mmatlick
-
Posts
4 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by mmatlick
-
-
*****Continued*****
*************
GMER log
*************
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-21 20:34:14
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3160815AS rev.3.CHF
Running: psyitkuf.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\pwdiifod.sys
---- Kernel code sections - GMER 1.0.15 ----
? C:\Users\ADMINI~1\AppData\Local\Temp\aswMBR.sys The system cannot find the file specified. !
? C:\Windows\system32\Drivers\PROCEXP141.SYS The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2796] USER32.dll!SetWindowsHookExW 75D187AD 5 Bytes JMP 6DAA9AA5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2796] USER32.dll!CallNextHookEx 75D18E3B 5 Bytes JMP 6DA9D119 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2796] USER32.dll!UnhookWindowsHookEx 75D198DB 5 Bytes JMP 6DA14686 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2796] USER32.dll!CreateWindowExW 75D21305 5 Bytes JMP 6DAADB14 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2796] USER32.dll!DialogBoxParamW 75D410B0 5 Bytes JMP 6D9D5505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2796] USER32.dll!DialogBoxIndirectParamW 75D42EF5 5 Bytes JMP 6DBA53AF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2796] USER32.dll!DialogBoxParamA 75D58152 5 Bytes JMP 6DBA534C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2796] USER32.dll!DialogBoxIndirectParamA 75D5847D 5 Bytes JMP 6DBA5412 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2796] USER32.dll!MessageBoxIndirectA 75D6D4D9 5 Bytes JMP 6DBA52E1 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2796] USER32.dll!MessageBoxIndirectW 75D6D5D3 5 Bytes JMP 6DBA5276 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2796] USER32.dll!MessageBoxExA 75D6D639 5 Bytes JMP 6DBA5214 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2796] USER32.dll!MessageBoxExW 75D6D65D 5 Bytes JMP 6DBA51B2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2796] ole32.dll!OleLoadFromStream 76181E80 5 Bytes JMP 6DBA5717 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2796] ole32.dll!CoCreateInstance 761B9F3E 5 Bytes JMP 6DAADB70 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4448] USER32.dll!SetWindowsHookExW 75D187AD 5 Bytes JMP 6DAA9AA5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4448] USER32.dll!CallNextHookEx 75D18E3B 5 Bytes JMP 6DA9D119 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4448] USER32.dll!UnhookWindowsHookEx 75D198DB 5 Bytes JMP 6DA14686 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4448] USER32.dll!CreateWindowExW 75D21305 5 Bytes JMP 6DAADB14 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4448] USER32.dll!DialogBoxParamW 75D410B0 5 Bytes JMP 6D9D5505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4448] USER32.dll!DialogBoxIndirectParamW 75D42EF5 5 Bytes JMP 6DBA53AF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4448] USER32.dll!DialogBoxParamA 75D58152 5 Bytes JMP 6DBA534C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4448] USER32.dll!DialogBoxIndirectParamA 75D5847D 5 Bytes JMP 6DBA5412 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4448] USER32.dll!MessageBoxIndirectA 75D6D4D9 5 Bytes JMP 6DBA52E1 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4448] USER32.dll!MessageBoxIndirectW 75D6D5D3 5 Bytes JMP 6DBA5276 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4448] USER32.dll!MessageBoxExA 75D6D639 5 Bytes JMP 6DBA5214 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4448] USER32.dll!MessageBoxExW 75D6D65D 5 Bytes JMP 6DBA51B2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4448] ole32.dll!OleLoadFromStream 76181E80 5 Bytes JMP 6DBA5717 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4448] ole32.dll!CoCreateInstance 761B9F3E 5 Bytes JMP 6DAADB70 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5740] USER32.dll!CreateWindowExW 75D21305 5 Bytes JMP 6DAADB14 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5740] USER32.dll!DialogBoxParamW 75D410B0 5 Bytes JMP 6D9D5505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5740] USER32.dll!DialogBoxIndirectParamW 75D42EF5 5 Bytes JMP 6DBA53AF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5740] USER32.dll!DialogBoxParamA 75D58152 5 Bytes JMP 6DBA534C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5740] USER32.dll!DialogBoxIndirectParamA 75D5847D 5 Bytes JMP 6DBA5412 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5740] USER32.dll!MessageBoxIndirectA 75D6D4D9 5 Bytes JMP 6DBA52E1 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5740] USER32.dll!MessageBoxIndirectW 75D6D5D3 5 Bytes JMP 6DBA5276 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5740] USER32.dll!MessageBoxExA 75D6D639 5 Bytes JMP 6DBA5214 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5740] USER32.dll!MessageBoxExW 75D6D65D 5 Bytes JMP 6DBA51B2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[3216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [743F7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7444A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [743FBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [743EF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [743F75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [743EE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74428395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [743FDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [743EFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [743EFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [743E71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7447CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7441C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [743ED968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [743E6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [743E687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [743F2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
*********************
OTL.txt
*********************
OTL logfile created on: 6/21/2012 8:37:00 PM - Run 1
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Administrator\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.97 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 43.02% Memory free
4.19 Gb Paging File | 2.67 Gb Available in Paging File | 63.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.09 Gb Total Space | 17.49 Gb Free Space | 11.89% Space Free | Partition Type: NTFS
Drive D: | 1.95 Gb Total Space | 1.74 Gb Free Space | 89.05% Space Free | Partition Type: NTFS
Drive F: | 1.95 Gb Total Space | 1.93 Gb Free Space | 98.87% Space Free | Partition Type: FAT
Computer Name: MATLICK-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/06/20 15:41:28 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/04/08 12:59:52 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/03/31 22:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/03/22 23:56:40 | 000,687,448 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2011/03/01 23:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/03/01 23:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2010/11/11 13:55:46 | 000,159,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2010/10/21 13:53:56 | 001,211,216 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe
PRC - [2010/10/21 13:53:48 | 000,341,328 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\LWS\LU\LULnchr.exe
PRC - [2009/09/13 00:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2009/09/13 00:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/12 18:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files\Everything\Everything.exe
PRC - [2008/04/28 07:14:00 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/08/07 10:59:50 | 000,540,184 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2007/08/07 10:59:48 | 000,331,288 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsty.exe
PRC - [2007/02/05 23:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2006/04/18 04:00:00 | 000,102,400 | -H-- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
========== Modules (No Company Name) ==========
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/30 18:25:42 | 000,331,608 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/03/22 23:56:40 | 000,687,448 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
MOD - [2011/03/01 23:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2010/05/07 19:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010/05/07 19:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010/05/07 19:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010/05/07 19:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010/05/07 19:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2009/07/13 23:50:04 | 000,325,120 | ---- | M] () -- C:\Program Files\TeraCopy\TeraCopy.dll
MOD - [2009/06/22 02:26:00 | 000,305,664 | ---- | M] () -- C:\Program Files\TeraCopy\TeraCopyExt.dll
MOD - [2009/03/12 18:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files\Everything\Everything.exe
========== Win32 Services (SafeList) ==========
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/03/31 22:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/11/11 13:57:04 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2010/11/11 13:57:02 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/11/11 13:55:56 | 006,351,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010/02/19 07:44:44 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\VHStoDVD\SharedCOM\RoxMediaDBVHS.exe -- (RoxMediaDBVHS)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/08/07 10:59:50 | 000,540,184 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2007/02/05 23:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2006/04/18 04:00:00 | 000,102,400 | -H-- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\ADMINI~1\AppData\Local\Temp\pwdiifod.sys -- (pwdiifod)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\ADMINI~1\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011/03/31 22:11:10 | 004,333,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 9000(UVC)
DRV - [2011/03/31 22:09:48 | 000,291,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/12/15 00:28:10 | 000,129,024 | ---- | M] (HTC Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcusbnet.sys -- (htcusbnet)
DRV - [2010/05/07 19:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/09/08 19:13:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2009/06/19 17:59:52 | 000,533,752 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2009/06/19 17:58:56 | 000,572,280 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2009/04/10 21:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2008/01/19 00:42:12 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2007/05/11 12:00:14 | 000,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2007/04/13 06:22:56 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...=smb&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...=smb&pf=desktop
IE - HKLM\..\SearchScopes,DefaultScope = {6FC62B8E-587C-4846-A576-96F72CF4D59C}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...referrer:source?}
