Hi all, I've got something that's redirecting about 30% of what I click on google to random pages and advertisements. In addition, I had a blue screen when I woke up this morning. It said it had shut down to prevent something bad. I ran Malwarebytes earlier and it come back with:
C:\Windows\svchost.exe (Trojan.Agent)
It has come back with this before and it restores upon rebooting.
I am running/using Windows 7 Professional version 6.1.7600 64-Bit HP laptop.
All help is greatly appreciated!
Here is my DDS log:
DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Jessica at 11:14:26 on 2012-10-22
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4030.1784 [GMT -5:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\Hpservice.exe
C:\windows\system32\vcsFPService.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\taskhost.exe
C:\windows\Explorer.EXE
c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
C:\Users\Jessica\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Windows\System32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\wbengine.exe
C:\windows\System32\vds.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\sysWOW64\wbem\wmiprvse.exe
-netsvcs
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\conhost.exe
C:\windows\system32\taskhost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: File Sanitizer for HP ProtectTools: {3134413B-49B4-425C-98A5-893C1F195601} -
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
uRun: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN19P1S0T605KC:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
uRun: [Spotify Web Helper] "C:\Users\Jessica\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Google Update] "C:\Users\Jessica\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Skype] rundll32.exe C:\Users\Jessica\AppData\Local\Skype\gyvmuojx.dll,ir_fe_ocr_1line
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [HP HD Webcam [Fixed]_Monitor] C:\Program Files (x86)\HP HD Webcam [Fixed]\monitor.exe
mRun: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe
mRun: [HPConnectionManager] c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [HPQuickWebProxy] "c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [RemoteControl11] "C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{539014E4-1109-4863-890F-8F610DEBD117} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{5E74B6FA-4372-4B16-B817-E6CB019CC5C7} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{5E74B6FA-4372-4B16-B817-E6CB019CC5C7}\458656D2E4564786562777F627C646 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{5E74B6FA-4372-4B16-B817-E6CB019CC5C7}\458656E4564786562777F627C646 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: DeviceNP - DeviceNP.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = EpePcNp64 DPPassFilter scecli
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-mWinlogon: Userinit = C:\windows\System32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [MfeEpePcMonitor] "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\gqv93v0g.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Jessica\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\Jessica\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Jessica\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MfeEpeOpal;MfeEpeOpal;C:\windows\System32\drivers\MfeEpeOpal.sys [2012-2-8 100808]
R0 MfeEpePc;MfeEpePc;C:\windows\System32\drivers\MfeEpePc.sys [2012-2-8 158920]
R0 SymDS;Symantec Data Store;C:\windows\System32\drivers\NISx64\1207020.003\symds64.sys [2012-6-11 450680]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\NISx64\1207020.003\symefa64.sys [2012-6-11 912504]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys [2012-1-9 945200]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVia64.sys [2012-1-9 463408]
R1 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\NISx64\1207020.003\ironx64.sys [2012-6-11 171128]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\NISx64\1207020.003\symnets.sys [2012-6-11 386168]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/03/11 00:34:15];C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2012-3-11 148976]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-3-29 89600]
R2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2012-3-11 83240]
R2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2012-3-11 70952]
R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [2012-3-11 312616]
R2 HP Power Assistant Service;HP Power Assistant Service;C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-1-26 131128]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPDayStarterService;HP DayStarter Service;C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [2011-1-28 133688]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-5-16 197536]
R2 HPFSService;File Sanitizer for HP ProtectTools;C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2011-2-7 320000]
R2 hpHotkeyMonitor;hpHotkeyMonitor;C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [2012-6-20 523680]
R2 hpsrv;HP Service;C:\windows\System32\hpservice.exe [2012-2-28 31000]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-1-9 13336]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-25 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-25 676936]
R2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2012-2-8 1323008]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe [2012-6-11 130008]
R2 ntk_PowerDVD;ntk_PowerDVD;C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2012-3-11 75248]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-5-2 1127448]
R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-5-2 113264]
R2 uArcCapture;ArcCapture;C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe [2012-1-9 502464]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-1-9 2656280]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\windows\System32\vcsFPService.exe [2011-1-21 3154224]
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;C:\windows\System32\drivers\ArcSoftVCapture.sys [2012-1-9 32192]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-1-9 132656]
R3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-4-5 1094712]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-4-4 317440]
R3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2012-7-11 173656]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2012-9-25 25928]
R3 MEIx64;Intel(R) Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2010-10-19 56344]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-5-2 406632]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2012-1-9 878184]
R3 SPUVCbv;SPUVCb Driver Service;C:\windows\System32\drivers\SPUVCBv_x64.sys [2012-1-9 2612728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S2 XobniService;XobniService;C:\Program Files (x86)\Xobni\XobniService.exe [2011-3-7 62184]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\windows\System32\drivers\BVRPMPR5a64.SYS [2012-8-18 35840]
S3 DAMDrv;DAMDrv;C:\windows\System32\drivers\DAMDrv64.sys [2011-2-7 63336]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;C:\Windows\SysWOW64\flcdlock.exe [2011-2-3 464480]
S3 HP ProtectTools Service;HP ProtectTools Service;C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2011-1-12 36864]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 114144]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-3-3 1255736]
.
