View Full Version : Smitfraud.C Generic Trojan Removal
Ashleydo
2012-04-09, 20:27
Hello,
I used Spybot S&D and it says that I have the Smitfraud.C Generic Trojan, but it is unable to remove the trojan. Also, when I use Google, it turns up the results page and when I click on one of the topics, it takes me to a site that is called Happili that has other search results. I used ERUNT and have attached the requested files.
Thanks in advance for your help.
Ashley
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Ashley Do at 12:58:17 on 2012-04-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1521 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
-netsvcs
C:\Windows\system32\conhost.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Users\Ashley Do\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe
C:\Program Files (x86)\Java\jre6\bin\java.exe
C:\Windows\system32\conhost.exe
C:\Windows\TEMP\0.1935398834509765
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://exchange.ou.edu/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110911170335.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Google Update] "C:\Users\Ashley Do\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [<NO NAME>]
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\ASHLEY~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Ashley Do\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\ASHLEY~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{FD6EBCE2-D0F1-4064-91BC-CAB336B43EF2} : DhcpNameServer = 192.168.1.1 68.105.28.12 68.105.29.12 68.105.28.11
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110911170335.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun-x64: [(Default)]
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-2-28 354304]
R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2011-4-13 514232]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-1 227896]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-2-15 34872]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-6-21 2375168]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2011-9-11 102608]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-11 355440]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-11 355440]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-11 355440]
R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-9-11 200056]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-9-11 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-2-15 1071160]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-15 158856]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-04-09 03:37:25 -------- d-----w- C:\Users\Ashley Do\AppData\Roaming\Malwarebytes
2012-04-09 03:37:09 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-09 03:37:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-09 03:16:22 -------- d-----w- C:\Users\Ashley Do\AppData\Roaming\Zewexez
2012-04-09 03:16:22 -------- d-----w- C:\Users\Ashley Do\AppData\Roaming\Okf
2012-04-09 02:53:31 -------- d-----w- C:\Program Files\iPod
2012-04-09 02:53:29 -------- d-----w- C:\Program Files\iTunes
2012-04-09 02:53:29 -------- d-----w- C:\Program Files (x86)\iTunes
2012-04-09 02:26:31 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-04-09 02:26:30 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-04-09 02:26:30 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-04-09 02:25:56 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-09 02:25:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-09 02:25:56 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-09 02:25:49 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-04-09 02:25:49 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-04-09 02:25:49 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-09 02:25:49 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-04-09 02:18:04 20480 ----a-w- C:\Windows\svchost.exe
2012-04-09 00:12:03 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\9718.tmp
2012-04-09 00:12:03 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\969A.tmp
2012-04-08 21:15:57 -------- d-----w- C:\ProgramData\Premium
2012-04-08 21:14:36 -------- d-----w- C:\ProgramData\Codecv
2012-04-08 21:14:18 -------- d-----w- C:\codec-info
2012-04-08 21:13:41 -------- d-----w- C:\ProgramData\InstallMate
2012-04-08 21:10:27 -------- d--h--w- C:\Users\Ashley Do\AppData\Local\DDMSettings
2012-04-08 21:08:26 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2012-04-08 21:07:49 -------- d-----w- C:\Program Files\DivX
2012-04-08 21:07:38 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
2012-04-08 21:07:02 -------- d-----w- C:\Program Files (x86)\DivX
2012-04-08 21:06:11 -------- d-----w- C:\ProgramData\DivX
2012-04-08 19:12:22 -------- d--h--w- C:\Users\Ashley Do\AppData\Local\{11795259-5D99-484D-BA88-93823B4A2E2C}
2012-04-08 19:12:10 -------- d--h--w- C:\Users\Ashley Do\AppData\Roaming\Windows Live Writer
2012-04-08 19:12:10 -------- d--h--w- C:\Users\Ashley Do\AppData\Local\Windows Live Writer
2012-03-27 03:03:11 -------- d--h--w- C:\Users\Ashley Do\AppData\Local\{B50E87C9-80DA-4A8D-AC8F-70085A888834}
2012-03-27 03:00:05 -------- d--h--w- C:\Users\Ashley Do\AppData\Local\Windows Live
2012-03-27 02:59:49 -------- d--h--w- C:\Users\Ashley Do\AppData\Local\{7FDA1B38-A2E5-466A-8535-7D993FFA13C3}
2012-03-27 02:59:49 -------- d--h--w- C:\Users\Ashley Do\AppData\Local\{598EDF80-1CD2-4788-9709-AD9966698271}
2012-03-27 02:56:03 -------- d--h--w- C:\Users\Ashley Do\AppData\Roaming\MPEG Streamclip
2012-03-17 15:55:19 -------- d--h--w- C:\Users\Ashley Do\AppData\Local\{7E07BA0C-6035-4282-99B4-835FF67BEC6A}
.
==================== Find3M ====================
.
2012-02-18 18:02:22 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-15 18:58:02 768848 ----a-w- C:\Windows\SysWow64\msvcr100.dll
2012-02-15 18:58:00 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll
.
============= FINISH: 13:00:09.22 ===============
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
Ashleydo
2012-04-12, 07:03
I have attached my Combofix log.
ComboFix 12-04-11.03 - Ashley Do 04/11/2012 22:40:56.1.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2960 [GMT -5:00]
Running from: c:\users\Ashley Do\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\yeIDS3hg3QhaBv
c:\programdata\ZYJMeIRLJFTvNi
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\svchost.exe
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2012-03-12 to 2012-04-12 )))))))))))))))))))))))))))))))
.
.
2012-04-12 03:15 . 2012-04-12 03:15 242688 ----a-w- c:\programdata\yeIDS3hg3QhaBv.exe
2012-04-11 03:20 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 03:20 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 03:20 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 03:20 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 03:20 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 03:20 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 03:20 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 03:18 . 2012-04-11 03:15 321536 ----a-w- c:\programdata\jFRhCecXBQMsfL.exe
2012-04-09 17:52 . 2012-04-10 05:06 -------- d-----w- c:\program files (x86)\ERUNT
2012-04-09 03:37 . 2012-04-09 03:37 -------- d-----w- c:\users\Ashley Do\AppData\Roaming\Malwarebytes
2012-04-09 03:37 . 2012-04-09 03:37 -------- d-----w- c:\programdata\Malwarebytes
2012-04-09 03:37 . 2012-04-09 20:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-09 03:16 . 2012-04-09 03:46 -------- d-----w- c:\users\Ashley Do\AppData\Roaming\Okf
2012-04-09 03:16 . 2012-04-09 03:16 -------- d-----w- c:\users\Ashley Do\AppData\Roaming\Zewexez
2012-04-09 02:53 . 2012-04-09 02:53 -------- d-----w- c:\program files\iPod
2012-04-09 02:53 . 2012-04-09 02:54 -------- d-----w- c:\program files\iTunes
2012-04-09 02:53 . 2012-04-09 02:54 -------- d-----w- c:\program files (x86)\iTunes
2012-04-09 02:26 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-04-09 02:26 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-04-09 02:26 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-04-09 02:25 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-09 02:25 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-09 02:25 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-09 02:25 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-04-09 02:25 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-04-09 02:25 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-09 02:25 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-04-09 00:12 . 2012-04-09 00:12 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\9718.tmp
2012-04-09 00:12 . 2012-04-09 00:12 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\969A.tmp
2012-04-08 21:15 . 2012-04-08 21:15 -------- d-----w- c:\programdata\Premium
2012-04-08 21:14 . 2012-04-09 05:14 -------- d-----w- c:\programdata\Codecv
2012-04-08 21:14 . 2012-04-08 21:14 -------- d-----w- C:\codec-info
2012-04-08 21:13 . 2012-04-08 21:16 -------- d-----w- c:\programdata\InstallMate
2012-04-08 21:10 . 2012-04-08 21:10 -------- d--h--w- c:\users\Ashley Do\AppData\Local\DDMSettings
2012-04-08 21:08 . 2012-04-08 21:14 -------- d--h--w- c:\users\Ashley Do\AppData\Roaming\DivX
2012-04-08 21:08 . 2012-04-09 05:14 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2012-04-08 21:07 . 2012-04-09 05:14 -------- d-----w- c:\program files\DivX
2012-04-08 21:07 . 2012-04-09 05:14 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2012-04-08 21:07 . 2012-04-09 05:14 -------- d-----w- c:\program files (x86)\DivX
2012-04-08 21:06 . 2012-04-09 05:14 -------- d-----w- c:\programdata\DivX
2012-04-08 19:12 . 2012-04-08 19:12 -------- d--h--w- c:\users\Ashley Do\AppData\Local\Windows Live Writer
2012-04-08 19:12 . 2012-04-08 19:12 -------- d--h--w- c:\users\Ashley Do\AppData\Roaming\Windows Live Writer
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-03-30 02:44 . 2012-04-09 05:14 -------- d-----w- c:\program files (x86)\Real
2012-03-27 03:00 . 2012-04-09 18:02 -------- d--h--w- c:\users\Ashley Do\AppData\Local\Windows Live
2012-03-27 02:56 . 2012-03-27 02:56 -------- d--h--w- c:\users\Ashley Do\AppData\Roaming\MPEG Streamclip
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-18 18:02 . 2011-09-20 01:45 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-15 18:58 . 2012-02-15 18:58 768848 ----a-w- c:\windows\SysWow64\msvcr100.dll
2012-02-15 18:58 . 2012-02-15 18:58 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
2012-02-14 17:09 . 2012-02-14 17:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ---ha-w- c:\users\Ashley Do\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ---ha-w- c:\users\Ashley Do\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ---ha-w- c:\users\Ashley Do\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-02-28 336384]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-28 1486392]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"jFRhCecXBQMsfL.exe"="c:\programdata\jFRhCecXBQMsfL.exe" [2012-04-11 321536]
.
c:\users\Ashley Do\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ashley Do\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-02-28 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-08 2375168]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2011-08-10 102608]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2389999988-980581348-2656622395-1002Core.job
- c:\users\Ashley Do\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-12 01:09]
.
2012-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2389999988-980581348-2656622395-1002UA.job
- c:\users\Ashley Do\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-12 01:09]
.
2012-02-29 c:\windows\Tasks\HPCeeScheduleForAshley Do.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ---ha-w- c:\users\Ashley Do\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ---ha-w- c:\users\Ashley Do\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ---ha-w- c:\users\Ashley Do\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ---ha-w- c:\users\Ashley Do\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-02-15 1128448]
"MRT"="c:\windows\system32\MRT.exe" [2012-04-11 57249312]
"combofix"="c:\combofix\CF10165.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://exchange.ou.edu/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1 68.105.28.12 68.105.29.12 68.105.28.11
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\\.\globalroot\systemroot\svchost.exe
.
**************************************************************************
.
Completion time: 2012-04-11 23:03:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-12 04:03
.
Pre-Run: 399,416,156,160 bytes free
Post-Run: 398,826,897,408 bytes free
.
- - End Of File - - 16BCF754E8F099057DD81E9550B77252
Hello,
Let me ask you, does this computer belong to the university ?
I am still seeing some very questionable files on your Combofix log, lets do this first
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
Ashleydo
2012-04-13, 03:12
No, this is not a university computer. It is my personal computer. What is wrong?
I have pasted the log as well as attached the log. I had to reboot to remove the selected problems.
Thanks for your help.
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.04.13.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ashley Do :: ASHLEYDO-HP [administrator]
Protection: Disabled
4/12/2012 8:01:07 PM
mbam-log-2012-04-12 (20-01-07).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203440
Time elapsed: 7 minute(s), 45 second(s)
Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 3632 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
(end)
Good Morning
I see this on your log and was wondering about the ownership of the computer as we just work on home computers
https://exchange.ou.edu/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fexchange.ou.edu%2fowa%2f
Have the redirects stopped ?
Ashleydo
2012-04-13, 23:38
That website it the site to check my university email. I am still having the redirect. What should I do next?
Most times a redirect can be the result of a rootkit infection, lets do this
Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan, its going to ask you to download new definition updates, let it update
http://public.avast.com/~gmerek/aswMBR1.png
On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png
Ashleydo
2012-04-15, 20:07
Here is my scan results.
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-15 12:23:33
-----------------------------
12:23:33.956 OS Version: Windows x64 6.1.7601 Service Pack 1
12:23:33.956 Number of processors: 2 586 0x603
12:23:33.956 ComputerName: ASHLEYDO-HP UserName: Ashley Do
12:23:35.360 Initialize success
12:23:42.879 AVAST engine defs: 12041501
12:23:56.857 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005f
12:23:56.857 Disk 0 Vendor: ST950032 0005 Size: 476940MB BusType: 11
12:23:56.857 Device \Driver\amd_sata -> MajorFunction fffffa80048a55c4
12:23:56.857 Disk 0 MBR read successfully
12:23:56.873 Disk 0 MBR scan
12:23:56.888 Disk 0 Windows 7 default MBR code
12:23:56.904 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
12:23:56.919 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 461586 MB offset 409600
12:23:56.951 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15050 MB offset 945737728
12:23:56.966 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
12:23:57.013 Disk 0 scanning C:\Windows\system32\drivers
12:24:04.579 Service scanning
12:24:32.113 Modules scanning
12:24:32.113 Disk 0 trace - called modules:
12:24:32.113 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys >>UNKNOWN [0xfffffa80048a55c4]<<
12:24:32.129 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800430c290]
12:24:32.129 3 CLASSPNP.SYS[fffff880018a643f] -> nt!IofCallDriver -> [0xfffffa8004282ac0]
12:24:32.144 5 amd_xata.sys[fffff880010dc900] -> nt!IofCallDriver -> \Device\0000005f[0xfffffa800427e650]
12:24:32.144 \Driver\amd_sata[0xfffffa800483f510] -> IRP_MJ_CREATE -> 0xfffffa80048a55c4
12:24:33.595 AVAST engine scan C:\Windows
12:24:36.200 AVAST engine scan C:\Windows\system32
12:24:44.266 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
12:27:56.700 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
12:27:59.305 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
12:29:11.181 AVAST engine scan C:\Windows\system32\drivers
12:29:24.747 AVAST engine scan C:\Users\Ashley Do
12:48:36.732 AVAST engine scan C:\ProgramData
12:50:18.300 Scan finished successfully
13:03:30.120 Disk 0 MBR has been saved successfully to "C:\Users\Ashley Do\Downloads\MBR.dat"
13:03:30.125 The log file has been saved successfully to "C:\Users\Ashley Do\Downloads\aswMBR.txt"
Lets double check your Master Boot Record
Download MBRCheck.exe (http://ad13.geekstogo.com/MBRCheck.exe) to your desktop.
Be sure to disable your security programs
Double click on the file to run it
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.