IE - HKLM\..\SearchScopes\{6FC62B8E-587C-4846-A576-96F72CF4D59C}: "URL" = http://slirsredirect...hpcmdtie7-en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...=smb&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...=smb&pf=desktop
IE - HKCU\..\SearchScopes,DefaultScope = {6FC62B8E-587C-4846-A576-96F72CF4D59C}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\19.0.1084.56\npchrome_frame.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Everything] C:\Program Files\Everything\Everything.exe ()
O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [setRefresh] C:\Program Files\HP\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html ()
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{306EB63B-070B-4031-AEEA-B253A1DD470D}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{435118A0-844C-4800-9AD5-2B3675E87DAF}: DhcpNameServer = 69.78.80.231 69.78.134.231
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\19.0.1084.56\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O27 - HKLM IFEO\taskmgr.exe: Debugger - C:\USERS\DADDY-O\DOCUMENTS\DOWNLOADS\PROCESSEXPLORER\PROCEXP.EXE (Sysinternals - www.sysinternals.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/06/21 20:36:16 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012/06/21 14:03:28 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/21 14:03:28 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/21 14:02:52 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/21 14:02:52 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/21 14:00:03 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Apple
[2012/06/20 16:48:59 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Google
[2012/06/20 16:48:47 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Adobe
[2012/06/20 16:48:34 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\AOL
[2012/06/20 16:48:15 | 000,000,000 | ---D | C] -- C:\ARK
[2012/06/20 16:01:41 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/06/20 16:00:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/06/20 16:00:46 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/06/20 15:59:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Hewlett-Packard
[2012/06/20 15:59:26 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Hewlett-Packard
[2012/06/20 15:58:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Apple Computer
[2012/06/20 15:58:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Apple Computer
[2012/06/20 15:58:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\ICAClient
[2012/06/20 15:58:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Citrix
[2012/06/20 15:58:14 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxres.dll
[2012/06/20 15:57:15 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/06/20 15:57:15 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Searches
[2012/06/20 15:57:15 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/06/20 15:57:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Identities
[2012/06/20 15:56:58 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Contacts
[2012/06/20 15:40:18 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Desktop\tdsskiller.exe
[2012/06/20 15:39:55 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2012/06/20 15:38:23 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Administrator\Desktop\erunt-setup.exe
[2012/06/18 18:26:14 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2012/06/18 18:25:47 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Temporary Internet Files
[2012/06/18 18:25:47 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Templates
[2012/06/18 18:25:47 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Start Menu
[2012/06/18 18:25:47 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\SendTo
[2012/06/18 18:25:47 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Recent
[2012/06/18 18:25:47 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\PrintHood
[2012/06/18 18:25:47 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\NetHood
[2012/06/18 18:25:47 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Videos
[2012/06/18 18:25:47 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Pictures
[2012/06/18 18:25:47 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Music
[2012/06/18 18:25:47 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\My Documents
[2012/06/18 18:25:47 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Local Settings
[2012/06/18 18:25:47 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\History
[2012/06/18 18:25:47 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Cookies
[2012/06/18 18:25:47 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Application Data
[2012/06/18 18:25:47 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Application Data
[2012/06/18 18:25:46 | 000,000,000 | --SD | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft
[2012/06/18 18:25:46 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Videos
[2012/06/18 18:25:46 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Saved Games
[2012/06/18 18:25:46 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Pictures
[2012/06/18 18:25:46 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Music
[2012/06/18 18:25:46 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/06/18 18:25:46 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Links
[2012/06/18 18:25:46 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Favorites
[2012/06/18 18:25:46 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Downloads
[2012/06/18 18:25:46 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Documents
[2012/06/18 18:25:46 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Desktop
[2012/06/18 18:25:46 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/06/18 18:25:46 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData
[2012/06/18 18:25:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Temp
[2012/06/18 18:25:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft Help
[2012/06/18 18:25:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft
[2012/06/01 22:14:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/06/01 22:13:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/06/01 22:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/06/01 22:05:28 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/06/21 20:40:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3023463021-2874374182-4066112519-1004UA.job
[2012/06/21 20:40:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{843560D8-038C-42DD-8AC3-20D4D1B92846}.job
[2012/06/21 20:21:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3023463021-2874374182-4066112519-1003UA.job
[2012/06/21 20:14:17 | 000,662,764 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/21 20:14:17 | 000,127,436 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/21 20:04:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/21 19:56:15 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/21 19:56:15 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/21 19:47:46 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/21 19:21:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3023463021-2874374182-4066112519-1003Core.job
[2012/06/21 19:17:04 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HP WEP.job
[2012/06/21 19:00:42 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E229BB97-8D5E-4273-BBF1-379BDD7281D0}.job
[2012/06/21 07:40:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3023463021-2874374182-4066112519-1004Core.job
[2012/06/20 16:48:30 | 000,000,943 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/06/20 16:41:37 | 000,000,512 | ---- | M] () -- C:\Users\Administrator\Desktop\MBR.dat
[2012/06/20 16:00:48 | 000,000,733 | ---- | M] () -- C:\Users\Administrator\Desktop\NTREGOPT.lnk
[2012/06/20 16:00:48 | 000,000,714 | ---- | M] () -- C:\Users\Administrator\Desktop\ERUNT.lnk
[2012/06/20 15:56:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/20 15:55:50 | 2119,487,488 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/20 15:47:12 | 000,002,113 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/06/20 15:41:28 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012/06/20 15:40:25 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Desktop\tdsskiller.exe
[2012/06/20 15:40:08 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2012/06/20 15:38:55 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Administrator\Desktop\erunt-setup.exe
[2012/06/17 20:29:51 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/02 15:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/02 15:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/02 15:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/01 22:17:04 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/06/01 22:14:21 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/01 22:05:45 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/06/20 16:48:30 | 000,000,943 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/06/20 16:41:37 | 000,000,512 | ---- | C] () -- C:\Users\Administrator\Desktop\MBR.dat
[2012/06/20 16:08:27 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\HP WEP.job
[2012/06/20 16:00:48 | 000,000,733 | ---- | C] () -- C:\Users\Administrator\Desktop\NTREGOPT.lnk
[2012/06/20 16:00:48 | 000,000,714 | ---- | C] () -- C:\Users\Administrator\Desktop\ERUNT.lnk
[2012/06/20 15:57:18 | 000,000,949 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/06/20 15:57:14 | 000,000,944 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/06/20 15:56:57 | 000,000,915 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012/06/20 15:46:50 | 000,001,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/06/19 21:35:44 | 2119,487,488 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/18 18:25:46 | 000,000,258 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/06/18 18:25:46 | 000,000,240 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/06/17 20:29:50 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/01 22:14:21 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/01 22:05:45 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/05/22 18:20:47 | 000,012,048 | -HS- | C] () -- C:\ProgramData\851qv5n3u157k8101m7f12br0n22
[2011/03/31 22:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011/03/31 22:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011/03/31 22:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011/03/31 21:56:00 | 000,027,872 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/03/27 17:06:33 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/03/22 23:58:22 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
========== LOP Check ==========
[2012/06/20 15:58:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ICAClient
[2012/06/20 15:54:53 | 000,032,540 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/06/21 20:40:00 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{843560D8-038C-42DD-8AC3-20D4D1B92846}.job
[2012/06/21 19:00:42 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E229BB97-8D5E-4273-BBF1-379BDD7281D0}.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:6495C51F
< End of report >
********************
Extras.txt
********************
OTL Extras logfile created on: 6/21/2012 8:37:00 PM - Run 1