=============== File Associations ===============
.
ShellExec: DigitalTheatre.exe: open="c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTStart.exe" "%1"
.
=============== Created Last 30 ================
.
2012-10-22 10:18:15 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6F8EC222-955E-4CB6-8FE1-CE67F8D11664}\offreg.dll
2012-10-22 00:04:19 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6F8EC222-955E-4CB6-8FE1-CE67F8D11664}\mpengine.dll
2012-10-13 03:02:51 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-10-10 12:53:59 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2012-10-10 12:53:59 2048 ----a-w- C:\windows\System32\tzres.dll
2012-10-10 12:53:50 714752 ----a-w- C:\windows\System32\kerberos.dll
2012-10-10 12:53:50 541184 ----a-w- C:\windows\SysWow64\kerberos.dll
2012-10-10 12:53:31 1462784 ----a-w- C:\windows\System32\crypt32.dll
2012-10-10 12:53:30 182272 ----a-w- C:\windows\System32\cryptsvc.dll
2012-10-10 12:53:30 140288 ----a-w- C:\windows\System32\cryptnet.dll
2012-10-10 12:53:30 139264 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2012-10-10 12:53:30 1157632 ----a-w- C:\windows\SysWow64\crypt32.dll
2012-10-10 12:53:30 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2012-10-10 12:36:34 20480 ----a-w- C:\windows\svchost.exe
2012-09-26 03:43:44 -------- d-----w- C:\Users\Jessica\AppData\Roaming\Malwarebytes
2012-09-26 03:43:42 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-26 03:43:41 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-09-26 03:43:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-24 06:04:48 -------- d-----w- C:\Users\Jessica\AppData\Local\Skype
.
==================== Find3M ====================
.
2012-09-15 23:29:19 73416 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-15 23:29:19 696520 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-08-31 18:02:20 1656688 ----a-w- C:\windows\System32\drivers\ntfs.sys
2012-08-24 18:05:28 220160 ----a-w- C:\windows\System32\wintrust.dll
2012-08-24 17:10:47 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-08-18 15:43:05 362496 ----a-w- C:\windows\System32\wow64win.dll
2012-08-18 15:43:05 243200 ----a-w- C:\windows\System32\wow64.dll
2012-08-18 15:43:05 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2012-08-18 15:42:31 215040 ----a-w- C:\windows\System32\winsrv.dll
2012-08-18 15:40:26 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2012-08-18 15:37:49 425984 ----a-w- C:\windows\System32\KernelBase.dll
2012-08-18 15:34:13 338432 ----a-w- C:\windows\System32\conhost.exe
2012-08-18 11:22:55 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2012-08-18 11:19:45 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2012-08-18 11:19:22 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2012-08-18 11:17:56 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2012-08-18 11:17:56 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll
2012-08-18 09:12:09 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2012-08-18 09:12:09 2048 ----a-w- C:\windows\SysWow64\user.exe
2012-08-18 09:07:02 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-18 09:07:02 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-18 09:07:02 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-18 09:07:02 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-02 17:55:04 574464 ----a-w- C:\windows\System32\d3d10level9.dll
2012-08-02 17:05:42 490496 ----a-w- C:\windows\SysWow64\d3d10level9.dll
.
