===============================

19:34:08.0914 9112 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

19:34:08.0944 9112 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

19:34:08.0961 9112 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

19:34:08.0984 9112 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

19:34:09.0012 9112 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

19:34:09.0019 9112 [Global] - ok

19:34:09.0020 9112 ================ Scan MBR ==================================

19:34:09.0031 9112 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

19:34:09.0342 9112 \Device\Harddisk0\DR0 - ok

19:34:09.0343 9112 ================ Scan VBR ==================================

19:34:09.0350 9112 [ 7E0CB8B9BC17DD79638166FE6D5595E9 ] \Device\Harddisk0\DR0\Partition1

19:34:09.0353 9112 \Device\Harddisk0\DR0\Partition1 - ok

19:34:09.0369 9112 [ 41EDAB7F006B6232F73CC51BF6668933 ] \Device\Harddisk0\DR0\Partition2

19:34:09.0371 9112 \Device\Harddisk0\DR0\Partition2 - ok

19:34:09.0399 9112 [ 3CCF3E60F8B51FE8FC4CA268F6371CF4 ] \Device\Harddisk0\DR0\Partition3

19:34:09.0401 9112 \Device\Harddisk0\DR0\Partition3 - ok

19:34:09.0421 9112 [ D9AC5C3F7B1204882C47CAFED2666417 ] \Device\Harddisk0\DR0\Partition4

19:34:09.0423 9112 \Device\Harddisk0\DR0\Partition4 - ok

19:34:09.0424 9112 ============================================================

19:34:09.0424 9112 Scan finished

19:34:09.0424 9112 ============================================================

19:34:09.0440 1600 Detected object count: 0

19:34:09.0440 1600 Actual detected object count: 0

19:34:22.0451 1736 Deinitialize success

CatByte · September 14, 2012

Please do the following:

Please open your MalwareBytes AntiMalware Program
Click the Update Tab and search for updates
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected. <-- very important
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT

Go here to run an online scanner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activeX control to install
Click Start
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
When the scan completes, press the LIST OF THREATS FOUND button
Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
Include the contents of this report in your next reply.
Press the BACK button.
Press Finish

NEXT

Download AdwCleaner from here and save it to your desktop.

Run AdwCleaner and select Delete
Once done it will ask to reboot, allow the reboot
On reboot a log will be produced, please attach the content of the log to your next reply

bfrivers · September 14, 2012

MalwareBytes still finds nothing:

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org

Database version: v2012.09.14.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

bill :: LAPTOP [administrator]

9/14/2012 7:21:23 AM

mbam-log-2012-09-14 (07-21-23).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 204647

Time elapsed: 2 minute(s), 23 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

bfrivers · September 14, 2012

Here's the results of the ESET scan:

C:\Users\bill\Downloads\SoftonicDownloader_for_anvi-smart-defender.exe a variant of Win32/SoftonicDownloader.D application

bfrivers · September 14, 2012

Here's the log from AdwCleaner:

# AdwCleaner v2.001 - Logfile created 09/14/2012 at 10:18:23

# Updated 09/09/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : bill - LAPTOP

# Boot Mode : Normal

# Running from : C:\Users\bill\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default

File : C:\Users\bill\AppData\Roaming\Mozilla\Firefox\Profiles\p896zt35.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [1415 octets] - [14/09/2012 10:18:23]

########## EOF - C:\AdwCleaner[s1].txt - [1475 octets] ##########

CatByte · September 14, 2012

are you still being redirected?

bfrivers · September 14, 2012

Yep ... Just tried a google search and got redirected to http://8.26.70.252/see/display.php?q=angelo+d+emilia&affsub=46938-10090&subid=e10 when I clicked on a result.