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Administrator\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.97 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 43.02% Memory free
4.19 Gb Paging File | 2.67 Gb Available in Paging File | 63.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.09 Gb Total Space | 17.49 Gb Free Space | 11.89% Space Free | Partition Type: NTFS
Drive D: | 1.95 Gb Total Space | 1.74 Gb Free Space | 89.05% Space Free | Partition Type: NTFS
Drive F: | 1.95 Gb Total Space | 1.93 Gb Free Space | 98.87% Space Free | Partition Type: FAT
Computer Name: MATLICK-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01A6F69D-9751-45EB-B9AE-73F9FCA34F46}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{0228BF8D-A373-497F-893C-A411DCA90046}" = lport=445 | protocol=6 | dir=in | app=system |
"{06BA06AD-78DB-42F7-B193-254C33EE43D1}" = lport=138 | protocol=17 | dir=in | app=system |
"{18AF6043-7AA9-423D-92F4-1BFF30EC83AF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{232869A6-8649-4CFD-AE40-611CE58D4B0A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{2500ADC2-70FE-4EF5-BF09-AA471303DB0E}" = rport=138 | protocol=17 | dir=out | app=system |
"{301570FE-9D41-455E-8779-25BEF855CF5C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{30E6810D-A8D3-4A64-84CE-BEA970B5B2CD}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |
"{3654E060-03AB-4EC8-A689-DDD9E5BE2BB6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{4FB036EA-9AF3-4485-88B6-C4837FE6317C}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |
"{508D71FD-2128-48A1-AF64-CA9203EDDD83}" = rport=137 | protocol=17 | dir=out | app=system |
"{51362332-900E-42BF-A100-46978E38C546}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |
"{551C431F-50E3-44D3-88D4-A516F875AE4D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5CC31F92-76B1-4606-A4B5-817F9F2D91C5}" = rport=445 | protocol=6 | dir=out | app=system |
"{77342916-16C5-400E-9CFB-123002458AC4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9BBFEF94-291F-4CE8-8C5C-549EA90CA501}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |
"{9C180051-965D-46AA-838A-0CBA4ECC192C}" = rport=139 | protocol=6 | dir=out | app=system |
"{B14B1F97-63EB-44B1-84D2-110C3E10A6B4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BC2C318D-03E5-4097-9016-6759F4299A10}" = lport=139 | protocol=6 | dir=in | app=system |
"{D18C3E13-CB33-4EE6-9DC0-DA17FD83CC13}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{157D5E06-CAC4-4205-8268-5DCC145610CB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3398A348-27DF-405E-AB38-607FB55E347C}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{418AC5CE-83AC-4BEF-B966-20CF6973AC50}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{439D13B8-C8C5-4408-94D6-6EEE0AB9CF35}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{51C80226-2352-4B5E-BB36-696A01FDB3C9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5609C791-2561-417A-B523-FC2C2AC4C09A}" = protocol=17 | dir=in | app=c:\users\daddy-o\appdata\roaming\dropbox\bin\dropbox.exe |
"{6138DC9A-75EA-4612-AF73-36D37CB83003}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{6EBF96AF-1933-4D04-8029-010821638E44}" = protocol=6 | dir=in | app=c:\users\daddy-o\appdata\roaming\dropbox\bin\dropbox.exe |
"{788D67BE-22F7-4B6A-8378-D57FC7D302EB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9FF23588-7A72-461D-945D-D6C7FF1392E5}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{A8C73011-8A8E-4E82-9FC3-D7C30B37371D}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"{AEA35ED1-8CD8-40CA-A95A-21E83B286810}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BEC22E1D-118D-4960-B760-1F04FB65894D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C0871810-3FF5-40B6-AE3D-E2F6F1E561FB}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{C1D6A2E9-0F6A-476B-9E2F-BDE3FEC4BD53}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{CF1CF2BD-435E-45EE-B851-39083D34E481}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CFB6EFFC-3FFC-4479-8131-A600BE082C98}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"{D47BF551-70A4-4642-9866-B61A8EAA33F7}" = protocol=6 | dir=out | app=system |
"{D5A24380-7BFA-4733-A413-C10B62D593DC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D5D51893-EACA-4600-8865-51A79E82E277}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{D7EC313E-A463-4D58-BAC5-6C3F4C435DC9}" = dir=in | app=c:\program files\cyberlink\powerdirector express\pdx.exe |
"TCP Query User{2155A6A3-4901-4A48-B3A1-7AA1075EC9E2}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{5BC34647-BAC5-46C0-815C-EE4C0B9A3F4A}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{4D27C927-F4A2-4EFF-BDA6-14B28D6E3973}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{8F26130A-37E2-4A37-B697-D4DDC0BB1157}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix online plug-in (Web)
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15210C5B-9E04-4BF7-B019-AE958F238333}" = Roxio Easy VHS to DVD
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 26
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2C4E2E4E-A7C9-4CCB-BF03-FE6EBD5D4AB7}" = Windows Mobile Device Updater Component
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{39600969-41C3-4658-876E-16F108FC5C92}" = ISO Recorder
"{39CEE1F2-12B6-4C50-9131-04BFCA110578}" = PowerCinema NE for Everio
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4360BB46-507E-4361-8DCB-4FF9BDC9907B}" = SnagIt 7
"{44B23220-E68E-4FBC-B02C-1A89AC0C8C5F}" = Roxio CinePlayer Decoder Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix online plug-in (USB)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{601C6E14-DF1E-4113-A8C8-F9DB90CB0D88}" = SanDisk TransferMate
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1" = Auslogics Duplicate File Finder
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.14.1
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B02BF60-796D-4616-908B-B31A63CFDEFB}" = HPCarePackCore
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86DDDAAD-AEB9-42E5-BE01-0E8FABD2BB29}" = Roxio Video Capture USB
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9FE8E277-EBFC-4A5E-BD70-6F9B7F32AF0E}" = HP Total Care Advisor
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A82D052A-0806-42DF-80CD-1730A1AC0ED3}" = MrvlUsgTracking
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{ABDC7CFA-FEB4-4743-A18A-D549571F0B2A}" = BlackBerry Device Software v5.0.0 for the BlackBerry 9530 smartphone
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BA0000DF-3F5A-4B0A-A438-918BAB015508}" = iConcertCal
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C0990649-FEC2-423A-8F37-A8952404E6CD}" = Roxio Easy VHS to DVD
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ECA31632-C2AD-4774-A3CA-2813D47E4DD0}" = HPCarePackProducts
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FAE74C2C-298A-41BA-8BDB-F5A005F93278}" = Roxio Express Labeler
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"am-bejeweledr3" = Bejeweled® 3
"Any DVD Cloner Express_is1" = Any DVD Cloner Express 1.1.2
"AOL Toolbar" = AOL Toolbar 5.0
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Defraggler" = Defraggler
"Digsby" = Digsby
"DisneysMagicArtistDeinstKey" = Disney's Magic Artist
"DVD Flick_is1" = DVD Flick
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"Everything" = Everything 1.2.1.371
"Fetch" = Fetch
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Google Chrome Frame" = Google Chrome Frame
"HDMI" = Intel® Graphics Media Accelerator Driver
"HECI" = Intel® Management Engine Interface
"HP LaserJet P1000 series" = HP LaserJet P1000 series
"HTC_WModemDriver" = WModem Driver Installer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Moo0 DiskCleaner" = Moo0 DiskCleaner 1.02
"PDF Complete" = PDF Complete
"Pet Vet" = Pet Vet (remove only)
"PROPLUS" = Microsoft Office Professional Plus 2007
"PROSetDX" = Intel® PRO Network Connections 12.1.14.1
"TeraCopy_is1" = TeraCopy 2.2
"Verizon V CAST Media Manager" = Verizon V CAST Media Manager
"VLC media player" = VLC media player 1.1.5
"WinGimp-2.0_is1" = GIMP 2.6.4
"Zune" = Zune
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11/15/2010 5:32:03 PM | Computer Name = Matlick-PC | Source = Bonjour Service | ID = 100
Description = 416: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 11/15/2010 7:39:20 PM | Computer Name = Matlick-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18975 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1470 Start Time: 01cb850cbacf9ec2 Termination Time: 7
Error - 11/15/2010 9:19:41 PM | Computer Name = Matlick-PC | Source = Bonjour Service | ID = 100
Description = 416: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 11/16/2010 9:58:33 PM | Computer Name = Matlick-PC | Source = Application Hang | ID = 1002
Description = The program HPAdvisor.exe version 1.1.19.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1278 Start Time: 01cb85fad1c20100 Termination Time: 0
Error - 11/18/2010 12:10:57 AM | Computer Name = Matlick-PC | Source = Bonjour Service | ID = 100
Description = 380: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 11/18/2010 10:33:22 AM | Computer Name = Matlick-PC | Source = EventSystem | ID = 4621
Description =
Error - 11/19/2010 1:26:53 AM | Computer Name = Matlick-PC | Source = EventSystem | ID = 4621
Description =
Error - 11/19/2010 10:43:25 AM | Computer Name = Matlick-PC | Source = EventSystem | ID = 4621
Description =
Error - 11/19/2010 10:46:23 AM | Computer Name = Matlick-PC | Source = EventSystem | ID = 4622
Description =
Error - 11/19/2010 10:46:23 AM | Computer Name = Matlick-PC | Source = EventSystem | ID = 4621
Description =
[ System Events ]
Error - 6/21/2012 5:05:05 PM | Computer Name = Matlick-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 6/21/2012 5:05:05 PM | Computer Name = Matlick-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 6/21/2012 5:05:05 PM | Computer Name = Matlick-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 6/21/2012 5:05:05 PM | Computer Name = Matlick-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 6/21/2012 5:05:05 PM | Computer Name = Matlick-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 6/21/2012 5:05:05 PM | Computer Name = Matlick-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 6/21/2012 5:05:05 PM | Computer Name = Matlick-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 6/21/2012 5:05:05 PM | Computer Name = Matlick-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 6/21/2012 5:05:05 PM | Computer Name = Matlick-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 6/21/2012 10:45:11 PM | Computer Name = Matlick-PC | Source = DCOM | ID = 10010
Description =
< End of report >
**********************
checkup.txt
**********************
Results of screen317's Security Check version 0.99.42
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
CCleaner
Moo0 DiskCleaner 1.02
Java™ 6 Update 26
Java™ 6 Update 2
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials msseces.exe
Windows Defender MSMpEng.exe
Malwarebytes Anti-Malware mbamservice.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
Microsoft Security Client Antimalware NisSrv.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2 % Defragment your hard drive soon!