============= FINISH: 11:17:05.05 ===============
C:\Windows\svchost.exe (Trojan.Agent)
It has come back with this before and it restores upon rebooting.
I am running/using Windows 7 Professional version 6.1.7600 64-Bit HP laptop.
All help is greatly appreciated!
Here is my DDS log:
DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Jessica at 11:14:26 on 2012-10-22
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4030.1784 [GMT -5:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\Hpservice.exe
C:\windows\system32\vcsFPService.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\taskhost.exe
C:\windows\Explorer.EXE
c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
C:\Users\Jessica\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Windows\System32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\wbengine.exe
C:\windows\System32\vds.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\sysWOW64\wbem\wmiprvse.exe
-netsvcs
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\conhost.exe
C:\windows\system32\taskhost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: File Sanitizer for HP ProtectTools: {3134413B-49B4-425C-98A5-893C1F195601} -
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
uRun: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN19P1S0T605KC:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
uRun: [Spotify Web Helper] "C:\Users\Jessica\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Google Update] "C:\Users\Jessica\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Skype] rundll32.exe C:\Users\Jessica\AppData\Local\Skype\gyvmuojx.dll,ir_fe_ocr_1line
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [HP HD Webcam [Fixed]_Monitor] C:\Program Files (x86)\HP HD Webcam [Fixed]\monitor.exe
mRun: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe
mRun: [HPConnectionManager] c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [HPQuickWebProxy] "c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [RemoteControl11] "C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{539014E4-1109-4863-890F-8F610DEBD117} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{5E74B6FA-4372-4B16-B817-E6CB019CC5C7} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{5E74B6FA-4372-4B16-B817-E6CB019CC5C7}\458656D2E4564786562777F627C646 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{5E74B6FA-4372-4B16-B817-E6CB019CC5C7}\458656E4564786562777F627C646 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: DeviceNP - DeviceNP.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = EpePcNp64 DPPassFilter scecli
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-mWinlogon: Userinit = C:\windows\System32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [MfeEpePcMonitor] "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\gqv93v0g.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Jessica\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\Jessica\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Jessica\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MfeEpeOpal;MfeEpeOpal;C:\windows\System32\drivers\MfeEpeOpal.sys [2012-2-8 100808]
R0 MfeEpePc;MfeEpePc;C:\windows\System32\drivers\MfeEpePc.sys [2012-2-8 158920]
R0 SymDS;Symantec Data Store;C:\windows\System32\drivers\NISx64\1207020.003\symds64.sys [2012-6-11 450680]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\NISx64\1207020.003\symefa64.sys [2012-6-11 912504]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys [2012-1-9 945200]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVia64.sys [2012-1-9 463408]
R1 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\NISx64\1207020.003\ironx64.sys [2012-6-11 171128]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\NISx64\1207020.003\symnets.sys [2012-6-11 386168]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/03/11 00:34:15];C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2012-3-11 148976]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-3-29 89600]
R2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2012-3-11 83240]
R2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2012-3-11 70952]
R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [2012-3-11 312616]
R2 HP Power Assistant Service;HP Power Assistant Service;C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-1-26 131128]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPDayStarterService;HP DayStarter Service;C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [2011-1-28 133688]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-5-16 197536]
R2 HPFSService;File Sanitizer for HP ProtectTools;C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2011-2-7 320000]
R2 hpHotkeyMonitor;hpHotkeyMonitor;C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [2012-6-20 523680]
R2 hpsrv;HP Service;C:\windows\System32\hpservice.exe [2012-2-28 31000]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-1-9 13336]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-25 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-25 676936]
R2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2012-2-8 1323008]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe [2012-6-11 130008]
R2 ntk_PowerDVD;ntk_PowerDVD;C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2012-3-11 75248]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-5-2 1127448]
R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-5-2 113264]
R2 uArcCapture;ArcCapture;C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe [2012-1-9 502464]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-1-9 2656280]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\windows\System32\vcsFPService.exe [2011-1-21 3154224]
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;C:\windows\System32\drivers\ArcSoftVCapture.sys [2012-1-9 32192]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-1-9 132656]
R3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-4-5 1094712]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-4-4 317440]
R3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2012-7-11 173656]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2012-9-25 25928]
R3 MEIx64;Intel(R) Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2010-10-19 56344]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-5-2 406632]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2012-1-9 878184]
R3 SPUVCbv;SPUVCb Driver Service;C:\windows\System32\drivers\SPUVCBv_x64.sys [2012-1-9 2612728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S2 XobniService;XobniService;C:\Program Files (x86)\Xobni\XobniService.exe [2011-3-7 62184]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\windows\System32\drivers\BVRPMPR5a64.SYS [2012-8-18 35840]
S3 DAMDrv;DAMDrv;C:\windows\System32\drivers\DAMDrv64.sys [2011-2-7 63336]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;C:\Windows\SysWOW64\flcdlock.exe [2011-2-3 464480]
S3 HP ProtectTools Service;HP ProtectTools Service;C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2011-1-12 36864]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 114144]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-3-3 1255736]
.