Ashleydo
2012-04-15, 20:39
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion g6 Notebook PC
Logical Drives Mask: 0x0000001c
Kernel Drivers (total 166):
0x0240C000 \SystemRoot\system32\ntoskrnl.exe
0x029F5000 \SystemRoot\system32\hal.dll
0x00BB3000 \SystemRoot\system32\kdcom.dll
0x00C87000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00C94000 \SystemRoot\system32\PSHED.dll
0x00CA8000 \SystemRoot\system32\CLFS.SYS
0x00D06000 \SystemRoot\system32\CI.dll
0x00EC2000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F66000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F75000 \SystemRoot\system32\drivers\ACPI.sys
0x00FCC000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00FD5000 \SystemRoot\system32\drivers\msisadrv.sys
0x00E00000 \SystemRoot\system32\drivers\pci.sys
0x00E33000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00E40000 \SystemRoot\System32\drivers\partmgr.sys
0x00E55000 \SystemRoot\system32\drivers\compbatt.sys
0x00E5E000 \SystemRoot\system32\drivers\BATTC.SYS
0x00E6A000 \SystemRoot\system32\drivers\volmgr.sys
0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E7F000 \SystemRoot\system32\drivers\pciide.sys
0x00E86000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00E96000 \SystemRoot\System32\drivers\mountmgr.sys
0x00EB0000 \SystemRoot\system32\drivers\atapi.sys
0x00C5C000 \SystemRoot\system32\drivers\ataport.SYS
0x00FDF000 \SystemRoot\system32\drivers\msahci.sys
0x00DC6000 \SystemRoot\system32\DRIVERS\amd_sata.sys
0x01078000 \SystemRoot\system32\DRIVERS\storport.sys
0x010DB000 \SystemRoot\system32\DRIVERS\amd_xata.sys
0x010E8000 \SystemRoot\system32\drivers\amdxata.sys
0x010F3000 \SystemRoot\system32\drivers\fltmgr.sys
0x0113F000 \SystemRoot\system32\drivers\fileinfo.sys
0x01153000 \SystemRoot\system32\drivers\mfehidk.sys
0x01255000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01000000 \SystemRoot\System32\Drivers\msrpc.sys
0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys
0x014DE000 \SystemRoot\System32\Drivers\cng.sys
0x01550000 \SystemRoot\System32\drivers\pcw.sys
0x01561000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016FA000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x018F4000 \SystemRoot\System32\drivers\tcpip.sys
0x01AF8000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01B42000 \SystemRoot\system32\drivers\mfewfpk.sys
0x01B86000 \SystemRoot\system32\drivers\volsnap.sys
0x01800000 \SystemRoot\System32\drivers\rdyboost.sys
0x0183A000 \SystemRoot\System32\Drivers\mup.sys
0x0184C000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01855000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0188F000 \SystemRoot\system32\drivers\disk.sys
0x018A5000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x018D5000 \SystemRoot\system32\DRIVERS\AtiPcie64.sys
0x01BF3000 \SystemRoot\System32\Drivers\Null.SYS
0x018EB000 \SystemRoot\System32\Drivers\Beep.SYS
0x0169E000 \SystemRoot\System32\drivers\vga.sys
0x016AC000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x016D1000 \SystemRoot\System32\drivers\watchdog.sys
0x016E1000 \SystemRoot\system32\drivers\rdpencdd.sys
0x016EA000 \SystemRoot\System32\Drivers\Msfs.SYS
0x017ED000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0156B000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0158D000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x0159A000 \SystemRoot\System32\DRIVERS\netbt.sys
0x01400000 \SystemRoot\system32\drivers\afd.sys
0x01489000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x01492000 \SystemRoot\system32\DRIVERS\pacer.sys
0x014B8000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x015DF000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x015F0000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02CB7000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02D08000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02D14000 \SystemRoot\System32\Drivers\dfsc.sys
0x02D32000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x02D58000 \SystemRoot\system32\drivers\wmiacpi.sys
0x02D61000 \SystemRoot\system32\drivers\HDAudBus.sys
0x02D85000 \SystemRoot\System32\Drivers\fastfat.SYS
0x02C00000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x03015000 \SystemRoot\system32\DRIVERS\netr28x.sys
0x031D5000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x02C6C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x031E2000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x031EF000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x02E68000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02EBE000 \SystemRoot\system32\DRIVERS\usbfilter.sys
0x02ECC000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02EDD000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x02EFB000 \SystemRoot\system32\drivers\kbdclass.sys
0x02F0A000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x02F71000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x02F73000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x02F82000 \SystemRoot\system32\drivers\blbdrive.sys
0x02F93000 \SystemRoot\system32\drivers\CompositeBus.sys
0x02FA3000 \SystemRoot\system32\drivers\mssmbios.sys
0x02FAE000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x02FC4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x02FE8000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02E00000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02E2F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02C96000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x02E4A000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03000000 \SystemRoot\system32\drivers\termdd.sys
0x02E64000 \SystemRoot\system32\drivers\swenum.sys
0x02DBB000 \SystemRoot\system32\drivers\ks.sys
0x0121B000 \SystemRoot\system32\DRIVERS\amdiox64.sys
0x0122F000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03CCF000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x03D29000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x03D3E000 \SystemRoot\system32\drivers\mfefirek.sys
0x03DB2000 \SystemRoot\System32\Drivers\crashdmp.sys
0x03DC0000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x03DCA000 \SystemRoot\System32\Drivers\dump_amd_sata.sys
0x03DE1000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x000B0000 \SystemRoot\System32\win32k.sys
0x03DF4000 \SystemRoot\System32\drivers\Dxapi.sys
0x03C00000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x00430000 \SystemRoot\System32\drivers\dxg.sys
0x00770000 \SystemRoot\System32\TSDDD.dll
0x00990000 \SystemRoot\System32\framebuf.dll
0x00A00000 \SystemRoot\System32\ATMFD.DLL
0x03C1D000 \SystemRoot\system32\drivers\WudfPf.sys
0x03C3E000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x03C91000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x03CA4000 \SystemRoot\system32\DRIVERS\bowser.sys
0x04C9B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x04CC8000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x04D16000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x04D3A000 \??\C:\Users\ASHLEY~1\AppData\Local\Temp\aswMBR.sys
0x775C0000 \Windows\System32\ntdll.dll
0x47BA0000 \Windows\System32\smss.exe
0xFF8E0000 \Windows\System32\apisetschema.dll
0xFFE80000 \Windows\System32\autochk.exe
0xFF6F0000 \Windows\System32\setupapi.dll
0x77790000 \Windows\System32\psapi.dll
0xFF6D0000 \Windows\System32\sechost.dll
0xFF650000 \Windows\System32\shlwapi.dll
0x774C0000 \Windows\System32\user32.dll
0xFF600000 \Windows\System32\ws2_32.dll
0x77370000 \Windows\System32\urlmon.dll
0xFF530000 \Windows\System32\usp10.dll
0xFF4B0000 \Windows\System32\difxapi.dll
0xFF2A0000 \Windows\System32\ole32.dll
0x77210000 \Windows\System32\wininet.dll
0xFF200000 \Windows\System32\comdlg32.dll
0xFF1E0000 \Windows\System32\imagehlp.dll
0xFF170000 \Windows\System32\gdi32.dll
0xFF160000 \Windows\System32\nsi.dll
0xFF050000 \Windows\System32\msctf.dll
0x77000000 \Windows\System32\iertutil.dll
0xFEF20000 \Windows\System32\rpcrt4.dll
0xFEF10000 \Windows\System32\lpk.dll
0xFEEE0000 \Windows\System32\imm32.dll
0x76EE0000 \Windows\System32\kernel32.dll
0xFEE40000 \Windows\System32\clbcatq.dll
0xFED60000 \Windows\System32\oleaut32.dll
0xFECC0000 \Windows\System32\msvcrt.dll
0x77780000 \Windows\System32\normaliz.dll
0xFDF30000 \Windows\System32\shell32.dll
0xFDE50000 \Windows\System32\advapi32.dll
0xFDDF0000 \Windows\System32\Wldap32.dll
0xFDDD0000 \Windows\System32\devobj.dll
0xFDC60000 \Windows\System32\crypt32.dll
0xFDBC0000 \Windows\System32\comctl32.dll
0xFDB80000 \Windows\System32\cfgmgr32.dll
0xFDB40000 \Windows\System32\wintrust.dll
0xFDAD0000 \Windows\System32\KernelBase.dll
0xFDAC0000 \Windows\System32\msasn1.dll
Processes (total 36):
0 System Idle Process
4 System
276 C:\Windows\System32\smss.exe
380 csrss.exe
420 csrss.exe
428 C:\Windows\System32\wininit.exe
472 C:\Windows\System32\winlogon.exe
512 C:\Windows\System32\services.exe
532 C:\Windows\System32\lsass.exe
540 C:\Windows\System32\lsm.exe
636 C:\Windows\System32\svchost.exe
712 C:\Windows\System32\svchost.exe
836 C:\Windows\System32\svchost.exe
868 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\svchost.exe
964 C:\Windows\System32\svchost.exe
1000 C:\Windows\System32\svchost.exe
416 C:\Windows\System32\mfevtps.exe
728 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
1172 C:\Windows\explorer.exe
1216 C:\Windows\System32\ctfmon.exe
524 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
2044 C:\Users\Ashley Do\Desktop\aswMBR.exe
1588 C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
2496 C:\Windows\SysWOW64\ctfmon.exe
1444 C:\Windows\svchost.exe
2200 C:\Windows\System32\conhost.exe
3020 C:\ProgramData\QkqnRvQCEE.exe
2808 C:\Program Files (x86)\Internet Explorer\iexplore.exe
1788 C:\Program Files (x86)\Internet Explorer\iexplore.exe
2816 C:\Program Files (x86)\Internet Explorer\iexplore.exe
2152 C:\Windows\System32\vds.exe
2724 WmiPrvSE.exe
1640 C:\Program Files (x86)\Internet Explorer\iexplore.exe
1200 C:\Users\Ashley Do\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B5Z3Z04F\MBRCheck.exe
568 C:\Windows\System32\conhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000070`bda00000 (NTFS)
PhysicalDrive0 Model Number: ST9500325AS, Rev: 0005HPM1
Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 4A424128F8BDD7486A71ACBA75AD6A099B912047
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
Lets run this tool and see if it fixes it
Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan
Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now
Copy and paste the log in your next reply
A copy of the log will be saved automatically to the root of the drive (typically C:\)
Ashleydo
2012-04-16, 00:47
Doesn't seem to have worked. My computer keeps restarting on it's own. Here is the report:
17:31:34.0511 1168 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
17:31:34.0979 1168 ============================================================
17:31:34.0979 1168 Current date / time: 2012/04/15 17:31:34.0979
17:31:34.0979 1168 SystemInfo:
17:31:34.0979 1168
17:31:34.0979 1168 OS Version: 6.1.7601 ServicePack: 1.0
17:31:34.0979 1168 Product type: Workstation
17:31:34.0979 1168 ComputerName: ASHLEYDO-HP
17:31:34.0979 1168 UserName: Ashley Do
17:31:34.0979 1168 Windows directory: C:\Windows
17:31:34.0979 1168 System windows directory: C:\Windows
17:31:34.0979 1168 Running under WOW64
17:31:34.0979 1168 Processor architecture: Intel x64
17:31:34.0979 1168 Number of processors: 2
17:31:34.0979 1168 Page size: 0x1000
17:31:34.0979 1168 Boot type: Safe boot with network
17:31:34.0979 1168 ============================================================
17:31:36.0617 1168 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:31:36.0617 1168 \Device\Harddisk0\DR0:
17:31:36.0617 1168 MBR used
17:31:36.0617 1168 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
17:31:36.0617 1168 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x38589000
17:31:36.0617 1168 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x385ED000, BlocksNum 0x1D65000
17:31:36.0617 1168 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
17:31:36.0788 1168 Initialize success
17:31:36.0788 1168 ============================================================
17:31:45.0462 1616 ============================================================
17:31:45.0462 1616 Scan started
17:31:45.0462 1616 Mode: Manual;
17:31:45.0462 1616 ============================================================
17:31:46.0460 1616 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:31:46.0460 1616 1394ohci - ok
17:31:46.0882 1616 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:31:46.0882 1616 ACPI - ok
17:31:47.0318 1616 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:31:47.0318 1616 AcpiPmi - ok
17:31:47.0506 1616 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:31:47.0506 1616 AdobeARMservice - ok
17:31:47.0927 1616 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
17:31:47.0942 1616 adp94xx - ok
17:31:48.0395 1616 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
17:31:48.0395 1616 adpahci - ok
17:31:48.0832 1616 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
17:31:48.0832 1616 adpu320 - ok
17:31:49.0128 1616 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:31:49.0128 1616 AeLookupSvc - ok
17:31:49.0549 1616 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:31:49.0565 1616 AFD - ok
17:31:49.0986 1616 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:31:49.0986 1616 agp440 - ok
17:31:50.0314 1616 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:31:50.0314 1616 ALG - ok
17:31:50.0750 1616 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:31:50.0750 1616 aliide - ok
17:31:51.0062 1616 AMD External Events Utility (850f0c8034225fa3f50d551a905fa503) C:\Windows\system32\atiesrxx.exe
17:31:51.0062 1616 AMD External Events Utility - ok
17:31:51.0140 1616 AMD FUEL Service - ok
17:31:51.0265 1616 AMD Reservation Manager (dd27f6c3de9bfe50635c721e09edc5dd) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
17:31:51.0281 1616 AMD Reservation Manager - ok
17:31:51.0702 1616 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:31:51.0718 1616 amdide - ok
17:31:52.0154 1616 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
17:31:52.0154 1616 amdiox64 - ok
17:31:52.0607 1616 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
17:31:52.0607 1616 AmdK8 - ok
17:31:53.0278 1616 amdkmdag (7979bf4a66efdadf3d00a052409609b1) C:\Windows\system32\DRIVERS\atikmdag.sys
17:31:53.0480 1616 amdkmdag - ok
17:31:53.0948 1616 amdkmdap (7d5cdb0161e91951d3dd99e55cea4d01) C:\Windows\system32\DRIVERS\atikmpag.sys
17:31:53.0948 1616 amdkmdap - ok
17:31:54.0401 1616 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:31:54.0401 1616 AmdPPM - ok
17:31:54.0822 1616 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:31:54.0838 1616 amdsata - ok
17:31:55.0274 1616 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
17:31:55.0290 1616 amdsbs - ok
17:31:55.0727 1616 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:31:55.0727 1616 amdxata - ok
17:31:56.0148 1616 amd_sata (6363014d5e4ccd280fb4902ec3c2ccfe) C:\Windows\system32\DRIVERS\amd_sata.sys
17:31:56.0148 1616 amd_sata - ok
17:31:56.0569 1616 amd_xata (51a5aed2a4cceda6addcf3194c9b29eb) C:\Windows\system32\DRIVERS\amd_xata.sys
17:31:56.0569 1616 amd_xata - ok
17:31:56.0975 1616 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:31:56.0975 1616 AppID - ok
17:31:57.0256 1616 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:31:57.0256 1616 AppIDSvc - ok
17:31:57.0568 1616 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
17:31:57.0568 1616 Appinfo - ok
17:31:57.0802 1616 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:31:57.0802 1616 Apple Mobile Device - ok
17:31:58.0238 1616 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
17:31:58.0238 1616 arc - ok
17:31:58.0691 1616 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
17:31:58.0691 1616 arcsas - ok
17:31:59.0128 1616 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:31:59.0128 1616 AsyncMac - ok
17:31:59.0580 1616 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:31:59.0580 1616 atapi - ok
17:32:00.0048 1616 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
17:32:00.0048 1616 AtiHdmiService - ok
17:32:00.0500 1616 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
17:32:00.0500 1616 AtiPcie - ok
17:32:00.0812 1616 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:32:00.0812 1616 AudioEndpointBuilder - ok
17:32:00.0828 1616 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:32:00.0828 1616 AudioSrv - ok
17:32:01.0171 1616 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
17:32:01.0171 1616 AxInstSV - ok
17:32:01.0624 1616 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
17:32:01.0639 1616 b06bdrv - ok
17:32:02.0076 1616 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:32:02.0092 1616 b57nd60a - ok
17:32:02.0232 1616 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
17:32:02.0232 1616 BBSvc - ok
17:32:02.0700 1616 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
17:32:02.0731 1616 BCM43XX - ok
17:32:03.0028 1616 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:32:03.0028 1616 BDESVC - ok
17:32:03.0464 1616 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:32:03.0464 1616 Beep - ok
17:32:03.0776 1616 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
17:32:03.0854 1616 BITS - ok
17:32:04.0276 1616 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
17:32:04.0276 1616 blbdrive - ok
17:32:04.0369 1616 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
17:32:04.0385 1616 Bonjour Service - ok
17:32:04.0822 1616 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:32:04.0837 1616 bowser - ok
17:32:05.0258 1616 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
17:32:05.0258 1616 BrFiltLo - ok
17:32:05.0695 1616 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
17:32:05.0695 1616 BrFiltUp - ok
17:32:05.0992 1616 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
17:32:05.0992 1616 Browser - ok
17:32:06.0413 1616 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:32:06.0428 1616 Brserid - ok
17:32:06.0865 1616 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:32:06.0865 1616 BrSerWdm - ok
17:32:07.0302 1616 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:32:07.0302 1616 BrUsbMdm - ok
17:32:07.0739 1616 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:32:07.0739 1616 BrUsbSer - ok
17:32:08.0176 1616 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
17:32:08.0176 1616 BTHMODEM - ok
17:32:08.0488 1616 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:32:08.0488 1616 bthserv - ok
17:32:08.0909 1616 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:32:08.0909 1616 cdfs - ok
17:32:09.0346 1616 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
17:32:09.0346 1616 cdrom - ok
17:32:09.0673 1616 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:32:09.0673 1616 CertPropSvc - ok
17:32:10.0079 1616 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys
17:32:10.0079 1616 cfwids - ok
17:32:10.0516 1616 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
17:32:10.0516 1616 circlass - ok
17:32:10.0812 1616 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:32:10.0812 1616 CLFS - ok
17:32:11.0030 1616 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:32:11.0046 1616 clr_optimization_v2.0.50727_32 - ok
17:32:11.0264 1616 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:32:11.0280 1616 clr_optimization_v2.0.50727_64 - ok
17:32:11.0530 1616 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:32:11.0592 1616 clr_optimization_v4.0.30319_32 - ok
17:32:11.0904 1616 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:32:12.0044 1616 clr_optimization_v4.0.30319_64 - ok
17:32:12.0481 1616 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
17:32:12.0481 1616 clwvd - ok
17:32:12.0918 1616 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
17:32:12.0918 1616 CmBatt - ok
17:32:13.0480 1616 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:32:13.0480 1616 cmdide - ok
17:32:13.0916 1616 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
17:32:13.0932 1616 CNG - ok
17:32:14.0338 1616 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
17:32:14.0338 1616 Compbatt - ok
17:32:14.0790 1616 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
17:32:14.0790 1616 CompositeBus - ok
17:32:15.0071 1616 COMSysApp - ok
17:32:15.0492 1616 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
17:32:15.0492 1616 crcdisk - ok
17:32:15.0804 1616 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
17:32:15.0804 1616 CryptSvc - ok
17:32:16.0100 1616 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:32:16.0100 1616 DcomLaunch - ok
17:32:16.0397 1616 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:32:16.0397 1616 defragsvc - ok
17:32:16.0849 1616 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:32:16.0849 1616 DfsC - ok
17:32:17.0146 1616 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
17:32:17.0161 1616 Dhcp - ok
17:32:17.0629 1616 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:32:17.0629 1616 discache - ok
17:32:18.0082 1616 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
17:32:18.0082 1616 Disk - ok
17:32:18.0394 1616 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
17:32:18.0394 1616 Dnscache - ok
17:32:18.0690 1616 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
17:32:18.0690 1616 dot3svc - ok
17:32:18.0986 1616 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
17:32:19.0002 1616 DPS - ok
17:32:19.0423 1616 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:32:19.0423 1616 drmkaud - ok
17:32:19.0860 1616 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:32:19.0860 1616 DXGKrnl - ok
17:32:20.0156 1616 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:32:20.0172 1616 EapHost - ok
17:32:20.0640 1616 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
17:32:20.0734 1616 ebdrv - ok
17:32:21.0030 1616 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
17:32:21.0030 1616 EFS - ok
17:32:21.0217 1616 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
17:32:21.0217 1616 ehRecvr - ok
17:32:21.0389 1616 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:32:21.0389 1616 ehSched - ok
17:32:21.0841 1616 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
17:32:21.0857 1616 elxstor - ok
17:32:22.0262 1616 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:32:22.0262 1616 ErrDev - ok
17:32:22.0574 1616 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:32:22.0574 1616 EventSystem - ok
17:32:22.0996 1616 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:32:22.0996 1616 exfat - ok
17:32:23.0276 1616 ezSharedSvc - ok
17:32:23.0682 1616 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:32:23.0682 1616 fastfat - ok
17:32:24.0150 1616 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
17:32:24.0150 1616 Fax - ok
17:32:24.0899 1616 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