````````````````````End of Log``````````````````````
-
Ok, Here we go. Thanks for your help!
********************
aswMBR report
********************
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-20 16:04:44
-----------------------------
16:04:44.729 OS Version: Windows 6.0.6002 Service Pack 2
16:04:44.729 Number of processors: 2 586 0x1706
16:04:44.729 ComputerName: MATLICK-PC UserName:
16:05:24.247 Initialize success
16:06:28.104 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:06:28.104 Disk 0 Vendor: ST3160815AS 3.CHF Size: 152627MB BusType: 3
16:06:28.104 Disk 0 MBR read successfully
16:06:28.120 Disk 0 MBR scan
16:06:28.120 Disk 0 Windows VISTA default MBR code
16:06:28.120 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 150625 MB offset 2048
16:06:28.151 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 2000 MB offset 308482048
16:06:28.151 Disk 0 scanning sectors +312578048
16:06:28.214 Disk 0 scanning C:\Windows\system32\drivers
16:06:35.748 Service scanning
16:06:40.803 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
16:06:48.556 Modules scanning
16:07:09.242 Scan finished successfully
16:41:37.146 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
16:41:37.146 The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"
*********************
TDSSKILLER log
*********************
16:42:53.0967 4092 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
16:42:54.0435 4092 ============================================================
16:42:54.0435 4092 Current date / time: 2012/06/20 16:42:54.0435
16:42:54.0435 4092 SystemInfo:
16:42:54.0435 4092
16:42:54.0435 4092 OS Version: 6.0.6002 ServicePack: 2.0
16:42:54.0435 4092 Product type: Workstation
16:42:54.0435 4092 ComputerName: MATLICK-PC
16:42:54.0435 4092 UserName: Administrator
16:42:54.0435 4092 Windows directory: C:\Windows
16:42:54.0435 4092 System windows directory: C:\Windows
16:42:54.0435 4092 Processor architecture: Intel x86
16:42:54.0435 4092 Number of processors: 2
16:42:54.0435 4092 Page size: 0x1000
16:42:54.0435 4092 Boot type: Normal boot
16:42:54.0435 4092 ============================================================
16:42:54.0997 4092 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:42:55.0028 4092 ============================================================
16:42:55.0028 4092 \Device\Harddisk0\DR0:
16:42:55.0028 4092 MBR partitions:
16:42:55.0028 4092 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12630800
16:42:55.0028 4092 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x12631000, BlocksNum 0x3E8000
16:42:55.0028 4092 ============================================================
16:42:55.0059 4092 C: <-> \Device\Harddisk0\DR0\Partition0
16:42:55.0090 4092 D: <-> \Device\Harddisk0\DR0\Partition1
16:42:55.0090 4092 ============================================================
16:42:55.0090 4092 Initialize success
16:42:55.0090 4092 ============================================================
16:43:16.0696 3324 ============================================================
16:43:16.0696 3324 Scan started
16:43:16.0696 3324 Mode: Manual; SigCheck; TDLFS;
16:43:16.0696 3324 ============================================================
16:43:17.0632 3324 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
16:43:17.0726 3324 ACPI - ok
16:43:17.0788 3324 ADIHdAudAddService (b0269f270d29f0b0d602959271ab623b) C:\Windows\system32\drivers\ADIHdAud.sys
16:43:17.0882 3324 ADIHdAudAddService - ok
16:43:17.0913 3324 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
16:43:17.0975 3324 adp94xx - ok
16:43:18.0007 3324 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
16:43:18.0022 3324 adpahci - ok
16:43:18.0069 3324 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
16:43:18.0085 3324 adpu160m - ok
16:43:18.0100 3324 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
16:43:18.0116 3324 adpu320 - ok
16:43:18.0178 3324 AEADIFilters (12d23758621b00b8d3134095ec3325fd) C:\Windows\system32\AEADISRV.EXE
16:43:18.0194 3324 AEADIFilters - ok
16:43:18.0209 3324 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
16:43:18.0287 3324 AeLookupSvc - ok
16:43:18.0334 3324 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
16:43:18.0381 3324 AFD - ok
16:43:18.0412 3324 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
16:43:18.0428 3324 agp440 - ok
16:43:18.0459 3324 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
16:43:18.0475 3324 aic78xx - ok
16:43:18.0506 3324 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
16:43:18.0599 3324 ALG - ok
16:43:18.0615 3324 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
16:43:18.0631 3324 aliide - ok
16:43:18.0646 3324 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
16:43:18.0662 3324 amdagp - ok
16:43:18.0677 3324 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
16:43:18.0677 3324 amdide - ok
16:43:18.0693 3324 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
16:43:18.0818 3324 AmdK7 - ok
16:43:18.0849 3324 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
16:43:18.0865 3324 AmdK8 - ok
16:43:18.0896 3324 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
16:43:18.0927 3324 Appinfo - ok
16:43:18.0989 3324 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:43:19.0005 3324 Apple Mobile Device - ok
16:43:19.0052 3324 AppMgmt (0fe769cae5855b53c90e23f85e7e89ff) C:\Windows\System32\appmgmts.dll
16:43:19.0083 3324 AppMgmt - ok
16:43:19.0099 3324 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
16:43:19.0114 3324 arc - ok
16:43:19.0130 3324 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
16:43:19.0145 3324 arcsas - ok
16:43:19.0223 3324 aspnet_state (40c145f12ff461a0220303bda134f598) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:43:19.0223 3324 aspnet_state - ok
16:43:19.0270 3324 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
16:43:19.0286 3324 AsyncMac - ok
16:43:19.0301 3324 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
16:43:19.0317 3324 atapi - ok
16:43:19.0348 3324 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
16:43:19.0379 3324 AudioEndpointBuilder - ok
16:43:19.0379 3324 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
16:43:19.0395 3324 Audiosrv - ok
16:43:19.0426 3324 b57nd60x (8e287eb3a52fd30c999482c576f4a61b) C:\Windows\system32\DRIVERS\b57nd60x.sys
16:43:19.0457 3324 b57nd60x - ok
16:43:19.0520 3324 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
16:43:19.0520 3324 BcmSqlStartupSvc - ok
16:43:19.0551 3324 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
16:43:19.0567 3324 Beep - ok
16:43:19.0613 3324 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
16:43:19.0660 3324 BFE - ok
16:43:19.0707 3324 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
16:43:19.0738 3324 BITS - ok
16:43:19.0754 3324 blbdrive - ok
16:43:19.0863 3324 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
16:43:19.0879 3324 Bonjour Service - ok
16:43:19.0894 3324 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
16:43:19.0925 3324 bowser - ok
16:43:19.0972 3324 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
16:43:19.0988 3324 BrFiltLo - ok
16:43:20.0019 3324 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
16:43:20.0035 3324 BrFiltUp - ok
16:43:20.0066 3324 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
16:43:20.0097 3324 Browser - ok
16:43:20.0113 3324 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
16:43:20.0159 3324 Brserid - ok
16:43:20.0175 3324 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
16:43:20.0206 3324 BrSerWdm - ok
16:43:20.0222 3324 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
16:43:20.0253 3324 BrUsbMdm - ok
16:43:20.0253 3324 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
16:43:20.0284 3324 BrUsbSer - ok
16:43:20.0300 3324 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
16:43:20.0331 3324 BTHMODEM - ok
16:43:20.0393 3324 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
16:43:20.0409 3324 cdfs - ok
16:43:20.0456 3324 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
16:43:20.0471 3324 cdrom - ok
16:43:20.0534 3324 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
16:43:20.0549 3324 CertPropSvc - ok
16:43:20.0596 3324 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
16:43:20.0643 3324 circlass - ok
16:43:20.0674 3324 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
16:43:20.0690 3324 CLFS - ok
16:43:20.0737 3324 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:43:20.0752 3324 clr_optimization_v2.0.50727_32 - ok
16:43:20.0799 3324 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:43:20.0846 3324 clr_optimization_v4.0.30319_32 - ok
16:43:20.0861 3324 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
16:43:20.0861 3324 cmdide - ok
16:43:20.0877 3324 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
16:43:20.0877 3324 Compbatt - ok
16:43:20.0877 3324 COMSysApp - ok
16:43:20.0878 3324 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
16:43:20.0909 3324 crcdisk - ok
16:43:20.0909 3324 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
16:43:20.0940 3324 Crusoe - ok
16:43:20.0956 3324 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
16:43:20.0972 3324 CryptSvc - ok
16:43:21.0003 3324 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
16:43:21.0065 3324 CSC - ok
16:43:21.0112 3324 CscService (0a2095f92f6ae4fe6484d911b0c21e95) C:\Windows\System32\cscsvc.dll