CatByte · September 14, 2012

Please do the following:

Please download aswMBR.exe and save it to your desktop.
Double click aswMBR.exe to start the tool.
When asked if you want to download Avast's virus definitions please select Yes.
Click Scan
- Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
- You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

bfrivers · September 14, 2012

Run date: 2012-09-14 10:43:25

-----------------------------

10:43:25.306 OS Version: Windows x64 6.1.7601 Service Pack 1

10:43:25.306 Number of processors: 8 586 0x2A07

10:43:25.307 ComputerName: LAPTOP UserName: bill

10:43:27.189 Initialize success

10:44:37.846 AVAST engine defs: 12091400

10:44:51.037 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

10:44:51.042 Disk 0 Vendor: Hitachi_ JE4O Size: 715404MB BusType: 3

10:44:51.057 Disk 0 MBR read successfully

10:44:51.062 Disk 0 MBR scan

10:44:51.070 Disk 0 Windows 7 default MBR code

10:44:51.076 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048

10:44:51.094 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 700417 MB offset 409600

10:44:51.124 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14684 MB offset 1434863616

10:44:51.146 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 102 MB offset 1464936448

10:44:51.198 Disk 0 scanning C:\Windows\system32\drivers

10:45:02.703 Service scanning

10:45:33.663 Modules scanning

10:45:33.679 Disk 0 trace - called modules:

10:45:33.715 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll

10:45:33.721 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80083b0790]

10:45:33.726 3 CLASSPNP.SYS[fffff88001c9e43f] -> nt!IofCallDriver -> [0xfffffa80082b8b10]

10:45:33.732 5 hpdskflt.sys[fffff880019eb189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800818a050]

10:45:35.333 AVAST engine scan C:\Windows

10:45:39.346 AVAST engine scan C:\Windows\system32

10:48:21.738 AVAST engine scan C:\Windows\system32\drivers

10:48:35.018 AVAST engine scan C:\Users\bill

10:51:03.808 Disk 0 MBR has been saved successfully to "C:\Users\bill\Desktop\MBR.dat"

10:51:03.815 The log file has been saved successfully to "C:\Users\bill\Desktop\aswMBR.txt"

11:07:32.559 AVAST engine scan C:\ProgramData

11:09:11.088 Scan finished successfully

11:09:50.342 Disk 0 MBR has been saved successfully to "C:\Users\bill\Desktop\MBR.dat"

11:09:50.347 The log file has been saved successfully to "C:\Users\bill\Desktop\aswMBR.txt"

MBR.zip

CatByte · September 14, 2012

that appears to be OK, please run the following:

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.exe
/md5stop
%systemroot%\*. /rp /s
%systemdrive%\$Recycle.Bin|@;true;true;true
DRIVES
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Post both logs

bfrivers · September 14, 2012

Here's OTL.txt:

OTL logfile created on: 9/14/2012 11:34:31 AM - Run 1

OTL by OldTimer - Version 3.2.61.4 Folder = C:\Users\bill\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.95 Gb Total Physical Memory | 5.11 Gb Available Physical Memory | 64.31% Memory free

15.90 Gb Paging File | 12.67 Gb Available in Paging File | 79.73% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 684.00 Gb Total Space | 542.56 Gb Free Space | 79.32% Space Free | Partition Type: NTFS

Drive D: | 14.34 Gb Total Space | 1.60 Gb Free Space | 11.13% Space Free | Partition Type: NTFS

Drive E: | 1.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive F: | 98.87 Mb Total Space | 84.59 Mb Free Space | 85.56% Space Free | Partition Type: FAT32

Computer Name: LAPTOP | User Name: bill | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/14 11:30:02 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\bill\Desktop\OTL(1).exe

PRC - [2012/09/14 10:42:27 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\bill\Desktop\aswMBR.exe

PRC - [2012/07/31 14:40:31 | 001,193,176 | ---- | M] () -- C:\Users\bill\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/07/05 18:50:30 | 000,295,304 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe

PRC - [2012/07/05 18:41:08 | 007,392,136 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

PRC - [2011/11/30 12:09:20 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

PRC - [2011/11/16 17:34:06 | 000,093,696 | ---- | M] (Bloomberg L.P.) -- c:\blp\API\Office Tools\bxlaui.exe

