Jump to content

PUM.Hijack.StartMenu Infection

mmatlick
 Share

Recommended Posts

mmatlick

mmatlick

Posted
Posted (edited)

I have a Windows Vista machine infected with PUM.Hijack.StartMenu. It appears to be only affecting one of the (limited) accounts on the machine and keeps coming back after scan/fix. According to the topic referenced below, I am starting this thread to be guided through the process of permanent cleaning. The assistance is much appreciated, thanks in advance.

http://forums.malwar...howtopic=107001

Edited by Maurice Naggar
Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Hello mmatlick and welcome to MalwareBytes forums.

Make sure you login to Windows with an administrator rights account. Do not look at any other topics to hunt for "fixes". Please follow my guidance.

The URL-topic you refer to is for another member, since resolved.

Please do as much as you can of the following.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT by doing a Right-Click on it & select Run As Admisnistrator

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Show all files:

  • Click the Start button, and then click Computer.
  • On the Organize menu, click Folder and Search Options.
  • Click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders.
  • Click Apply > OK.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Step 4

Please read carefully and follow these steps.

  • Delete the prior copies of TDSSKILLER.zip & TDSSKILLER.exe that you may have.
  • Download TDSSKiller and save it to your Desktop.
  • If on Windows 7 or Vista, RIGHT-Click on TDSSKiller.exe and select Run As Administrator to run the application.
    If on Windows XP, double-click to start.
  • Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
  • Then press Start Scan

When the scan is done, it will display a summary screen.

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 5

Create a new folder on your C drive, name it ARK ===> C:\\ARK

Go Here and click the "Download EXE" button & Save the file to ARK folder

RIGHT-click the exe and select Run As Administrator to launch the program. (If you get an immediate message about rootkit activity, ignore and proceed with instructuions please)

Click on the Rootkit/Malware Tab &

then, on the far right side, untick the Registry box,

then click Scan.

Scan progress will be shown at bottom of the program screen. Have "infinite" patience while it runs.

Once the scan is done, press the Copy button, then open NOTEPAD, Paste to it, and Save the file as Gmer.log in your ARK folder.

Attach the results here in your reply.

Step 6

RE-Enable your antivirus program. :excl:

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

  • Close all open windows on the Task Bar. Click the icon (for Vista, or Windows 7 Right click the icon and Run as Administrator) to start the program.
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  • It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!
eusa_hand.gifIf one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
Then copy/paste the following into your post (in order):
  • the contents of aswMBR report;
  • the contents of TDSSKILLER log;
  • the contents of GMER log;
  • the contents of OTL.txt;
  • the contents of Extras.txt ; and
  • the contents of checkup.txt

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites
mmatlick

mmatlick

Posted
  • Author
Posted

Ok, Here we go. Thanks for your help!

********************

aswMBR report

********************

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-06-20 16:04:44

-----------------------------

16:04:44.729 OS Version: Windows 6.0.6002 Service Pack 2

16:04:44.729 Number of processors: 2 586 0x1706

16:04:44.729 ComputerName: MATLICK-PC UserName:

16:05:24.247 Initialize success

16:06:28.104 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

16:06:28.104 Disk 0 Vendor: ST3160815AS 3.CHF Size: 152627MB BusType: 3

16:06:28.104 Disk 0 MBR read successfully

16:06:28.120 Disk 0 MBR scan

16:06:28.120 Disk 0 Windows VISTA default MBR code

16:06:28.120 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 150625 MB offset 2048

16:06:28.151 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 2000 MB offset 308482048

16:06:28.151 Disk 0 scanning sectors +312578048

16:06:28.214 Disk 0 scanning C:\Windows\system32\drivers

16:06:35.748 Service scanning

16:06:40.803 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32

16:06:48.556 Modules scanning

16:07:09.242 Scan finished successfully

16:41:37.146 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"

16:41:37.146 The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"

*********************

TDSSKILLER log

*********************

16:42:53.0967 4092 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31

16:42:54.0435 4092 ============================================================

16:42:54.0435 4092 Current date / time: 2012/06/20 16:42:54.0435

16:42:54.0435 4092 SystemInfo:

16:42:54.0435 4092

16:42:54.0435 4092 OS Version: 6.0.6002 ServicePack: 2.0

16:42:54.0435 4092 Product type: Workstation

16:42:54.0435 4092 ComputerName: MATLICK-PC

16:42:54.0435 4092 UserName: Administrator

16:42:54.0435 4092 Windows directory: C:\Windows

16:42:54.0435 4092 System windows directory: C:\Windows

16:42:54.0435 4092 Processor architecture: Intel x86

16:42:54.0435 4092 Number of processors: 2

16:42:54.0435 4092 Page size: 0x1000

16:42:54.0435 4092 Boot type: Normal boot

16:42:54.0435 4092 ============================================================

16:42:54.0997 4092 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

16:42:55.0028 4092 ============================================================

16:42:55.0028 4092 \Device\Harddisk0\DR0:

16:42:55.0028 4092 MBR partitions:

16:42:55.0028 4092 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12630800

16:42:55.0028 4092 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x12631000, BlocksNum 0x3E8000

16:42:55.0028 4092 ============================================================

16:42:55.0059 4092 C: <-> \Device\Harddisk0\DR0\Partition0

16:42:55.0090 4092 D: <-> \Device\Harddisk0\DR0\Partition1

16:42:55.0090 4092 ============================================================

16:42:55.0090 4092 Initialize success

16:42:55.0090 4092 ============================================================

16:43:16.0696 3324 ============================================================

16:43:16.0696 3324 Scan started

16:43:16.0696 3324 Mode: Manual; SigCheck; TDLFS;

16:43:16.0696 3324 ============================================================

16:43:17.0632 3324 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

16:43:17.0726 3324 ACPI - ok

16:43:17.0788 3324 ADIHdAudAddService (b0269f270d29f0b0d602959271ab623b) C:\Windows\system32\drivers\ADIHdAud.sys

16:43:17.0882 3324 ADIHdAudAddService - ok

16:43:17.0913 3324 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

16:43:17.0975 3324 adp94xx - ok

16:43:18.0007 3324 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

16:43:18.0022 3324 adpahci - ok

16:43:18.0069 3324 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

16:43:18.0085 3324 adpu160m - ok

16:43:18.0100 3324 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

16:43:18.0116 3324 adpu320 - ok

16:43:18.0178 3324 AEADIFilters (12d23758621b00b8d3134095ec3325fd) C:\Windows\system32\AEADISRV.EXE

16:43:18.0194 3324 AEADIFilters - ok

16:43:18.0209 3324 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll

16:43:18.0287 3324 AeLookupSvc - ok

16:43:18.0334 3324 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

16:43:18.0381 3324 AFD - ok

16:43:18.0412 3324 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

16:43:18.0428 3324 agp440 - ok

16:43:18.0459 3324 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

16:43:18.0475 3324 aic78xx - ok

16:43:18.0506 3324 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe

16:43:18.0599 3324 ALG - ok

16:43:18.0615 3324 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys

16:43:18.0631 3324 aliide - ok

16:43:18.0646 3324 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

16:43:18.0662 3324 amdagp - ok

16:43:18.0677 3324 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys

16:43:18.0677 3324 amdide - ok

16:43:18.0693 3324 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

16:43:18.0818 3324 AmdK7 - ok

16:43:18.0849 3324 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

16:43:18.0865 3324 AmdK8 - ok

16:43:18.0896 3324 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll

16:43:18.0927 3324 Appinfo - ok

16:43:18.0989 3324 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

16:43:19.0005 3324 Apple Mobile Device - ok

16:43:19.0052 3324 AppMgmt (0fe769cae5855b53c90e23f85e7e89ff) C:\Windows\System32\appmgmts.dll

16:43:19.0083 3324 AppMgmt - ok

16:43:19.0099 3324 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

16:43:19.0114 3324 arc - ok

16:43:19.0130 3324 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

16:43:19.0145 3324 arcsas - ok

16:43:19.0223 3324 aspnet_state (40c145f12ff461a0220303bda134f598) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

16:43:19.0223 3324 aspnet_state - ok

16:43:19.0270 3324 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

16:43:19.0286 3324 AsyncMac - ok

16:43:19.0301 3324 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

16:43:19.0317 3324 atapi - ok

16:43:19.0348 3324 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

16:43:19.0379 3324 AudioEndpointBuilder - ok

16:43:19.0379 3324 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

16:43:19.0395 3324 Audiosrv - ok

16:43:19.0426 3324 b57nd60x (8e287eb3a52fd30c999482c576f4a61b) C:\Windows\system32\DRIVERS\b57nd60x.sys