17:32:24.0899 1616 fdc - ok
17:32:25.0694 1616 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:32:25.0694 1616 fdPHost - ok
17:32:26.0428 1616 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:32:26.0428 1616 FDResPub - ok
17:32:27.0317 1616 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:32:27.0348 1616 FileInfo - ok
17:32:27.0956 1616 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:32:27.0956 1616 Filetrace - ok
17:32:28.0518 1616 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
17:32:28.0549 1616 flpydisk - ok
17:32:29.0516 1616 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:32:29.0548 1616 FltMgr - ok
17:32:30.0312 1616 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
17:32:30.0359 1616 FontCache - ok
17:32:30.0577 1616 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:32:30.0593 1616 FontCache3.0.0.0 - ok
17:32:31.0700 1616 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:32:31.0716 1616 FsDepends - ok
17:32:32.0808 1616 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
17:32:32.0808 1616 Fs_Rec - ok
17:32:33.0916 1616 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:32:33.0916 1616 fvevol - ok
17:32:34.0789 1616 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
17:32:34.0789 1616 gagp30kx - ok
17:32:35.0039 1616 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
17:32:35.0054 1616 GamesAppService - ok
17:32:35.0819 1616 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:32:35.0819 1616 GEARAspiWDM - ok
17:32:36.0334 1616 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
17:32:36.0365 1616 gpsvc - ok
17:32:37.0675 1616 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:32:37.0675 1616 hcw85cir - ok
17:32:39.0235 1616 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:32:39.0282 1616 HdAudAddService - ok
17:32:41.0154 1616 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
17:32:41.0201 1616 HDAudBus - ok
17:32:43.0073 1616 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
17:32:43.0088 1616 HidBatt - ok
17:32:44.0742 1616 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
17:32:44.0804 1616 HidBth - ok
17:32:46.0396 1616 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
17:32:46.0396 1616 HidIr - ok
17:32:47.0815 1616 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
17:32:47.0831 1616 hidserv - ok
17:32:50.0686 1616 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:32:50.0686 1616 HidUsb - ok
17:32:52.0448 1616 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
17:32:52.0511 1616 hkmsvc - ok
17:32:54.0008 1616 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
17:32:54.0040 1616 HomeGroupListener - ok
17:32:55.0272 1616 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
17:32:55.0272 1616 HomeGroupProvider - ok
17:32:55.0990 1616 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
17:32:56.0083 1616 HP Support Assistant Service - ok
17:32:56.0520 1616 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
17:32:56.0707 1616 HPClientSvc - ok
17:32:57.0378 1616 hpCMSrv (e040f0064d39f73bb4995d494f3dcbb8) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
17:32:57.0659 1616 hpCMSrv - ok
17:32:58.0314 1616 HPDrvMntSvc.exe (b19ff523b533a3f198b9239e1749c940) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
17:32:58.0345 1616 HPDrvMntSvc.exe - ok
17:32:58.0829 1616 hpqwmiex (01091b900e15878b4434f9c726c4541d) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
17:32:58.0891 1616 hpqwmiex - ok
17:33:00.0607 1616 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:33:00.0623 1616 HpSAMD - ok
17:33:01.0247 1616 HPWMISVC (77c15d7e8f002a173eebff0b20cd697d) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
17:33:01.0262 1616 HPWMISVC - ok
17:33:02.0791 1616 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:33:02.0854 1616 HTTP - ok
17:33:04.0211 1616 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:33:04.0226 1616 hwpolicy - ok
17:33:05.0958 1616 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
17:33:05.0958 1616 i8042prt - ok
17:33:07.0705 1616 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:33:07.0721 1616 iaStorV - ok
17:33:08.0220 1616 IconMan_R (3a0ff117b4adc5abe4d968e26a337158) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
17:33:08.0423 1616 IconMan_R - ok
17:33:08.0906 1616 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:33:08.0922 1616 idsvc - ok
17:33:10.0732 1616 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
17:33:10.0747 1616 iirsp - ok
17:33:12.0136 1616 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
17:33:12.0292 1616 IKEEXT - ok
17:33:13.0914 1616 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:33:13.0976 1616 intelide - ok
17:33:15.0614 1616 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
17:33:15.0614 1616 intelppm - ok
17:33:16.0316 1616 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:33:16.0332 1616 IPBusEnum - ok
17:33:17.0986 1616 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:33:18.0001 1616 IpFilterDriver - ok
17:33:19.0546 1616 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:33:19.0546 1616 IPMIDRV - ok
17:33:20.0950 1616 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:33:20.0996 1616 IPNAT - ok
17:33:21.0355 1616 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
17:33:21.0652 1616 iPod Service - ok
17:33:22.0993 1616 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:33:23.0009 1616 IRENUM - ok
17:33:24.0803 1616 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:33:24.0819 1616 isapnp - ok
17:33:26.0457 1616 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:33:26.0472 1616 iScsiPrt - ok
17:33:28.0001 1616 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
17:33:28.0001 1616 kbdclass - ok
17:33:29.0811 1616 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
17:33:29.0811 1616 kbdhid - ok
17:33:30.0965 1616 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:33:30.0965 1616 KeyIso - ok
17:33:32.0868 1616 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
17:33:32.0884 1616 KSecDD - ok
17:33:34.0506 1616 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
17:33:34.0522 1616 KSecPkg - ok
17:33:36.0300 1616 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:33:36.0316 1616 ksthunk - ok
17:33:37.0533 1616 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:33:37.0595 1616 KtmRm - ok
17:33:38.0749 1616 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
17:33:38.0765 1616 LanmanServer - ok
17:33:40.0091 1616 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
17:33:40.0091 1616 LanmanWorkstation - ok
17:33:41.0526 1616 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:33:41.0542 1616 lltdio - ok
17:33:42.0930 1616 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:33:42.0977 1616 lltdsvc - ok
17:33:43.0960 1616 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:33:43.0975 1616 lmhosts - ok
17:33:45.0629 1616 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
17:33:45.0645 1616 LSI_FC - ok
17:33:47.0392 1616 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
17:33:47.0423 1616 LSI_SAS - ok
17:33:49.0264 1616 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
17:33:49.0264 1616 LSI_SAS2 - ok
17:33:51.0276 1616 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
17:33:51.0292 1616 LSI_SCSI - ok
17:33:52.0462 1616 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:33:52.0462 1616 luafv - ok
17:33:54.0115 1616 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
17:33:54.0115 1616 MBAMProtector - ok
17:33:54.0864 1616 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:33:54.0927 1616 MBAMService - ok
17:33:55.0535 1616 McAfee SiteAdvisor Service (02aa4f6f30605c72faab7a2858735c11) c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
17:33:55.0847 1616 McAfee SiteAdvisor Service - ok
17:33:56.0502 1616 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:33:56.0518 1616 McMPFSvc - ok
17:33:56.0643 1616 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:33:56.0658 1616 mcmscsvc - ok
17:33:56.0705 1616 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:33:56.0705 1616 McNaiAnn - ok
17:33:56.0845 1616 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:33:56.0845 1616 McNASvc - ok
17:33:57.0267 1616 McODS (3809b77eb1734cd5fb317425f188abc1) C:\Program Files\McAfee\VirusScan\mcods.exe
17:33:57.0267 1616 McODS - ok
17:33:57.0672 1616 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:33:57.0672 1616 McProxy - ok
17:33:58.0218 1616 McShield (4a463d645b48bb487ca7df12ba5d1602) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
17:33:58.0218 1616 McShield - ok
17:33:59.0419 1616 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
17:33:59.0451 1616 Mcx2Svc - ok
17:34:01.0073 1616 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
17:34:01.0073 1616 megasas - ok
17:34:02.0758 1616 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
17:34:02.0773 1616 MegaSR - ok
17:34:04.0380 1616 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys
17:34:04.0380 1616 mfeapfk - ok
17:34:06.0112 1616 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys
17:34:06.0112 1616 mfeavfk - ok
17:34:06.0642 1616 mfefire (c53b7aba204d9f7e9568ec147a1485c5) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
17:34:06.0642 1616 mfefire - ok
17:34:08.0405 1616 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys
17:34:08.0405 1616 mfefirek - ok
17:34:09.0996 1616 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys
17:34:10.0043 1616 mfehidk - ok
17:34:11.0587 1616 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys
17:34:11.0587 1616 mfenlfk - ok
17:34:13.0101 1616 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys
17:34:13.0132 1616 mferkdet - ok
17:34:14.0395 1616 mfevtp (8f3b3c3625e3aaa11d6d4db8423e1721) C:\Windows\system32\mfevtps.exe
17:34:14.0395 1616 mfevtp - ok
17:34:16.0033 1616 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys
17:34:16.0080 1616 mfewfpk - ok
17:34:17.0110 1616 Microsoft SharePoint Workspace Audit Service - ok
17:34:18.0483 1616 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:34:18.0483 1616 MMCSS - ok
17:34:20.0386 1616 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:34:20.0386 1616 Modem - ok
17:34:21.0930 1616 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:34:21.0946 1616 monitor - ok
17:34:23.0693 1616 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:34:23.0693 1616 mouclass - ok
17:34:25.0596 1616 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:34:25.0612 1616 mouhid - ok
17:34:27.0453 1616 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:34:27.0453 1616 mountmgr - ok
17:34:29.0262 1616 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:34:29.0278 1616 mpio - ok
17:34:31.0150 1616 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:34:31.0165 1616 mpsdrv - ok
17:34:32.0663 1616 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:34:32.0663 1616 MRxDAV - ok
17:34:34.0395 1616 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:34:34.0582 1616 mrxsmb - ok
17:34:36.0282 1616 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:34:36.0282 1616 mrxsmb10 - ok
17:34:37.0795 1616 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:34:37.0795 1616 mrxsmb20 - ok
17:34:39.0465 1616 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:34:39.0480 1616 msahci - ok
17:34:41.0337 1616 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:34:41.0352 1616 msdsm - ok
17:34:42.0694 1616 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:34:42.0709 1616 MSDTC - ok
17:34:44.0129 1616 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:34:44.0145 1616 Msfs - ok
17:34:46.0188 1616 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:34:46.0204 1616 mshidkmdf - ok
17:34:48.0294 1616 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:34:48.0310 1616 msisadrv - ok
17:34:49.0683 1616 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:34:49.0807 1616 MSiSCSI - ok
17:34:50.0728 1616 msiserver - ok
17:34:52.0522 1616 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:34:52.0553 1616 MSKSSRV - ok
17:34:54.0051 1616 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:34:54.0082 1616 MSPCLOCK - ok
17:34:55.0860 1616 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:34:55.0860 1616 MSPQM - ok
Ashleydo
2012-04-16, 00:47
17:34:56.0937 1616 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:34:56.0952 1616 MsRPC - ok
17:34:58.0590 1616 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
17:34:58.0590 1616 mssmbios - ok
17:35:00.0369 1616 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:35:00.0431 1616 MSTEE - ok
17:35:01.0944 1616 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
17:35:01.0944 1616 MTConfig - ok
17:35:03.0660 1616 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:35:03.0660 1616 Mup - ok
17:35:04.0721 1616 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
17:35:04.0799 1616 napagent - ok
17:35:06.0640 1616 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:35:06.0640 1616 NativeWifiP - ok
17:35:08.0325 1616 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:35:08.0340 1616 NDIS - ok
17:35:10.0103 1616 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:35:10.0150 1616 NdisCap - ok
17:35:12.0225 1616 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:35:12.0240 1616 NdisTapi - ok
17:35:13.0785 1616 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:35:13.0800 1616 Ndisuio - ok
17:35:15.0563 1616 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:35:15.0703 1616 NdisWan - ok
17:35:17.0264 1616 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:35:17.0264 1616 NDProxy - ok
17:35:19.0182 1616 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:35:19.0198 1616 NetBIOS - ok
17:35:21.0101 1616 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:35:21.0117 1616 NetBT - ok
17:35:22.0443 1616 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:35:22.0443 1616 Netlogon - ok
17:35:23.0660 1616 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:35:23.0894 1616 Netman - ok
17:35:25.0220 1616 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:35:25.0251 1616 netprofm - ok
17:35:26.0920 1616 netr28x (2f06e01de7a3e366185e65c41c9debf7) C:\Windows\system32\DRIVERS\netr28x.sys
17:35:26.0936 1616 netr28x - ok
17:35:27.0669 1616 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:35:27.0684 1616 NetTcpPortSharing - ok
17:35:29.0915 1616 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
17:35:29.0931 1616 nfrd960 - ok
17:35:31.0210 1616 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
17:35:31.0226 1616 NlaSvc - ok
17:35:33.0207 1616 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:35:33.0222 1616 Npfs - ok
17:35:34.0470 1616 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:35:34.0486 1616 nsi - ok
17:35:36.0327 1616 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:35:36.0374 1616 nsiproxy - ok
17:35:38.0074 1616 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:35:38.0292 1616 Ntfs - ok
17:35:39.0837 1616 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:35:39.0868 1616 Null - ok
17:35:41.0381 1616 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
17:35:41.0397 1616 NVENETFD - ok
17:35:42.0957 1616 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:35:42.0972 1616 nvraid - ok
17:35:44.0751 1616 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:35:44.0876 1616 nvstor - ok
17:35:46.0810 1616 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:35:46.0841 1616 nv_agp - ok
17:35:48.0776 1616 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:35:48.0776 1616 ohci1394 - ok
17:35:49.0400 1616 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:35:49.0446 1616 ose - ok
17:35:50.0039 1616 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:35:50.0351 1616 osppsvc - ok
17:35:51.0474 1616 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:35:51.0490 1616 p2pimsvc - ok
17:35:52.0769 1616 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:35:52.0832 1616 p2psvc - ok
17:35:54.0844 1616 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
17:35:54.0860 1616 Parport - ok
17:35:56.0903 1616 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
17:35:56.0919 1616 partmgr - ok
17:35:58.0401 1616 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:35:58.0432 1616 PcaSvc - ok
17:36:00.0320 1616 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:36:00.0335 1616 pci - ok
17:36:01.0942 1616 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:36:01.0942 1616 pciide - ok
17:36:03.0455 1616 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
17:36:03.0642 1616 pcmcia - ok
17:36:05.0936 1616 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:36:05.0967 1616 pcw - ok
17:36:07.0230 1616 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:36:07.0246 1616 PEAUTH - ok
17:36:08.0198 1616 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:36:08.0463 1616 PerfHost - ok
17:36:09.0165 1616 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
17:36:09.0196 1616 pla - ok
17:36:09.0976 1616 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
17:36:09.0992 1616 PlugPlay - ok
17:36:10.0444 1616 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:36:10.0444 1616 PNRPAutoReg - ok
17:36:11.0240 1616 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:36:11.0240 1616 PNRPsvc - ok
17:36:12.0020 1616 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
17:36:12.0020 1616 PolicyAgent - ok
17:36:12.0644 1616 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:36:12.0644 1616 Power - ok
17:36:13.0346 1616 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:36:13.0346 1616 PptpMiniport - ok
17:36:14.0625 1616 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
17:36:14.0625 1616 Processor - ok
17:36:14.0921 1616 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
17:36:14.0921 1616 ProfSvc - ok
17:36:15.0218 1616 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:36:15.0218 1616 ProtectedStorage - ok
17:36:15.0732 1616 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:36:15.0732 1616 Psched - ok
17:36:16.0247 1616 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
17:36:16.0278 1616 ql2300 - ok
17:36:16.0809 1616 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
17:36:16.0840 1616 ql40xx - ok
17:36:17.0823 1616 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:36:17.0823 1616 QWAVE - ok
17:36:18.0540 1616 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:36:18.0540 1616 QWAVEdrv - ok
17:36:19.0570 1616 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:36:19.0586 1616 RasAcd - ok
17:36:20.0631 1616 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:36:20.0646 1616 RasAgileVpn - ok
17:36:20.0974 1616 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:36:20.0974 1616 RasAuto - ok
17:36:22.0222 1616 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:36:22.0238 1616 Rasl2tp - ok
17:36:22.0737 1616 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
17:36:22.0737 1616 RasMan - ok
17:36:23.0314 1616 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:36:23.0314 1616 RasPppoe - ok
17:36:24.0312 1616 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:36:24.0328 1616 RasSstp - ok
17:36:24.0749 1616 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:36:24.0765 1616 rdbss - ok
17:36:25.0233 1616 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
17:36:25.0264 1616 rdpbus - ok
17:36:26.0106 1616 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:36:26.0106 1616 RDPCDD - ok
17:36:26.0652 1616 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:36:26.0652 1616 RDPENCDD - ok
17:36:27.0354 1616 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:36:27.0354 1616 RDPREFMP - ok
17:36:28.0228 1616 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
17:36:28.0244 1616 RDPWD - ok
17:36:28.0790 1616 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:36:28.0790 1616 rdyboost - ok
17:36:29.0148 1616 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:36:29.0148 1616 RemoteAccess - ok
17:36:29.0866 1616 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:36:29.0866 1616 RemoteRegistry - ok
17:36:30.0006 1616 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
17:36:30.0038 1616 RoxioNow Service - ok
17:36:30.0490 1616 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:36:30.0490 1616 RpcEptMapper - ok
17:36:30.0849 1616 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:36:30.0849 1616 RpcLocator - ok
17:36:31.0145 1616 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:36:31.0145 1616 RpcSs - ok
17:36:32.0190 1616 RSPCIESTOR (546d7f426776090b90ef5f195b6ae662) C:\Windows\system32\DRIVERS\RtsPStor.sys
17:36:32.0190 1616 RSPCIESTOR - ok
17:36:32.0752 1616 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:36:32.0768 1616 rspndr - ok
17:36:33.0501 1616 RTL8167 (3372196f61af48503656ef6aa3e92d1b) C:\Windows\system32\DRIVERS\Rt64win7.sys
17:36:33.0501 1616 RTL8167 - ok
17:36:34.0172 1616 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:36:34.0187 1616 SamSs - ok
17:36:34.0655 1616 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:36:34.0655 1616 sbp2port - ok
17:36:35.0092 1616 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:36:35.0108 1616 SCardSvr - ok
17:36:35.0903 1616 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:36:35.0903 1616 scfilter - ok
17:36:36.0246 1616 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
17:36:36.0262 1616 Schedule - ok
17:36:36.0730 1616 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:36:36.0730 1616 SCPolicySvc - ok
17:36:37.0198 1616 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
17:36:37.0214 1616 sdbus - ok
17:36:37.0931 1616 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
17:36:37.0931 1616 SDRSVC - ok
17:36:38.0056 1616 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
17:36:38.0072 1616 SeaPort - ok
17:36:38.0555 1616 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:36:38.0555 1616 secdrv - ok
17:36:38.0961 1616 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
17:36:38.0976 1616 seclogon - ok
17:36:39.0257 1616 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
17:36:39.0257 1616 SENS - ok
17:36:40.0121 1616 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:36:40.0121 1616 SensrSvc - ok
17:36:40.0621 1616 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
17:36:40.0621 1616 Serenum - ok
17:36:41.0181 1616 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
17:36:41.0181 1616 Serial - ok
17:36:42.0341 1616 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
17:36:42.0341 1616 sermouse - ok
17:36:42.0731 1616 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
17:36:42.0731 1616 SessionEnv - ok
17:36:43.0246 1616 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:36:43.0246 1616 sffdisk - ok
17:36:44.0214 1616 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:36:44.0224 1616 sffp_mmc - ok