PRC - [2011/11/16 16:41:58 | 000,028,672 | ---- | M] (Bloomberg L.P.) -- c:\blp\API\Office Tools\bxlartd.exe

PRC - [2011/09/01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

PRC - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

PRC - [2011/08/24 17:30:58 | 000,651,832 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

PRC - [2011/08/24 17:30:58 | 000,430,136 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

PRC - [2011/07/11 15:04:44 | 000,574,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

PRC - [2011/07/11 15:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

PRC - [2011/05/20 11:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2011/05/20 11:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2011/03/08 15:21:10 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

PRC - [2011/02/18 01:48:24 | 000,265,544 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe

PRC - [2011/02/18 01:48:12 | 000,642,888 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe

PRC - [2011/02/18 01:47:58 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe

PRC - [2011/02/15 18:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe

PRC - [2011/01/27 15:38:04 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

PRC - [2010/12/22 16:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2010/12/22 16:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2010/11/26 10:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

PRC - [2010/11/20 23:25:10 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe

PRC - [2010/04/23 15:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe

PRC - [2010/02/18 20:22:04 | 000,615,792 | ---- | M] (Juniper Networks) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe

PRC - [2007/01/01 17:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\bill\AppData\Roaming\Google\Google Talk\googletalk.exe

========== Modules (No Company Name) ==========

MOD - [2012/07/31 14:40:31 | 001,193,176 | ---- | M] () -- C:\Users\bill\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

MOD - [2012/06/15 17:15:43 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0018dd52b56988a833ee41699cf49325\IAStorUtil.ni.dll

MOD - [2012/06/15 07:22:59 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll

MOD - [2012/06/15 07:22:28 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll

MOD - [2012/06/15 07:22:20 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll

MOD - [2012/05/10 08:02:46 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e7cd67fc34ad0fc611c1e1244cfc6584\IAStorCommon.ni.dll

MOD - [2012/05/09 18:34:15 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll

MOD - [2012/05/09 18:33:35 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll

MOD - [2012/05/09 18:33:30 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll

MOD - [2012/05/09 18:33:27 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll

MOD - [2012/05/09 18:33:27 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll

MOD - [2012/05/09 18:33:21 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll

MOD - [2011/11/16 17:58:22 | 000,050,992 | ---- | M] () -- c:\blp\API\dde\bbloader.dll

MOD - [2011/11/16 17:38:50 | 000,385,024 | ---- | M] () -- c:\blp\API\Office Tools\Bloomberg.OfficeTools.DataModel.Schemas.XmlSerializers.dll

MOD - [2011/11/16 17:06:26 | 000,196,608 | ---- | M] () -- c:\blp\API\Office Tools\Microsoft.ApplicationBlocks.UIProcess.dll

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2010/11/20 23:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/06/06 18:10:17 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2011/11/30 12:13:19 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)

SRV:64bit: - [2011/11/30 12:13:18 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)

SRV:64bit: - [2011/08/31 19:08:08 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)

SRV:64bit: - [2011/07/27 22:04:48 | 001,517,328 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV:64bit: - [2011/07/27 21:48:34 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)

SRV:64bit: - [2011/07/27 21:44:18 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV:64bit: - [2011/06/03 13:51:38 | 000,134,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)

SRV:64bit: - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)

SRV:64bit: - [2011/02/17 01:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)

SRV:64bit: - [2010/10/11 05:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)

SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/09/14 10:34:18 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/09/07 21:00:26 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/07/05 18:41:08 | 007,392,136 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)

SRV - [2011/11/30 12:11:15 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)

SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)

SRV - [2011/09/01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)

SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)

SRV - [2011/08/24 17:30:58 | 000,430,136 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)

SRV - [2011/07/11 15:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)

SRV - [2011/05/20 11:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2011/02/18 01:48:24 | 000,265,544 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)

SRV - [2011/02/15 18:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)

SRV - [2010/12/22 16:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2010/12/22 16:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2010/11/26 10:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)

SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/02/18 20:22:04 | 000,615,792 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/06/06 18:10:33 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)