16:43:19.0457 3324 b57nd60x - ok

16:43:19.0520 3324 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

16:43:19.0520 3324 BcmSqlStartupSvc - ok

16:43:19.0551 3324 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

16:43:19.0567 3324 Beep - ok

16:43:19.0613 3324 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll

16:43:19.0660 3324 BFE - ok

16:43:19.0707 3324 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll

16:43:19.0738 3324 BITS - ok

16:43:19.0754 3324 blbdrive - ok

16:43:19.0863 3324 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe

16:43:19.0879 3324 Bonjour Service - ok

16:43:19.0894 3324 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

16:43:19.0925 3324 bowser - ok

16:43:19.0972 3324 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

16:43:19.0988 3324 BrFiltLo - ok

16:43:20.0019 3324 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

16:43:20.0035 3324 BrFiltUp - ok

16:43:20.0066 3324 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll

16:43:20.0097 3324 Browser - ok

16:43:20.0113 3324 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

16:43:20.0159 3324 Brserid - ok

16:43:20.0175 3324 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

16:43:20.0206 3324 BrSerWdm - ok

16:43:20.0222 3324 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

16:43:20.0253 3324 BrUsbMdm - ok

16:43:20.0253 3324 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

16:43:20.0284 3324 BrUsbSer - ok

16:43:20.0300 3324 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

16:43:20.0331 3324 BTHMODEM - ok

16:43:20.0393 3324 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

16:43:20.0409 3324 cdfs - ok

16:43:20.0456 3324 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

16:43:20.0471 3324 cdrom - ok

16:43:20.0534 3324 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

16:43:20.0549 3324 CertPropSvc - ok

16:43:20.0596 3324 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

16:43:20.0643 3324 circlass - ok

16:43:20.0674 3324 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

16:43:20.0690 3324 CLFS - ok

16:43:20.0737 3324 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

16:43:20.0752 3324 clr_optimization_v2.0.50727_32 - ok

16:43:20.0799 3324 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

16:43:20.0846 3324 clr_optimization_v4.0.30319_32 - ok

16:43:20.0861 3324 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys

16:43:20.0861 3324 cmdide - ok

16:43:20.0877 3324 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys

16:43:20.0877 3324 Compbatt - ok

16:43:20.0877 3324 COMSysApp - ok

16:43:20.0878 3324 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

16:43:20.0909 3324 crcdisk - ok

16:43:20.0909 3324 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

16:43:20.0940 3324 Crusoe - ok

16:43:20.0956 3324 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll

16:43:20.0972 3324 CryptSvc - ok

16:43:21.0003 3324 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys

16:43:21.0065 3324 CSC - ok

16:43:21.0112 3324 CscService (0a2095f92f6ae4fe6484d911b0c21e95) C:\Windows\System32\cscsvc.dll

16:43:21.0143 3324 CscService - ok

16:43:21.0206 3324 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\Windows\system32\DRIVERS\ctxusbm.sys

16:43:21.0237 3324 ctxusbm - ok

16:43:21.0284 3324 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

16:43:21.0330 3324 DcomLaunch - ok

16:43:21.0362 3324 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

16:43:21.0377 3324 DfsC - ok

16:43:21.0455 3324 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe

16:43:21.0549 3324 DFSR - ok

16:43:21.0674 3324 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll

16:43:21.0689 3324 Dhcp - ok

16:43:21.0752 3324 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

16:43:21.0767 3324 disk - ok

16:43:21.0798 3324 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll

16:43:21.0830 3324 Dnscache - ok

16:43:21.0861 3324 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll

16:43:21.0892 3324 dot3svc - ok

16:43:21.0923 3324 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll

16:43:21.0954 3324 DPS - ok

16:43:21.0970 3324 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

16:43:21.0986 3324 drmkaud - ok

16:43:22.0017 3324 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

16:43:22.0048 3324 DXGKrnl - ok

16:43:22.0110 3324 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys

16:43:22.0126 3324 e1express - ok

16:43:22.0142 3324 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

16:43:22.0188 3324 E1G60 - ok

16:43:22.0204 3324 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll

16:43:22.0220 3324 EapHost - ok

16:43:22.0251 3324 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

16:43:22.0266 3324 Ecache - ok

16:43:22.0298 3324 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

16:43:22.0313 3324 elxstor - ok

16:43:22.0344 3324 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll

16:43:22.0407 3324 EMDMgmt - ok

16:43:22.0469 3324 EPSON_PM_RPCV4_01 (cdca791afa0483f44bba576dbfafd04d) C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE

16:43:22.0485 3324 EPSON_PM_RPCV4_01 - ok

16:43:22.0532 3324 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll

16:43:22.0563 3324 EventSystem - ok

16:43:22.0625 3324 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

16:43:22.0641 3324 exfat - ok

16:43:22.0688 3324 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

16:43:22.0703 3324 fastfat - ok

16:43:22.0734 3324 Fax (dfba0f60fa301e5b1bfb1403a93ee23e) C:\Windows\system32\fxssvc.exe

16:43:22.0797 3324 Fax - ok

16:43:22.0828 3324 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

16:43:22.0844 3324 fdc - ok

16:43:22.0875 3324 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll

16:43:22.0890 3324 fdPHost - ok

16:43:22.0906 3324 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll

16:43:22.0953 3324 FDResPub - ok

16:43:22.0984 3324 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

16:43:23.0000 3324 FileInfo - ok

16:43:23.0015 3324 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

16:43:23.0046 3324 Filetrace - ok

16:43:23.0062 3324 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

16:43:23.0109 3324 flpydisk - ok

16:43:23.0140 3324 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

16:43:23.0156 3324 FltMgr - ok

16:43:23.0218 3324 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll

16:43:23.0296 3324 FontCache - ok

16:43:23.0358 3324 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

16:43:23.0374 3324 FontCache3.0.0.0 - ok

16:43:23.0390 3324 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

16:43:23.0421 3324 Fs_Rec - ok

16:43:23.0452 3324 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

16:43:23.0452 3324 gagp30kx - ok

16:43:23.0483 3324 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

16:43:23.0483 3324 GEARAspiWDM - ok

16:43:23.0530 3324 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll

16:43:23.0561 3324 gpsvc - ok

16:43:23.0639 3324 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

16:43:23.0655 3324 gupdate - ok

16:43:23.0655 3324 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

16:43:23.0670 3324 gupdatem - ok

16:43:23.0702 3324 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

16:43:23.0764 3324 HdAudAddService - ok

16:43:23.0811 3324 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

16:43:23.0858 3324 HDAudBus - ok

16:43:23.0904 3324 HECI (c865d1f6d03595df213dc3c67e4e4c58) C:\Windows\system32\DRIVERS\HECI.sys

16:43:23.0920 3324 HECI - ok

16:43:23.0936 3324 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

16:43:23.0982 3324 HidBth - ok

16:43:23.0998 3324 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

16:43:24.0045 3324 HidIr - ok

16:43:24.0060 3324 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll

16:43:24.0092 3324 hidserv - ok

16:43:24.0107 3324 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

16:43:24.0123 3324 HidUsb - ok

16:43:24.0138 3324 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll

16:43:24.0154 3324 hkmsvc - ok

16:43:24.0170 3324 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

16:43:24.0170 3324 HpCISSs - ok

16:43:24.0201 3324 htcusbnet (117d577c2ee74869428f196135daf0a1) C:\Windows\system32\DRIVERS\htcusbnet.sys

16:43:24.0216 3324 htcusbnet - ok

16:43:24.0248 3324 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

16:43:24.0310 3324 HTTP - ok

16:43:24.0310 3324 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

16:43:24.0326 3324 i2omp - ok

16:43:24.0357 3324 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

16:43:24.0372 3324 i8042prt - ok

16:43:24.0450 3324 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

16:43:24.0466 3324 iaStorV - ok

16:43:24.0591 3324 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

16:43:24.0622 3324 idsvc - ok

16:43:24.0762 3324 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys

16:43:24.0981 3324 igfx - ok

16:43:25.0106 3324 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

16:43:25.0106 3324 iirsp - ok

16:43:25.0168 3324 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll

16:43:25.0215 3324 IKEEXT - ok

16:43:25.0262 3324 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys

16:43:25.0277 3324 intelide - ok

16:43:25.0308 3324 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

16:43:25.0324 3324 intelppm - ok

16:43:25.0340 3324 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll

16:43:25.0371 3324 IPBusEnum - ok

16:43:25.0386 3324 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

16:43:25.0418 3324 IpFilterDriver - ok

16:43:25.0449 3324 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll

16:43:25.0480 3324 iphlpsvc - ok

16:43:25.0480 3324 IpInIp - ok

16:43:25.0511 3324 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

16:43:25.0558 3324 IPMIDRV - ok

16:43:25.0574 3324 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

16:43:25.0605 3324 IPNAT - ok

16:43:25.0698 3324 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe

16:43:25.0730 3324 iPod Service - ok

16:43:25.0776 3324 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

16:43:25.0792 3324 IRENUM - ok

16:43:25.0823 3324 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

16:43:25.0823 3324 isapnp - ok

16:43:25.0870 3324 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

16:43:25.0901 3324 iScsiPrt - ok

16:43:25.0901 3324 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

16:43:25.0917 3324 iteatapi - ok

16:43:25.0917 3324 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

16:43:25.0932 3324 iteraid - ok

16:43:25.0964 3324 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

16:43:25.0964 3324 kbdclass - ok

16:43:25.0979 3324 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys

16:43:26.0026 3324 kbdhid - ok

16:43:26.0042 3324 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

16:43:26.0073 3324 KeyIso - ok

16:43:26.0104 3324 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys

16:43:26.0135 3324 KSecDD - ok

16:43:26.0182 3324 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll

16:43:26.0229 3324 KtmRm - ok

16:43:26.0260 3324 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll

16:43:26.0276 3324 LanmanServer - ok

16:43:26.0307 3324 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll

16:43:26.0354 3324 LanmanWorkstation - ok

16:43:26.0369 3324 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

16:43:26.0400 3324 lltdio - ok

16:43:26.0432 3324 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll

16:43:26.0463 3324 lltdsvc - ok

16:43:26.0478 3324 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll

16:43:26.0525 3324 lmhosts - ok

16:43:26.0556 3324 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

16:43:26.0556 3324 LSI_FC - ok

16:43:26.0588 3324 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

16:43:26.0588 3324 LSI_SAS - ok

16:43:26.0603 3324 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

16:43:26.0619 3324 LSI_SCSI - ok

16:43:26.0634 3324 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

16:43:26.0666 3324 luafv - ok

16:43:26.0697 3324 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\Windows\system32\DRIVERS\LVPr2Mon.sys

16:43:26.0712 3324 LVPr2Mon - ok

16:43:26.0744 3324 LVRS (b6e1ccd6572984adcae68439afd07011) C:\Windows\system32\DRIVERS\lvrs.sys

16:43:26.0759 3324 LVRS - ok

16:43:26.0900 3324 LVUVC (6c42815dd57e397f0cd988304b5eb4b3) C:\Windows\system32\DRIVERS\lvuvc.sys