17:36:44.0817 1616 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:36:44.0819 1616 sffp_sd - ok
17:36:45.0368 1616 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
17:36:45.0370 1616 sfloppy - ok
17:36:46.0394 1616 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:36:46.0399 1616 SharedAccess - ok
17:36:46.0687 1616 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
17:36:46.0693 1616 ShellHWDetection - ok
17:36:47.0130 1616 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
17:36:47.0132 1616 SiSRaid2 - ok
17:36:48.0198 1616 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
17:36:48.0205 1616 SiSRaid4 - ok
17:36:48.0414 1616 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files (x86)\Skype\Updater\Updater.exe
17:36:48.0428 1616 SkypeUpdate - ok
17:36:48.0976 1616 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:36:48.0979 1616 Smb - ok
17:36:49.0345 1616 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:36:49.0348 1616 SNMPTRAP - ok
17:36:50.0077 1616 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:36:50.0079 1616 spldr - ok
17:36:50.0431 1616 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
17:36:50.0439 1616 Spooler - ok
17:36:50.0835 1616 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
17:36:50.0925 1616 sppsvc - ok
17:36:52.0436 1616 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:36:52.0440 1616 sppuinotify - ok
17:36:53.0009 1616 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:36:53.0016 1616 srv - ok
17:36:54.0200 1616 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:36:54.0230 1616 srv2 - ok
17:36:55.0039 1616 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
17:36:55.0045 1616 SrvHsfHDA - ok
17:36:55.0962 1616 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
17:36:56.0014 1616 SrvHsfV92 - ok
17:36:56.0590 1616 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
17:36:56.0608 1616 SrvHsfWinac - ok
17:36:57.0197 1616 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:36:57.0200 1616 srvnet - ok
17:36:57.0768 1616 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:36:57.0778 1616 SSDPSRV - ok
17:36:58.0217 1616 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:36:58.0221 1616 SstpSvc - ok
17:36:58.0413 1616 STacSV (54de4331fbcfabcdfda5c845f856d848) C:\Program Files\IDT\WDM\STacSV64.exe
17:36:58.0524 1616 STacSV - ok
17:36:59.0103 1616 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
17:36:59.0105 1616 stexstor - ok
17:36:59.0947 1616 STHDA (400ebac444d0622cb0f7fba23b234b82) C:\Windows\system32\DRIVERS\stwrt64.sys
17:36:59.0966 1616 STHDA - ok
17:37:00.0390 1616 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
17:37:00.0400 1616 stisvc - ok
17:37:01.0119 1616 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:37:01.0120 1616 swenum - ok
17:37:02.0001 1616 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:37:02.0012 1616 swprv - ok
17:37:02.0881 1616 SynTP (ac3cc98b1bdb6540021d3ffb105ac2b9) C:\Windows\system32\DRIVERS\SynTP.sys
17:37:02.0884 1616 SynTP - ok
17:37:03.0250 1616 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
17:37:03.0297 1616 SysMain - ok
17:37:03.0977 1616 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
17:37:03.0980 1616 TabletInputService - ok
17:37:04.0308 1616 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
17:37:04.0316 1616 TapiSrv - ok
17:37:05.0103 1616 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:37:05.0111 1616 TBS - ok
17:37:06.0354 1616 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
17:37:06.0563 1616 Tcpip - ok
17:37:07.0125 1616 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
17:37:07.0137 1616 TCPIP6 - ok
17:37:07.0923 1616 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:37:07.0939 1616 tcpipreg - ok
17:37:08.0903 1616 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:37:08.0904 1616 TDPIPE - ok
17:37:09.0374 1616 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
17:37:09.0377 1616 TDTCP - ok
17:37:10.0287 1616 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:37:10.0287 1616 tdx - ok
17:37:10.0907 1616 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
17:37:10.0907 1616 TermDD - ok
17:37:11.0227 1616 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
17:37:11.0237 1616 TermService - ok
17:37:11.0927 1616 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:37:11.0937 1616 Themes - ok
17:37:12.0272 1616 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:37:12.0272 1616 THREADORDER - ok
17:37:12.0553 1616 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:37:12.0553 1616 TrkWks - ok
17:37:12.0740 1616 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
17:37:12.0740 1616 TrustedInstaller - ok
17:37:13.0317 1616 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:37:13.0317 1616 tssecsrv - ok
17:37:14.0316 1616 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:37:14.0316 1616 TsUsbFlt - ok
17:37:14.0784 1616 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
17:37:14.0784 1616 TsUsbGD - ok
17:37:15.0314 1616 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:37:15.0314 1616 tunnel - ok
17:37:15.0954 1616 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
17:37:15.0954 1616 uagp35 - ok
17:37:16.0406 1616 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:37:16.0422 1616 udfs - ok
17:37:16.0781 1616 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:37:16.0781 1616 UI0Detect - ok
17:37:17.0467 1616 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:37:17.0498 1616 uliagpkx - ok
17:37:18.0294 1616 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
17:37:18.0294 1616 umbus - ok
17:37:18.0840 1616 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
17:37:18.0840 1616 UmPass - ok
17:37:19.0261 1616 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:37:19.0277 1616 upnphost - ok
17:37:20.0072 1616 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
17:37:20.0088 1616 USBAAPL64 - ok
17:37:20.0525 1616 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:37:20.0571 1616 usbccgp - ok
17:37:21.0086 1616 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:37:21.0086 1616 usbcir - ok
17:37:21.0929 1616 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
17:37:21.0944 1616 usbehci - ok
17:37:22.0568 1616 usbfilter (76e2ffad301490ba27b947c6507752fb) C:\Windows\system32\DRIVERS\usbfilter.sys
17:37:22.0568 1616 usbfilter - ok
17:37:23.0005 1616 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:37:23.0021 1616 usbhub - ok
17:37:23.0613 1616 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
17:37:23.0629 1616 usbohci - ok
17:37:24.0081 1616 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
17:37:24.0081 1616 usbprint - ok
17:37:24.0503 1616 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
17:37:24.0503 1616 USBSTOR - ok
17:37:25.0158 1616 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
17:37:25.0173 1616 usbuhci - ok
17:37:26.0000 1616 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
17:37:26.0000 1616 usbvideo - ok
17:37:26.0312 1616 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:37:26.0312 1616 UxSms - ok
17:37:26.0593 1616 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:37:26.0593 1616 VaultSvc - ok
17:37:27.0092 1616 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:37:27.0092 1616 vdrvroot - ok
17:37:27.0404 1616 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
17:37:27.0435 1616 vds - ok
17:37:28.0418 1616 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:37:28.0418 1616 vga - ok
17:37:28.0839 1616 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:37:28.0839 1616 VgaSave - ok
17:37:29.0276 1616 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:37:29.0276 1616 vhdmp - ok
17:37:29.0807 1616 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:37:29.0807 1616 viaide - ok
17:37:30.0259 1616 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:37:30.0259 1616 volmgr - ok
17:37:30.0696 1616 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:37:30.0696 1616 volmgrx - ok
17:37:31.0148 1616 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:37:31.0148 1616 volsnap - ok
17:37:31.0585 1616 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
17:37:31.0585 1616 vsmraid - ok
17:37:31.0928 1616 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
17:37:31.0959 1616 VSS - ok
17:37:32.0396 1616 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:37:32.0396 1616 vwifibus - ok
17:37:32.0817 1616 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:37:32.0817 1616 vwififlt - ok
17:37:33.0129 1616 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:37:33.0145 1616 W32Time - ok
17:37:33.0800 1616 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
17:37:33.0800 1616 WacomPen - ok
17:37:34.0268 1616 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:37:34.0268 1616 WANARP - ok
17:37:34.0299 1616 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:37:34.0299 1616 Wanarpv6 - ok
17:37:34.0643 1616 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
17:37:34.0674 1616 WatAdminSvc - ok
17:37:34.0986 1616 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
17:37:35.0033 1616 wbengine - ok
17:37:35.0329 1616 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:37:35.0345 1616 WbioSrvc - ok
17:37:35.0766 1616 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
17:37:35.0781 1616 wcncsvc - ok
17:37:36.0078 1616 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:37:36.0078 1616 WcsPlugInService - ok
17:37:36.0515 1616 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
17:37:36.0515 1616 Wd - ok
17:37:36.0967 1616 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:37:36.0967 1616 Wdf01000 - ok
17:37:37.0310 1616 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:37:37.0310 1616 WdiServiceHost - ok
17:37:37.0310 1616 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:37:37.0310 1616 WdiSystemHost - ok
17:37:38.0277 1616 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
17:37:38.0293 1616 WebClient - ok
17:37:38.0870 1616 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:37:38.0886 1616 Wecsvc - ok
17:37:39.0167 1616 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:37:39.0167 1616 wercplsupport - ok
17:37:39.0635 1616 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:37:39.0650 1616 WerSvc - ok
17:37:40.0087 1616 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:37:40.0087 1616 WfpLwf - ok
17:37:40.0555 1616 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:37:40.0555 1616 WIMMount - ok
17:37:40.0571 1616 WinHttpAutoProxySvc - ok
17:37:40.0929 1616 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:37:40.0945 1616 Winmgmt - ok
17:37:41.0553 1616 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
17:37:41.0600 1616 WinRM - ok
17:37:42.0318 1616 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
17:37:42.0365 1616 WinUsb - ok
17:37:42.0708 1616 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:37:42.0723 1616 Wlansvc - ok
17:37:43.0020 1616 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:37:43.0051 1616 wlcrasvc - ok
17:37:43.0213 1616 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:37:43.0263 1616 wlidsvc - ok
17:37:44.0133 1616 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:37:44.0133 1616 WmiAcpi - ok
17:37:44.0673 1616 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:37:44.0683 1616 wmiApSrv - ok
17:37:44.0753 1616 WMPNetworkSvc - ok
17:37:45.0073 1616 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:37:45.0083 1616 WPCSvc - ok
17:37:46.0016 1616 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
17:37:46.0016 1616 WPDBusEnum - ok
17:37:46.0921 1616 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:37:46.0936 1616 ws2ifsl - ok
17:37:47.0794 1616 WSearch - ok
17:37:48.0590 1616 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
17:37:48.0637 1616 wuauserv - ok
17:37:50.0306 1616 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:37:50.0321 1616 WudfPf - ok
17:37:51.0445 1616 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:37:51.0460 1616 WUDFRd - ok
17:37:52.0115 1616 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
17:37:52.0115 1616 wudfsvc - ok
17:37:52.0942 1616 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:37:52.0942 1616 WwanSvc - ok
17:37:52.0989 1616 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0
17:37:53.0036 1616 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
17:37:53.0036 1616 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
17:37:53.0067 1616 Boot (0x1200) (5769326bc5bae3494e4c97c3ffa97964) \Device\Harddisk0\DR0\Partition0
17:37:53.0098 1616 \Device\Harddisk0\DR0\Partition0 - ok
17:37:53.0114 1616 Boot (0x1200) (5e20204b3655abb9809d8f9e96d3dcab) \Device\Harddisk0\DR0\Partition1
17:37:53.0114 1616 \Device\Harddisk0\DR0\Partition1 - ok
17:37:53.0161 1616 Boot (0x1200) (4aba3a6a520d0b350cb64e4d5a9a5e41) \Device\Harddisk0\DR0\Partition2
17:37:53.0192 1616 \Device\Harddisk0\DR0\Partition2 - ok
17:37:53.0264 1616 Boot (0x1200) (86d8620539c721d35343919fe8a83117) \Device\Harddisk0\DR0\Partition3
17:37:53.0314 1616 \Device\Harddisk0\DR0\Partition3 - ok
17:37:53.0314 1616 ============================================================
17:37:53.0314 1616 Scan finished
17:37:53.0314 1616 ============================================================
17:37:53.0324 1592 Detected object count: 1
17:37:53.0324 1592 Actual detected object count: 1
17:38:16.0384 1592 \Device\Harddisk0\DR0\# - copied to quarantine
17:38:16.0384 1592 \Device\Harddisk0\DR0 - copied to quarantine
17:38:16.0462 1592 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
17:38:16.0462 1592 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
17:38:16.0477 1592 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
17:38:16.0477 1592 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
17:38:16.0509 1592 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
17:38:16.0524 1592 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
17:38:16.0555 1592 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
17:38:16.0555 1592 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
17:38:16.0571 1592 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
17:38:16.0571 1592 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
17:38:16.0587 1592 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
17:38:16.0587 1592 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
17:38:16.0602 1592 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
17:38:16.0602 1592 \Device\Harddisk0\DR0 - ok
17:38:17.0491 1592 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
17:38:23.0630 0460 Deinitialize success
Go ahead and shut it down, then restart it , Drag Combfix to the trash and download a fresh updated copy and run it once more
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Ashleydo
2012-04-16, 06:50
Here is the combofix report. I have had to restore a couple of times to a couple of days ago because it would not work. I don't know if that matters or not.
ComboFix 12-04-15.02 - Ashley Do 04/15/2012 23:32:54.2.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2800 [GMT -5:00]
Running from: c:\users\Ashley Do\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-03-16 to 2012-04-16 )))))))))))))))))))))))))))))))
.
.
2012-04-16 04:40 . 2012-04-16 04:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-15 22:38 . 2012-04-15 22:38 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-13 21:47 . 2012-04-13 21:44 323072 ----a-w- c:\programdata\QkqnRvQCEE.exe
2012-04-13 00:58 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-12 05:13 . 2012-02-28 06:51 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-04-12 05:06 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 05:06 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 05:06 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 05:06 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 05:06 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 05:06 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 05:06 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-09 17:52 . 2012-04-10 05:06 -------- d--h--w- c:\program files (x86)\ERUNT
2012-04-09 03:37 . 2012-04-09 03:37 -------- d--h--w- c:\users\Ashley Do\AppData\Roaming\Malwarebytes
2012-04-09 03:37 . 2012-04-16 06:08 -------- d-----w- c:\programdata\Malwarebytes
2012-04-09 03:37 . 2012-04-16 06:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-09 03:16 . 2012-04-09 03:46 -------- d--h--w- c:\users\Ashley Do\AppData\Roaming\Okf
2012-04-09 03:16 . 2012-04-09 03:16 -------- d--h--w- c:\users\Ashley Do\AppData\Roaming\Zewexez
2012-04-09 02:53 . 2012-04-16 06:51 -------- d-----w- c:\program files\iPod
2012-04-09 02:53 . 2012-04-16 06:51 -------- d-----w- c:\program files\iTunes
2012-04-09 02:53 . 2012-04-16 06:51 -------- d-----w- c:\program files (x86)\iTunes
2012-04-09 02:26 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-04-09 02:26 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-04-09 02:26 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-04-09 02:25 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-09 02:25 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-09 02:25 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-09 02:25 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-04-09 02:25 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-04-09 02:25 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-09 02:25 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-04-09 00:12 . 2012-04-09 00:12 5120 ---ha-w- c:\programdata\Microsoft\Windows\DRM\9718.tmp
2012-04-09 00:12 . 2012-04-09 00:12 5120 ---ha-w- c:\programdata\Microsoft\Windows\DRM\969A.tmp
2012-04-08 21:15 . 2012-04-08 21:15 -------- d--h--w- c:\programdata\Premium
2012-04-08 21:14 . 2012-04-09 05:14 -------- d--h--w- c:\programdata\Codecv
2012-04-08 21:14 . 2012-04-08 21:14 -------- d-----w- C:\codec-info
2012-04-08 21:13 . 2012-04-08 21:16 -------- d--h--w- c:\programdata\InstallMate
2012-04-08 21:10 . 2012-04-08 21:10 -------- d--h--w- c:\users\Ashley Do\AppData\Local\DDMSettings
2012-04-08 21:08 . 2012-04-08 21:14 -------- d--h--w- c:\users\Ashley Do\AppData\Roaming\DivX
2012-04-08 21:08 . 2012-04-09 05:14 -------- d--h--w- c:\program files (x86)\Common Files\PX Storage Engine
2012-04-08 21:07 . 2012-04-09 05:14 -------- d--h--w- c:\program files\DivX
2012-04-08 21:07 . 2012-04-16 06:50 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2012-04-08 21:07 . 2012-04-16 06:02 -------- d-----w- c:\program files (x86)\DivX
2012-04-08 21:06 . 2012-04-16 06:51 -------- d-----w- c:\programdata\DivX
2012-04-08 19:12 . 2012-04-08 19:12 -------- d--h--w- c:\users\Ashley Do\AppData\Local\Windows Live Writer
2012-04-08 19:12 . 2012-04-08 19:12 -------- d--h--w- c:\users\Ashley Do\AppData\Roaming\Windows Live Writer
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-03-30 02:44 . 2012-04-16 06:05 -------- d-----w- c:\program files (x86)\Real
2012-03-27 03:00 . 2012-04-09 18:02 -------- d--h--w- c:\users\Ashley Do\AppData\Local\Windows Live
2012-03-27 02:56 . 2012-03-27 02:56 -------- d--h--w- c:\users\Ashley Do\AppData\Roaming\MPEG Streamclip
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-18 18:02 . 2011-09-20 01:45 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-15 18:58 . 2012-02-15 18:58 768848 ----a-w- c:\windows\SysWow64\msvcr100.dll
2012-02-15 18:58 . 2012-02-15 18:58 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
2012-02-14 17:09 . 2012-02-14 17:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-16_04.17.00 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ashley Do\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ashley Do\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ashley Do\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-02-28 336384]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1675160]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"QkqnRvQCEE.exe"="c:\programdata\QkqnRvQCEE.exe" [2012-04-13 323072]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Ashley Do\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ashley Do\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-02-28 354304]
R2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
R2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872]
R2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-08 2375168]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2011-08-10 102608]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-12-06 208536]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2389999988-980581348-2656622395-1002Core.job
- c:\users\Ashley Do\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-12 01:09]
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2389999988-980581348-2656622395-1002UA.job
- c:\users\Ashley Do\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-12 01:09]
.
2012-02-29 c:\windows\Tasks\HPCeeScheduleForAshley Do.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ashley Do\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ashley Do\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ashley Do\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ashley Do\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-02-15 1128448]
"norob"="c:\windows\TEMP\norob.dll" [BU]
"inlort"="c:\windows\TEMP\inlort.dll" [BU]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://exchange.ou.edu/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1 68.105.28.12 68.105.29.12 68.105.28.11
.
Supplementary scan did not complete!
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-15 23:43:09
ComboFix-quarantined-files.txt 2012-04-12 04:03
.
Pre-Run: 398,958,747,648 bytes free
Post-Run: 398,642,065,408 bytes free
.
- - End Of File - - 4568F951F0EE9FC03EE4273D3669CE4B
Good Morning,
Restoring was fine, sometimes you have to do what you have to do to get things running.
The infection on this system is one of the worst, if this was my system I would back up all my important data like documents and pictures and format and reinstall windows, this way you back to a nice clean computer with no problems. Not sure what this infection is capable of so I would suggest using a known clean computer and changing all your passwords for any sites you do online shopping with a credit card and also any online banking. If this is what you would like to do let me know and I can direct you to a good windows forum that can guide you through the process, do you have your windows CD ?
Lets check and see if this rootkit is still present
What I would like you to do is to go to Start > Control Panel > Administrative Tools > Computer Management > Then in the left pane click on Disk Management. When it opens expand it to fill the screen, then press Alt. Prnt Scrn , then go to your image editor , Paint will be fine if this is all you have and paste it in, save it to your desktop and then attach it in your next reply.
