Trojan.Dropper.BCMiner Trojan.Sirefef Rootkit.0Access Won't Go Away

mdv_1999 · July 14, 2012

I'm constantly getting popups and google redirects. Malwarebytes keeps detecting the same 4 infections: 1 Trojan.Sirefef, 2 Rootkit.0Access, and 1 Trojan.Dropper.BCMiner. After I click remove, restart the the computer and scan again, they keep coming back. Dont know what else to do. Ive attached hosts.txt, the Malwarebytes log, and the ntbtlog.txt. Please help!!!!

hosts.txt

mbam-log-2012-07-13 (05-31-00).txt

ntbtlog.txt

Maniac · July 14, 2012

Hello mdv_1999 and :welcome: ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In your next reply, post the following log files:

TDSSKiller log
OTL log with Extras.txt

mdv_1999 · July 15, 2012

TDSSKiller log

19:31:59.0362 3596 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35

19:31:59.0718 3596 ============================================================

19:31:59.0718 3596 Current date / time: 2012/07/14 19:31:59.0718

19:31:59.0718 3596 SystemInfo:

19:31:59.0718 3596

19:31:59.0718 3596 OS Version: 6.1.7600 ServicePack: 0.0

19:31:59.0718 3596 Product type: Workstation

19:31:59.0718 3596 ComputerName: SLEEP-PC

19:31:59.0718 3596 UserName: Sleep

19:31:59.0718 3596 Windows directory: C:\Windows

19:31:59.0718 3596 System windows directory: C:\Windows

19:31:59.0719 3596 Processor architecture: Intel x86

19:31:59.0719 3596 Number of processors: 2

19:31:59.0719 3596 Page size: 0x1000

19:31:59.0719 3596 Boot type: Normal boot

19:31:59.0719 3596 ============================================================

19:32:01.0573 3596 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

19:32:01.0575 3596 ============================================================

19:32:01.0575 3596 \Device\Harddisk0\DR0:

19:32:01.0575 3596 MBR partitions:

19:32:01.0575 3596 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000

19:32:01.0575 3596 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x236CE2B0

19:32:01.0576 3596 ============================================================

19:32:01.0616 3596 C: <-> \Device\Harddisk0\DR0\Partition1

19:32:01.0616 3596 ============================================================

19:32:01.0616 3596 Initialize success

19:32:01.0616 3596 ============================================================

19:32:08.0216 3808 ============================================================

19:32:08.0216 3808 Scan started

19:32:08.0216 3808 Mode: Manual; SigCheck; TDLFS;