16:43:27.0305 3324 LVUVC - ok

16:43:27.0414 3324 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys

16:43:27.0430 3324 MBAMProtector - ok

16:43:27.0508 3324 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

16:43:27.0539 3324 MBAMService - ok

16:43:27.0570 3324 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

16:43:27.0586 3324 megasas - ok

16:43:27.0602 3324 mferkdk - ok

16:43:27.0617 3324 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

16:43:27.0648 3324 MMCSS - ok

16:43:27.0664 3324 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

16:43:27.0695 3324 Modem - ok

16:43:27.0711 3324 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

16:43:27.0726 3324 monitor - ok

16:43:27.0742 3324 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

16:43:27.0742 3324 mouclass - ok

16:43:27.0773 3324 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

16:43:27.0789 3324 mouhid - ok

16:43:27.0820 3324 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

16:43:27.0820 3324 MountMgr - ok

16:43:27.0851 3324 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys

16:43:27.0867 3324 MpFilter - ok

16:43:27.0898 3324 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

16:43:27.0898 3324 mpio - ok

16:43:27.0929 3324 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys

16:43:27.0929 3324 MpNWMon - ok

16:43:27.0960 3324 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

16:43:27.0976 3324 mpsdrv - ok

16:43:28.0023 3324 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll

16:43:28.0038 3324 MpsSvc - ok

16:43:28.0054 3324 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

16:43:28.0054 3324 Mraid35x - ok

16:43:28.0085 3324 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

16:43:28.0101 3324 MRxDAV - ok

16:43:28.0132 3324 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

16:43:28.0163 3324 mrxsmb - ok

16:43:28.0194 3324 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

16:43:28.0226 3324 mrxsmb10 - ok

16:43:28.0226 3324 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

16:43:28.0241 3324 mrxsmb20 - ok

16:43:28.0257 3324 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys

16:43:28.0272 3324 msahci - ok

16:43:28.0288 3324 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

16:43:28.0304 3324 msdsm - ok

16:43:28.0319 3324 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe

16:43:28.0350 3324 MSDTC - ok

16:43:28.0397 3324 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

16:43:28.0413 3324 Msfs - ok

16:43:28.0460 3324 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

16:43:28.0475 3324 msisadrv - ok

16:43:28.0491 3324 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll

16:43:28.0522 3324 MSiSCSI - ok

16:43:28.0522 3324 msiserver - ok

16:43:28.0553 3324 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

16:43:28.0584 3324 MSKSSRV - ok

16:43:28.0616 3324 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

16:43:28.0631 3324 MsMpSvc - ok

16:43:28.0662 3324 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

16:43:28.0678 3324 MSPCLOCK - ok

16:43:28.0694 3324 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

16:43:28.0725 3324 MSPQM - ok

16:43:28.0740 3324 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

16:43:28.0756 3324 MsRPC - ok

16:43:28.0787 3324 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

16:43:28.0803 3324 mssmbios - ok

16:43:28.0818 3324 MSSQL$MSSMLBIZ - ok

16:43:28.0865 3324 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe

16:43:28.0865 3324 MSSQLServerADHelper - ok

16:43:28.0896 3324 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

16:43:28.0912 3324 MSTEE - ok

16:43:28.0928 3324 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

16:43:28.0943 3324 Mup - ok

16:43:28.0974 3324 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll

16:43:29.0006 3324 napagent - ok

16:43:29.0037 3324 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

16:43:29.0052 3324 NativeWifiP - ok

16:43:29.0099 3324 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

16:43:29.0130 3324 NDIS - ok

16:43:29.0162 3324 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

16:43:29.0177 3324 NdisTapi - ok

16:43:29.0208 3324 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

16:43:29.0224 3324 Ndisuio - ok

16:43:29.0255 3324 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

16:43:29.0271 3324 NdisWan - ok

16:43:29.0286 3324 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

16:43:29.0302 3324 NDProxy - ok

16:43:29.0318 3324 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

16:43:29.0333 3324 NetBIOS - ok

16:43:29.0364 3324 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

16:43:29.0380 3324 netbt - ok

16:43:29.0396 3324 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

16:43:29.0411 3324 Netlogon - ok

16:43:29.0442 3324 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll

16:43:29.0489 3324 Netman - ok

16:43:29.0520 3324 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll

16:43:29.0552 3324 netprofm - ok

16:43:29.0630 3324 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

16:43:29.0630 3324 NetTcpPortSharing - ok

16:43:29.0661 3324 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

16:43:29.0676 3324 nfrd960 - ok

16:43:29.0708 3324 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

16:43:29.0708 3324 NisDrv - ok

16:43:29.0801 3324 NisSrv (a5cb074f34bbd89948e34a630d459c0c) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

16:43:29.0817 3324 NisSrv - ok

16:43:29.0848 3324 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll

16:43:29.0879 3324 NlaSvc - ok

16:43:29.0895 3324 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

16:43:29.0910 3324 Npfs - ok

16:43:29.0942 3324 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll

16:43:29.0957 3324 nsi - ok

16:43:29.0988 3324 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

16:43:30.0004 3324 nsiproxy - ok

16:43:30.0051 3324 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

16:43:30.0098 3324 Ntfs - ok

16:43:30.0129 3324 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

16:43:30.0160 3324 ntrigdigi - ok

16:43:30.0176 3324 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

16:43:30.0191 3324 Null - ok

16:43:30.0207 3324 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

16:43:30.0207 3324 nvraid - ok

16:43:30.0222 3324 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

16:43:30.0238 3324 nvstor - ok

16:43:30.0254 3324 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

16:43:30.0254 3324 nv_agp - ok

16:43:30.0269 3324 NwlnkFlt - ok

16:43:30.0269 3324 NwlnkFwd - ok

16:43:30.0347 3324 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

16:43:30.0363 3324 odserv - ok

16:43:30.0425 3324 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

16:43:30.0456 3324 ohci1394 - ok

16:43:30.0519 3324 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

16:43:30.0534 3324 ose - ok

16:43:30.0581 3324 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

16:43:30.0644 3324 p2pimsvc - ok

16:43:30.0644 3324 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

16:43:30.0675 3324 p2psvc - ok

16:43:30.0706 3324 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys

16:43:30.0737 3324 Parport - ok

16:43:30.0784 3324 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

16:43:30.0800 3324 partmgr - ok

16:43:30.0846 3324 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys

16:43:30.0862 3324 Parvdm - ok

16:43:30.0893 3324 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll

16:43:30.0924 3324 PcaSvc - ok

16:43:30.0956 3324 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

16:43:30.0971 3324 pci - ok

16:43:31.0002 3324 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

16:43:31.0002 3324 pciide - ok

16:43:31.0034 3324 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

16:43:31.0049 3324 pcmcia - ok

16:43:31.0080 3324 pdfcDispatcher - ok

16:43:31.0127 3324 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

16:43:31.0190 3324 PEAUTH - ok

16:43:31.0268 3324 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll

16:43:31.0424 3324 pla - ok

16:43:31.0548 3324 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll

16:43:31.0564 3324 PlugPlay - ok

16:43:31.0642 3324 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

16:43:31.0704 3324 PNRPAutoReg - ok

16:43:31.0704 3324 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

16:43:31.0736 3324 PNRPsvc - ok

16:43:31.0767 3324 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll

16:43:31.0829 3324 PolicyAgent - ok

16:43:31.0907 3324 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

16:43:31.0923 3324 PptpMiniport - ok

16:43:31.0970 3324 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

16:43:32.0016 3324 Processor - ok

16:43:32.0032 3324 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll

16:43:32.0063 3324 ProfSvc - ok

16:43:32.0079 3324 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

16:43:32.0094 3324 ProtectedStorage - ok

16:43:32.0126 3324 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

16:43:32.0141 3324 PSched - ok

16:43:32.0188 3324 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys

16:43:32.0188 3324 PxHelp20 - ok

16:43:32.0235 3324 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

16:43:32.0282 3324 ql2300 - ok

16:43:32.0313 3324 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

16:43:32.0328 3324 ql40xx - ok

16:43:32.0360 3324 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll

16:43:32.0375 3324 QWAVE - ok

16:43:32.0406 3324 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

16:43:32.0406 3324 QWAVEdrv - ok

16:43:32.0422 3324 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

16:43:32.0438 3324 RasAcd - ok

16:43:32.0469 3324 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll

16:43:32.0484 3324 RasAuto - ok

16:43:32.0516 3324 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

16:43:32.0531 3324 Rasl2tp - ok

16:43:32.0547 3324 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll

16:43:32.0578 3324 RasMan - ok

16:43:32.0594 3324 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

16:43:32.0609 3324 RasPppoe - ok

16:43:32.0640 3324 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

16:43:32.0640 3324 RasSstp - ok

16:43:32.0672 3324 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

16:43:32.0703 3324 rdbss - ok

16:43:32.0718 3324 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

16:43:32.0734 3324 RDPCDD - ok

16:43:32.0765 3324 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys

16:43:32.0796 3324 rdpdr - ok

16:43:32.0796 3324 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

16:43:32.0812 3324 RDPENCDD - ok

16:43:32.0859 3324 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

16:43:32.0874 3324 RDPWD - ok

16:43:32.0906 3324 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll

16:43:32.0921 3324 RemoteAccess - ok

16:43:32.0952 3324 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll

16:43:32.0968 3324 RemoteRegistry - ok

16:43:33.0046 3324 RichVideo (4d05898896ec49cf663dda61041ab096) C:\Program Files\CyberLink\Shared Files\RichVideo.exe