16:43:21.0143 3324 CscService - ok
16:43:21.0206 3324 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\Windows\system32\DRIVERS\ctxusbm.sys
16:43:21.0237 3324 ctxusbm - ok
16:43:21.0284 3324 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
16:43:21.0330 3324 DcomLaunch - ok
16:43:21.0362 3324 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
16:43:21.0377 3324 DfsC - ok
16:43:21.0455 3324 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
16:43:21.0549 3324 DFSR - ok
16:43:21.0674 3324 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
16:43:21.0689 3324 Dhcp - ok
16:43:21.0752 3324 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
16:43:21.0767 3324 disk - ok
16:43:21.0798 3324 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
16:43:21.0830 3324 Dnscache - ok
16:43:21.0861 3324 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
16:43:21.0892 3324 dot3svc - ok
16:43:21.0923 3324 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
16:43:21.0954 3324 DPS - ok
16:43:21.0970 3324 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
16:43:21.0986 3324 drmkaud - ok
16:43:22.0017 3324 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
16:43:22.0048 3324 DXGKrnl - ok
16:43:22.0110 3324 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
16:43:22.0126 3324 e1express - ok
16:43:22.0142 3324 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
16:43:22.0188 3324 E1G60 - ok
16:43:22.0204 3324 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
16:43:22.0220 3324 EapHost - ok
16:43:22.0251 3324 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
16:43:22.0266 3324 Ecache - ok
16:43:22.0298 3324 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
16:43:22.0313 3324 elxstor - ok
16:43:22.0344 3324 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
16:43:22.0407 3324 EMDMgmt - ok
16:43:22.0469 3324 EPSON_PM_RPCV4_01 (cdca791afa0483f44bba576dbfafd04d) C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
16:43:22.0485 3324 EPSON_PM_RPCV4_01 - ok
16:43:22.0532 3324 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
16:43:22.0563 3324 EventSystem - ok
16:43:22.0625 3324 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
16:43:22.0641 3324 exfat - ok
16:43:22.0688 3324 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
16:43:22.0703 3324 fastfat - ok
16:43:22.0734 3324 Fax (dfba0f60fa301e5b1bfb1403a93ee23e) C:\Windows\system32\fxssvc.exe
16:43:22.0797 3324 Fax - ok
16:43:22.0828 3324 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
16:43:22.0844 3324 fdc - ok
16:43:22.0875 3324 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
16:43:22.0890 3324 fdPHost - ok
16:43:22.0906 3324 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
16:43:22.0953 3324 FDResPub - ok
16:43:22.0984 3324 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
16:43:23.0000 3324 FileInfo - ok
16:43:23.0015 3324 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
16:43:23.0046 3324 Filetrace - ok
16:43:23.0062 3324 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
16:43:23.0109 3324 flpydisk - ok
16:43:23.0140 3324 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
16:43:23.0156 3324 FltMgr - ok
16:43:23.0218 3324 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
16:43:23.0296 3324 FontCache - ok
16:43:23.0358 3324 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:43:23.0374 3324 FontCache3.0.0.0 - ok
16:43:23.0390 3324 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
16:43:23.0421 3324 Fs_Rec - ok
16:43:23.0452 3324 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
16:43:23.0452 3324 gagp30kx - ok
16:43:23.0483 3324 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:43:23.0483 3324 GEARAspiWDM - ok
16:43:23.0530 3324 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
16:43:23.0561 3324 gpsvc - ok
16:43:23.0639 3324 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
16:43:23.0655 3324 gupdate - ok
16:43:23.0655 3324 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
16:43:23.0670 3324 gupdatem - ok
16:43:23.0702 3324 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
16:43:23.0764 3324 HdAudAddService - ok
16:43:23.0811 3324 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:43:23.0858 3324 HDAudBus - ok
16:43:23.0904 3324 HECI (c865d1f6d03595df213dc3c67e4e4c58) C:\Windows\system32\DRIVERS\HECI.sys
16:43:23.0920 3324 HECI - ok
16:43:23.0936 3324 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
16:43:23.0982 3324 HidBth - ok
16:43:23.0998 3324 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
16:43:24.0045 3324 HidIr - ok
16:43:24.0060 3324 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
16:43:24.0092 3324 hidserv - ok
16:43:24.0107 3324 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
16:43:24.0123 3324 HidUsb - ok
16:43:24.0138 3324 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
16:43:24.0154 3324 hkmsvc - ok
16:43:24.0170 3324 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
16:43:24.0170 3324 HpCISSs - ok
16:43:24.0201 3324 htcusbnet (117d577c2ee74869428f196135daf0a1) C:\Windows\system32\DRIVERS\htcusbnet.sys
16:43:24.0216 3324 htcusbnet - ok
16:43:24.0248 3324 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
16:43:24.0310 3324 HTTP - ok
16:43:24.0310 3324 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
16:43:24.0326 3324 i2omp - ok
16:43:24.0357 3324 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
16:43:24.0372 3324 i8042prt - ok
16:43:24.0450 3324 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
16:43:24.0466 3324 iaStorV - ok
16:43:24.0591 3324 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:43:24.0622 3324 idsvc - ok
16:43:24.0762 3324 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
16:43:24.0981 3324 igfx - ok
16:43:25.0106 3324 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
16:43:25.0106 3324 iirsp - ok
16:43:25.0168 3324 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
16:43:25.0215 3324 IKEEXT - ok
16:43:25.0262 3324 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
16:43:25.0277 3324 intelide - ok
16:43:25.0308 3324 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
16:43:25.0324 3324 intelppm - ok
16:43:25.0340 3324 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
16:43:25.0371 3324 IPBusEnum - ok
16:43:25.0386 3324 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:43:25.0418 3324 IpFilterDriver - ok
16:43:25.0449 3324 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
16:43:25.0480 3324 iphlpsvc - ok
16:43:25.0480 3324 IpInIp - ok
16:43:25.0511 3324 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
16:43:25.0558 3324 IPMIDRV - ok
16:43:25.0574 3324 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
16:43:25.0605 3324 IPNAT - ok
16:43:25.0698 3324 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
16:43:25.0730 3324 iPod Service - ok
16:43:25.0776 3324 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
16:43:25.0792 3324 IRENUM - ok
16:43:25.0823 3324 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
16:43:25.0823 3324 isapnp - ok
16:43:25.0870 3324 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
16:43:25.0901 3324 iScsiPrt - ok
16:43:25.0901 3324 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
16:43:25.0917 3324 iteatapi - ok
16:43:25.0917 3324 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
16:43:25.0932 3324 iteraid - ok
16:43:25.0964 3324 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:43:25.0964 3324 kbdclass - ok
16:43:25.0979 3324 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
16:43:26.0026 3324 kbdhid - ok
16:43:26.0042 3324 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
16:43:26.0073 3324 KeyIso - ok
16:43:26.0104 3324 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
16:43:26.0135 3324 KSecDD - ok
16:43:26.0182 3324 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
16:43:26.0229 3324 KtmRm - ok
16:43:26.0260 3324 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
16:43:26.0276 3324 LanmanServer - ok
16:43:26.0307 3324 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
16:43:26.0354 3324 LanmanWorkstation - ok
16:43:26.0369 3324 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
16:43:26.0400 3324 lltdio - ok
16:43:26.0432 3324 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
16:43:26.0463 3324 lltdsvc - ok
16:43:26.0478 3324 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
16:43:26.0525 3324 lmhosts - ok
16:43:26.0556 3324 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
16:43:26.0556 3324 LSI_FC - ok
16:43:26.0588 3324 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
16:43:26.0588 3324 LSI_SAS - ok
16:43:26.0603 3324 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
16:43:26.0619 3324 LSI_SCSI - ok
16:43:26.0634 3324 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
16:43:26.0666 3324 luafv - ok
16:43:26.0697 3324 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
16:43:26.0712 3324 LVPr2Mon - ok
16:43:26.0744 3324 LVRS (b6e1ccd6572984adcae68439afd07011) C:\Windows\system32\DRIVERS\lvrs.sys
16:43:26.0759 3324 LVRS - ok
16:43:26.0900 3324 LVUVC (6c42815dd57e397f0cd988304b5eb4b3) C:\Windows\system32\DRIVERS\lvuvc.sys
16:43:27.0305 3324 LVUVC - ok
16:43:27.0414 3324 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
16:43:27.0430 3324 MBAMProtector - ok