Then go ahead and run aswMBR again and post a new log please
Ashleydo
2012-04-17, 05:14
Here is the log and the print screen.
I do not have the CD. I don't think my computer came with one... if it did, I don't have it. Also, I am not able to see my documents or anything so I am not able to back those up. Any suggestions?
Thanks for your help!
Ashleydo
2012-04-17, 05:25
Also, the redirect has gone away, but I think there are still problems. The Malware bytes keeps saying it is quarantining a svchost.exe. Is that the problem?
Ashley,
Your Disk Management looks ok, but aswMBR did not run correctly, drag it to the trash and download a fresh copy, make sure it updates to the latest definitions.
Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png
On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png
You need to enable windows to show all files and folders, instructions Here (http://www.bleepingcomputer.com/tutorials/tutorial62.html)
Go to VirusTotal (http://www.virustotal.com/) and submit this file for analysis, just use the browse feature and then Send File, if it says this file has been checked before, have them recheck it. When the scan is done just copy and paste the link back to this forum for me to see.
c:\programdata\Microsoft\Windows\DRM\9718.tmp<--This file
If the site is busy you can try this one
http://virusscan.jotti.org/en
Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::
File::
c:\programdata\QkqnRvQCEE.exe
C:\Windows\svchost.exe
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QkqnRvQCEE.exe"=-
Save this as CFScript to your desktop.
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
http://i24.photobucket.com/albums/c30/ken545/CFScriptB-4.gif
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
Ashleydo
2012-04-18, 05:13
Here is the link. I will post the logs in my next reply.
https://www.virustotal.com/file/37be569caf9c076def7cf9957765ff3c03f9cf12764a87a329bbb6d5842af5e2/analysis/1334718641/
Ashleydo
2012-04-18, 06:51
Here are my logs.
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-17 22:36:40
-----------------------------
22:36:40.853 OS Version: Windows x64 6.1.7601 Service Pack 1
22:36:40.853 Number of processors: 2 586 0x603
22:36:40.853 ComputerName: ASHLEYDO-HP UserName: Ashley Do
22:36:43.988 Initialize success
22:36:49.527 AVAST engine defs: 12041601
22:36:53.974 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005e
22:36:53.974 Disk 0 Vendor: ST950032 0005 Size: 476940MB BusType: 11
22:36:54.130 Disk 0 MBR read successfully
22:36:54.145 Disk 0 MBR scan
22:36:54.145 Disk 0 Windows 7 default MBR code
22:36:54.176 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
22:36:54.208 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 461586 MB offset 409600
22:36:54.254 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15050 MB offset 945737728
22:36:54.301 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
22:36:54.426 Disk 0 scanning C:\Windows\system32\drivers
22:37:22.835 Service scanning
22:37:56.553 Modules scanning
22:37:56.553 Disk 0 trace - called modules:
22:37:56.631 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
22:37:56.631 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003e4e060]
22:37:56.647 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa80042d4ac0]
22:37:56.647 5 amd_xata.sys[fffff88001080900] -> nt!IofCallDriver -> \Device\0000005e[0xfffffa80042d0060]
22:37:58.300 AVAST engine scan C:\Windows
22:38:47.604 AVAST engine scan C:\Windows\system32
22:44:55.362 AVAST engine scan C:\Windows\system32\drivers
22:45:06.282 AVAST engine scan C:\Users\Ashley Do
23:05:19.011 AVAST engine scan C:\ProgramData
23:08:13.809 Scan finished successfully
23:09:06.679 Disk 0 MBR has been saved successfully to "C:\Users\Ashley Do\Desktop\MBR.dat"
23:09:06.694 The log file has been saved successfully to "C:\Users\Ashley Do\Desktop\aswMBR.txt"
ComboFix 12-04-17.01 - Ashley Do 04/17/2012 23:11:59.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1925 [GMT -5:00]
Running from: C:\Users\Ashley Do\Desktop\ComboFix.exe
Command switches used :: C:\Users\Ashley Do\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
FILE ::
"c:\programdata\QkqnRvQCEE.exe"
"C:\Windows\svchost.exe"
((((((((((((((((((((((((( Files Created from 2012-03-18 to 2012-04-18 )))))))))))))))))))))))))))))))
2012-04-18 04:23:56 . 2012-04-18 04:23:56 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-04-15 22:38:16 . 2012-04-15 22:38:16 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-13 00:58:02 . 2012-04-04 20:56:40 24904 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-04-12 05:13:59 . 2012-02-28 06:51:51 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2012-04-12 05:06:31 . 2012-03-01 06:46:16 23408 ----a-w- C:\Windows\system32\drivers\fs_rec.sys
2012-04-12 05:06:31 . 2012-03-01 06:33:50 81408 ----a-w- C:\Windows\system32\imagehlp.dll
2012-04-12 05:06:31 . 2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-12 05:06:30 . 2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-12 05:06:29 . 2012-03-01 06:38:27 220672 ----a-w- C:\Windows\system32\wintrust.dll
2012-04-12 05:06:29 . 2012-03-01 06:28:47 5120 ----a-w- C:\Windows\system32\wmi.dll
2012-04-12 05:06:29 . 2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-09 17:52:26 . 2012-04-10 05:06:56 -------- d--h--w- C:\Program Files (x86)\ERUNT
2012-04-09 03:37:25 . 2012-04-09 03:37:25 -------- d--h--w- C:\Users\Ashley Do\AppData\Roaming\Malwarebytes
2012-04-09 03:37:09 . 2012-04-17 05:00:12 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-09 03:37:08 . 2012-04-17 05:18:45 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-09 03:16:22 . 2012-04-09 03:46:54 -------- d--h--w- C:\Users\Ashley Do\AppData\Roaming\Okf
2012-04-09 03:16:22 . 2012-04-09 03:16:58 -------- d--h--w- C:\Users\Ashley Do\AppData\Roaming\Zewexez
2012-04-09 02:53:31 . 2012-04-17 04:59:08 -------- d-----w- C:\Program Files\iPod
2012-04-09 02:53:29 . 2012-04-17 05:19:27 -------- d-----w- C:\Program Files\iTunes
2012-04-09 02:53:29 . 2012-04-17 05:18:44 -------- d-----w- C:\Program Files (x86)\iTunes
2012-04-09 02:26:31 . 2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\system32\win32k.sys
2012-04-09 02:26:30 . 2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\system32\DWrite.dll
2012-04-09 02:26:30 . 2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-04-09 02:25:56 . 2012-01-25 06:38:39 77312 ----a-w- C:\Windows\system32\rdpwsx.dll
2012-04-09 02:25:56 . 2012-01-25 06:38:38 149504 ----a-w- C:\Windows\system32\rdpcorekmts.dll
2012-04-09 02:25:56 . 2012-01-25 06:33:30 9216 ----a-w- C:\Windows\system32\rdrmemptylst.exe
2012-04-09 02:25:49 . 2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\system32\rdpcore.dll
2012-04-09 02:25:49 . 2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-04-09 02:25:49 . 2012-02-17 04:58:24 210944 ----a-w- C:\Windows\system32\drivers\rdpwd.sys
2012-04-09 02:25:49 . 2012-02-17 04:57:32 23552 ----a-w- C:\Windows\system32\drivers\tdtcp.sys
2012-04-09 00:12:03 . 2012-04-09 00:12:03 5120 ---ha-w- C:\ProgramData\Microsoft\Windows\DRM\9718.tmp
2012-04-09 00:12:03 . 2012-04-09 00:12:03 5120 ---ha-w- C:\ProgramData\Microsoft\Windows\DRM\969A.tmp
2012-04-08 21:15:57 . 2012-04-08 21:15:57 -------- d--h--w- C:\ProgramData\Premium
2012-04-08 21:14:36 . 2012-04-09 05:14:32 -------- d--h--w- C:\ProgramData\Codecv
2012-04-08 21:14:18 . 2012-04-08 21:14:18 -------- d-----w- C:\codec-info
2012-04-08 21:13:41 . 2012-04-08 21:16:01 -------- d--h--w- C:\ProgramData\InstallMate
2012-04-08 21:10:27 . 2012-04-08 21:10:27 -------- d--h--w- C:\Users\Ashley Do\AppData\Local\DDMSettings
2012-04-08 21:08:52 . 2012-04-08 21:14:24 -------- d--h--w- C:\Users\Ashley Do\AppData\Roaming\DivX
2012-04-08 21:08:26 . 2012-04-09 05:14:42 -------- d--h--w- C:\Program Files (x86)\Common Files\PX Storage Engine
2012-04-08 21:07:49 . 2012-04-09 05:14:34 -------- d--h--w- C:\Program Files\DivX
2012-04-08 21:07:38 . 2012-04-17 05:18:26 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
2012-04-08 21:07:02 . 2012-04-17 04:55:27 -------- d-----w- C:\Program Files (x86)\DivX
2012-04-08 21:06:11 . 2012-04-17 05:00:08 -------- d-----w- C:\ProgramData\DivX
2012-04-08 19:12:10 . 2012-04-08 19:12:20 -------- d--h--w- C:\Users\Ashley Do\AppData\Local\Windows Live Writer
2012-04-08 19:12:10 . 2012-04-08 19:12:10 -------- d--h--w- C:\Users\Ashley Do\AppData\Roaming\Windows Live Writer
2012-04-04 05:53:56 . 2012-04-04 05:53:56 182160 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-03-30 02:44:16 . 2012-04-17 04:58:22 -------- d-----w- C:\Program Files (x86)\Real
2012-03-27 03:00:05 . 2012-04-09 18:02:37 -------- d--h--w- C:\Users\Ashley Do\AppData\Local\Windows Live
2012-03-27 02:56:03 . 2012-03-27 02:56:03 -------- d--h--w- C:\Users\Ashley Do\AppData\Roaming\MPEG Streamclip
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2012-02-18 18:02:22 . 2011-09-20 01:45:32 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-15 18:58:02 . 2012-02-15 18:58:02 768848 ----a-w- C:\Windows\SysWow64\msvcr100.dll
2012-02-15 18:58:00 . 2012-02-15 18:58:00 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll
2012-02-14 17:09:44 . 2012-02-14 17:09:44 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 94208 ----a-w- C:\Users\Ashley Do\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 94208 ----a-w- C:\Users\Ashley Do\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 94208 ----a-w- C:\Users\Ashley Do\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 21:07:20 2260480]
"RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe" [BU]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe" [2012-02-29 13:55:08 17148552]
"MobileDocuments"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 17:30:40 59240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-02-28 18:43:12 336384]
"HPConnectionManager"="C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 22:49:04 94264]
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 05:53:56 35736]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 07:37:53 843712]
"Easybits Recovery"="C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 19:00:00 61112]
"mcui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2011-11-22 22:19:30 1675160]
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 02:28:32 59240]
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2011-10-24 20:28:52 421888]
"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 20:54:26 91520]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 19:06:06 254696]
"HP Quick Launch"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 18:58:00 577408]
"HPOSD"="C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 20:48:44 379960]
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 10:09:24 421736]
"Malwarebytes' Anti-Malware"="C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 20:56:38 462408]
C:\Users\Ashley Do\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - C:\Users\Ashley Do\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 23:10:28 86072]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-02-15 19:30:18 158856]
R3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 04:23:36 183560]
R3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 17:59:12 206072]
R3 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 22:48:52 1071160]
R3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 17:15:00 31125880]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 03:34:24 4925184]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 01:10:10 57184]
S0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 11:10:42 63928]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-02-28 19:02:10 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 12:23:36 194496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 18:16:28 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 19:27:14 138576]
S2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 09:48:14 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 23:06:50 227896]
S2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 18:58:00 34872]
S2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-08 00:43:30 2375168]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 20:56:40 654408]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2011-08-10 16:53:46 102608]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 23:28:20 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 23:28:20 249936]
S2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-12-06 22:16:02 208536]
S2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\system32\mfevtps.exe [x]
S2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 14:09:12 399344]
S3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys [x]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys [x]
S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys [x]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
Contents of the 'Scheduled Tasks' folder
2012-04-09 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2389999988-980581348-2656622395-1002Core.job
- C:\Users\Ashley Do\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-12 01:09:14 . 2011-12-12 01:09:06]
2012-04-18 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2389999988-980581348-2656622395-1002UA.job
- C:\Users\Ashley Do\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-12 01:09:14 . 2011-12-12 01:09:06]
2012-02-29 C:\Windows\Tasks\HPCeeScheduleForAshley Do.job
- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15:40 . 2010-09-14 05:15:40]
--------- x86-64 -----------
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 97792 ----a-w- C:\Users\Ashley Do\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 97792 ----a-w- C:\Users\Ashley Do\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 97792 ----a-w- C:\Users\Ashley Do\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 97792 ----a-w- C:\Users\Ashley Do\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe" [2011-02-15 05:23:52 1128448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
------- Supplementary Scan -------
uStart Page = hxxp://exchange.ou.edu/
uLocal Page = C:\Windows\system32\blank.htm
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1 68.105.28.12 68.105.29.12 68.105.28.11
Supplementary scan did not complete!
Good Morning Ashley,
Things look so much better, how is your system behaving now ?
See if you can delete both these files, if not we can run them through a program to remove them, let me know
C:\ProgramData\Microsoft\Windows\DRM\9718.tmp
C:\ProgramData\Microsoft\Windows\DRM\969A.tmp
Ashleydo
2012-04-19, 05:00
It seems to be better, but it's still doesn't show all of my files that I had before. I don't know if those got lost. Is the problem gone? I am not able to even find those files anymore.
Ashley,
As far as not finding your files, can you be a bit more specific, are you saying that you cant find any of your documents in My Documents or pictures in My Pictures or wherever you save your files ?
Not finding your files, was this a problem prior to you getting infected ?
Where you able to find and delete the two files that I asked you to delete.
Please download UNHIDE (http://download.bleepingcomputer.com/grinler/unhide.exe) to your desktop
Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.
Ashleydo
2012-04-19, 15:23
I was not able to find the two files you told me to delete.
For finding my files, I am not able to see any of the files that were in My Documents, My Pictures, as well as some word documents and paint files that were on my Desktop. When I unhide them I can see some of the the files, but shouldn't I be able to see them without unhiding them? I never had this problem prior to the infection. I am able to see My Music when I unhide them.
Also, I ran a scan with Spybot S&D and it said that it did not find any problems, but when I tried to update the definitions, it failed.
I will have to download the unhide program later when I get home from work.
Lets remove those bad files and then when were done I can link you to a windows forum for help recovering your files, not sure if there just hidden or if they have been removed. Sometimes malware doesn't play nice and some damage can occur on your system either by the malware itself of trying to remove it.
Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::
File::
C:\ProgramData\Microsoft\Windows\DRM\9718.tmp
C:\ProgramData\Microsoft\Windows\DRM\969A.tmp
Save this as CFScript to your desktop.
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
http://i24.photobucket.com/albums/c30/ken545/CFScriptB-4.gif
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
Ashleydo
2012-04-20, 06:15
I can now see all my files. Here is the Combofix log.
ComboFix 12-04-19.02 - Ashley Do 04/19/2012 22:54:27.2.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.3088 [GMT -5:00]
Running from: c:\users\Ashley Do\Desktop\ComboFix.exe
Command switches used :: c:\users\Ashley Do\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\programdata\Microsoft\Windows\DRM\969A.tmp"
"c:\programdata\Microsoft\Windows\DRM\9718.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\DRM\969A.tmp
c:\programdata\Microsoft\Windows\DRM\9718.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-03-20 to 2012-04-20 )))))))))))))))))))))))))))))))
.
.