16:43:33.0077 3324 RichVideo - ok

16:43:33.0093 3324 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys

16:43:33.0124 3324 RimUsb - ok

16:43:33.0140 3324 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys

16:43:33.0155 3324 RimVSerPort - ok

16:43:33.0171 3324 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys

16:43:33.0202 3324 ROOTMODEM - ok

16:43:33.0327 3324 RoxMediaDBVHS (fbbdf0287fc22abac49c253e82c82f13) C:\Program Files\Common Files\Roxio Shared\VHStoDVD\SharedCOM\RoxMediaDBVHS.exe

16:43:33.0436 3324 RoxMediaDBVHS - ok

16:43:33.0545 3324 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe

16:43:33.0561 3324 RpcLocator - ok

16:43:33.0623 3324 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

16:43:33.0670 3324 RpcSs - ok

16:43:33.0732 3324 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

16:43:33.0764 3324 rspndr - ok

16:43:33.0779 3324 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

16:43:33.0795 3324 SamSs - ok

16:43:33.0826 3324 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

16:43:33.0826 3324 sbp2port - ok

16:43:33.0857 3324 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll

16:43:33.0888 3324 SCardSvr - ok

16:43:33.0920 3324 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll

16:43:33.0982 3324 Schedule - ok

16:43:34.0013 3324 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

16:43:34.0029 3324 SCPolicySvc - ok

16:43:34.0044 3324 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll

16:43:34.0076 3324 SDRSVC - ok

16:43:34.0091 3324 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

16:43:34.0138 3324 secdrv - ok

16:43:34.0154 3324 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll

16:43:34.0169 3324 seclogon - ok

16:43:34.0185 3324 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll

16:43:34.0200 3324 SENS - ok

16:43:34.0216 3324 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys

16:43:34.0232 3324 Serenum - ok

16:43:34.0263 3324 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys

16:43:34.0278 3324 Serial - ok

16:43:34.0310 3324 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

16:43:34.0325 3324 sermouse - ok

16:43:34.0356 3324 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll

16:43:34.0372 3324 SessionEnv - ok

16:43:34.0388 3324 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys

16:43:34.0419 3324 sffdisk - ok

16:43:34.0434 3324 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

16:43:34.0466 3324 sffp_mmc - ok

16:43:34.0481 3324 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys

16:43:34.0512 3324 sffp_sd - ok

16:43:34.0528 3324 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

16:43:34.0544 3324 sfloppy - ok

16:43:34.0575 3324 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll

16:43:34.0606 3324 SharedAccess - ok

16:43:34.0637 3324 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll

16:43:34.0653 3324 ShellHWDetection - ok

16:43:34.0684 3324 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

16:43:34.0684 3324 sisagp - ok

16:43:34.0700 3324 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

16:43:34.0700 3324 SiSRaid2 - ok

16:43:34.0715 3324 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

16:43:34.0715 3324 SiSRaid4 - ok

16:43:34.0840 3324 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe

16:43:35.0043 3324 slsvc - ok

16:43:35.0168 3324 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll

16:43:35.0183 3324 SLUINotify - ok

16:43:35.0230 3324 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

16:43:35.0246 3324 Smb - ok

16:43:35.0277 3324 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe

16:43:35.0292 3324 SNMPTRAP - ok

16:43:35.0308 3324 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

16:43:35.0324 3324 spldr - ok

16:43:35.0355 3324 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe

16:43:35.0370 3324 Spooler - ok

16:43:35.0433 3324 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

16:43:35.0464 3324 SQLBrowser - ok

16:43:35.0542 3324 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

16:43:35.0542 3324 SQLWriter - ok

16:43:35.0589 3324 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

16:43:35.0620 3324 srv - ok

16:43:35.0667 3324 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

16:43:35.0698 3324 srv2 - ok

16:43:35.0714 3324 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

16:43:35.0729 3324 srvnet - ok

16:43:35.0760 3324 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll

16:43:35.0792 3324 SSDPSRV - ok

16:43:35.0823 3324 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll

16:43:35.0870 3324 SstpSvc - ok

16:43:35.0901 3324 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll

16:43:35.0948 3324 stisvc - ok

16:43:36.0041 3324 stllssvr (ad989072596ab313d7fa13bcf69573f7) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

16:43:36.0041 3324 stllssvr - ok

16:43:36.0119 3324 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

16:43:36.0119 3324 swenum - ok

16:43:36.0150 3324 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll

16:43:36.0182 3324 swprv - ok

16:43:36.0197 3324 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

16:43:36.0213 3324 Symc8xx - ok

16:43:36.0228 3324 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

16:43:36.0228 3324 Sym_hi - ok

16:43:36.0244 3324 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

16:43:36.0260 3324 Sym_u3 - ok

16:43:36.0291 3324 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll

16:43:36.0322 3324 SysMain - ok

16:43:36.0369 3324 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll

16:43:36.0384 3324 TabletInputService - ok

16:43:36.0400 3324 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll

16:43:36.0431 3324 TapiSrv - ok

16:43:36.0462 3324 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll

16:43:36.0494 3324 TBS - ok

16:43:36.0540 3324 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys

16:43:36.0587 3324 Tcpip - ok

16:43:36.0587 3324 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys

16:43:36.0618 3324 Tcpip6 - ok

16:43:36.0650 3324 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys

16:43:36.0681 3324 tcpipreg - ok

16:43:36.0712 3324 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

16:43:36.0728 3324 TDPIPE - ok

16:43:36.0759 3324 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

16:43:36.0774 3324 TDTCP - ok

16:43:36.0806 3324 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

16:43:36.0821 3324 tdx - ok

16:43:36.0852 3324 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

16:43:36.0868 3324 TermDD - ok

16:43:36.0899 3324 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll

16:43:36.0946 3324 TermService - ok

16:43:37.0008 3324 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll

16:43:37.0055 3324 Themes - ok

16:43:37.0086 3324 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

16:43:37.0102 3324 THREADORDER - ok

16:43:37.0133 3324 TPM (cb258c2f726f1be73c507022be33ebb3) C:\Windows\system32\drivers\tpm.sys

16:43:37.0149 3324 TPM - ok

16:43:37.0164 3324 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll

16:43:37.0196 3324 TrkWks - ok

16:43:37.0242 3324 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe

16:43:37.0258 3324 TrustedInstaller - ok

16:43:37.0274 3324 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

16:43:37.0305 3324 tssecsrv - ok

16:43:37.0336 3324 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

16:43:37.0367 3324 tunmp - ok

16:43:37.0383 3324 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

16:43:37.0398 3324 tunnel - ok

16:43:37.0414 3324 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

16:43:37.0430 3324 uagp35 - ok

16:43:37.0461 3324 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

16:43:37.0492 3324 udfs - ok

16:43:37.0508 3324 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe

16:43:37.0539 3324 UI0Detect - ok

16:43:37.0554 3324 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

16:43:37.0554 3324 uliagpkx - ok

16:43:37.0570 3324 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

16:43:37.0601 3324 uliahci - ok

16:43:37.0632 3324 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

16:43:37.0648 3324 UlSata - ok

16:43:37.0679 3324 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

16:43:37.0695 3324 ulsata2 - ok

16:43:37.0710 3324 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

16:43:37.0726 3324 umbus - ok

16:43:37.0742 3324 UmRdpService (8a66360f38f81e960e2367b428cbd5d9) C:\Windows\System32\umrdp.dll

16:43:37.0773 3324 UmRdpService - ok

16:43:37.0851 3324 UMVPFSrv (8b802b483cbde06f62dbc04dc7afaf8e) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

16:43:37.0898 3324 UMVPFSrv - ok

16:43:37.0944 3324 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll

16:43:37.0991 3324 upnphost - ok

16:43:38.0054 3324 USB28xxBGA (66754eee4ad1a9896b094df64e13101a) C:\Windows\system32\DRIVERS\emBDA.sys

16:43:38.0085 3324 USB28xxBGA - ok

16:43:38.0116 3324 USB28xxOEM (7736875610b20481c0cb64db53dff780) C:\Windows\system32\DRIVERS\emOEM.sys

16:43:38.0147 3324 USB28xxOEM - ok

16:43:38.0210 3324 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys

16:43:38.0225 3324 USBAAPL - ok

16:43:38.0256 3324 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys

16:43:38.0272 3324 usbaudio - ok

16:43:38.0303 3324 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

16:43:38.0319 3324 usbccgp - ok

16:43:38.0350 3324 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

16:43:38.0381 3324 usbcir - ok

16:43:38.0412 3324 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

16:43:38.0444 3324 usbehci - ok

16:43:38.0475 3324 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

16:43:38.0506 3324 usbhub - ok

16:43:38.0522 3324 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

16:43:38.0553 3324 usbohci - ok

16:43:38.0584 3324 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

16:43:38.0600 3324 usbprint - ok

16:43:38.0615 3324 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

16:43:38.0631 3324 usbscan - ok

16:43:38.0646 3324 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

16:43:38.0678 3324 USBSTOR - ok

16:43:38.0693 3324 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

16:43:38.0709 3324 usbuhci - ok

16:43:38.0740 3324 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys

16:43:38.0771 3324 usbvideo - ok

16:43:38.0802 3324 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll

16:43:38.0818 3324 UxSms - ok

16:43:38.0849 3324 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe

16:43:38.0896 3324 vds - ok

16:43:38.0958 3324 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

16:43:39.0005 3324 vga - ok

16:43:39.0036 3324 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

16:43:39.0052 3324 VgaSave - ok

16:43:39.0068 3324 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

16:43:39.0083 3324 viaagp - ok

16:43:39.0099 3324 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

16:43:39.0130 3324 ViaC7 - ok

16:43:39.0146 3324 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys

16:43:39.0146 3324 viaide - ok

16:43:39.0177 3324 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

16:43:39.0177 3324 volmgr - ok

16:43:39.0208 3324 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

16:43:39.0239 3324 volmgrx - ok

16:43:39.0270 3324 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

16:43:39.0286 3324 volsnap - ok

16:43:39.0317 3324 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

16:43:39.0317 3324 vsmraid - ok

16:43:39.0380 3324 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe

16:43:39.0426 3324 VSS - ok

16:43:39.0458 3324 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll

16:43:39.0473 3324 W32Time - ok

16:43:39.0504 3324 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

16:43:39.0536 3324 WacomPen - ok

16:43:39.0567 3324 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

16:43:39.0582 3324 Wanarp - ok

16:43:39.0582 3324 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

16:43:39.0598 3324 Wanarpv6 - ok

16:43:39.0645 3324 wbengine (20b23332885dfb93fe0185362ee811e9) C:\Windows\system32\wbengine.exe