=============== File Associations ===============
.
ShellExec: DigitalTheatre.exe: open="c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTStart.exe" "%1"
.
=============== Created Last 30 ================
.
2012-10-22 10:18:15 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6F8EC222-955E-4CB6-8FE1-CE67F8D11664}\offreg.dll
2012-10-22 00:04:19 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6F8EC222-955E-4CB6-8FE1-CE67F8D11664}\mpengine.dll
2012-10-13 03:02:51 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-10-10 12:53:59 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2012-10-10 12:53:59 2048 ----a-w- C:\windows\System32\tzres.dll
2012-10-10 12:53:50 714752 ----a-w- C:\windows\System32\kerberos.dll
2012-10-10 12:53:50 541184 ----a-w- C:\windows\SysWow64\kerberos.dll
2012-10-10 12:53:31 1462784 ----a-w- C:\windows\System32\crypt32.dll
2012-10-10 12:53:30 182272 ----a-w- C:\windows\System32\cryptsvc.dll
2012-10-10 12:53:30 140288 ----a-w- C:\windows\System32\cryptnet.dll
2012-10-10 12:53:30 139264 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2012-10-10 12:53:30 1157632 ----a-w- C:\windows\SysWow64\crypt32.dll
2012-10-10 12:53:30 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2012-10-10 12:36:34 20480 ----a-w- C:\windows\svchost.exe
2012-09-26 03:43:44 -------- d-----w- C:\Users\Jessica\AppData\Roaming\Malwarebytes
2012-09-26 03:43:42 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-26 03:43:41 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-09-26 03:43:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-24 06:04:48 -------- d-----w- C:\Users\Jessica\AppData\Local\Skype
.
==================== Find3M ====================
.
2012-09-15 23:29:19 73416 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-15 23:29:19 696520 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-08-31 18:02:20 1656688 ----a-w- C:\windows\System32\drivers\ntfs.sys
2012-08-24 18:05:28 220160 ----a-w- C:\windows\System32\wintrust.dll
2012-08-24 17:10:47 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-08-18 15:43:05 362496 ----a-w- C:\windows\System32\wow64win.dll
2012-08-18 15:43:05 243200 ----a-w- C:\windows\System32\wow64.dll
2012-08-18 15:43:05 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2012-08-18 15:42:31 215040 ----a-w- C:\windows\System32\winsrv.dll
2012-08-18 15:40:26 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2012-08-18 15:37:49 425984 ----a-w- C:\windows\System32\KernelBase.dll
2012-08-18 15:34:13 338432 ----a-w- C:\windows\System32\conhost.exe
2012-08-18 11:22:55 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2012-08-18 11:19:45 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2012-08-18 11:19:22 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2012-08-18 11:17:56 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2012-08-18 11:17:56 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll
2012-08-18 09:12:09 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2012-08-18 09:12:09 2048 ----a-w- C:\windows\SysWow64\user.exe
2012-08-18 09:07:02 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-18 09:07:02 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-18 09:07:02 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-18 09:07:02 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-02 17:55:04 574464 ----a-w- C:\windows\System32\d3d10level9.dll
2012-08-02 17:05:42 490496 ----a-w- C:\windows\SysWow64\d3d10level9.dll
.
============= FINISH: 11:17:05.05 ===============