DRV:64bit: - [2012/06/06 18:10:17 | 009,981,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2012/06/06 18:10:17 | 000,310,272 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/11/30 12:13:20 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2011/11/30 12:11:15 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)

DRV:64bit: - [2011/11/30 12:09:21 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2011/11/30 12:09:21 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2011/08/08 08:32:08 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)

DRV:64bit: - [2011/08/08 08:32:08 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)

DRV:64bit: - [2011/08/03 18:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)

DRV:64bit: - [2011/05/20 10:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)

DRV:64bit: - [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)

DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/16 21:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/02/16 20:46:36 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)

DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/10/19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2010/10/15 05:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2010/07/28 12:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)

DRV:64bit: - [2010/02/18 20:07:58 | 000,032,768 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dsNcAdpt.sys -- (dsNcAdpt)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)

DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)

DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE:64bit: - HKLM\..\SearchScopes\{A195C577-4E26-4327-AEA3-CE76B29C425C}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{A195C577-4E26-4327-AEA3-CE76B29C425C}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1604774493-3860274660-1356902728-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.votervault3.com/votervault30/login/login.aspx

IE - HKU\S-1-5-21-1604774493-3860274660-1356902728-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1604774493-3860274660-1356902728-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKU\S-1-5-21-1604774493-3860274660-1356902728-1000\..\SearchScopes\{A195C577-4E26-4327-AEA3-CE76B29C425C}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

IE - HKU\S-1-5-21-1604774493-3860274660-1356902728-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

IE - HKU\S-1-5-21-1604774493-3860274660-1356902728-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKU\S-1-5-21-1604774493-3860274660-1356902728-1000\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

IE - HKU\S-1-5-21-1604774493-3860274660-1356902728-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1604774493-3860274660-1356902728-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: ubobghwbtw@ubobghwbtw.org:1.0

FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/07 21:00:26 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/07 21:00:03 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/07 21:00:26 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/07 21:00:03 | 000,000,000 | ---D | M]

[2011/08/15 09:32:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bill\AppData\Roaming\Mozilla\Extensions

[2012/09/10 21:11:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bill\AppData\Roaming\Mozilla\Firefox\Profiles\p896zt35.default\extensions

[1832/11/29 00:22:58 | 000,002,095 | ---- | M] () (No name found) -- C:\Users\bill\AppData\Roaming\Mozilla\Firefox\Profiles\p896zt35.default\extensions\ubobghwbtw@ubobghwbtw.org.xpi

[2012/09/07 21:00:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/09/07 21:00:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

[2012/09/07 21:00:02 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com

[2012/09/07 21:00:26 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/08/30 21:56:51 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/08/30 21:56:51 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/09/12 20:34:36 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)

O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [HP Color LaserJet CM1312 MFP Series Fax] C:\Program Files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe (Hewlett-Packard Company)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [intelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)

O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)

O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)

O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)

O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKU\S-1-5-21-1604774493-3860274660-1356902728-1000..\Run: [CLRHost] C:\blp\API\Office Tools\bbxlcmd.exe ()

O4 - HKU\S-1-5-21-1604774493-3860274660-1356902728-1000..\Run: [googletalk] C:\Users\bill\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)

O4 - HKU\S-1-5-21-1604774493-3860274660-1356902728-1000..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1604774493-3860274660-1356902728-1000..\Run: [spotify Web Helper] C:\Users\bill\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()

O4 - Startup: C:\Users\bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1604774493-3860274660-1356902728-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1604774493-3860274660-1356902728-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)

O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKU\S-1-5-21-1604774493-3860274660-1356902728-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)

O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF3B9A67-C7F3-4F1B-9FAB-460358D68338}: DhcpNameServer = 192.168.0.1

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/09/14 11:30:01 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Users\bill\Desktop\OTL(1).exe

[2012/09/14 10:42:05 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\bill\Desktop\aswMBR.exe

[2012/09/14 07:31:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012/09/13 19:18:10 | 000,000,000 | ---D | C] -- C:\Users\bill\Desktop\RK_Quarantine