16:43:39.0723 3324 wbengine - ok

16:43:39.0754 3324 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll

16:43:39.0801 3324 wcncsvc - ok

16:43:39.0832 3324 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll

16:43:39.0848 3324 WcsPlugInService - ok

16:43:39.0910 3324 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

16:43:39.0926 3324 Wd - ok

16:43:39.0957 3324 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

16:43:40.0019 3324 Wdf01000 - ok

16:43:40.0050 3324 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

16:43:40.0082 3324 WdiServiceHost - ok

16:43:40.0082 3324 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

16:43:40.0113 3324 WdiSystemHost - ok

16:43:40.0128 3324 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll

16:43:40.0160 3324 WebClient - ok

16:43:40.0191 3324 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll

16:43:40.0222 3324 Wecsvc - ok

16:43:40.0253 3324 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll

16:43:40.0269 3324 wercplsupport - ok

16:43:40.0300 3324 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll

16:43:40.0331 3324 WerSvc - ok

16:43:40.0378 3324 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll

16:43:40.0409 3324 WinDefend - ok

16:43:40.0409 3324 WinHttpAutoProxySvc - ok

16:43:40.0456 3324 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll

16:43:40.0487 3324 Winmgmt - ok

16:43:40.0534 3324 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll

16:43:40.0581 3324 WinRM - ok

16:43:40.0659 3324 WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys

16:43:40.0690 3324 WinUSB - ok

16:43:40.0721 3324 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll

16:43:40.0784 3324 Wlansvc - ok

16:43:40.0893 3324 WLSetupSvc (94a85e956a065e23e0010a6a7826243b) C:\Program Files\Windows Live\installer\WLSetupSvc.exe

16:43:40.0955 3324 WLSetupSvc - ok

16:43:40.0971 3324 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

16:43:41.0002 3324 WmiAcpi - ok

16:43:41.0033 3324 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe

16:43:41.0064 3324 wmiApSrv - ok

16:43:41.0127 3324 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe

16:43:41.0189 3324 WMPNetworkSvc - ok

16:43:41.0252 3324 WMZuneComm (a3ba4712ebf768edfbccec09fa120b6f) c:\Program Files\Zune\WMZuneComm.exe

16:43:41.0283 3324 WMZuneComm - ok

16:43:41.0361 3324 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll

16:43:41.0392 3324 WPDBusEnum - ok

16:43:41.0439 3324 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

16:43:41.0454 3324 WpdUsb - ok

16:43:41.0579 3324 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

16:43:41.0610 3324 WPFFontCache_v0400 - ok

16:43:41.0626 3324 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

16:43:41.0657 3324 ws2ifsl - ok

16:43:41.0673 3324 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll

16:43:41.0688 3324 wscsvc - ok

16:43:41.0704 3324 WSearch - ok

16:43:41.0782 3324 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll

16:43:41.0907 3324 wuauserv - ok

16:43:42.0032 3324 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys

16:43:42.0063 3324 WudfPf - ok

16:43:42.0094 3324 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys

16:43:42.0110 3324 WUDFRd - ok

16:43:42.0125 3324 wudfsvc (2c0206ff8d2c75ac027d1096fa2fafda) C:\Windows\System32\WUDFSvc.dll

16:43:42.0156 3324 wudfsvc - ok

16:43:42.0406 3324 ZuneNetworkSvc (5bdcacd5b2b0fb972bc570e70f616acf) c:\Program Files\Zune\ZuneNss.exe

16:43:42.0843 3324 ZuneNetworkSvc - ok

16:43:42.0874 3324 ZuneWlanCfgSvc (e22e48654a66aa3e24f4646c6bc1756c) c:\Program Files\Zune\ZuneWlanCfgSvc.exe

16:43:42.0905 3324 ZuneWlanCfgSvc - ok

16:43:42.0952 3324 MBR (0x1B8) (4975bdbeda8a3afb2aeadefc06ce9e12) \Device\Harddisk0\DR0

16:43:43.0295 3324 \Device\Harddisk0\DR0 - ok

16:43:43.0295 3324 Boot (0x1200) (e3f7a9501d22505133f6ddaf3c0166a5) \Device\Harddisk0\DR0\Partition0

16:43:43.0295 3324 \Device\Harddisk0\DR0\Partition0 - ok

16:43:43.0311 3324 Boot (0x1200) (b292ab190344c7930b5139bd1665199f) \Device\Harddisk0\DR0\Partition1

16:43:43.0311 3324 \Device\Harddisk0\DR0\Partition1 - ok

16:43:43.0311 3324 ============================================================

16:43:43.0311 3324 Scan finished

16:43:43.0311 3324 ============================================================

16:43:43.0311 0304 Detected object count: 0

16:43:43.0311 0304 Actual detected object count: 0

*****Continued on Next Reply*****

Link to post
Share on other sites
mmatlick

mmatlick

Posted
  • Author
Posted

*****Continued*****

*************

GMER log

*************

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2012-06-21 20:34:14

Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3160815AS rev.3.CHF

Running: psyitkuf.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\pwdiifod.sys

---- Kernel code sections - GMER 1.0.15 ----

? C:\Users\ADMINI~1\AppData\Local\Temp\aswMBR.sys The system cannot find the file specified. !

? C:\Windows\system32\Drivers\PROCEXP141.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2796] USER32.dll!SetWindowsHookExW 75D187AD 5 Bytes JMP 6DAA9AA5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2796] USER32.dll!CallNextHookEx 75D18E3B 5 Bytes JMP 6DA9D119 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2796] USER32.dll!UnhookWindowsHookEx 75D198DB 5 Bytes JMP 6DA14686 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2796] USER32.dll!CreateWindowExW 75D21305 5 Bytes JMP 6DAADB14 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2796] USER32.dll!DialogBoxParamW 75D410B0 5 Bytes JMP 6D9D5505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2796] USER32.dll!DialogBoxIndirectParamW 75D42EF5 5 Bytes JMP 6DBA53AF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2796] USER32.dll!DialogBoxParamA 75D58152 5 Bytes JMP 6DBA534C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2796] USER32.dll!DialogBoxIndirectParamA 75D5847D 5 Bytes JMP 6DBA5412 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2796] USER32.dll!MessageBoxIndirectA 75D6D4D9 5 Bytes JMP 6DBA52E1 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2796] USER32.dll!MessageBoxIndirectW 75D6D5D3 5 Bytes JMP 6DBA5276 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2796] USER32.dll!MessageBoxExA 75D6D639 5 Bytes JMP 6DBA5214 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2796] USER32.dll!MessageBoxExW 75D6D65D 5 Bytes JMP 6DBA51B2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2796] ole32.dll!OleLoadFromStream 76181E80 5 Bytes JMP 6DBA5717 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2796] ole32.dll!CoCreateInstance 761B9F3E 5 Bytes JMP 6DAADB70 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4448] USER32.dll!SetWindowsHookExW 75D187AD 5 Bytes JMP 6DAA9AA5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4448] USER32.dll!CallNextHookEx 75D18E3B 5 Bytes JMP 6DA9D119 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4448] USER32.dll!UnhookWindowsHookEx 75D198DB 5 Bytes JMP 6DA14686 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4448] USER32.dll!CreateWindowExW 75D21305 5 Bytes JMP 6DAADB14 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4448] USER32.dll!DialogBoxParamW 75D410B0 5 Bytes JMP 6D9D5505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4448] USER32.dll!DialogBoxIndirectParamW 75D42EF5 5 Bytes JMP 6DBA53AF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4448] USER32.dll!DialogBoxParamA 75D58152 5 Bytes JMP 6DBA534C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4448] USER32.dll!DialogBoxIndirectParamA 75D5847D 5 Bytes JMP 6DBA5412 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4448] USER32.dll!MessageBoxIndirectA 75D6D4D9 5 Bytes JMP 6DBA52E1 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4448] USER32.dll!MessageBoxIndirectW 75D6D5D3 5 Bytes JMP 6DBA5276 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4448] USER32.dll!MessageBoxExA 75D6D639 5 Bytes JMP 6DBA5214 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4448] USER32.dll!MessageBoxExW 75D6D65D 5 Bytes JMP 6DBA51B2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4448] ole32.dll!OleLoadFromStream 76181E80 5 Bytes JMP 6DBA5717 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4448] ole32.dll!CoCreateInstance 761B9F3E 5 Bytes JMP 6DAADB70 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5740] USER32.dll!CreateWindowExW 75D21305 5 Bytes JMP 6DAADB14 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5740] USER32.dll!DialogBoxParamW 75D410B0 5 Bytes JMP 6D9D5505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5740] USER32.dll!DialogBoxIndirectParamW 75D42EF5 5 Bytes JMP 6DBA53AF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5740] USER32.dll!DialogBoxParamA 75D58152 5 Bytes JMP 6DBA534C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5740] USER32.dll!DialogBoxIndirectParamA 75D5847D 5 Bytes JMP 6DBA5412 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5740] USER32.dll!MessageBoxIndirectA 75D6D4D9 5 Bytes JMP 6DBA52E1 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5740] USER32.dll!MessageBoxIndirectW 75D6D5D3 5 Bytes JMP 6DBA5276 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5740] USER32.dll!MessageBoxExA 75D6D639 5 Bytes JMP 6DBA5214 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5740] USER32.dll!MessageBoxExW 75D6D65D 5 Bytes JMP 6DBA51B2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[3216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [743F7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7444A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [743FBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [743EF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [743F75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [743EE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74428395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [743FDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [743EFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [743EFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [743E71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7447CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7441C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [743ED968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [743E6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [743E687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [743F2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