2012-04-20 04:02 . 2012-04-20 04:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-15 22:38 . 2012-04-15 22:38 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-13 00:58 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-12 05:13 . 2012-02-28 06:51 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-04-12 05:06 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 05:06 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 05:06 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 05:06 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 05:06 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 05:06 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 05:06 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-09 17:52 . 2012-04-10 05:06 -------- d-----w- c:\program files (x86)\ERUNT
2012-04-09 03:37 . 2012-04-09 03:37 -------- d-----w- c:\users\Ashley Do\AppData\Roaming\Malwarebytes
2012-04-09 03:37 . 2012-04-17 05:00 -------- d-----w- c:\programdata\Malwarebytes
2012-04-09 03:37 . 2012-04-17 05:18 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-09 03:16 . 2012-04-09 03:46 -------- d-----w- c:\users\Ashley Do\AppData\Roaming\Okf
2012-04-09 03:16 . 2012-04-09 03:16 -------- d-----w- c:\users\Ashley Do\AppData\Roaming\Zewexez
2012-04-09 02:53 . 2012-04-17 04:59 -------- d-----w- c:\program files\iPod
2012-04-09 02:53 . 2012-04-17 05:19 -------- d-----w- c:\program files\iTunes
2012-04-09 02:53 . 2012-04-17 05:18 -------- d-----w- c:\program files (x86)\iTunes
2012-04-09 02:26 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-04-09 02:26 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-04-09 02:26 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-04-09 02:25 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-09 02:25 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-09 02:25 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-09 02:25 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-04-09 02:25 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-04-09 02:25 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-09 02:25 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-04-08 21:15 . 2012-04-08 21:15 -------- d-----w- c:\programdata\Premium
2012-04-08 21:14 . 2012-04-09 05:14 -------- d-----w- c:\programdata\Codecv
2012-04-08 21:14 . 2012-04-08 21:14 -------- d-----w- C:\codec-info
2012-04-08 21:13 . 2012-04-08 21:16 -------- d-----w- c:\programdata\InstallMate
2012-04-08 21:10 . 2012-04-08 21:10 -------- d-----w- c:\users\Ashley Do\AppData\Local\DDMSettings
2012-04-08 21:08 . 2012-04-08 21:14 -------- d-----w- c:\users\Ashley Do\AppData\Roaming\DivX
2012-04-08 21:08 . 2012-04-09 05:14 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2012-04-08 21:07 . 2012-04-09 05:14 -------- d-----w- c:\program files\DivX
2012-04-08 21:07 . 2012-04-17 05:18 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2012-04-08 21:07 . 2012-04-17 04:55 -------- d-----w- c:\program files (x86)\DivX
2012-04-08 21:06 . 2012-04-17 05:00 -------- d-----w- c:\programdata\DivX
2012-04-08 19:12 . 2012-04-08 19:12 -------- d-----w- c:\users\Ashley Do\AppData\Local\Windows Live Writer
2012-04-08 19:12 . 2012-04-08 19:12 -------- d-----w- c:\users\Ashley Do\AppData\Roaming\Windows Live Writer
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-03-30 02:44 . 2012-04-17 04:58 -------- d-----w- c:\program files (x86)\Real
2012-03-27 03:00 . 2012-04-09 18:02 -------- d-----w- c:\users\Ashley Do\AppData\Local\Windows Live
2012-03-27 02:56 . 2012-03-27 02:56 -------- d-----w- c:\users\Ashley Do\AppData\Roaming\MPEG Streamclip
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-18 18:02 . 2011-09-20 01:45 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-15 18:58 . 2012-02-15 18:58 768848 ----a-w- c:\windows\SysWow64\msvcr100.dll
2012-02-15 18:58 . 2012-02-15 18:58 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
2012-02-14 17:09 . 2012-02-14 17:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-18_04.26.42 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-10-05 06:00 . 2012-04-12 05:16 16384 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2011-10-05 06:00 . 2012-04-18 04:56 16384 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2011-09-12 05:03 . 2012-04-20 03:32 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-12 05:03 . 2012-04-18 02:47 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-12 05:03 . 2012-04-20 03:32 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-09-12 05:03 . 2012-04-18 02:47 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-20 03:32 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-18 02:47 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-11-12 23:46 . 2012-04-12 05:16 34144 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2011-11-12 23:46 . 2012-04-18 04:56 34144 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2011-11-12 23:46 . 2012-04-12 05:16 42848 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\msouc.exe
+ 2011-11-12 23:46 . 2012-04-18 04:56 42848 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\msouc.exe
- 2011-11-12 23:46 . 2012-04-12 05:16 19296 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-11-12 23:46 . 2012-04-18 04:56 19296 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2012-04-20 03:33 . 2012-04-20 03:33 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\66b5c693a8aa660276216d7a521da5e2\System.Web.DynamicData.Design.ni.dll
- 2012-04-18 04:25 . 2012-04-18 04:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-20 04:03 . 2012-04-20 04:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-18 04:25 . 2012-04-18 04:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-20 04:03 . 2012-04-20 04:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-04-20 03:51 623940 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-20 03:51 106316 c:\windows\system32\perfc009.dat
- 2009-07-14 05:12 . 2012-04-18 02:47 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2012-04-20 03:25 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2012-04-13 23:39 390680 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-20 03:46 390680 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-21 10:58 . 2012-03-21 10:58 133120 c:\windows\Installer\8b123.msp
- 2011-11-12 23:46 . 2012-04-12 05:16 415584 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2011-11-12 23:46 . 2012-04-18 04:56 415584 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2011-11-12 23:46 . 2012-04-12 05:16 303456 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2011-11-12 23:46 . 2012-04-18 04:56 303456 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2011-11-12 23:46 . 2012-04-18 04:56 571232 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2011-11-12 23:46 . 2012-04-12 05:16 571232 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2011-11-12 23:46 . 2012-04-12 05:16 326496 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\joticon.exe
+ 2011-11-12 23:46 . 2012-04-18 04:56 326496 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\joticon.exe
- 2011-11-12 23:46 . 2012-04-12 05:16 469856 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2011-11-12 23:46 . 2012-04-18 04:56 469856 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2011-11-12 23:46 . 2012-04-12 05:16 178528 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
+ 2011-11-12 23:46 . 2012-04-18 04:56 178528 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
+ 2012-04-20 03:33 . 2012-04-20 03:33 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\718e8186ee8de8555888be444b86d443\WindowsFormsIntegration.ni.dll
+ 2012-04-20 03:33 . 2012-04-20 03:33 304128 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\6138a7bf63fa559ffe856b586e369ba2\TaskScheduler.ni.dll
+ 2012-04-20 03:33 . 2012-04-20 03:33 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\01e6d953aaaada7216112df9e0f39c11\System.Web.Routing.ni.dll
+ 2012-04-20 03:33 . 2012-04-20 03:33 449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\32b4d44198ecd16ca5deb1024642313f\System.Web.Entity.ni.dll
+ 2012-04-20 03:33 . 2012-04-20 03:33 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\9d7b9e05e5bc7eab07de61a8dd70757a\System.Web.Entity.Design.ni.dll
+ 2012-04-20 03:33 . 2012-04-20 03:33 753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\e59cbe4ccb29922c44bf66d3ae044b32\System.Web.DynamicData.ni.dll
+ 2012-04-20 03:32 . 2012-04-20 03:32 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\cb674da808088671f0633d46d1dade03\System.Web.Abstractions.ni.dll
+ 2012-04-20 03:28 . 2012-04-20 03:28 783360 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\c5bef7173a92e1a66e3f7a34eeed891f\System.Messaging.ni.dll
+ 2012-04-20 03:32 . 2012-04-20 03:32 855040 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\cc4082d64c96ff7569aa540b2bfb4e4e\napsnap.ni.dll
+ 2012-04-20 03:32 . 2012-04-20 03:32 162816 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\30d62e0be22cd4569141c32f8650773b\napinit.ni.dll
+ 2012-04-20 03:30 . 2012-04-20 03:30 417792 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\0da2c8a454593084e0215266b5572bf0\MMCFxCommon.ni.dll
+ 2012-04-20 03:32 . 2012-04-20 03:32 773120 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\f62e745133fcb776cd05bc7a71e1fcfc\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.ni.dll
+ 2012-04-20 03:28 . 2012-04-20 03:28 311296 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\e22a7adbb8e30533084c0845c29364a7\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.ni.dll
+ 2012-04-20 03:28 . 2012-04-20 03:28 305664 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\b4ca8eca3fb2b9e9eb4dcde40eca00b0\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.ni.dll
+ 2012-04-20 03:32 . 2012-04-20 03:32 225280 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\841980c52ea05db8c1561ee8f396f19b\Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0.ni.dll
+ 2012-04-20 03:32 . 2012-04-20 03:32 226304 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\624a2b05e9289689e3ab48f2b5b892c6\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0.ni.dll
+ 2012-04-20 03:31 . 2012-04-20 03:31 244224 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.To#\987951ffdadf4a176d1fa3a02c3288f9\Microsoft.Office.Tools.Outlook.v9.0.ni.dll
+ 2012-04-20 03:28 . 2012-04-20 03:28 253952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.To#\44eecde37d940c1c9aaebb700ae81ed5\Microsoft.Office.Tools.v9.0.ni.dll
+ 2012-04-20 03:30 . 2012-04-20 03:30 312320 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\ecaf4199c3937827b85be8e8ac36de2b\Microsoft.MediaCenter.iTv.ni.dll
+ 2012-04-20 03:30 . 2012-04-20 03:30 152576 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\8dd963b1ac45ad4d484855d9853747bd\Microsoft.MediaCenter.ITVVM.ni.dll
+ 2012-04-20 03:30 . 2012-04-20 03:30 798720 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\fe924ef08b715e71e410270c60cc372c\Microsoft.ManagementConsole.ni.dll
+ 2012-04-20 03:30 . 2012-04-20 03:30 549376 c:\windows\assembly\NativeImages_v2.0.50727_64\mcplayerinterop\857d04eadbf226277488bfabfda2a01d\mcplayerinterop.ni.dll
+ 2012-04-20 03:30 . 2012-04-20 03:30 696320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcGlidHostObj\7a2e04f455b793a14e9d1df5fdd93bf7\mcGlidHostObj.ni.dll
+ 2012-04-20 03:30 . 2012-04-20 03:30 659456 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\56c25b27b777af0b93999261cfeec0cd\EventViewer.ni.dll
+ 2012-04-20 03:29 . 2012-04-20 03:29 389120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\2c9f3eaa3e79d491c1e29ab58fdcc54a\ehExtHost.ni.exe
+ 2011-09-11 22:00 . 2012-04-20 03:46 1822300 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2389999988-980581348-2656622395-1002-8192.dat
- 2011-09-11 22:00 . 2012-04-13 23:40 1822300 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2389999988-980581348-2656622395-1002-8192.dat
+ 2012-03-21 10:57 . 2012-03-21 10:57 1591808 c:\windows\Installer\8b11c.msp
+ 2011-11-12 23:46 . 2012-04-18 04:56 1479520 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2011-11-12 23:46 . 2012-04-12 05:16 1479520 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2011-11-12 23:46 . 2012-04-12 05:16 1858400 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2011-11-12 23:46 . 2012-04-18 04:56 1858400 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2011-11-12 23:46 . 2012-04-18 04:56 3792736 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2011-11-12 23:46 . 2012-04-12 05:16 3792736 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2011-11-12 23:46 . 2012-04-18 04:56 1449312 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\accicons.exe
- 2011-11-12 23:46 . 2012-04-12 05:16 1449312 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2012-04-18 04:35 . 2012-04-18 04:35 1344000 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\4b28434c73ac4229c7ae7c4f0598e25f\System.Data.Services.Client.ni.dll
+ 2012-04-20 03:33 . 2012-04-20 03:33 1818112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\8f4bee781d2709ba927b31c6bee8abce\System.WorkflowServices.ni.dll
+ 2012-04-20 03:33 . 2012-04-20 03:33 3336704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\57631b92442dcbaa782800614f11eed4\System.Web.Mobile.ni.dll
+ 2012-04-20 03:33 . 2012-04-20 03:33 3044352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\f21b305ec2cacfd1737aba590508716a\System.Web.Extensions.ni.dll
+ 2012-04-20 03:33 . 2012-04-20 03:33 1155072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\01e5bdd5a9c2db218cf64aff1875bf10\System.Web.Extensions.Design.ni.dll
+ 2012-04-20 03:32 . 2012-04-20 03:32 3601920 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\92ab2a505e2b1e55887248752fc8791b\Narrator.ni.exe
+ 2012-04-20 03:32 . 2012-04-20 03:32 2327552 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\b843ee3c17f0b9d517f74f2fc2cef321\MMCEx.ni.dll
+ 2012-04-20 03:30 . 2012-04-20 03:30 7970304 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\ff499b53b4b43e5cf6175a7d95fb15ea\MIGUIControls.ni.dll
+ 2012-04-20 03:32 . 2012-04-20 03:32 2131968 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\a2368cca7264c3f047d16fefcb29ca66\Microsoft.VisualBasic.ni.dll
+ 2012-04-20 03:32 . 2012-04-20 03:32 5350912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\a365fda36604d8f8b6ea67667dc3dd46\Microsoft.PowerShell.Editor.ni.dll
+ 2012-04-20 03:31 . 2012-04-20 03:31 2176512 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\a1c24b217f836d73170c0f32b7dda5c2\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-04-20 03:31 . 2012-04-20 03:31 1875456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.To#\ef37fe70c135b3e38caff59f13265ff8\Microsoft.Office.Tools.Excel.v9.0.ni.dll
+ 2012-04-20 03:31 . 2012-04-20 03:31 1186304 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.To#\d4a618d9f5959f658a1892a007f96a04\Microsoft.Office.Tools.Word.v9.0.ni.dll
+ 2012-04-20 03:31 . 2012-04-20 03:31 1093632 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.To#\631ae18fbb786ed963eac3080906a3cf\Microsoft.Office.Tools.Common.v9.0.ni.dll
+ 2012-04-20 03:29 . 2012-04-20 03:29 1516544 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\8dff78b6458b3995288e7e89aa7ae34a\Microsoft.MediaCenter.ni.dll
+ 2012-04-20 03:29 . 2012-04-20 03:29 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\88b7272ddb53920b927a7ef59fd3ad6a\Microsoft.MediaCenter.UI.ni.dll
+ 2012-04-20 03:31 . 2012-04-20 03:31 1508864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\1225d00b36449afd4a4314eadcb8bf58\Microsoft.MediaCenter.Bml.ni.dll
+ 2012-04-20 03:31 . 2012-04-20 03:31 2365952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\9e91d7c4464a12eb7d2c174ffc56c168\Microsoft.Ink.ni.dll
+ 2012-04-20 03:31 . 2012-04-20 03:31 2218496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\a67cf1480b9711c9e9da320bc5114879\Microsoft.Build.Tasks.ni.dll
+ 2012-04-20 03:31 . 2012-04-20 03:31 2682880 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\7b5c7863043af7cd47dfb104c0fe6879\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-04-20 03:29 . 2012-04-20 03:29 2801664 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\a1c741fa6d3e2635dd2a2a77890c87b5\mcstore.ni.dll
+ 2011-09-11 22:00 . 2012-04-20 03:46 34095560 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2389999988-980581348-2656622395-1002-4096.dat
- 2011-09-11 22:00 . 2012-04-13 23:40 34095560 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2389999988-980581348-2656622395-1002-4096.dat
+ 2012-04-20 03:34 . 2012-04-20 03:34 15907328 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\b0adff19c63ba3b4be1cae43567af15d\PresentationCore.ni.dll
+ 2012-04-18 04:35 . 2012-04-18 04:35 13345792 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\b642a4ad94ff1e027a128b9796878372\System.Data.Entity.ni.dll
+ 2012-04-20 03:30 . 2012-04-20 03:30 25470976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\d9a8c2b82b4370a5b0f537a65d867f49\ehshell.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ashley Do\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ashley Do\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ashley Do\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-02-28 336384]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1675160]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Ashley Do\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ashley Do\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-02-28 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-08 2375168]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2011-08-10 102608]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-12-06 208536]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2389999988-980581348-2656622395-1002Core.job
- c:\users\Ashley Do\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-12 01:09]
.
2012-04-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2389999988-980581348-2656622395-1002UA.job
- c:\users\Ashley Do\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-12 01:09]
.
2012-02-29 c:\windows\Tasks\HPCeeScheduleForAshley Do.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ashley Do\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ashley Do\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ashley Do\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ashley Do\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-02-15 1128448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://exchange.ou.edu/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1 68.105.28.12 68.105.29.12 68.105.28.11
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2012-04-19 23:10:57 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-20 04:10
ComboFix2.txt 2012-04-12 04:03
.
Pre-Run: 400,739,196,928 bytes free
Post-Run: 400,666,968,064 bytes free
.
- - End Of File - - 8A81CF777FEE9CE062DE7D6D012BBA7B
Ashleydo
2012-04-20, 06:16
I tried to disable the McAfee, but it wouldn't open for me to disable it.
Good Morning,
As Far as McAfee, do you have the disk so we can reinstall it ? Lets take a final look
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
Ashleydo
2012-04-21, 00:50
Here is the OTL.txt report
OTL logfile created on: 4/20/2012 5:42:19 PM - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Ashley Do\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.75 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 55.72% Memory free
7.49 Gb Paging File | 5.41 Gb Available in Paging File | 72.30% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.77 Gb Total Space | 372.98 Gb Free Space | 82.74% Space Free | Partition Type: NTFS
Drive D: | 14.70 Gb Total Space | 1.63 Gb Free Space | 11.09% Space Free | Partition Type: NTFS
Computer Name: ASHLEYDO-HP | User Name: Ashley Do | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Ashley Do\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656368-x64.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Users\Ashley Do\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - c:\224e6b09a03d21396e6d0e\Setup.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.)
PRC - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (AMD Reservation Manager) -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (McAfee SiteAdvisor Service) -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (McAfee, Inc.)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (hpCMSrv) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.)