16:43:27.0508 3324 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
16:43:27.0539 3324 MBAMService - ok
16:43:27.0570 3324 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
16:43:27.0586 3324 megasas - ok
16:43:27.0602 3324 mferkdk - ok
16:43:27.0617 3324 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
16:43:27.0648 3324 MMCSS - ok
16:43:27.0664 3324 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
16:43:27.0695 3324 Modem - ok
16:43:27.0711 3324 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
16:43:27.0726 3324 monitor - ok
16:43:27.0742 3324 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
16:43:27.0742 3324 mouclass - ok
16:43:27.0773 3324 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
16:43:27.0789 3324 mouhid - ok
16:43:27.0820 3324 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
16:43:27.0820 3324 MountMgr - ok
16:43:27.0851 3324 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
16:43:27.0867 3324 MpFilter - ok
16:43:27.0898 3324 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
16:43:27.0898 3324 mpio - ok
16:43:27.0929 3324 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
16:43:27.0929 3324 MpNWMon - ok
16:43:27.0960 3324 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
16:43:27.0976 3324 mpsdrv - ok
16:43:28.0023 3324 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
16:43:28.0038 3324 MpsSvc - ok
16:43:28.0054 3324 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
16:43:28.0054 3324 Mraid35x - ok
16:43:28.0085 3324 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
16:43:28.0101 3324 MRxDAV - ok
16:43:28.0132 3324 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:43:28.0163 3324 mrxsmb - ok
16:43:28.0194 3324 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:43:28.0226 3324 mrxsmb10 - ok
16:43:28.0226 3324 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:43:28.0241 3324 mrxsmb20 - ok
16:43:28.0257 3324 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
16:43:28.0272 3324 msahci - ok
16:43:28.0288 3324 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
16:43:28.0304 3324 msdsm - ok
16:43:28.0319 3324 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
16:43:28.0350 3324 MSDTC - ok
16:43:28.0397 3324 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
16:43:28.0413 3324 Msfs - ok
16:43:28.0460 3324 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
16:43:28.0475 3324 msisadrv - ok
16:43:28.0491 3324 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
16:43:28.0522 3324 MSiSCSI - ok
16:43:28.0522 3324 msiserver - ok
16:43:28.0553 3324 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
16:43:28.0584 3324 MSKSSRV - ok
16:43:28.0616 3324 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
16:43:28.0631 3324 MsMpSvc - ok
16:43:28.0662 3324 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
16:43:28.0678 3324 MSPCLOCK - ok
16:43:28.0694 3324 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
16:43:28.0725 3324 MSPQM - ok
16:43:28.0740 3324 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
16:43:28.0756 3324 MsRPC - ok
16:43:28.0787 3324 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
16:43:28.0803 3324 mssmbios - ok
16:43:28.0818 3324 MSSQL$MSSMLBIZ - ok
16:43:28.0865 3324 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
16:43:28.0865 3324 MSSQLServerADHelper - ok
16:43:28.0896 3324 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
16:43:28.0912 3324 MSTEE - ok
16:43:28.0928 3324 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
16:43:28.0943 3324 Mup - ok
16:43:28.0974 3324 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
16:43:29.0006 3324 napagent - ok
16:43:29.0037 3324 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
16:43:29.0052 3324 NativeWifiP - ok
16:43:29.0099 3324 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
16:43:29.0130 3324 NDIS - ok
16:43:29.0162 3324 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
16:43:29.0177 3324 NdisTapi - ok
16:43:29.0208 3324 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
16:43:29.0224 3324 Ndisuio - ok
16:43:29.0255 3324 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:43:29.0271 3324 NdisWan - ok
16:43:29.0286 3324 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
16:43:29.0302 3324 NDProxy - ok
16:43:29.0318 3324 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
16:43:29.0333 3324 NetBIOS - ok
16:43:29.0364 3324 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
16:43:29.0380 3324 netbt - ok
16:43:29.0396 3324 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
16:43:29.0411 3324 Netlogon - ok
16:43:29.0442 3324 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
16:43:29.0489 3324 Netman - ok
16:43:29.0520 3324 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
16:43:29.0552 3324 netprofm - ok
16:43:29.0630 3324 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:43:29.0630 3324 NetTcpPortSharing - ok
16:43:29.0661 3324 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
16:43:29.0676 3324 nfrd960 - ok
16:43:29.0708 3324 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:43:29.0708 3324 NisDrv - ok
16:43:29.0801 3324 NisSrv (a5cb074f34bbd89948e34a630d459c0c) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
16:43:29.0817 3324 NisSrv - ok
16:43:29.0848 3324 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
16:43:29.0879 3324 NlaSvc - ok
16:43:29.0895 3324 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
16:43:29.0910 3324 Npfs - ok
16:43:29.0942 3324 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
16:43:29.0957 3324 nsi - ok
16:43:29.0988 3324 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
16:43:30.0004 3324 nsiproxy - ok
16:43:30.0051 3324 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
16:43:30.0098 3324 Ntfs - ok
16:43:30.0129 3324 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
16:43:30.0160 3324 ntrigdigi - ok
16:43:30.0176 3324 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
16:43:30.0191 3324 Null - ok
16:43:30.0207 3324 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
16:43:30.0207 3324 nvraid - ok
16:43:30.0222 3324 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
16:43:30.0238 3324 nvstor - ok
16:43:30.0254 3324 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
16:43:30.0254 3324 nv_agp - ok
16:43:30.0269 3324 NwlnkFlt - ok
16:43:30.0269 3324 NwlnkFwd - ok
16:43:30.0347 3324 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:43:30.0363 3324 odserv - ok
16:43:30.0425 3324 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
16:43:30.0456 3324 ohci1394 - ok
16:43:30.0519 3324 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:43:30.0534 3324 ose - ok
16:43:30.0581 3324 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
16:43:30.0644 3324 p2pimsvc - ok
16:43:30.0644 3324 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
16:43:30.0675 3324 p2psvc - ok
16:43:30.0706 3324 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
16:43:30.0737 3324 Parport - ok
16:43:30.0784 3324 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
16:43:30.0800 3324 partmgr - ok
16:43:30.0846 3324 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
16:43:30.0862 3324 Parvdm - ok
16:43:30.0893 3324 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
16:43:30.0924 3324 PcaSvc - ok
16:43:30.0956 3324 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
16:43:30.0971 3324 pci - ok
16:43:31.0002 3324 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
16:43:31.0002 3324 pciide - ok
16:43:31.0034 3324 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
16:43:31.0049 3324 pcmcia - ok
16:43:31.0080 3324 pdfcDispatcher - ok
16:43:31.0127 3324 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
16:43:31.0190 3324 PEAUTH - ok
16:43:31.0268 3324 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
16:43:31.0424 3324 pla - ok
16:43:31.0548 3324 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
16:43:31.0564 3324 PlugPlay - ok
16:43:31.0642 3324 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
16:43:31.0704 3324 PNRPAutoReg - ok
16:43:31.0704 3324 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
16:43:31.0736 3324 PNRPsvc - ok
16:43:31.0767 3324 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
16:43:31.0829 3324 PolicyAgent - ok
16:43:31.0907 3324 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
16:43:31.0923 3324 PptpMiniport - ok
16:43:31.0970 3324 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
16:43:32.0016 3324 Processor - ok
16:43:32.0032 3324 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
16:43:32.0063 3324 ProfSvc - ok
16:43:32.0079 3324 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
16:43:32.0094 3324 ProtectedStorage - ok
16:43:32.0126 3324 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
16:43:32.0141 3324 PSched - ok
16:43:32.0188 3324 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
16:43:32.0188 3324 PxHelp20 - ok
16:43:32.0235 3324 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
16:43:32.0282 3324 ql2300 - ok
16:43:32.0313 3324 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
16:43:32.0328 3324 ql40xx - ok
16:43:32.0360 3324 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
16:43:32.0375 3324 QWAVE - ok
16:43:32.0406 3324 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