*********************

OTL.txt

*********************

OTL logfile created on: 6/21/2012 8:37:00 PM - Run 1

OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Administrator\Desktop

Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19190)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 43.02% Memory free

4.19 Gb Paging File | 2.67 Gb Available in Paging File | 63.85% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 147.09 Gb Total Space | 17.49 Gb Free Space | 11.89% Space Free | Partition Type: NTFS

Drive D: | 1.95 Gb Total Space | 1.74 Gb Free Space | 89.05% Space Free | Partition Type: NTFS

Drive F: | 1.95 Gb Total Space | 1.93 Gb Free Space | 98.87% Space Free | Partition Type: FAT

Computer Name: MATLICK-PC | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/20 15:41:28 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe

PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

PRC - [2011/04/08 12:59:52 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe

PRC - [2011/03/31 22:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

PRC - [2011/03/22 23:56:40 | 000,687,448 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe

PRC - [2011/03/01 23:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

PRC - [2011/03/01 23:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe

PRC - [2010/11/11 13:55:46 | 000,159,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe

PRC - [2010/10/21 13:53:56 | 001,211,216 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe

PRC - [2010/10/21 13:53:48 | 000,341,328 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\LWS\LU\LULnchr.exe

PRC - [2009/09/13 00:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe

PRC - [2009/09/13 00:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe

PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/03/12 18:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files\Everything\Everything.exe

PRC - [2008/04/28 07:14:00 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE

PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

PRC - [2007/08/07 10:59:50 | 000,540,184 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe

PRC - [2007/08/07 10:59:48 | 000,331,288 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsty.exe

PRC - [2007/02/05 23:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE

PRC - [2006/04/18 04:00:00 | 000,102,400 | -H-- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE

========== Modules (No Company Name) ==========

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/03/30 18:25:42 | 000,331,608 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll

MOD - [2011/03/22 23:56:40 | 000,687,448 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe

MOD - [2011/03/01 23:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe

MOD - [2010/05/07 19:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll

MOD - [2010/05/07 19:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll

MOD - [2010/05/07 19:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll

MOD - [2010/05/07 19:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll

MOD - [2010/05/07 19:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll

MOD - [2009/07/13 23:50:04 | 000,325,120 | ---- | M] () -- C:\Program Files\TeraCopy\TeraCopy.dll

MOD - [2009/06/22 02:26:00 | 000,305,664 | ---- | M] () -- C:\Program Files\TeraCopy\TeraCopyExt.dll

MOD - [2009/03/12 18:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files\Everything\Everything.exe

========== Win32 Services (SafeList) ==========

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)

SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)

SRV - [2011/03/31 22:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)

SRV - [2010/11/11 13:57:04 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)

SRV - [2010/11/11 13:57:02 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)

SRV - [2010/11/11 13:55:56 | 006,351,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)

SRV - [2010/02/19 07:44:44 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\VHStoDVD\SharedCOM\RoxMediaDBVHS.exe -- (RoxMediaDBVHS)

SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)

SRV - [2007/08/07 10:59:50 | 000,540,184 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)

SRV - [2007/02/05 23:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)

SRV - [2006/04/18 04:00:00 | 000,102,400 | -H-- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\ADMINI~1\AppData\Local\Temp\pwdiifod.sys -- (pwdiifod)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\ADMINI~1\AppData\Local\Temp\aswMBR.sys -- (aswMBR)

DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)

DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)

DRV - [2011/03/31 22:11:10 | 004,333,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 9000(UVC)

DRV - [2011/03/31 22:09:48 | 000,291,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)

DRV - [2010/12/15 00:28:10 | 000,129,024 | ---- | M] (HTC Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcusbnet.sys -- (htcusbnet)

DRV - [2010/05/07 19:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)

DRV - [2009/09/08 19:13:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)

DRV - [2009/06/19 17:59:52 | 000,533,752 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM)

DRV - [2009/06/19 17:58:56 | 000,572,280 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA)

DRV - [2009/04/10 21:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)

DRV - [2008/01/19 00:42:12 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)

DRV - [2007/05/11 12:00:14 | 000,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel®

DRV - [2007/04/13 06:22:56 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...=smb&pf=desktop

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...=smb&pf=desktop

IE - HKLM\..\SearchScopes,DefaultScope = {6FC62B8E-587C-4846-A576-96F72CF4D59C}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...referrer:source?}

IE - HKLM\..\SearchScopes\{6FC62B8E-587C-4846-A576-96F72CF4D59C}: "URL" = http://slirsredirect...hpcmdtie7-en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...=smb&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...=smb&pf=desktop

IE - HKCU\..\SearchScopes,DefaultScope = {6FC62B8E-587C-4846-A576-96F72CF4D59C}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll (TechSmith Corporation)

O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\19.0.1084.56\npchrome_frame.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll (TechSmith Corporation)

O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)

O4 - HKLM..\Run: [Everything] C:\Program Files\Everything\Everything.exe ()

O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe ()

O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)

O4 - HKLM..\Run: [setRefresh] C:\Program Files\HP\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)

O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html ()

O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{306EB63B-070B-4031-AEEA-B253A1DD470D}: DhcpNameServer = 75.75.75.75 75.75.76.76

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{435118A0-844C-4800-9AD5-2B3675E87DAF}: DhcpNameServer = 69.78.80.231 69.78.134.231

O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\19.0.1084.56\npchrome_frame.dll (Google Inc.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg

O27 - HKLM IFEO\taskmgr.exe: Debugger - C:\USERS\DADDY-O\DOCUMENTS\DOWNLOADS\PROCESSEXPLORER\PROCEXP.EXE (Sysinternals - www.sysinternals.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/21 20:36:16 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe

[2012/06/21 14:03:28 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll

[2012/06/21 14:03:28 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll

[2012/06/21 14:02:52 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll

[2012/06/21 14:02:52 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe

[2012/06/21 14:00:03 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Apple

[2012/06/20 16:48:59 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Google

[2012/06/20 16:48:47 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Adobe

[2012/06/20 16:48:34 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\AOL

[2012/06/20 16:48:15 | 000,000,000 | ---D | C] -- C:\ARK

[2012/06/20 16:01:41 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012/06/20 16:00:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

[2012/06/20 16:00:46 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2012/06/20 15:59:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Hewlett-Packard

[2012/06/20 15:59:26 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Hewlett-Packard

[2012/06/20 15:58:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Apple Computer

[2012/06/20 15:58:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Apple Computer

[2012/06/20 15:58:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\ICAClient

[2012/06/20 15:58:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Citrix

[2012/06/20 15:58:14 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxres.dll

[2012/06/20 15:57:15 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

[2012/06/20 15:57:15 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Searches

[2012/06/20 15:57:15 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

[2012/06/20 15:57:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Identities

[2012/06/20 15:56:58 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Contacts

[2012/06/20 15:40:18 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Desktop\tdsskiller.exe

[2012/06/20 15:39:55 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe

[2012/06/20 15:38:23 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Administrator\Desktop\erunt-setup.exe

[2012/06/18 18:26:14 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes

[2012/06/18 18:25:47 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Temporary Internet Files

[2012/06/18 18:25:47 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Templates

[2012/06/18 18:25:47 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Start Menu

[2012/06/18 18:25:47 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\SendTo

[2012/06/18 18:25:47 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Recent

[2012/06/18 18:25:47 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\PrintHood

[2012/06/18 18:25:47 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\NetHood

[2012/06/18 18:25:47 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Videos

[2012/06/18 18:25:47 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Pictures

[2012/06/18 18:25:47 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Music

[2012/06/18 18:25:47 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\My Documents

[2012/06/18 18:25:47 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Local Settings

[2012/06/18 18:25:47 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\History

[2012/06/18 18:25:47 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Cookies

[2012/06/18 18:25:47 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Application Data

[2012/06/18 18:25:47 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Application Data

[2012/06/18 18:25:46 | 000,000,000 | --SD | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft

[2012/06/18 18:25:46 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Videos

[2012/06/18 18:25:46 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Saved Games

[2012/06/18 18:25:46 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Pictures

[2012/06/18 18:25:46 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Music

[2012/06/18 18:25:46 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

[2012/06/18 18:25:46 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Links

[2012/06/18 18:25:46 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Favorites

[2012/06/18 18:25:46 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Downloads

[2012/06/18 18:25:46 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Documents

[2012/06/18 18:25:46 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Desktop

[2012/06/18 18:25:46 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

[2012/06/18 18:25:46 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData

[2012/06/18 18:25:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Temp

[2012/06/18 18:25:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft Help

[2012/06/18 18:25:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft

[2012/06/01 22:14:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2012/06/01 22:13:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012/06/01 22:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2012/06/01 22:05:28 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/21 20:40:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3023463021-2874374182-4066112519-1004UA.job

[2012/06/21 20:40:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{843560D8-038C-42DD-8AC3-20D4D1B92846}.job

[2012/06/21 20:21:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3023463021-2874374182-4066112519-1003UA.job

[2012/06/21 20:14:17 | 000,662,764 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/06/21 20:14:17 | 000,127,436 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/06/21 20:04:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/06/21 19:56:15 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/06/21 19:56:15 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/06/21 19:47:46 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/06/21 19:21:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3023463021-2874374182-4066112519-1003Core.job

[2012/06/21 19:17:04 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HP WEP.job

[2012/06/21 19:00:42 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E229BB97-8D5E-4273-BBF1-379BDD7281D0}.job