SRV - (RoxioNow Service) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2726EAAE-E2F9-413D-9BB8-BD280A0E30FC}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2726EAAE-E2F9-413D-9BB8-BD280A0E30FC}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-2389999988-980581348-2656622395-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://exchange.ou.edu/
IE - HKU\S-1-5-21-2389999988-980581348-2656622395-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2389999988-980581348-2656622395-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-2389999988-980581348-2656622395-1002\..\SearchScopes\{2726EAAE-E2F9-413D-9BB8-BD280A0E30FC}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-2389999988-980581348-2656622395-1002\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKU\S-1-5-21-2389999988-980581348-2656622395-1002\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\S-1-5-21-2389999988-980581348-2656622395-1002\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-2389999988-980581348-2656622395-1002\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKU\S-1-5-21-2389999988-980581348-2656622395-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2389999988-980581348-2656622395-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ashley Do\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ashley Do\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/04/17 00:18:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/04/17 00:18:27 | 000,000,000 | ---D | M]
[2012/04/08 16:15:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
========== Chrome ==========
CHR - default_search_provider: MyStart Search ()
CHR - default_search_provider: search_url = http://mystart.incredibar.com/mb139/?loc=IB_DS&search={searchTerms}&a=6R8pkwUIxT&i=26
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ashley Do\AppData\Local\Google\Chrome\Application\18.0.1025.151\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ashley Do\AppData\Local\Google\Chrome\Application\18.0.1025.151\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ashley Do\AppData\Local\Google\Chrome\Application\18.0.1025.151\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Ashley Do\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ashley Do\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: SiteAdvisor = C:\Users\Ashley Do\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Ashley Do\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Ashley Do\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
O1 HOSTS File: ([2012/04/19 23:04:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120412001601.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120412001604.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-2389999988-980581348-2656622395-1002\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-2389999988-980581348-2656622395-1002..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2389999988-980581348-2656622395-1002..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-21-2389999988-980581348-2656622395-1002..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Ashley Do\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ashley Do\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2389999988-980581348-2656622395-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2389999988-980581348-2656622395-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2389999988-980581348-2656622395-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-2389999988-980581348-2656622395-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD6EBCE2-D0F1-4064-91BC-CAB336B43EF2}: DhcpNameServer = 192.168.1.1 68.105.28.12 68.105.29.12 68.105.28.11
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/04/20 17:40:27 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Ashley Do\Desktop\OTL.exe
[2012/04/19 23:12:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/19 23:11:00 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/04/19 22:51:45 | 004,468,852 | R--- | C] (Swearware) -- C:\Users\Ashley Do\Desktop\ComboFix.exe
[2012/04/19 22:22:25 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Ashley Do\Desktop\unhide.exe
[2012/04/17 23:10:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/17 23:10:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/17 23:10:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/17 21:50:37 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Ashley Do\Desktop\aswMBR.exe
[2012/04/15 17:38:16 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/12 19:58:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/12 19:58:02 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/12 19:57:10 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Ashley Do\Desktop\mbam-setup-1.61.0.1400.exe
[2012/04/12 00:14:13 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/12 00:14:12 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/12 00:14:09 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/04/12 00:14:09 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/12 00:14:09 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/12 00:14:09 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/12 00:14:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/12 00:14:07 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/04/12 00:14:06 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/04/12 00:14:05 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/04/12 00:14:04 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/04/12 00:06:31 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/12 00:06:31 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/12 00:06:29 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/04/11 23:58:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/04/11 22:37:04 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/11 22:37:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/09 12:52:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/04/08 22:37:25 | 000,000,000 | ---D | C] -- C:\Users\Ashley Do\AppData\Roaming\Malwarebytes
[2012/04/08 22:37:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/04/08 22:37:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/04/08 22:16:22 | 000,000,000 | ---D | C] -- C:\Users\Ashley Do\AppData\Roaming\Zewexez
[2012/04/08 22:16:22 | 000,000,000 | ---D | C] -- C:\Users\Ashley Do\AppData\Roaming\Okf
[2012/04/08 21:54:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/04/08 21:53:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/04/08 21:53:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/04/08 21:53:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/04/08 21:26:30 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/04/08 21:25:56 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/04/08 21:25:56 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/04/08 21:25:56 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/04/08 21:25:49 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/04/08 21:25:49 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/04/08 16:15:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012/04/08 16:15:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
[2012/04/08 16:15:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/04/08 16:14:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Codecv
[2012/04/08 16:14:18 | 000,000,000 | ---D | C] -- C:\codec-info
[2012/04/08 16:13:41 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012/04/08 16:10:27 | 000,000,000 | ---D | C] -- C:\Users\Ashley Do\AppData\Local\DDMSettings
[2012/04/08 16:08:52 | 000,000,000 | ---D | C] -- C:\Users\Ashley Do\AppData\Roaming\DivX
[2012/04/08 16:08:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2012/04/08 16:07:49 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2012/04/08 16:07:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2012/04/08 16:07:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2012/04/08 16:06:11 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2012/04/08 14:12:22 | 000,000,000 | ---D | C] -- C:\Users\Ashley Do\AppData\Local\{11795259-5D99-484D-BA88-93823B4A2E2C}
[2012/04/08 14:12:10 | 000,000,000 | ---D | C] -- C:\Users\Ashley Do\AppData\Roaming\Windows Live Writer
[2012/04/08 14:12:10 | 000,000,000 | ---D | C] -- C:\Users\Ashley Do\AppData\Local\Windows Live Writer
[2012/03/29 21:44:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2012/03/29 21:44:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2012/03/29 21:44:10 | 000,000,000 | ---D | C] -- C:\Users\Ashley Do\AppData\Roaming\Real
[2012/03/26 22:03:11 | 000,000,000 | ---D | C] -- C:\Users\Ashley Do\AppData\Local\{B50E87C9-80DA-4A8D-AC8F-70085A888834}
[2012/03/26 22:00:05 | 000,000,000 | ---D | C] -- C:\Users\Ashley Do\AppData\Local\Windows Live
[2012/03/26 21:59:49 | 000,000,000 | ---D | C] -- C:\Users\Ashley Do\AppData\Local\{7FDA1B38-A2E5-466A-8535-7D993FFA13C3}
[2012/03/26 21:59:49 | 000,000,000 | ---D | C] -- C:\Users\Ashley Do\AppData\Local\{598EDF80-1CD2-4788-9709-AD9966698271}
[2012/03/26 21:56:03 | 000,000,000 | ---D | C] -- C:\Users\Ashley Do\AppData\Roaming\MPEG Streamclip
[1 C:\Users\Ashley Do\Desktop\*.tmp files -> C:\Users\Ashley Do\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/04/20 17:41:50 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/20 17:41:50 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/20 17:41:05 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/20 17:41:05 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/20 17:41:05 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/20 17:40:36 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Ashley Do\Desktop\OTL.exe
[2012/04/20 17:33:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/20 17:33:34 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/19 23:04:04 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/04/19 22:52:01 | 004,468,852 | R--- | M] (Swearware) -- C:\Users\Ashley Do\Desktop\ComboFix.exe
[2012/04/19 22:26:06 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2389999988-980581348-2656622395-1002UA.job
[2012/04/19 22:22:28 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Ashley Do\Desktop\unhide.exe
[2012/04/17 23:09:06 | 000,000,512 | ---- | M] () -- C:\Users\Ashley Do\Desktop\MBR.dat
[2012/04/17 21:50:45 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Ashley Do\Desktop\aswMBR.exe
[2012/04/16 22:27:13 | 000,002,420 | ---- | M] () -- C:\Users\Ashley Do\Desktop\Google Chrome.lnk
[2012/04/16 21:34:27 | 000,059,643 | ---- | M] () -- C:\Users\Ashley Do\Desktop\print screen disk management.png
[2012/04/15 23:49:20 | 000,076,578 | ---- | M] () -- C:\Users\Ashley Do\Desktop\Combofix.zip
[2012/04/15 17:31:26 | 002,052,353 | ---- | M] () -- C:\Users\Ashley Do\Desktop\tdsskiller.zip
[2012/04/14 04:54:10 | 000,000,512 | ---- | M] () -- C:\MBR.dat
[2012/04/13 19:26:20 | 000,000,512 | ---- | M] () -- C:\Users\Ashley Do\Documents\MBR.dat
[2012/04/12 19:58:09 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/12 19:57:14 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Ashley Do\Desktop\mbam-setup-1.61.0.1400.exe
[2012/04/12 19:52:04 | 503,278,892 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/04/12 00:16:23 | 000,000,478 | ---- | M] () -- C:\Windows\win(6837).ini
[2012/04/12 00:11:17 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/04/12 00:06:34 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/04/11 22:15:59 | 000,000,160 | ---- | M] () -- C:\ProgramData\-yeIDS3hg3QhaBvr
[2012/04/11 22:15:59 | 000,000,000 | ---- | M] () -- C:\ProgramData\-yeIDS3hg3QhaBv
[2012/04/08 22:04:50 | 000,420,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/04/08 21:54:13 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/08 21:26:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2389999988-980581348-2656622395-1002Core.job
[2012/04/08 20:23:28 | 000,000,160 | ---- | M] () -- C:\ProgramData\-ZYJMeIRLJFTvNir
[2012/04/08 20:23:28 | 000,000,000 | ---- | M] () -- C:\ProgramData\-ZYJMeIRLJFTvNi
[2012/04/08 13:06:06 | 000,433,082 | ---- | M] () -- C:\Users\Ashley Do\Desktop\teeth whitening.png
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/29 20:37:09 | 000,261,860 | ---- | M] () -- C:\Users\Ashley Do\Desktop\color run registration.png
[2012/03/27 20:57:24 | 000,273,627 | ---- | M] () -- C:\Users\Ashley Do\Desktop\reservation booking.png
[1 C:\Users\Ashley Do\Desktop\*.tmp files -> C:\Users\Ashley Do\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/04/17 23:10:07 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/17 23:10:07 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/17 23:10:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/17 23:10:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/17 23:10:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/17 23:09:06 | 000,000,512 | ---- | C] () -- C:\Users\Ashley Do\Desktop\MBR.dat
[2012/04/16 21:34:27 | 000,059,643 | ---- | C] () -- C:\Users\Ashley Do\Desktop\print screen disk management.png
[2012/04/15 23:49:20 | 000,076,578 | ---- | C] () -- C:\Users\Ashley Do\Desktop\Combofix.zip
[2012/04/15 17:31:20 | 002,052,353 | ---- | C] () -- C:\Users\Ashley Do\Desktop\tdsskiller.zip
[2012/04/14 04:54:10 | 000,000,512 | ---- | C] () -- C:\MBR.dat
[2012/04/13 19:26:20 | 000,000,512 | ---- | C] () -- C:\Users\Ashley Do\Documents\MBR.dat
[2012/04/12 19:58:09 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/12 00:06:34 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/04/11 22:15:59 | 000,000,160 | ---- | C] () -- C:\ProgramData\-yeIDS3hg3QhaBvr
[2012/04/11 22:15:58 | 000,000,000 | ---- | C] () -- C:\ProgramData\-yeIDS3hg3QhaBv
[2012/04/08 21:54:13 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/08 21:48:08 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2012/04/08 20:23:28 | 000,000,160 | ---- | C] () -- C:\ProgramData\-ZYJMeIRLJFTvNir
[2012/04/08 20:20:22 | 000,000,000 | ---- | C] () -- C:\ProgramData\-ZYJMeIRLJFTvNi
[2012/04/08 13:06:05 | 000,433,082 | ---- | C] () -- C:\Users\Ashley Do\Desktop\teeth whitening.png
[2012/03/29 20:37:08 | 000,261,860 | ---- | C] () -- C:\Users\Ashley Do\Desktop\color run registration.png
[2012/03/27 20:57:24 | 000,273,627 | ---- | C] () -- C:\Users\Ashley Do\Desktop\reservation booking.png
[2012/03/05 22:40:54 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011/06/21 23:14:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/06/21 23:05:29 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/04/13 18:27:04 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/03/03 23:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
========== LOP Check ==========
[2011/09/11 16:33:57 | 000,000,000 | ---D | M] -- C:\Users\Ashley Do\AppData\Roaming\Blio
[2012/04/20 17:37:55 | 000,000,000 | ---D | M] -- C:\Users\Ashley Do\AppData\Roaming\Dropbox
[2011/09/11 21:30:32 | 000,000,000 | ---D | M] -- C:\Users\Ashley Do\AppData\Roaming\eFOaDWBZrDroiBxVFP
[2012/03/26 21:56:03 | 000,000,000 | ---D | M] -- C:\Users\Ashley Do\AppData\Roaming\MPEG Streamclip
[2012/04/08 22:46:54 | 000,000,000 | ---D | M] -- C:\Users\Ashley Do\AppData\Roaming\Okf
[2011/09/11 16:08:52 | 000,000,000 | ---D | M] -- C:\Users\Ashley Do\AppData\Roaming\Synaptics
[2012/04/08 14:12:10 | 000,000,000 | ---D | M] -- C:\Users\Ashley Do\AppData\Roaming\Windows Live Writer
[2012/04/08 22:16:58 | 000,000,000 | ---D | M] -- C:\Users\Ashley Do\AppData\Roaming\Zewexez
[2012/04/15 17:45:01 | 000,000,000 | ---D | M] -- C:\Users\Ashley Do\AppData\Roaming\_MDLogs
[2012/03/13 19:34:27 | 000,000,006 | ---- | M] () -- C:\Windows\Tasks\SA(55).DAT
[2009/07/14 00:08:49 | 000,020,714 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Ashleydo
2012-04-21, 00:50
Here is the Extras.txt log
OTL Extras logfile created on: 4/20/2012 5:42:19 PM - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Ashley Do\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.75 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 55.72% Memory free
7.49 Gb Paging File | 5.41 Gb Available in Paging File | 72.30% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.77 Gb Total Space | 372.98 Gb Free Space | 82.74% Space Free | Partition Type: NTFS
Drive D: | 14.70 Gb Total Space | 1.63 Gb Free Space | 11.09% Space Free | Partition Type: NTFS
Computer Name: ASHLEYDO-HP | User Name: Ashley Do | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{40DB28C5-3C37-72E8-BE8F-82104E97EFCC}" = AMD Fuel
"{42A2FD03-F0C7-6DD5-8D7B-EBAA992F12AA}" = WMV9/VC-1 Video Playback
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E53B80F-4137-5F27-B4C4-88641B1E7F10}" = ccc-utility64
"{7FBA6627-88F8-0AE0-9326-FB8488DD26E0}" = ATI Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics TouchPad Driver
"WinRAR archiver" = WinRAR 4.01 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00A42832-B21A-4296-B5F4-D296D0BC4A3E}" = HP Quick Launch
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{143774AF-ED46-EF8E-A9C5-516D67A484C2}" = CCC Help Korean
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 29
"{28B8E509-8E2A-A274-B59F-1D892778CBB6}" = CCC Help Chinese Traditional
"{28FE073B-1230-4BF6-830C-7434FD0C0069}" = HP Software Framework
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2C93DDCA-E6BB-977B-8C55-724C1DA25C21}" = CCC Help Norwegian
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30DDA988-6BCC-8B14-E0BB-026DA821EC23}" = CCC Help Czech
"{311295C1-80F9-D8B6-06E4-5CBD2492460E}" = CCC Help Dutch
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34A59718-E873-CE8E-718C-D56B341DD14D}" = CCC Help German
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{371794E8-423C-52DD-ED06-9385469EA274}" = CCC Help Swedish
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{39EAEE16-AF24-CF47-3BD1-7B048A5DABD3}" = CCC Help English
"{3C7F25C6-6BCB-7F39-BC81-48A8B5F38EDD}" = CCC Help French
"{3FE1B94B-FB1C-1AF3-4DC2-EB5F4DB56A30}" = CCC Help Chinese Standard
"{45160C56-61F6-468D-A5B0-9FAE2C3E68D6}" = Catalyst Control Center - Branding
"{456D64EB-7E2A-FF45-EFA9-439EB529A105}" = CCC Help Greek
"{4798F9E7-BE3A-3EBF-BDF2-6751C8C38503}" = CCC Help Italian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5184A194-BA95-0411-A13C-468097CD4A06}" = Catalyst Control Center InstallProxy
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58327844-EEAB-8C79-CA64-6C3623DEF11B}" = CCC Help Polish
"{601E6B37-4FF1-FC93-F48F-F73D29040AD4}" = CCC Help Japanese
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C453C9C-38AE-494D-BF89-7AA0DE87F3E5}" = HP Documentation
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710870E4-16ED-AC81-71CF-8941963E0776}" = Catalyst Control Center Localization All
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72737A9E-FAC6-01F9-C0F3-88F6DB538607}" = CCC Help Russian
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78E5E045-D6EB-57CD-02F8-F55E79882790}" = CCC Help Danish
"{795AADBF-58C2-42D0-B779-E730702A247E}" = HP Connection Manager
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BE8CC83-C423-BF43-C1A0-9C072E3785B7}" = ccc-core-static
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT5390 802.11b/g/n WiFi Adapter
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}" = Blio
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B35FC82A-6C05-45B0-DDE5-8DF62422E703}" = CCC Help Turkish
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BD3F5161-C40B-CA50-F82A-1F4417EE722D}" = CCC Help Spanish
"{C0BD6A24-3110-E1DE-45B2-C7FC14F4DC76}" = CCC Help Thai
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C3}" = WinZip 15.5
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D4414765-E8CD-518B-91E8-FA7C76CD2AE2}" = CCC Help Hungarian
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DC6B510F-7EA2-8171-55E0-6A76B46CA17D}" = CCC Help Portuguese
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E44578C7-4667-4124-8BC2-1161BCA54978}" = HP Power Manager
"{EB120C5A-42D2-C901-FF0C-D0DBDD07E9BD}" = Catalyst Control Center Graphics Previews Common
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EEF4EAB8-D049-FD0A-02BD-F9F42C49551F}" = CCC Help Finnish
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.2
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"EasyBits Magic Desktop" = Magic Desktop
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"MSC" = McAfee SecurityCenter
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087335" = Build-a-lot 2
"WT087343" = Dora's World Adventure
"WT087393" = Mah Jong Medley
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087415" = Wheel of Fortune 2
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"WT089453" = Bejeweled 2 Deluxe
"WT089454" = Chuzzle Deluxe
"WT089455" = Zuma Deluxe
"WT089457" = Slingo Supreme
"WT089458" = Plants vs. Zombies - Game of the Year
"WT089470" = FATE - The Traitor Soul
"WT089484" = Namco All-Stars PAC-MAN
"WT089496" = Mystery P.I. - Stolen in San Francisco
"WT089498" = Bejeweled 3
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2389999988-980581348-2656622395-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 4/14/2012 12:48:47 PM | Computer Name = AshleyDo-HP | Source = .NET Runtime Optimization Service | ID = 1111
Description =
Error - 4/14/2012 12:49:55 PM | Computer Name = AshleyDo-HP | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567,
time stamp: 0x4d672ee4 Faulting module name: Explorer.EXE, version: 6.1.7601.17567,
time stamp: 0x4d672ee4 Exception code: 0xc0000005 Fault offset: 0x0000000000001290
Faulting
process id: 0xf38 Faulting application start time: 0x01cd1a5e85cad785 Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\Explorer.EXE Report
Id: dc5c1dea-8651-11e1-9a14-78e3b5500b6c
Error - 4/14/2012 12:52:41 PM | Computer Name = AshleyDo-HP | Source = WinMgmt | ID = 10
Description =
Error - 4/14/2012 12:56:13 PM | Computer Name = AshleyDo-HP | Source = WinMgmt | ID = 10
Description =
Error - 4/14/2012 12:58:14 PM | Computer Name = AshleyDo-HP | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 3
Error - 4/14/2012 12:59:10 PM | Computer Name = AshleyDo-HP | Source = WinMgmt | ID = 10
Description =
Error - 4/14/2012 1:01:53 PM | Computer Name = AshleyDo-HP | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 3
Error - 4/14/2012 1:02:50 PM | Computer Name = AshleyDo-HP | Source = WinMgmt | ID = 10
Description =
Error - 4/14/2012 1:05:05 PM | Computer Name = AshleyDo-HP | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 3
Error - 4/14/2012 1:05:58 PM | Computer Name = AshleyDo-HP | Source = WinMgmt | ID = 10
Description =
[ Hewlett-Packard Events ]
Error - 4/2/2012 9:33:37 PM | Computer Name = AshleyDo-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 4/8/2012 10:52:27 PM | Computer Name = AshleyDo-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 4/8/2012 10:53:50 PM | Computer Name = AshleyDo-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 4/8/2012 10:54:52 PM | Computer Name = AshleyDo-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 4/8/2012 10:57:25 PM | Computer Name = AshleyDo-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 4/8/2012 11:17:11 PM | Computer Name = AshleyDo-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 4/9/2012 1:58:07 PM | Computer Name = AshleyDo-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 4/9/2012 10:39:38 PM | Computer Name = AshleyDo-HP | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 at System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type
type, Boolean nonPublic) at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic)
at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib
Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 3834 Ram
Utilization: 20 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)
Error - 4/9/2012 10:49:28 PM | Computer Name = AshleyDo-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 4/16/2012 11:28:36 PM | Computer Name = AshleyDo-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2147024891 at System.IO.__Error.WinIOError(Int32 errorCode,
String maybeFullPath) at System.IO.File.InternalCopy(String sourceFileName, String
destFileName, Boolean overwrite) at HP.SupportAssistant.Service.ServiceInterface.MoveActionItems(String
sourcePath) Message: Access to the path 'C:\ProgramData\Hewlett-Packard\HP Support
Framework\Resources\HPSFMessenger\HPSAActionItems.xml' is denied. StackTrace:
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.InternalCopy(String
sourceFileName, String destFileName, Boolean overwrite) at HP.SupportAssistant.Service.ServiceInterface.MoveActionItems(String
sourcePath) Source: mscorlib Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: en-US RAM:
3834 Ram Utilization: 40 TargetSite: Void WinIOError(Int32, System.String)
[ HP Connection Manager Events ]
Error - 4/13/2012 6:41:29 PM | Computer Name = AshleyDo-HP | Source = hpCMSrv | ID = 5
Description = 2012/04/13 17:41:29.871|00001344|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 4/13/2012 6:41:31 PM | Computer Name = AshleyDo-HP | Source = hpCMSrv | ID = 5
Description = 2012/04/13 17:41:31.871|00001344|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 4/13/2012 6:41:35 PM | Computer Name = AshleyDo-HP | Source = hpCMSrv | ID = 5
Description = 2012/04/13 17:41:35.910|00001344|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 4/13/2012 6:41:39 PM | Computer Name = AshleyDo-HP | Source = hpCMSrv | ID = 5
Description = 2012/04/13 17:41:39.870|00001344|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 4/13/2012 6:41:41 PM | Computer Name = AshleyDo-HP | Source = hpCMSrv | ID = 5
Description = 2012/04/13 17:41:41.904|00001344|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 4/13/2012 6:41:51 PM | Computer Name = AshleyDo-HP | Source = hpCMSrv | ID = 5
Description = 2012/04/13 17:41:51.873|00001344|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 4/13/2012 6:41:57 PM | Computer Name = AshleyDo-HP | Source = hpCMSrv | ID = 5
Description = 2012/04/13 17:41:57.870|00001344|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 4/13/2012 6:42:03 PM | Computer Name = AshleyDo-HP | Source = hpCMSrv | ID = 5
Description = 2012/04/13 17:42:03.871|00001344|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 4/13/2012 6:42:05 PM | Computer Name = AshleyDo-HP | Source = hpCMSrv | ID = 5
Description = 2012/04/13 17:42:05.873|00001344|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 4/13/2012 6:42:07 PM | Computer Name = AshleyDo-HP | Source = hpCMSrv | ID = 5
Description = 2012/04/13 17:42:07.871|00001344|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
[ HP Software Framework Events ]
Error - 4/16/2012 9:36:04 PM | Computer Name = AshleyDo-HP | Source = CaslWmi | ID = 5
Description = 2012/04/16 20:36:04.478|000008AC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 4/16/2012 11:19:23 PM | Computer Name = AshleyDo-HP | Source = CaslWmi | ID = 5
Description = 2012/04/16 22:19:23.446|00001764|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 4/16/2012 11:28:18 PM | Computer Name = AshleyDo-HP | Source = CaslWmi | ID = 5
Description = 2012/04/16 22:28:18.305|00001774|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 4/16/2012 11:28:25 PM | Computer Name = AshleyDo-HP | Source = CaslWmi | ID = 5
Description = 2012/04/16 22:28:25.861|00000E9C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 4/17/2012 10:47:44 PM | Computer Name = AshleyDo-HP | Source = CaslWmi | ID = 5
Description = 2012/04/17 21:47:44.797|00000BFC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 4/18/2012 12:50:01 AM | Computer Name = AshleyDo-HP | Source = CaslWmi | ID = 5
Description = 2012/04/17 23:50:01.629|00000708|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 4/18/2012 10:56:13 PM | Computer Name = AshleyDo-HP | Source = CaslWmi | ID = 5
Description = 2012/04/18 21:56:13.545|000013DC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 4/19/2012 11:23:24 PM | Computer Name = AshleyDo-HP | Source = CaslWmi | ID = 5
Description = 2012/04/19 22:23:24.974|00000404|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 4/20/2012 12:15:15 AM | Computer Name = AshleyDo-HP | Source = CaslWmi | ID = 5
Description = 2012/04/19 23:15:15.043|00001144|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 4/20/2012 6:36:49 PM | Computer Name = AshleyDo-HP | Source = CaslWmi | ID = 5
Description = 2012/04/20 17:36:49.074|00000E80|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
[ System Events ]
Error - 12/31/2011 2:14:53 AM | Computer Name = AshleyDo-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the WerSvc service.