[2012/09/13 13:29:53 | 000,000,000 | ---D | C] -- C:\FRST

[2012/09/13 12:23:59 | 000,000,000 | ---D | C] -- C:\Users\bill\AppData\Local\{B5963D57-3F2D-41B8-8499-41718C119142}

[2012/09/13 11:32:30 | 000,000,000 | ---D | C] -- C:\Users\bill\Documents\shea

[2012/09/13 11:31:40 | 000,000,000 | ---D | C] -- C:\Users\bill\Documents\My Scans

[2012/09/12 20:39:47 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/09/12 20:34:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/09/12 17:19:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/09/12 17:19:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/09/12 17:19:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/09/12 17:17:34 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/09/12 17:17:15 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/09/12 17:15:13 | 004,749,988 | R--- | C] (Swearware) -- C:\Users\bill\Desktop\ComboFix.exe

[2012/09/12 16:19:55 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2012/09/11 20:55:22 | 000,000,000 | ---D | C] -- C:\Users\bill\Documents\tdsskiller

[2012/09/11 19:22:49 | 000,000,000 | ---D | C] -- C:\Users\bill\AppData\Roaming\Anvisoft

[2012/09/11 19:22:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft

[2012/09/11 19:22:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Anvisoft

[2012/09/11 19:22:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anvisoft

[2012/09/11 17:03:12 | 000,000,000 | ---D | C] -- C:\Users\bill\AppData\Roaming\Malwarebytes

[2012/09/11 17:03:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/09/11 17:03:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/09/11 17:02:59 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/09/11 17:02:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/09/07 21:00:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2012/09/06 20:59:46 | 000,000,000 | ---D | C] -- C:\Users\bill\Desktop\Osprey

[2012/09/04 07:36:50 | 000,000,000 | ---D | C] -- C:\Users\bill\AppData\Local\{2E7EAB09-3933-4792-8B5F-55968A5F9636}

[2012/08/31 16:57:45 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee

[2012/08/26 16:14:36 | 000,000,000 | ---D | C] -- C:\Users\bill\AppData\Local\{FB81D580-3141-4668-A041-DB87F5B3166D}

[2012/08/24 13:40:02 | 000,000,000 | ---D | C] -- C:\Users\bill\AppData\Local\{BC532101-70D4-4DDD-A5B3-E30072CD6000}

[2012/08/24 13:28:40 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\bill\Desktop\TDSSKiller.exe

[2012/08/22 19:31:48 | 000,000,000 | ---D | C] -- C:\Users\bill\AppData\Local\{1ACDE1EA-E43A-42B6-8E4B-6B554D9BB07C}

[2012/08/22 07:31:08 | 000,000,000 | ---D | C] -- C:\Users\bill\AppData\Local\{3BE32315-0BDB-4175-8B7F-968A386B2C47}

[2012/08/21 19:24:07 | 000,000,000 | ---D | C] -- C:\Users\bill\AppData\Local\{DB28C5EE-819C-4C7C-89D7-7D7A040E523C}

[2012/08/21 07:23:27 | 000,000,000 | ---D | C] -- C:\Users\bill\AppData\Local\{96657DE7-B495-4784-8C5F-81FF92F993DD}

[2012/08/20 08:34:29 | 000,000,000 | ---D | C] -- C:\Users\bill\AppData\Local\{F3DC307D-049C-4F26-97E7-32885FEC1E7B}

[2012/08/18 12:31:40 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX

[2012/08/18 12:31:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LeapFrog Connect

[2012/08/18 12:30:13 | 000,000,000 | ---D | C] -- C:\Users\bill\AppData\Local\{4F68C277-D9CD-45A4-93E4-7C4B9F031ECD}

[2012/08/18 12:29:50 | 000,000,000 | ---D | C] -- C:\Users\bill\AppData\Local\{EB96ABC9-4ADA-4A28-8E54-2185D2A71EE1}