[2012/06/21 07:40:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3023463021-2874374182-4066112519-1004Core.job

[2012/06/20 16:48:30 | 000,000,943 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012/06/20 16:41:37 | 000,000,512 | ---- | M] () -- C:\Users\Administrator\Desktop\MBR.dat

[2012/06/20 16:00:48 | 000,000,733 | ---- | M] () -- C:\Users\Administrator\Desktop\NTREGOPT.lnk

[2012/06/20 16:00:48 | 000,000,714 | ---- | M] () -- C:\Users\Administrator\Desktop\ERUNT.lnk

[2012/06/20 15:56:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/06/20 15:55:50 | 2119,487,488 | -HS- | M] () -- C:\hiberfil.sys

[2012/06/20 15:47:12 | 000,002,113 | ---- | M] () -- C:\Windows\epplauncher.mif

[2012/06/20 15:41:28 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe

[2012/06/20 15:40:25 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Desktop\tdsskiller.exe

[2012/06/20 15:40:08 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe

[2012/06/20 15:38:55 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Administrator\Desktop\erunt-setup.exe

[2012/06/17 20:29:51 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/06/02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll

[2012/06/02 15:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll

[2012/06/02 15:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll

[2012/06/02 15:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe

[2012/06/01 22:17:04 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk

[2012/06/01 22:14:21 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/06/01 22:05:45 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/20 16:48:30 | 000,000,943 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012/06/20 16:41:37 | 000,000,512 | ---- | C] () -- C:\Users\Administrator\Desktop\MBR.dat

[2012/06/20 16:08:27 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\HP WEP.job

[2012/06/20 16:00:48 | 000,000,733 | ---- | C] () -- C:\Users\Administrator\Desktop\NTREGOPT.lnk

[2012/06/20 16:00:48 | 000,000,714 | ---- | C] () -- C:\Users\Administrator\Desktop\ERUNT.lnk

[2012/06/20 15:57:18 | 000,000,949 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

[2012/06/20 15:57:14 | 000,000,944 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

[2012/06/20 15:56:57 | 000,000,915 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk

[2012/06/20 15:46:50 | 000,001,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2012/06/19 21:35:44 | 2119,487,488 | -HS- | C] () -- C:\hiberfil.sys

[2012/06/18 18:25:46 | 000,000,258 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

[2012/06/18 18:25:46 | 000,000,240 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

[2012/06/17 20:29:50 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/06/01 22:14:21 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/06/01 22:05:45 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2011/05/22 18:20:47 | 000,012,048 | -HS- | C] () -- C:\ProgramData\851qv5n3u157k8101m7f12br0n22

[2011/03/31 22:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll

[2011/03/31 22:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe

[2011/03/31 22:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll

[2011/03/31 21:56:00 | 000,027,872 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

[2011/03/27 17:06:33 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2011/03/22 23:58:22 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll

========== LOP Check ==========

[2012/06/20 15:58:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ICAClient

[2012/06/20 15:54:53 | 000,032,540 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2012/06/21 20:40:00 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{843560D8-038C-42DD-8AC3-20D4D1B92846}.job

[2012/06/21 19:00:42 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E229BB97-8D5E-4273-BBF1-379BDD7281D0}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:6495C51F

< End of report >

********************

Extras.txt

********************

OTL Extras logfile created on: 6/21/2012 8:37:00 PM - Run 1

OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Administrator\Desktop

Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19190)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 43.02% Memory free

4.19 Gb Paging File | 2.67 Gb Available in Paging File | 63.85% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 147.09 Gb Total Space | 17.49 Gb Free Space | 11.89% Space Free | Partition Type: NTFS

Drive D: | 1.95 Gb Total Space | 1.74 Gb Free Space | 89.05% Space Free | Partition Type: NTFS

Drive F: | 1.95 Gb Total Space | 1.93 Gb Free Space | 98.87% Space Free | Partition Type: FAT

Computer Name: MATLICK-PC | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 1

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01A6F69D-9751-45EB-B9AE-73F9FCA34F46}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{0228BF8D-A373-497F-893C-A411DCA90046}" = lport=445 | protocol=6 | dir=in | app=system |

"{06BA06AD-78DB-42F7-B193-254C33EE43D1}" = lport=138 | protocol=17 | dir=in | app=system |

"{18AF6043-7AA9-423D-92F4-1BFF30EC83AF}" = lport=2869 | protocol=6 | dir=in | app=system |

"{232869A6-8649-4CFD-AE40-611CE58D4B0A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{2500ADC2-70FE-4EF5-BF09-AA471303DB0E}" = rport=138 | protocol=17 | dir=out | app=system |

"{301570FE-9D41-455E-8779-25BEF855CF5C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{30E6810D-A8D3-4A64-84CE-BEA970B5B2CD}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |

"{3654E060-03AB-4EC8-A689-DDD9E5BE2BB6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

"{4FB036EA-9AF3-4485-88B6-C4837FE6317C}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |

"{508D71FD-2128-48A1-AF64-CA9203EDDD83}" = rport=137 | protocol=17 | dir=out | app=system |

"{51362332-900E-42BF-A100-46978E38C546}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |

"{551C431F-50E3-44D3-88D4-A516F875AE4D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{5CC31F92-76B1-4606-A4B5-817F9F2D91C5}" = rport=445 | protocol=6 | dir=out | app=system |

"{77342916-16C5-400E-9CFB-123002458AC4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{9BBFEF94-291F-4CE8-8C5C-549EA90CA501}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |

"{9C180051-965D-46AA-838A-0CBA4ECC192C}" = rport=139 | protocol=6 | dir=out | app=system |

"{B14B1F97-63EB-44B1-84D2-110C3E10A6B4}" = lport=2869 | protocol=6 | dir=in | app=system |

"{BC2C318D-03E5-4097-9016-6759F4299A10}" = lport=139 | protocol=6 | dir=in | app=system |

"{D18C3E13-CB33-4EE6-9DC0-DA17FD83CC13}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{157D5E06-CAC4-4205-8268-5DCC145610CB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{3398A348-27DF-405E-AB38-607FB55E347C}" = dir=in | app=c:\program files\itunes\itunes.exe |

"{418AC5CE-83AC-4BEF-B966-20CF6973AC50}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{439D13B8-C8C5-4408-94D6-6EEE0AB9CF35}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{51C80226-2352-4B5E-BB36-696A01FDB3C9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{5609C791-2561-417A-B523-FC2C2AC4C09A}" = protocol=17 | dir=in | app=c:\users\daddy-o\appdata\roaming\dropbox\bin\dropbox.exe |

"{6138DC9A-75EA-4612-AF73-36D37CB83003}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |

"{6EBF96AF-1933-4D04-8029-010821638E44}" = protocol=6 | dir=in | app=c:\users\daddy-o\appdata\roaming\dropbox\bin\dropbox.exe |

"{788D67BE-22F7-4B6A-8378-D57FC7D302EB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{9FF23588-7A72-461D-945D-D6C7FF1392E5}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |

"{A8C73011-8A8E-4E82-9FC3-D7C30B37371D}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |

"{AEA35ED1-8CD8-40CA-A95A-21E83B286810}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{BEC22E1D-118D-4960-B760-1F04FB65894D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{C0871810-3FF5-40B6-AE3D-E2F6F1E561FB}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{C1D6A2E9-0F6A-476B-9E2F-BDE3FEC4BD53}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |

"{CF1CF2BD-435E-45EE-B851-39083D34E481}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{CFB6EFFC-3FFC-4479-8131-A600BE082C98}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |

"{D47BF551-70A4-4642-9866-B61A8EAA33F7}" = protocol=6 | dir=out | app=system |

"{D5A24380-7BFA-4733-A413-C10B62D593DC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{D5D51893-EACA-4600-8865-51A79E82E277}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |

"{D7EC313E-A463-4D58-BAC5-6C3F4C435DC9}" = dir=in | app=c:\program files\cyberlink\powerdirector express\pdx.exe |

"TCP Query User{2155A6A3-4901-4A48-B3A1-7AA1075EC9E2}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"TCP Query User{5BC34647-BAC5-46C0-815C-EE4C0B9A3F4A}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |

"UDP Query User{4D27C927-F4A2-4EFF-BDA6-14B28D6E3973}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |

"UDP Query User{8F26130A-37E2-4A37-B697-D4DDC0BB1157}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware

"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)

"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video

"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix online plug-in (Web)

"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime

"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects

"{15210C5B-9E04-4BF7-B019-AE958F238333}" = Roxio Easy VHS to DVD

"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi

"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main

"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter

"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin

"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes

"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 26

"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in

"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

"{2C4E2E4E-A7C9-4CCB-BF03-FE6EBD5D4AB7}" = Windows Mobile Device Updater Component

"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2

"{39600969-41C3-4658-876E-16F108FC5C92}" = ISO Recorder

"{39CEE1F2-12B6-4C50-9131-04BFCA110578}" = PowerCinema NE for Everio

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT

"{4360BB46-507E-4361-8DCB-4FF9BDC9907B}" = SnagIt 7

"{44B23220-E68E-4FBC-B02C-1A89AC0C8C5F}" = Roxio CinePlayer Decoder Pack

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows

"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client

"{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix online plug-in (USB)

"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)

"{601C6E14-DF1E-4113-A8C8-F9DB90CB0D88}" = SanDisk TransferMate

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)

"{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1" = Auslogics Duplicate File Finder

"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)

"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit

"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery

"{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection

"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.14.1

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7B02BF60-796D-4616-908B-B31A63CFDEFB}" = HPCarePackCore

"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{86DDDAAD-AEB9-42E5-BE01-0E8FABD2BB29}" = Roxio Video Capture USB