19:32:08.0216 3808 ============================================================

19:32:09.0106 3808 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys

19:32:09.0183 3808 1394ohci - ok

19:32:09.0219 3808 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys

19:32:09.0236 3808 ACPI - ok

19:32:09.0254 3808 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys

19:32:09.0281 3808 AcpiPmi - ok

19:32:09.0350 3808 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

19:32:09.0361 3808 AdobeARMservice - ok

19:32:09.0402 3808 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

19:32:09.0421 3808 adp94xx - ok

19:32:09.0441 3808 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

19:32:09.0459 3808 adpahci - ok

19:32:09.0476 3808 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

19:32:09.0490 3808 adpu320 - ok

19:32:09.0519 3808 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll

19:32:09.0550 3808 AeLookupSvc - ok

19:32:09.0591 3808 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys

19:32:09.0620 3808 AFD - ok

19:32:09.0644 3808 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys

19:32:09.0657 3808 agp440 - ok

19:32:09.0687 3808 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

19:32:09.0700 3808 aic78xx - ok

19:32:09.0724 3808 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe

19:32:09.0756 3808 ALG - ok

19:32:09.0784 3808 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys

19:32:09.0797 3808 aliide - ok

19:32:09.0812 3808 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys

19:32:09.0825 3808 amdagp - ok

19:32:09.0829 3808 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys

19:32:09.0842 3808 amdide - ok

19:32:09.0867 3808 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

19:32:09.0896 3808 AmdK8 - ok

19:32:09.0912 3808 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

19:32:09.0935 3808 AmdPPM - ok

19:32:09.0968 3808 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys

19:32:09.0981 3808 amdsata - ok

19:32:09.0995 3808 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

19:32:10.0010 3808 amdsbs - ok

19:32:10.0021 3808 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys

19:32:10.0032 3808 amdxata - ok

19:32:10.0052 3808 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys

19:32:10.0076 3808 AppID - ok

19:32:10.0109 3808 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll

19:32:10.0154 3808 AppIDSvc - ok

19:32:10.0195 3808 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll

19:32:10.0223 3808 Appinfo - ok

19:32:10.0265 3808 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

19:32:10.0282 3808 arc - ok

19:32:10.0307 3808 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

19:32:10.0321 3808 arcsas - ok

19:32:10.0422 3808 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

19:32:10.0451 3808 aspnet_state - ok

19:32:10.0496 3808 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

19:32:10.0539 3808 AsyncMac - ok

19:32:10.0557 3808 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys

19:32:10.0568 3808 atapi - ok

19:32:10.0622 3808 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll

19:32:10.0671 3808 AudioEndpointBuilder - ok

19:32:10.0677 3808 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll

19:32:10.0706 3808 Audiosrv - ok

19:32:10.0733 3808 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll

19:32:10.0759 3808 AxInstSV - ok

19:32:10.0795 3808 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

19:32:10.0838 3808 b06bdrv - ok

19:32:10.0876 3808 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

19:32:10.0901 3808 b57nd60x - ok

19:32:10.0944 3808 BCM42RLY (eb4434444e2721d721a8ac8d5d2ad26b) C:\Windows\system32\drivers\BCM42RLY.sys

19:32:10.0958 3808 BCM42RLY - ok

19:32:11.0175 3808 BCM43XX (5245ebbe39ed9010240c20d21f5a26a9) C:\Windows\system32\DRIVERS\bcmwl6.sys

19:32:11.0219 3808 BCM43XX - ok

19:32:11.0393 3808 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll

19:32:11.0415 3808 BDESVC - ok

19:32:11.0493 3808 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

19:32:11.0528 3808 Beep - ok

19:32:11.0642 3808 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\System32\qmgr.dll

19:32:11.0706 3808 BITS - ok

19:32:11.0764 3808 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

19:32:11.0786 3808 blbdrive - ok

19:32:11.0817 3808 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys

19:32:11.0831 3808 bowser - ok

19:32:11.0850 3808 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

19:32:11.0873 3808 BrFiltLo - ok

19:32:11.0889 3808 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

19:32:11.0922 3808 BrFiltUp - ok

19:32:11.0943 3808 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll

19:32:11.0978 3808 Browser - ok

19:32:12.0077 3808 Browser Defender Update Service (ce37210c345f6c8b019625a1fbc8a011) C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe

19:32:12.0093 3808 Browser Defender Update Service - ok

19:32:12.0129 3808 BrSerIb (08c7e41ff10f56e83b4f10b5e8b1e8b6) C:\Windows\system32\DRIVERS\BrSerIb.sys

19:32:12.0172 3808 BrSerIb - ok

19:32:12.0219 3808 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

19:32:12.0257 3808 Brserid - ok

19:32:12.0275 3808 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

19:32:12.0312 3808 BrSerWdm - ok

19:32:12.0332 3808 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

19:32:12.0355 3808 BrUsbMdm - ok

19:32:12.0359 3808 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

19:32:12.0377 3808 BrUsbSer - ok

19:32:12.0419 3808 BrUsbSIb (2132a117160f2a96a13c044ae9bced91) C:\Windows\system32\DRIVERS\BrUsbSIb.sys

19:32:12.0433 3808 BrUsbSIb - ok

19:32:12.0444 3808 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

19:32:12.0460 3808 BTHMODEM - ok

19:32:12.0491 3808 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll

19:32:12.0529 3808 bthserv - ok

19:32:12.0558 3808 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

19:32:12.0596 3808 cdfs - ok

19:32:12.0641 3808 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys

19:32:12.0669 3808 cdrom - ok

19:32:12.0700 3808 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll

19:32:12.0735 3808 CertPropSvc - ok

19:32:12.0763 3808 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

19:32:12.0779 3808 circlass - ok

19:32:12.0823 3808 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

19:32:12.0838 3808 CLFS - ok

19:32:12.0916 3808 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

19:32:12.0929 3808 clr_optimization_v2.0.50727_32 - ok

19:32:12.0998 3808 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

19:32:13.0069 3808 clr_optimization_v4.0.30319_32 - ok

19:32:13.0105 3808 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

19:32:13.0134 3808 CmBatt - ok

19:32:13.0160 3808 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys

19:32:13.0172 3808 cmdide - ok

19:32:13.0211 3808 CNG (db5e008b3744dd60c8498cbbf2a1cfa6) C:\Windows\system32\Drivers\cng.sys