[2012/08/18 12:28:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Leapfrog

[2012/08/18 12:28:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LeapFrog

[2012/08/18 09:15:10 | 000,000,000 | ---D | C] -- C:\Users\bill\AppData\Local\{397F1D4D-48A5-4223-8881-64FDB15F195C}

[2012/08/17 09:57:31 | 000,000,000 | ---D | C] -- C:\Users\bill\AppData\Local\{77E2196B-41FC-4261-8CDA-911763B6143E}

[2012/08/17 09:56:52 | 000,000,000 | ---D | C] -- C:\Users\bill\AppData\Local\{BD56BDA9-2B0D-4EC9-A7BE-E2CCDC4CE6B8}

[2012/08/16 13:46:48 | 000,000,000 | ---D | C] -- C:\Users\bill\AppData\Local\{5344CF5E-8D1B-4422-A35E-F72F45862DB7}

[2012/08/16 13:46:09 | 000,000,000 | ---D | C] -- C:\Users\bill\AppData\Local\{AABFEF9E-A83B-4578-8ADC-207C56DB66A4}

[2012/08/15 20:49:06 | 000,000,000 | ---D | C] -- C:\Users\bill\AppData\Local\{79DD92FA-9086-4A9F-B4DF-D530D8FD2003}

[2012/08/15 20:48:27 | 000,000,000 | ---D | C] -- C:\Users\bill\AppData\Local\{7E651C0F-DF79-4A48-BE72-D31E2C818AE3}

========== Files - Modified Within 30 Days ==========

[2012/09/14 11:35:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/09/14 11:30:02 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\bill\Desktop\OTL(1).exe

[2012/09/14 11:10:10 | 000,000,580 | ---- | M] () -- C:\Users\bill\Desktop\MBR.zip

[2012/09/14 11:09:50 | 000,000,512 | ---- | M] () -- C:\Users\bill\Desktop\MBR.dat

[2012/09/14 10:51:03 | 000,000,512 | ---- | M] () -- C:\Users\bill\Desktop\MBR-1.dat

[2012/09/14 10:42:27 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\bill\Desktop\aswMBR.exe

[2012/09/14 10:29:47 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/09/14 10:29:47 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/09/14 10:25:44 | 000,729,880 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/09/14 10:25:44 | 000,626,540 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/09/14 10:25:44 | 000,107,784 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/09/14 10:19:51 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLAPTOP$.job

[2012/09/14 10:19:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/09/14 10:19:36 | 2106,478,591 | -HS- | M] () -- C:\hiberfil.sys

[2012/09/14 10:17:44 | 000,512,399 | ---- | M] () -- C:\Users\bill\Desktop\adwcleaner.exe

[2012/09/13 21:01:32 | 000,011,590 | ---- | M] () -- C:\Users\bill\.recently-used.xbel

[2012/09/13 20:47:56 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk

[2012/09/13 19:14:04 | 001,378,816 | ---- | M] () -- C:\Users\bill\Desktop\RogueKiller.exe

[2012/09/12 20:34:36 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/09/12 17:16:02 | 004,749,988 | R--- | M] (Swearware) -- C:\Users\bill\Desktop\ComboFix.exe

[2012/09/11 19:08:28 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForbill.job

[2012/09/11 17:05:32 | 000,008,877 | ---- | M] () -- C:\Users\bill\AppData\Roaming\.freeciv-client-rc-2.3

[2012/09/11 17:03:04 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/09/11 07:30:47 | 000,017,914 | ---- | M] () -- C:\Users\bill\Desktop\9-11.jpg

[2012/09/10 19:02:07 | 022,413,312 | ---- | M] () -- C:\Users\bill\Documents\B-R.accdb

[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/09/02 21:12:02 | 000,014,235 | ---- | M] () -- C:\Users\bill\Desktop\pirates plunge.jpg

[2012/08/28 15:53:13 | 000,270,196 | ---- | M] () -- C:\Users\bill\Documents\L2_SW_rew_cp_cert_01.png

[2012/08/27 13:06:31 | 006,050,107 | ---- | M] () -- C:\Users\bill\Documents\8thind.csv