"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007

"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components

"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel

"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin

"{9FE8E277-EBFC-4A5E-BD70-6F9B7F32AF0E}" = HP Total Care Advisor

"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer

"{A82D052A-0806-42DF-80CD-1730A1AC0ED3}" = MrvlUsgTracking

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components

"{ABDC7CFA-FEB4-4743-A18A-D549571F0B2A}" = BlackBerry Device Software v5.0.0 for the BlackBerry 9530 smartphone

"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9

"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2

"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer

"{BA0000DF-3F5A-4B0A-A438-918BAB015508}" = iConcertCal

"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)

"{C0990649-FEC2-423A-8F37-A8952404E6CD}" = Roxio Easy VHS to DVD

"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)

"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)

"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010

"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0

"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software

"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud

"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1

"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{ECA31632-C2AD-4774-A3CA-2813D47E4DD0}" = HPCarePackProducts

"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express

"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker

"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"{FAE74C2C-298A-41BA-8BDB-F5A005F93278}" = Roxio Express Labeler

"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Shockwave Player" = Adobe Shockwave Player

"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10

"am-bejeweledr3" = Bejeweled® 3

"Any DVD Cloner Express_is1" = Any DVD Cloner Express 1.1.2

"AOL Toolbar" = AOL Toolbar 5.0

"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0

"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2

"CCleaner" = CCleaner

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"Coupon Printer for Windows4.0" = Coupon Printer for Windows

"Defraggler" = Defraggler

"Digsby" = Digsby

"DisneysMagicArtistDeinstKey" = Disney's Magic Artist

"DVD Flick_is1" = DVD Flick

"EPSON Printer and Utilities" = EPSON Printer Software

"EPSON Scanner" = EPSON Scan

"ERUNT_is1" = ERUNT 1.1j

"Everything" = Everything 1.2.1.371

"Fetch" = Fetch

"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]

"Google Chrome Frame" = Google Chrome Frame

"HDMI" = Intel® Graphics Media Accelerator Driver

"HECI" = Intel® Management Engine Interface

"HP LaserJet P1000 series" = HP LaserJet P1000 series

"HTC_WModemDriver" = WModem Driver Installer

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft Security Client" = Microsoft Security Essentials

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"Moo0 DiskCleaner" = Moo0 DiskCleaner 1.02

"PDF Complete" = PDF Complete

"Pet Vet" = Pet Vet (remove only)

"PROPLUS" = Microsoft Office Professional Plus 2007

"PROSetDX" = Intel® PRO Network Connections 12.1.14.1

"TeraCopy_is1" = TeraCopy 2.2

"Verizon V CAST Media Manager" = Verizon V CAST Media Manager

"VLC media player" = VLC media player 1.1.5

"WinGimp-2.0_is1" = GIMP 2.6.4

"Zune" = Zune

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 11/15/2010 5:32:03 PM | Computer Name = Matlick-PC | Source = Bonjour Service | ID = 100

Description = 416: ERROR: read_msg errno 10054 (An existing connection was forcibly

closed by the remote host.)

Error - 11/15/2010 7:39:20 PM | Computer Name = Matlick-PC | Source = Application Hang | ID = 1002

Description = The program iexplore.exe version 8.0.6001.18975 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Problem Reports and Solutions control panel. Process

ID: 1470 Start Time: 01cb850cbacf9ec2 Termination Time: 7

Error - 11/15/2010 9:19:41 PM | Computer Name = Matlick-PC | Source = Bonjour Service | ID = 100

Description = 416: ERROR: read_msg errno 10054 (An existing connection was forcibly

closed by the remote host.)

Error - 11/16/2010 9:58:33 PM | Computer Name = Matlick-PC | Source = Application Hang | ID = 1002

Description = The program HPAdvisor.exe version 1.1.19.0 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Problem Reports and Solutions control panel. Process

ID: 1278 Start Time: 01cb85fad1c20100 Termination Time: 0

Error - 11/18/2010 12:10:57 AM | Computer Name = Matlick-PC | Source = Bonjour Service | ID = 100

Description = 380: ERROR: read_msg errno 10054 (An existing connection was forcibly

closed by the remote host.)

Error - 11/18/2010 10:33:22 AM | Computer Name = Matlick-PC | Source = EventSystem | ID = 4621

Description =

Error - 11/19/2010 1:26:53 AM | Computer Name = Matlick-PC | Source = EventSystem | ID = 4621

Description =

Error - 11/19/2010 10:43:25 AM | Computer Name = Matlick-PC | Source = EventSystem | ID = 4621

Description =

Error - 11/19/2010 10:46:23 AM | Computer Name = Matlick-PC | Source = EventSystem | ID = 4622

Description =

Error - 11/19/2010 10:46:23 AM | Computer Name = Matlick-PC | Source = EventSystem | ID = 4621

Description =

[ System Events ]

Error - 6/21/2012 5:05:05 PM | Computer Name = Matlick-PC | Source = Microsoft-Windows-Servicing | ID = 4375

Description =

Error - 6/21/2012 5:05:05 PM | Computer Name = Matlick-PC | Source = Microsoft-Windows-Servicing | ID = 4385

Description =

Error - 6/21/2012 5:05:05 PM | Computer Name = Matlick-PC | Source = Microsoft-Windows-Servicing | ID = 4375

Description =

Error - 6/21/2012 5:05:05 PM | Computer Name = Matlick-PC | Source = Microsoft-Windows-Servicing | ID = 4375

Description =

Error - 6/21/2012 5:05:05 PM | Computer Name = Matlick-PC | Source = Microsoft-Windows-Servicing | ID = 4385

Description =

Error - 6/21/2012 5:05:05 PM | Computer Name = Matlick-PC | Source = Microsoft-Windows-Servicing | ID = 4375

Description =

Error - 6/21/2012 5:05:05 PM | Computer Name = Matlick-PC | Source = Microsoft-Windows-Servicing | ID = 4385

Description =

Error - 6/21/2012 5:05:05 PM | Computer Name = Matlick-PC | Source = Microsoft-Windows-Servicing | ID = 4375

Description =

Error - 6/21/2012 5:05:05 PM | Computer Name = Matlick-PC | Source = Microsoft-Windows-Servicing | ID = 4385

Description =

Error - 6/21/2012 10:45:11 PM | Computer Name = Matlick-PC | Source = DCOM | ID = 10010

Description =

< End of report >

**********************

checkup.txt

**********************

Results of screen317's Security Check version 0.99.42

Windows Vista Service Pack 2 x86 (UAC is enabled)

Internet Explorer 8 Out of date!

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Microsoft Security Essentials

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.61.0.1400

CCleaner

Moo0 DiskCleaner 1.02

Java™ 6 Update 26

Java™ 6 Update 2

Java version out of Date!

Adobe Flash Player 10 Flash Player out of Date!

Adobe Reader 9 Adobe Reader out of Date!

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials msseces.exe

Windows Defender MSMpEng.exe

Malwarebytes Anti-Malware mbamservice.exe

Microsoft Security Client Antimalware MsMpEng.exe

Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe

Microsoft Security Client Antimalware NisSrv.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 2 % Defragment your hard drive soon!

````````````````````End of Log``````````````````````

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted (edited)

Download TFC by OldTimer and SAVE it to your desktop

  • Double-click TFC.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Java runtime

javaicon.gifYour Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of >> Windows Offline << from here and save it to your desktop.
  • Get the Offline version that corresponds to your "bit-tedness" of your Windows (32-bit or 64-bit)
    How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
  • Close any programs you may have running - especially your web browser(s).
  • Go to Start > Settings > Control Panel, select Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u5-windows-i586.exe to install the newest version.
    ( jre-7u5-windows-x64.exe if this is a 64-bit Windows o.s.)

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) javaicon.gif
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked

      • Applications and Applets
        Trace and Log Files

      [*]Click OK on Delete Temporary Files Window

      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

      [*]Click OK to leave the Temporary Files Window

Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:

Click Advanced Tab. Expand the Miscellaneous item.

UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

To test your Java Run-time, you may go to this page http://www.java.com/...help/testvm.xml

When all is well, you should see Java Version: Java 7 Update 5 from Sun Microsystems Inc.

Flash Player

Use Programs and Features (Windows 7 & Vista) or Add-or-Remove Programs (Windows XP) to de-install older versions of Flash Player.

For stubborn cases,

Download and save the Flash Player uninstaller >> uninstall Flash Player for 32-bit Windows<<

If you have Windows 64-bit, use this Flash Player uninstaller >> uninstall Flash Player for 64-bit Windows<<

Close all browsers and instant messenger (IM) programs.

Run the uninstaller.

To get latest Flash Player

Go to http://www.adobe.com/go/getflash

and get the latest Flash Player

Un-Check any checkbox for McAfee Security Scan Plus, or Google or any other widget or toolbar !!!

Reference: How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system

http://support.microsoft.com/kb/827218

Adobe Reader

Older versions of Adobe Reader pose a potential security risk.

De-install your Adobe Reader: Use Control Panel's Programs and Features, Remove Adobe Reader.

Get latest Adobe Reader version

http://get.adobe.com/reader/

Be sure to un-check the box for Free McAfee Security Scan or any "toolbar" (if offered )

MBAM scan

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Reply with copy of latest MBAM scan log, and tell me, How is your system now?

Edited by Maurice Naggar
Link to post
Share on other sites
mmatlick

mmatlick

Posted
  • Author
Posted

Looks like we're all set, thank you!

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.23.02

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 8.0.6001.19190

Administrator :: MATLICK-PC [administrator]

Protection: Enabled

6/22/2012 9:23:57 PM

mbam-log-2012-06-22 (21-23-57).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 312062

Time elapsed: 7 minute(s), 49 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Well done. :D

We can wrap this up now. I see that you are clear of your original issues.

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used.

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

ERUNT you should keep and use on a periodic basis to backup Windows registry.

Delete the following if still present:

aswMBR.exe

TDSSKILLER.exe

GMER.exe

Safer practices and malware prevention

We are finished here. Best regards.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.