19:32:13.0254 3808 CNG - ok

19:32:13.0293 3808 CnxtHdAudService (ff2d3984d938168cb56e839f1e77afd9) C:\Windows\system32\drivers\CHDRT32.sys

19:32:13.0321 3808 CnxtHdAudService - ok

19:32:13.0359 3808 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

19:32:13.0371 3808 Compbatt - ok

19:32:13.0391 3808 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys

19:32:13.0416 3808 CompositeBus - ok

19:32:13.0429 3808 COMSysApp - ok

19:32:13.0442 3808 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

19:32:13.0456 3808 crcdisk - ok

19:32:13.0498 3808 CryptSvc (520a108a2657f4bca7fced9ca7d885de) C:\Windows\system32\cryptsvc.dll

19:32:13.0527 3808 CryptSvc - ok

19:32:13.0675 3808 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll

19:32:13.0720 3808 DcomLaunch - ok

19:32:13.0735 3808 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll

19:32:13.0764 3808 defragsvc - ok

19:32:13.0814 3808 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys

19:32:13.0837 3808 DfsC - ok

19:32:13.0881 3808 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll

19:32:13.0899 3808 Dhcp - ok

19:32:13.0956 3808 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

19:32:13.0993 3808 discache - ok

19:32:14.0024 3808 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

19:32:14.0036 3808 Disk - ok

19:32:14.0048 3808 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll

19:32:14.0073 3808 Dnscache - ok

19:32:14.0093 3808 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll

19:32:14.0139 3808 dot3svc - ok

19:32:14.0176 3808 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll

19:32:14.0219 3808 DPS - ok

19:32:14.0245 3808 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

19:32:14.0273 3808 drmkaud - ok

19:32:14.0305 3808 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys

19:32:14.0327 3808 DXGKrnl - ok

19:32:14.0354 3808 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll

19:32:14.0393 3808 EapHost - ok

19:32:14.0524 3808 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

19:32:14.0615 3808 ebdrv - ok

19:32:14.0706 3808 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe

19:32:14.0741 3808 EFS - ok

19:32:14.0804 3808 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe

19:32:14.0836 3808 ehRecvr - ok

19:32:14.0861 3808 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe

19:32:14.0884 3808 ehSched - ok

19:32:14.0953 3808 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

19:32:14.0973 3808 elxstor - ok

19:32:14.0993 3808 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys

19:32:15.0016 3808 ErrDev - ok

19:32:15.0062 3808 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll

19:32:15.0102 3808 EventSystem - ok

19:32:15.0180 3808 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

19:32:15.0207 3808 exfat - ok

19:32:15.0219 3808 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

19:32:15.0245 3808 fastfat - ok

19:32:15.0287 3808 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe

19:32:15.0307 3808 Fax - ok

19:32:15.0325 3808 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

19:32:15.0348 3808 fdc - ok

19:32:15.0383 3808 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll

19:32:15.0421 3808 fdPHost - ok

19:32:15.0435 3808 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll

19:32:15.0476 3808 FDResPub - ok

19:32:15.0512 3808 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

19:32:15.0524 3808 FileInfo - ok

19:32:15.0537 3808 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

19:32:15.0562 3808 Filetrace - ok

19:32:15.0573 3808 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

19:32:15.0601 3808 flpydisk - ok

19:32:15.0626 3808 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

19:32:15.0640 3808 FltMgr - ok

19:32:15.0691 3808 FontCache (7fe4995528a7529a761875151ee3d512) C:\Windows\system32\FntCache.dll

19:32:15.0725 3808 FontCache - ok

19:32:15.0836 3808 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

19:32:15.0846 3808 FontCache3.0.0.0 - ok

19:32:15.0856 3808 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

19:32:15.0869 3808 FsDepends - ok

19:32:15.0892 3808 Fs_Rec (500a9814fd9446a8126858a5a7f7d273) C:\Windows\system32\drivers\Fs_Rec.sys