16:43:32.0406 3324 QWAVEdrv - ok
16:43:32.0422 3324 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
16:43:32.0438 3324 RasAcd - ok
16:43:32.0469 3324 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
16:43:32.0484 3324 RasAuto - ok
16:43:32.0516 3324 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:43:32.0531 3324 Rasl2tp - ok
16:43:32.0547 3324 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
16:43:32.0578 3324 RasMan - ok
16:43:32.0594 3324 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
16:43:32.0609 3324 RasPppoe - ok
16:43:32.0640 3324 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
16:43:32.0640 3324 RasSstp - ok
16:43:32.0672 3324 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
16:43:32.0703 3324 rdbss - ok
16:43:32.0718 3324 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:43:32.0734 3324 RDPCDD - ok
16:43:32.0765 3324 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
16:43:32.0796 3324 rdpdr - ok
16:43:32.0796 3324 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
16:43:32.0812 3324 RDPENCDD - ok
16:43:32.0859 3324 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
16:43:32.0874 3324 RDPWD - ok
16:43:32.0906 3324 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
16:43:32.0921 3324 RemoteAccess - ok
16:43:32.0952 3324 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
16:43:32.0968 3324 RemoteRegistry - ok
16:43:33.0046 3324 RichVideo (4d05898896ec49cf663dda61041ab096) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
16:43:33.0077 3324 RichVideo - ok
16:43:33.0093 3324 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
16:43:33.0124 3324 RimUsb - ok
16:43:33.0140 3324 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
16:43:33.0155 3324 RimVSerPort - ok
16:43:33.0171 3324 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
16:43:33.0202 3324 ROOTMODEM - ok
16:43:33.0327 3324 RoxMediaDBVHS (fbbdf0287fc22abac49c253e82c82f13) C:\Program Files\Common Files\Roxio Shared\VHStoDVD\SharedCOM\RoxMediaDBVHS.exe
16:43:33.0436 3324 RoxMediaDBVHS - ok
16:43:33.0545 3324 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
16:43:33.0561 3324 RpcLocator - ok
16:43:33.0623 3324 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
16:43:33.0670 3324 RpcSs - ok
16:43:33.0732 3324 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
16:43:33.0764 3324 rspndr - ok
16:43:33.0779 3324 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
16:43:33.0795 3324 SamSs - ok
16:43:33.0826 3324 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
16:43:33.0826 3324 sbp2port - ok
16:43:33.0857 3324 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
16:43:33.0888 3324 SCardSvr - ok
16:43:33.0920 3324 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
16:43:33.0982 3324 Schedule - ok
16:43:34.0013 3324 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
16:43:34.0029 3324 SCPolicySvc - ok
16:43:34.0044 3324 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
16:43:34.0076 3324 SDRSVC - ok
16:43:34.0091 3324 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:43:34.0138 3324 secdrv - ok
16:43:34.0154 3324 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
16:43:34.0169 3324 seclogon - ok
16:43:34.0185 3324 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
16:43:34.0200 3324 SENS - ok
16:43:34.0216 3324 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
16:43:34.0232 3324 Serenum - ok
16:43:34.0263 3324 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
16:43:34.0278 3324 Serial - ok
16:43:34.0310 3324 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
16:43:34.0325 3324 sermouse - ok
16:43:34.0356 3324 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
16:43:34.0372 3324 SessionEnv - ok
16:43:34.0388 3324 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
16:43:34.0419 3324 sffdisk - ok
16:43:34.0434 3324 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
16:43:34.0466 3324 sffp_mmc - ok
16:43:34.0481 3324 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
16:43:34.0512 3324 sffp_sd - ok
16:43:34.0528 3324 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
16:43:34.0544 3324 sfloppy - ok
16:43:34.0575 3324 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
16:43:34.0606 3324 SharedAccess - ok
16:43:34.0637 3324 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
16:43:34.0653 3324 ShellHWDetection - ok
16:43:34.0684 3324 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
16:43:34.0684 3324 sisagp - ok
16:43:34.0700 3324 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
16:43:34.0700 3324 SiSRaid2 - ok
16:43:34.0715 3324 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
16:43:34.0715 3324 SiSRaid4 - ok
16:43:34.0840 3324 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
16:43:35.0043 3324 slsvc - ok
16:43:35.0168 3324 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
16:43:35.0183 3324 SLUINotify - ok
16:43:35.0230 3324 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
16:43:35.0246 3324 Smb - ok
16:43:35.0277 3324 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
16:43:35.0292 3324 SNMPTRAP - ok
16:43:35.0308 3324 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
16:43:35.0324 3324 spldr - ok
16:43:35.0355 3324 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
16:43:35.0370 3324 Spooler - ok
16:43:35.0433 3324 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
16:43:35.0464 3324 SQLBrowser - ok
16:43:35.0542 3324 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
16:43:35.0542 3324 SQLWriter - ok
16:43:35.0589 3324 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
16:43:35.0620 3324 srv - ok
16:43:35.0667 3324 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
16:43:35.0698 3324 srv2 - ok
16:43:35.0714 3324 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
16:43:35.0729 3324 srvnet - ok
16:43:35.0760 3324 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
16:43:35.0792 3324 SSDPSRV - ok
16:43:35.0823 3324 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
16:43:35.0870 3324 SstpSvc - ok
16:43:35.0901 3324 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
16:43:35.0948 3324 stisvc - ok
16:43:36.0041 3324 stllssvr (ad989072596ab313d7fa13bcf69573f7) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
16:43:36.0041 3324 stllssvr - ok
16:43:36.0119 3324 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
16:43:36.0119 3324 swenum - ok
16:43:36.0150 3324 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
16:43:36.0182 3324 swprv - ok
16:43:36.0197 3324 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
16:43:36.0213 3324 Symc8xx - ok
16:43:36.0228 3324 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
16:43:36.0228 3324 Sym_hi - ok
16:43:36.0244 3324 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
16:43:36.0260 3324 Sym_u3 - ok
16:43:36.0291 3324 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
16:43:36.0322 3324 SysMain - ok
16:43:36.0369 3324 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
16:43:36.0384 3324 TabletInputService - ok
16:43:36.0400 3324 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
16:43:36.0431 3324 TapiSrv - ok
16:43:36.0462 3324 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
16:43:36.0494 3324 TBS - ok
16:43:36.0540 3324 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
16:43:36.0587 3324 Tcpip - ok
16:43:36.0587 3324 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
16:43:36.0618 3324 Tcpip6 - ok
16:43:36.0650 3324 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
16:43:36.0681 3324 tcpipreg - ok
16:43:36.0712 3324 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
16:43:36.0728 3324 TDPIPE - ok
16:43:36.0759 3324 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
16:43:36.0774 3324 TDTCP - ok
16:43:36.0806 3324 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
16:43:36.0821 3324 tdx - ok
16:43:36.0852 3324 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
16:43:36.0868 3324 TermDD - ok
16:43:36.0899 3324 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
16:43:36.0946 3324 TermService - ok
16:43:37.0008 3324 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
16:43:37.0055 3324 Themes - ok
16:43:37.0086 3324 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
16:43:37.0102 3324 THREADORDER - ok
16:43:37.0133 3324 TPM (cb258c2f726f1be73c507022be33ebb3) C:\Windows\system32\drivers\tpm.sys
16:43:37.0149 3324 TPM - ok
16:43:37.0164 3324 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
16:43:37.0196 3324 TrkWks - ok
16:43:37.0242 3324 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
16:43:37.0258 3324 TrustedInstaller - ok
16:43:37.0274 3324 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:43:37.0305 3324 tssecsrv - ok
16:43:37.0336 3324 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
16:43:37.0367 3324 tunmp - ok
16:43:37.0383 3324 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
16:43:37.0398 3324 tunnel - ok
16:43:37.0414 3324 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
16:43:37.0430 3324 uagp35 - ok
16:43:37.0461 3324 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
16:43:37.0492 3324 udfs - ok
16:43:37.0508 3324 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
16:43:37.0539 3324 UI0Detect - ok
16:43:37.0554 3324 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