[2012/08/27 12:57:47 | 004,468,637 | ---- | M] () -- C:\Users\bill\Documents\8th.csv

[2012/08/24 13:28:40 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\bill\Desktop\TDSSKiller.exe

[2012/08/18 12:31:50 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\LeapFrog Connect.lnk

[2012/08/16 15:08:06 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2012/08/16 14:56:33 | 000,561,112 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/09/14 11:10:10 | 000,000,580 | ---- | C] () -- C:\Users\bill\Desktop\MBR.zip

[2012/09/14 11:09:50 | 000,000,512 | ---- | C] () -- C:\Users\bill\Desktop\MBR.dat

[2012/09/14 10:51:03 | 000,000,512 | ---- | C] () -- C:\Users\bill\Desktop\MBR-1.dat

[2012/09/14 10:17:42 | 000,512,399 | ---- | C] () -- C:\Users\bill\Desktop\adwcleaner.exe

[2012/09/13 21:01:32 | 000,011,590 | ---- | C] () -- C:\Users\bill\.recently-used.xbel

[2012/09/13 19:14:03 | 001,378,816 | ---- | C] () -- C:\Users\bill\Desktop\RogueKiller.exe

[2012/09/12 17:19:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/09/12 17:19:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/09/12 17:19:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/09/12 17:19:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/09/12 17:19:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/09/11 17:03:04 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/09/11 07:30:46 | 000,017,914 | ---- | C] () -- C:\Users\bill\Desktop\9-11.jpg

[2012/09/02 21:12:01 | 000,014,235 | ---- | C] () -- C:\Users\bill\Desktop\pirates plunge.jpg

[2012/08/28 15:53:12 | 000,270,196 | ---- | C] () -- C:\Users\bill\Documents\L2_SW_rew_cp_cert_01.png

[2012/08/27 12:57:04 | 022,413,312 | ---- | C] () -- C:\Users\bill\Documents\B-R.accdb

[2012/08/27 12:09:02 | 006,050,107 | ---- | C] () -- C:\Users\bill\Documents\8thind.csv

[2012/08/27 09:44:26 | 004,468,637 | ---- | C] () -- C:\Users\bill\Documents\8th.csv

[2012/08/18 12:31:50 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\LeapFrog Connect.lnk

[2012/06/06 18:12:04 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin

[2012/06/06 18:12:04 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

[2012/06/06 18:12:02 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

[2012/06/06 18:11:58 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2012/03/25 18:32:05 | 000,000,469 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

[2012/02/17 20:15:59 | 000,000,114 | ---- | C] () -- C:\Users\bill\webct_upload_applet.properties

[2011/12/28 09:36:08 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\drivers\UNWISE.EXE

[2011/12/22 09:22:56 | 000,220,072 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2011/11/14 16:15:58 | 000,000,032 | ---- | C] () -- C:\Users\bill\.gtk-bookmarks

[2011/11/14 15:36:16 | 000,743,597 | ---- | C] () -- C:\Users\bill\.fonts.cache-1

[2011/10/11 17:31:49 | 000,000,171 | ---- | C] () -- C:\Windows\QUICKEN.INI

[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2011/09/04 10:34:56 | 000,008,877 | ---- | C] () -- C:\Users\bill\AppData\Roaming\.freeciv-client-rc-2.3

[2011/08/26 19:22:48 | 000,000,160 | ---- | C] () -- C:\Windows\ka.ini

[2011/08/15 15:13:08 | 000,008,092 | ---- | C] () -- C:\Users\bill\AppData\Roaming\.freeciv-client-rc-2.2

[2011/08/15 14:54:07 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\pxhpinst.exe

[2011/08/15 10:43:16 | 000,743,954 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/08/15 09:42:04 | 000,000,740 | ---- | C] () -- C:\Windows\hpntwksetup.ini

[2011/08/15 09:40:21 | 000,176,798 | ---- | C] () -- C:\Windows\hppins11.dat

[2011/08/15 09:40:21 | 000,005,707 | ---- | C] () -- C:\Windows\hppmdl11.dat

[2011/07/18 08:58:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011/07/18 08:49:48 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat

[2011/07/18 08:48:38 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

[2011/07/18 08:44:40 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat

[2011/04/08 16:54:49 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat

[2011/03/25 22:16:08 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin

[2011/02/22 19:40:34 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

========== LOP Check ==========

[2012/09/11 16:35:18 | 000,000,000 | ---D | M] -- C:\Users\bill\AppData\Roaming\.freeciv

[2012/09/12 20:24:16 | 000,000,000 | ---D | M] -- C:\Users\bill\AppData\Roaming\Anvisoft

[2011/08/15 09:56:44 | 000,000,000 | ---D | M] -- C:\Users\bill\AppData\Roaming\Blio

[2011/12/15 08:26:39 | 000,000,000 | ---D | M] -- C:\Users\bill\AppData\Roaming\com.Shutterfly.ExpressUploader

[2012/09/14 07:20:15 | 000,000,000 | ---D | M] -- C:\Users\bill\AppData\Roaming\FileZilla

[2012/05/04 11:10:29 | 000,000,000 | ---D | M] -- C:\Users\bill\AppData\Roaming\Firefly Studios

[2012/09/13 21:01:32 | 000,000,000 | ---D | M] -- C:\Users\bill\AppData\Roaming\gtk-2.0

[2012/03/09 08:41:42 | 000,000,000 | ---D | M] -- C:\Users\bill\AppData\Roaming\Hemera

[2012/03/03 19:25:54 | 000,000,000 | ---D | M] -- C:\Users\bill\AppData\Roaming\Juniper Networks

[2012/08/16 14:30:52 | 000,000,000 | ---D | M] -- C:\Users\bill\AppData\Roaming\Spotify

[2012/03/09 08:26:52 | 000,000,000 | ---D | M] -- C:\Users\bill\AppData\Roaming\Summitsoft

[2011/08/15 08:27:33 | 000,000,000 | ---D | M] -- C:\Users\bill\AppData\Roaming\Synaptics

[2011/08/23 14:26:47 | 000,000,000 | ---D | M] -- C:\Users\bill\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1

[2011/09/15 15:42:23 | 000,000,000 | ---D | M] -- C:\Users\bill\AppData\Roaming\Windows Live Writer

[2009/07/14 01:08:49 | 000,019,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >

[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe

[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe

[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe

[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe

[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe

[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe

[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe

[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe

[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SERVICES.EXE >

[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe

[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe

[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >

[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe

[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe

[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe

[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe

[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >

[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe

[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe

[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >

[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe

[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< %systemroot%\*. /rp /s >

< %systemdrive%\$Recycle.Bin|@;true;true;true >

========== Drive Information ==========

Physical Drives

---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media

Interface type: IDE

Media Type: Fixed hard disk media

Model: Hitachi HTS547575A9E384

Partitions: 4

Status: OK

Status Info: 0

Partitions

---------------

DeviceID: Disk #0, Partition #0

PartitionType: Installable File System

Bootable: True

BootPartition: True

PrimaryPartition: True

Size: 0.00GB

Starting Offset: 1048576

Hidden sectors: 0

DeviceID: Disk #0, Partition #1

PartitionType: Installable File System

Bootable: False

BootPartition: False

PrimaryPartition: True

Size: 684.00GB

Starting Offset: 209715200

Hidden sectors: 0

DeviceID: Disk #0, Partition #2

PartitionType: Installable File System

Bootable: False

BootPartition: False

PrimaryPartition: True

Size: 14.00GB

Starting Offset: 734650171392

Hidden sectors: 0

DeviceID: Disk #0, Partition #3

PartitionType: Unknown

Bootable: False

BootPartition: False

PrimaryPartition: True

Size: 0.00GB

Starting Offset: 750047461376

Hidden sectors: 0

< End of report >

bfrivers · September 14, 2012

Here's extras.txt:

OTL Extras logfile created on: 9/14/2012 11:34:31 AM - Run 1