19:32:15.0904 3808 Fs_Rec - ok

19:32:15.0934 3808 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys

19:32:15.0951 3808 fvevol - ok

19:32:15.0978 3808 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

19:32:15.0992 3808 gagp30kx - ok

19:32:16.0056 3808 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll

19:32:16.0125 3808 gpsvc - ok

19:32:16.0143 3808 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

19:32:16.0172 3808 hcw85cir - ok

19:32:16.0196 3808 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys

19:32:16.0212 3808 HDAudBus - ok

19:32:16.0236 3808 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

19:32:16.0268 3808 HidBatt - ok

19:32:16.0302 3808 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

19:32:16.0330 3808 HidBth - ok

19:32:16.0371 3808 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

19:32:16.0403 3808 HidIr - ok

19:32:16.0447 3808 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll

19:32:16.0513 3808 hidserv - ok

19:32:16.0590 3808 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys

19:32:16.0619 3808 HidUsb - ok

19:32:16.0645 3808 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll

19:32:16.0684 3808 hkmsvc - ok

19:32:16.0730 3808 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll

19:32:16.0759 3808 HomeGroupListener - ok

19:32:16.0792 3808 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll

19:32:16.0831 3808 HomeGroupProvider - ok

19:32:16.0919 3808 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys

19:32:16.0953 3808 HpSAMD - ok

19:32:17.0804 3808 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys

19:32:17.0873 3808 HTTP - ok

19:32:17.0923 3808 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys

19:32:17.0935 3808 hwpolicy - ok

19:32:18.0044 3808 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

19:32:18.0077 3808 i8042prt - ok

19:32:18.0300 3808 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys

19:32:18.0317 3808 iaStorV - ok

19:32:18.0792 3808 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

19:32:18.0871 3808 idsvc - ok

19:32:21.0883 3808 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys

19:32:22.0124 3808 igfx - ok

19:32:22.0428 3808 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

19:32:22.0673 3808 iirsp - ok

19:32:23.0332 3808 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll

19:32:23.0563 3808 IKEEXT - ok

19:32:23.0605 3808 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys

19:32:23.0753 3808 intelide - ok

19:32:23.0842 3808 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

19:32:23.0964 3808 intelppm - ok

19:32:23.0998 3808 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll

19:32:24.0245 3808 IPBusEnum - ok

19:32:24.0284 3808 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

19:32:24.0975 3808 IpFilterDriver - ok

19:32:25.0001 3808 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys

19:32:25.0071 3808 IPMIDRV - ok

19:32:25.0131 3808 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

19:32:25.0187 3808 IPNAT - ok

19:32:25.0236 3808 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

19:32:25.0355 3808 IRENUM - ok

19:32:25.0392 3808 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys

19:32:25.0444 3808 isapnp - ok

19:32:25.0470 3808 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys

19:32:25.0831 3808 iScsiPrt - ok

19:32:25.0860 3808 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

19:32:25.0892 3808 kbdclass - ok

19:32:25.0921 3808 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys

19:32:25.0955 3808 kbdhid - ok

19:32:26.0002 3808 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe

19:32:26.0049 3808 KeyIso - ok

19:32:26.0102 3808 KSecDD (52fc17c8589f11747d01d3cf592673d0) C:\Windows\system32\Drivers\ksecdd.sys

19:32:26.0118 3808 KSecDD - ok

19:32:26.0429 3808 KSecPkg (3e5474b03568cfab834da3c38e8c9efa) C:\Windows\system32\Drivers\ksecpkg.sys

19:32:26.0461 3808 KSecPkg - ok

19:32:26.0523 3808 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll

19:32:26.0607 3808 KtmRm - ok

19:32:26.0717 3808 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\system32\srvsvc.dll