Error - 12/31/2011 2:15:23 AM | Computer Name = AshleyDo-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the WerSvc service.
Error - 12/31/2011 2:15:53 AM | Computer Name = AshleyDo-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the WerSvc service.
Error - 12/31/2011 2:17:03 AM | Computer Name = AshleyDo-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the WerSvc service.
Error - 12/31/2011 2:17:33 AM | Computer Name = AshleyDo-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the WerSvc service.
Error - 12/31/2011 2:18:03 AM | Computer Name = AshleyDo-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the WerSvc service.
Error - 12/31/2011 2:18:33 AM | Computer Name = AshleyDo-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the WerSvc service.
Error - 12/31/2011 2:18:36 AM | Computer Name = AshleyDo-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the McShield service.
Error - 12/31/2011 2:19:49 AM | Computer Name = AshleyDo-HP | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:18:13 AM on ?12/?31/?2011 was unexpected.
Error - 1/2/2012 11:25:13 PM | Computer Name = AshleyDo-HP | Source = DCOM | ID = 10010
Description =
< End of report >
Here ya go, just removing some leftovers basically
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:processes
killallprocesses
:OTL
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKU\S-1-5-21-2389999988-980581348-2656622395-1002\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
CHR - default_search_provider: MyStart Search ()
CHR - default_search_provider: search_url = http://mystart.incredibar.com/mb139/?loc=IB_DS&search={searchTerms}&a=6R8pkwUIxT&i=26
O3 - HKU\S-1-5-21-2389999988-980581348-2656622395-1002\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
:Services
:Reg
:Files
C:\ProgramData\-yeIDS3hg3QhaBvr
C:\ProgramData\-yeIDS3hg3QhaBv
C:\ProgramData\-ZYJMeIRLJFTvNir
C:\ProgramData\-ZYJMeIRLJFTvNi
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
Ashleydo
2012-04-22, 22:37
All processes killed
========== PROCESSES ==========
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_USERS\S-1-5-21-2389999988-980581348-2656622395-1002\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
Registry value HKEY_USERS\S-1-5-21-2389999988-980581348-2656622395-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\ProgramData\-yeIDS3hg3QhaBvr moved successfully.
C:\ProgramData\-yeIDS3hg3QhaBv moved successfully.
C:\ProgramData\-ZYJMeIRLJFTvNir moved successfully.
C:\ProgramData\-ZYJMeIRLJFTvNi moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Ashley Do\Desktop\cmd.bat deleted successfully.
C:\Users\Ashley Do\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Ashley Do
->Temp folder emptied: 186701 bytes
->Temporary Internet Files folder emptied: 313331636 bytes
->Java cache emptied: 29474 bytes
->Google Chrome cache emptied: 41244905 bytes
->Flash cache emptied: 51687 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 20896394 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33237 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 358.00 mb
OTL by OldTimer - Version 3.2.40.0 log created on 04222012_152644
Files\Folders moved on Reboot...
C:\Users\Ashley Do\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Ashley Do\AppData\Local\Temp\~DF2C31619358F62FF6.TMP not found!
File\Folder C:\Users\Ashley Do\AppData\Local\Temp\~DF328AB76B5E447339.TMP not found!
File\Folder C:\Users\Ashley Do\AppData\Local\Temp\~DF5654BC00EBFBF1E8.TMP not found!
File\Folder C:\Users\Ashley Do\AppData\Local\Temp\~DF7793B5BEC3B1F823.TMP not found!
File\Folder C:\Users\Ashley Do\AppData\Local\Temp\~DFB435049BDB27071C.TMP not found!
File\Folder C:\Users\Ashley Do\AppData\Local\Temp\~DFBDE850D0C9A15B54.TMP not found!
File\Folder C:\Users\Ashley Do\AppData\Local\Temp\~DFD4D0F26415AA2E84.TMP not found!
File\Folder C:\Users\Ashley Do\AppData\Local\Temp\~DFED2AB5E8F8E6C755.TMP not found!
C:\Users\Ashley Do\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Ashley Do\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\76BAG6P0\showthread[2].htm moved successfully.
Registry entries deleted on Reboot...
Ashleydo
2012-04-22, 22:43
OTL logfile created on: 4/22/2012 3:38:40 PM - Run 2
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Ashley Do\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.75 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 54.76% Memory free
7.49 Gb Paging File | 5.44 Gb Available in Paging File | 72.66% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.77 Gb Total Space | 373.06 Gb Free Space | 82.76% Space Free | Partition Type: NTFS
Drive D: | 14.70 Gb Total Space | 1.63 Gb Free Space | 11.09% Space Free | Partition Type: NTFS
Computer Name: ASHLEYDO-HP | User Name: Ashley Do | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Ashley Do\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Users\Ashley Do\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.)
PRC - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (AMD Reservation Manager) -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (McAfee SiteAdvisor Service) -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (McAfee, Inc.)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (hpCMSrv) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.)
SRV - (RoxioNow Service) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2726EAAE-E2F9-413D-9BB8-BD280A0E30FC}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2726EAAE-E2F9-413D-9BB8-BD280A0E30FC}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://exchange.ou.edu/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{2726EAAE-E2F9-413D-9BB8-BD280A0E30FC}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ashley Do\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ashley Do\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/04/17 00:18:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/04/17 00:18:27 | 000,000,000 | ---D | M]
[2012/04/08 16:15:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
========== Chrome ==========
CHR - default_search_provider: MyStart Search ()
CHR - default_search_provider: search_url = http://mystart.incredibar.com/mb139/?loc=IB_DS&search={searchTerms}&a=6R8pkwUIxT&i=26
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ashley Do\AppData\Local\Google\Chrome\Application\18.0.1025.151\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ashley Do\AppData\Local\Google\Chrome\Application\18.0.1025.151\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ashley Do\AppData\Local\Google\Chrome\Application\18.0.1025.151\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Ashley Do\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ashley Do\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: SiteAdvisor = C:\Users\Ashley Do\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Ashley Do\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Ashley Do\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
O1 HOSTS File: ([2012/04/22 15:26:45 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120412001601.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120412001604.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Ashley Do\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ashley Do\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD6EBCE2-D0F1-4064-91BC-CAB336B43EF2}: DhcpNameServer = 192.168.1.1 68.105.28.12 68.105.29.12 68.105.28.11
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/04/22 15:26:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/20 17:52:01 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/04/20 17:52:01 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/04/20 17:52:00 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/04/20 17:40:27 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Ashley Do\Desktop\OTL.exe
[2012/04/19 23:12:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/19 23:11:00 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/04/19 22:51:45 | 004,468,852 | R--- | C] (Swearware) -- C:\Users\Ashley Do\Desktop\ComboFix.exe
[2012/04/19 22:22:25 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Ashley Do\Desktop\unhide.exe
[2012/04/17 23:10:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/17 23:10:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/17 23:10:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/17 21:50:37 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Ashley Do\Desktop\aswMBR.exe
[2012/04/15 17:38:16 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/12 19:58:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/12 19:58:02 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/12 19:57:10 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Ashley Do\Desktop\mbam-setup-1.61.0.1400.exe
[2012/04/12 00:14:13 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/12 00:14:12 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/12 00:14:09 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/04/12 00:14:09 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/12 00:14:09 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/12 00:14:09 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/12 00:14:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/12 00:14:07 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/04/12 00:14:06 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/04/12 00:14:05 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/04/12 00:14:04 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/04/12 00:06:31 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/12 00:06:31 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/12 00:06:29 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/04/11 23:58:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/04/11 22:37:04 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/11 22:37:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/09 12:52:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/04/08 22:37:25 | 000,000,000 | ---D | C] -- C:\Users\Ashley Do\AppData\Roaming\Malwarebytes
[2012/04/08 22:37:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/04/08 22:37:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/04/08 22:16:22 | 000,000,000 | ---D | C] -- C:\Users\Ashley Do\AppData\Roaming\Zewexez
[2012/04/08 22:16:22 | 000,000,000 | ---D | C] -- C:\Users\Ashley Do\AppData\Roaming\Okf
[2012/04/08 21:54:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/04/08 21:53:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/04/08 21:53:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/04/08 21:53:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/04/08 21:26:30 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/04/08 21:25:56 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/04/08 21:25:56 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/04/08 21:25:56 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/04/08 21:25:49 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/04/08 21:25:49 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/04/08 16:15:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012/04/08 16:15:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
[2012/04/08 16:15:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/04/08 16:14:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Codecv
[2012/04/08 16:14:18 | 000,000,000 | ---D | C] -- C:\codec-info
[2012/04/08 16:13:41 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012/04/08 16:10:27 | 000,000,000 | ---D | C] -- C:\Users\Ashley Do\AppData\Local\DDMSettings
[2012/04/08 16:08:52 | 000,000,000 | ---D | C] -- C:\Users\Ashley Do\AppData\Roaming\DivX
[2012/04/08 16:08:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2012/04/08 16:07:49 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2012/04/08 16:07:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2012/04/08 16:07:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2012/04/08 16:06:11 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2012/04/08 14:12:22 | 000,000,000 | ---D | C] -- C:\Users\Ashley Do\AppData\Local\{11795259-5D99-484D-BA88-93823B4A2E2C}
[2012/04/08 14:12:10 | 000,000,000 | ---D | C] -- C:\Users\Ashley Do\AppData\Roaming\Windows Live Writer
[2012/04/08 14:12:10 | 000,000,000 | ---D | C] -- C:\Users\Ashley Do\AppData\Local\Windows Live Writer
[2012/03/29 21:44:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2012/03/29 21:44:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2012/03/29 21:44:10 | 000,000,000 | ---D | C] -- C:\Users\Ashley Do\AppData\Roaming\Real
[2012/03/26 22:03:11 | 000,000,000 | ---D | C] -- C:\Users\Ashley Do\AppData\Local\{B50E87C9-80DA-4A8D-AC8F-70085A888834}
[2012/03/26 22:00:05 | 000,000,000 | ---D | C] -- C:\Users\Ashley Do\AppData\Local\Windows Live
[2012/03/26 21:59:49 | 000,000,000 | ---D | C] -- C:\Users\Ashley Do\AppData\Local\{7FDA1B38-A2E5-466A-8535-7D993FFA13C3}
[2012/03/26 21:59:49 | 000,000,000 | ---D | C] -- C:\Users\Ashley Do\AppData\Local\{598EDF80-1CD2-4788-9709-AD9966698271}
[2012/03/26 21:56:03 | 000,000,000 | ---D | C] -- C:\Users\Ashley Do\AppData\Roaming\MPEG Streamclip
[1 C:\Users\Ashley Do\Desktop\*.tmp files -> C:\Users\Ashley Do\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/04/22 15:41:03 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/22 15:41:03 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/22 15:40:20 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/22 15:40:20 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/22 15:40:20 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/22 15:32:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/22 15:32:55 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/22 15:26:45 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/04/22 15:26:05 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2389999988-980581348-2656622395-1002UA.job
[2012/04/20 17:40:36 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Ashley Do\Desktop\OTL.exe
[2012/04/19 22:52:01 | 004,468,852 | R--- | M] (Swearware) -- C:\Users\Ashley Do\Desktop\ComboFix.exe
[2012/04/19 22:22:28 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Ashley Do\Desktop\unhide.exe
[2012/04/17 23:09:06 | 000,000,512 | ---- | M] () -- C:\Users\Ashley Do\Desktop\MBR.dat
[2012/04/17 21:50:45 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Ashley Do\Desktop\aswMBR.exe
[2012/04/16 22:27:13 | 000,002,420 | ---- | M] () -- C:\Users\Ashley Do\Desktop\Google Chrome.lnk
[2012/04/16 21:34:27 | 000,059,643 | ---- | M] () -- C:\Users\Ashley Do\Desktop\print screen disk management.png
[2012/04/15 23:49:20 | 000,076,578 | ---- | M] () -- C:\Users\Ashley Do\Desktop\Combofix.zip
[2012/04/15 17:31:26 | 002,052,353 | ---- | M] () -- C:\Users\Ashley Do\Desktop\tdsskiller.zip
[2012/04/14 04:54:10 | 000,000,512 | ---- | M] () -- C:\MBR.dat
[2012/04/13 19:26:20 | 000,000,512 | ---- | M] () -- C:\Users\Ashley Do\Documents\MBR.dat
[2012/04/12 19:58:09 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/12 19:57:14 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Ashley Do\Desktop\mbam-setup-1.61.0.1400.exe
[2012/04/12 19:52:04 | 503,278,892 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/04/12 00:16:23 | 000,000,478 | ---- | M] () -- C:\Windows\win(6837).ini
[2012/04/12 00:11:17 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/04/12 00:06:34 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/04/08 22:04:50 | 000,420,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/04/08 21:54:13 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/08 21:26:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2389999988-980581348-2656622395-1002Core.job
[2012/04/08 13:06:06 | 000,433,082 | ---- | M] () -- C:\Users\Ashley Do\Desktop\teeth whitening.png
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/29 20:37:09 | 000,261,860 | ---- | M] () -- C:\Users\Ashley Do\Desktop\color run registration.png
[2012/03/27 20:57:24 | 000,273,627 | ---- | M] () -- C:\Users\Ashley Do\Desktop\reservation booking.png
[1 C:\Users\Ashley Do\Desktop\*.tmp files -> C:\Users\Ashley Do\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/04/17 23:10:07 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/17 23:10:07 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/17 23:10:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/17 23:10:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/17 23:10:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/17 23:09:06 | 000,000,512 | ---- | C] () -- C:\Users\Ashley Do\Desktop\MBR.dat
[2012/04/16 21:34:27 | 000,059,643 | ---- | C] () -- C:\Users\Ashley Do\Desktop\print screen disk management.png
[2012/04/15 23:49:20 | 000,076,578 | ---- | C] () -- C:\Users\Ashley Do\Desktop\Combofix.zip
[2012/04/15 17:31:20 | 002,052,353 | ---- | C] () -- C:\Users\Ashley Do\Desktop\tdsskiller.zip
[2012/04/14 04:54:10 | 000,000,512 | ---- | C] () -- C:\MBR.dat
[2012/04/13 19:26:20 | 000,000,512 | ---- | C] () -- C:\Users\Ashley Do\Documents\MBR.dat
[2012/04/12 19:58:09 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/12 00:06:34 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/04/08 21:54:13 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/08 21:48:08 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2012/04/08 13:06:05 | 000,433,082 | ---- | C] () -- C:\Users\Ashley Do\Desktop\teeth whitening.png
[2012/03/29 20:37:08 | 000,261,860 | ---- | C] () -- C:\Users\Ashley Do\Desktop\color run registration.png
[2012/03/27 20:57:24 | 000,273,627 | ---- | C] () -- C:\Users\Ashley Do\Desktop\reservation booking.png
[2012/03/05 22:40:54 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011/06/21 23:14:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/06/21 23:05:29 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/04/13 18:27:04 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/03/03 23:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
< End of report >
:bigthumb:
How would you feel your computer is behaving now ?
Ashleydo
2012-04-22, 23:21
It seems to be working back to normal now! Is there anything else I need to do?
Thanks for your help!
Your very welcome :bigthumb:
Click START then RUN
Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.
http://i526.photobucket.com/albums/cc345/MPKwings/CF-Uninstall.png
Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.
Malwarebytes is the free version and yours to keep and will not be removed
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Safe Surfn
Ken
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.