16:43:37.0554 3324 uliagpkx - ok
16:43:37.0570 3324 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
16:43:37.0601 3324 uliahci - ok
16:43:37.0632 3324 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
16:43:37.0648 3324 UlSata - ok
16:43:37.0679 3324 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
16:43:37.0695 3324 ulsata2 - ok
16:43:37.0710 3324 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
16:43:37.0726 3324 umbus - ok
16:43:37.0742 3324 UmRdpService (8a66360f38f81e960e2367b428cbd5d9) C:\Windows\System32\umrdp.dll
16:43:37.0773 3324 UmRdpService - ok
16:43:37.0851 3324 UMVPFSrv (8b802b483cbde06f62dbc04dc7afaf8e) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
16:43:37.0898 3324 UMVPFSrv - ok
16:43:37.0944 3324 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
16:43:37.0991 3324 upnphost - ok
16:43:38.0054 3324 USB28xxBGA (66754eee4ad1a9896b094df64e13101a) C:\Windows\system32\DRIVERS\emBDA.sys
16:43:38.0085 3324 USB28xxBGA - ok
16:43:38.0116 3324 USB28xxOEM (7736875610b20481c0cb64db53dff780) C:\Windows\system32\DRIVERS\emOEM.sys
16:43:38.0147 3324 USB28xxOEM - ok
16:43:38.0210 3324 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
16:43:38.0225 3324 USBAAPL - ok
16:43:38.0256 3324 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
16:43:38.0272 3324 usbaudio - ok
16:43:38.0303 3324 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
16:43:38.0319 3324 usbccgp - ok
16:43:38.0350 3324 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
16:43:38.0381 3324 usbcir - ok
16:43:38.0412 3324 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
16:43:38.0444 3324 usbehci - ok
16:43:38.0475 3324 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
16:43:38.0506 3324 usbhub - ok
16:43:38.0522 3324 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
16:43:38.0553 3324 usbohci - ok
16:43:38.0584 3324 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
16:43:38.0600 3324 usbprint - ok
16:43:38.0615 3324 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
16:43:38.0631 3324 usbscan - ok
16:43:38.0646 3324 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:43:38.0678 3324 USBSTOR - ok
16:43:38.0693 3324 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
16:43:38.0709 3324 usbuhci - ok
16:43:38.0740 3324 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
16:43:38.0771 3324 usbvideo - ok
16:43:38.0802 3324 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
16:43:38.0818 3324 UxSms - ok
16:43:38.0849 3324 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
16:43:38.0896 3324 vds - ok
16:43:38.0958 3324 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
16:43:39.0005 3324 vga - ok
16:43:39.0036 3324 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
16:43:39.0052 3324 VgaSave - ok
16:43:39.0068 3324 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
16:43:39.0083 3324 viaagp - ok
16:43:39.0099 3324 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
16:43:39.0130 3324 ViaC7 - ok
16:43:39.0146 3324 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
16:43:39.0146 3324 viaide - ok
16:43:39.0177 3324 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
16:43:39.0177 3324 volmgr - ok
16:43:39.0208 3324 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
16:43:39.0239 3324 volmgrx - ok
16:43:39.0270 3324 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
16:43:39.0286 3324 volsnap - ok
16:43:39.0317 3324 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
16:43:39.0317 3324 vsmraid - ok
16:43:39.0380 3324 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
16:43:39.0426 3324 VSS - ok
16:43:39.0458 3324 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
16:43:39.0473 3324 W32Time - ok
16:43:39.0504 3324 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
16:43:39.0536 3324 WacomPen - ok
16:43:39.0567 3324 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:43:39.0582 3324 Wanarp - ok
16:43:39.0582 3324 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:43:39.0598 3324 Wanarpv6 - ok
16:43:39.0645 3324 wbengine (20b23332885dfb93fe0185362ee811e9) C:\Windows\system32\wbengine.exe
16:43:39.0723 3324 wbengine - ok
16:43:39.0754 3324 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
16:43:39.0801 3324 wcncsvc - ok
16:43:39.0832 3324 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
16:43:39.0848 3324 WcsPlugInService - ok
16:43:39.0910 3324 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
16:43:39.0926 3324 Wd - ok
16:43:39.0957 3324 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
16:43:40.0019 3324 Wdf01000 - ok
16:43:40.0050 3324 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
16:43:40.0082 3324 WdiServiceHost - ok
16:43:40.0082 3324 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
16:43:40.0113 3324 WdiSystemHost - ok
16:43:40.0128 3324 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
16:43:40.0160 3324 WebClient - ok
16:43:40.0191 3324 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
16:43:40.0222 3324 Wecsvc - ok
16:43:40.0253 3324 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
16:43:40.0269 3324 wercplsupport - ok
16:43:40.0300 3324 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
16:43:40.0331 3324 WerSvc - ok
16:43:40.0378 3324 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
16:43:40.0409 3324 WinDefend - ok
16:43:40.0409 3324 WinHttpAutoProxySvc - ok
16:43:40.0456 3324 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
16:43:40.0487 3324 Winmgmt - ok
16:43:40.0534 3324 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
16:43:40.0581 3324 WinRM - ok
16:43:40.0659 3324 WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
16:43:40.0690 3324 WinUSB - ok
16:43:40.0721 3324 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
16:43:40.0784 3324 Wlansvc - ok
16:43:40.0893 3324 WLSetupSvc (94a85e956a065e23e0010a6a7826243b) C:\Program Files\Windows Live\installer\WLSetupSvc.exe
16:43:40.0955 3324 WLSetupSvc - ok
16:43:40.0971 3324 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:43:41.0002 3324 WmiAcpi - ok
16:43:41.0033 3324 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
16:43:41.0064 3324 wmiApSrv - ok
16:43:41.0127 3324 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
16:43:41.0189 3324 WMPNetworkSvc - ok
16:43:41.0252 3324 WMZuneComm (a3ba4712ebf768edfbccec09fa120b6f) c:\Program Files\Zune\WMZuneComm.exe
16:43:41.0283 3324 WMZuneComm - ok
16:43:41.0361 3324 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
16:43:41.0392 3324 WPDBusEnum - ok
16:43:41.0439 3324 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
16:43:41.0454 3324 WpdUsb - ok
16:43:41.0579 3324 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:43:41.0610 3324 WPFFontCache_v0400 - ok
16:43:41.0626 3324 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
16:43:41.0657 3324 ws2ifsl - ok
16:43:41.0673 3324 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
16:43:41.0688 3324 wscsvc - ok
16:43:41.0704 3324 WSearch - ok
16:43:41.0782 3324 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
16:43:41.0907 3324 wuauserv - ok
16:43:42.0032 3324 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
16:43:42.0063 3324 WudfPf - ok
16:43:42.0094 3324 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:43:42.0110 3324 WUDFRd - ok
16:43:42.0125 3324 wudfsvc (2c0206ff8d2c75ac027d1096fa2fafda) C:\Windows\System32\WUDFSvc.dll
16:43:42.0156 3324 wudfsvc - ok
16:43:42.0406 3324 ZuneNetworkSvc (5bdcacd5b2b0fb972bc570e70f616acf) c:\Program Files\Zune\ZuneNss.exe
16:43:42.0843 3324 ZuneNetworkSvc - ok
16:43:42.0874 3324 ZuneWlanCfgSvc (e22e48654a66aa3e24f4646c6bc1756c) c:\Program Files\Zune\ZuneWlanCfgSvc.exe
16:43:42.0905 3324 ZuneWlanCfgSvc - ok
16:43:42.0952 3324 MBR (0x1B8) (4975bdbeda8a3afb2aeadefc06ce9e12) \Device\Harddisk0\DR0
16:43:43.0295 3324 \Device\Harddisk0\DR0 - ok
16:43:43.0295 3324 Boot (0x1200) (e3f7a9501d22505133f6ddaf3c0166a5) \Device\Harddisk0\DR0\Partition0
16:43:43.0295 3324 \Device\Harddisk0\DR0\Partition0 - ok
16:43:43.0311 3324 Boot (0x1200) (b292ab190344c7930b5139bd1665199f) \Device\Harddisk0\DR0\Partition1
16:43:43.0311 3324 \Device\Harddisk0\DR0\Partition1 - ok
16:43:43.0311 3324 ============================================================
16:43:43.0311 3324 Scan finished
16:43:43.0311 3324 ============================================================
16:43:43.0311 0304 Detected object count: 0
16:43:43.0311 0304 Actual detected object count: 0
*****Continued on Next Reply*****
-
I have a Windows Vista machine infected with PUM.Hijack.StartMenu. It appears to be only affecting one of the (limited) accounts on the machine and keeps coming back after scan/fix. According to the topic referenced below, I am starting this thread to be guided through the process of permanent cleaning. The assistance is much appreciated, thanks in advance.
PUM.Hijack.StartMenu Infection
in Resolved Malware Removal Logs
Posted
Looks like we're all set, thank you!
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.23.02
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19190
Administrator :: MATLICK-PC [administrator]
Protection: Enabled
6/22/2012 9:23:57 PM
mbam-log-2012-06-22 (21-23-57).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 312062
Time elapsed: 7 minute(s), 49 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)