19:32:26.0902 3808 LanmanServer - ok

19:32:26.0936 3808 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll

19:32:26.0976 3808 LanmanWorkstation - ok

19:32:27.0021 3808 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

19:32:27.0094 3808 lltdio - ok

19:32:27.0143 3808 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll

19:32:27.0268 3808 lltdsvc - ok

19:32:27.0327 3808 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll

19:32:27.0386 3808 lmhosts - ok

19:32:27.0435 3808 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

19:32:27.0467 3808 LSI_FC - ok

19:32:27.0522 3808 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

19:32:27.0538 3808 LSI_SAS - ok

19:32:27.0568 3808 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

19:32:27.0608 3808 LSI_SAS2 - ok

19:32:27.0630 3808 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

19:32:27.0667 3808 LSI_SCSI - ok

19:32:27.0714 3808 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

19:32:27.0770 3808 luafv - ok

19:32:27.0857 3808 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll

19:32:27.0902 3808 Mcx2Svc - ok

19:32:27.0936 3808 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

19:32:27.0970 3808 megasas - ok

19:32:28.0007 3808 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

19:32:28.0041 3808 MegaSR - ok

19:32:28.0201 3808 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

19:32:28.0216 3808 Microsoft Office Groove Audit Service - ok

19:32:28.0240 3808 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll

19:32:28.0314 3808 MMCSS - ok

19:32:28.0386 3808 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

19:32:28.0460 3808 Modem - ok

19:32:28.0491 3808 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

19:32:28.0570 3808 monitor - ok

19:32:28.0617 3808 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

19:32:28.0636 3808 mouclass - ok

19:32:28.0716 3808 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

19:32:28.0760 3808 mouhid - ok

19:32:28.0808 3808 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys

19:32:28.0825 3808 mountmgr - ok

19:32:28.0862 3808 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys

19:32:28.0889 3808 mpio - ok

19:32:28.0934 3808 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

19:32:29.0020 3808 mpsdrv - ok

19:32:29.0242 3808 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys

19:32:29.0266 3808 MRxDAV - ok

19:32:29.0331 3808 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys

19:32:29.0345 3808 mrxsmb - ok

19:32:29.0494 3808 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys

19:32:29.0532 3808 mrxsmb10 - ok

19:32:29.0573 3808 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys

19:32:29.0849 3808 mrxsmb20 - ok

19:32:29.0914 3808 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys

19:32:29.0960 3808 msahci - ok

19:32:30.0027 3808 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys

19:32:30.0054 3808 msdsm - ok

19:32:30.0195 3808 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe

19:32:30.0481 3808 MSDTC - ok

19:32:30.0736 3808 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

19:32:31.0027 3808 Msfs - ok

19:32:31.0093 3808 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

19:32:31.0353 3808 mshidkmdf - ok

19:32:31.0455 3808 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys

19:32:31.0469 3808 msisadrv - ok

19:32:32.0186 3808 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll

19:32:32.0524 3808 MSiSCSI - ok

19:32:32.0534 3808 msiserver - ok

19:32:32.0615 3808 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

19:32:32.0912 3808 MSKSSRV - ok

19:32:33.0032 3808 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

19:32:33.0342 3808 MSPCLOCK - ok

19:32:33.0393 3808 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

19:32:33.0468 3808 MSPQM - ok

19:32:34.0899 3808 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

19:32:34.0924 3808 MsRPC - ok

19:32:34.0949 3808 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

19:32:34.0962 3808 mssmbios - ok

19:32:35.0156 3808 MSSQL$MSSMLBIZ - ok

19:32:35.0804 3808 MSSQLServerADHelper (adaf062116b4e6d96e44d26486a87af6) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe

19:32:35.0821 3808 MSSQLServerADHelper - ok

19:32:35.0865 3808 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

19:32:36.0269 3808 MSTEE - ok

19:32:36.0396 3808 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

19:32:36.0637 3808 MTConfig - ok

19:32:36.0667 3808 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

19:32:36.0681 3808 Mup - ok

19:32:36.0816 3808 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll

19:32:36.0997 3808 napagent - ok

19:32:37.0073 3808 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

19:32:37.0107 3808 NativeWifiP - ok

19:32:37.0289 3808 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys

19:32:37.0332 3808 NDIS - ok

19:32:37.0616 3808 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

19:32:37.0909 3808 NdisCap - ok

19:32:38.0049 3808 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

19:32:39.0260 3808 NdisTapi - ok

19:32:39.0376 3808 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys

19:32:39.0509 3808 Ndisuio - ok

19:32:39.0534 3808 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys

19:32:39.0797 3808 NdisWan - ok

19:32:39.0815 3808 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys

19:32:39.0991 3808 NDProxy - ok

19:32:40.0020 3808 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

19:32:40.0244 3808 NetBIOS - ok

19:32:40.0286 3808 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys

19:32:40.0481 3808 NetBT - ok

19:32:40.0512 3808 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe

19:32:40.0772 3808 Netlogon - ok

19:32:40.0818 3808 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll

19:32:40.0862 3808 Netman - ok

19:32:40.0941 3808 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

19:32:40.0963 3808 NetMsmqActivator - ok

19:32:40.0971 3808 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

19:32:40.0982 3808 NetPipeActivator - ok

19:32:41.0009 3808 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll

19:32:41.0049 3808 netprofm - ok

19:32:41.0057 3808 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

19:32:41.0069 3808 NetTcpActivator - ok

19:32:41.0078 3808 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

19:32:41.0089 3808 NetTcpPortSharing - ok

19:32:41.0131 3808 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

19:32:41.0144 3808 nfrd960 - ok

19:32:41.0166 3808 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll

19:32:41.0203 3808 NlaSvc - ok

19:32:41.0236 3808 nlem32nt (a3ad7925f1a18b379e1cc5ce2eeda86b) C:\Windows\system32\drivers\nlem32nt.sys

19:32:41.0246 3808 nlem32nt - ok

19:32:41.0270 3808 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

19:32:41.0295 3808 Npfs - ok

19:32:41.0322 3808 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll

19:32:41.0347 3808 nsi - ok

19:32:41.0358 3808 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

19:32:41.0392 3808 nsiproxy - ok

19:32:41.0470 3808 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys

19:32:41.0510 3808 Ntfs - ok

19:32:41.0616 3808 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

19:32:41.0651 3808 Null - ok

19:32:41.0701 3808 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys

19:32:41.0715 3808 nvraid - ok

19:32:41.0735 3808 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys

19:32:41.0750 3808 nvstor - ok

19:32:41.0768 3808 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys

19:32:41.0782 3808 nv_agp - ok

19:32:41.0921 3808 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

19:32:42.0024 3808 odserv - ok

19:32:42.0073 3808 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys

19:32:42.0109 3808 ohci1394 - ok

19:32:42.0181 3808 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

19:32:42.0199 3808 ose - ok

19:32:42.0274 3808 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll

19:32:42.0299 3808 p2pimsvc - ok

19:32:42.0452 3808 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll

19:32:42.0495 3808 p2psvc - ok

19:32:42.0560 3808 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

19:32:42.0612 3808 Parport - ok

19:32:42.0666 3808 partmgr (66d3415c159741ade7038a277efff99f) C:\Windows\system32\drivers\partmgr.sys

19:32:42.0682 3808 partmgr - ok

19:32:42.0707 3808 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

19:32:42.0736 3808 Parvdm - ok

19:32:42.0824 3808 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll

19:32:42.0844 3808 PcaSvc - ok

19:32:42.0898 3808 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys

19:32:42.0917 3808 pci - ok

19:32:42.0935 3808 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys

19:32:42.0954 3808 pciide - ok

19:32:43.0125 3808 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

19:32:43.0154 3808 pcmcia - ok

19:32:43.0287 3808 PCTAppEvent (00caa3faad97916b9299c20e30b336f2) C:\Windows\system32\drivers\PCTAppEvent.sys

19:32:43.0304 3808 PCTAppEvent - ok

19:32:43.0489 3808 PCTBD (c6f3106f935dc7a93d131dae8744f805) C:\Windows\system32\Drivers\PCTBD.sys

19:32:43.0503 3808 PCTBD - ok

19:32:43.0794 3808 PCTCore (f7da28f2ab6cd32b2f76ee96edad8f20) C:\Windows\system32\drivers\PCTCore.sys

19:32:43.0819 3808 PCTCore - ok

19:32:43.0952 3808 pctDS (3c9fd593e95b98c642b4486cd122c2fb) C:\Windows\system32\drivers\pctDS.sys

19:32:43.0989 3808 pctDS - ok

19:32:45.0379 3808 pctEFA (db6b6e47165b9647b215ceeb4db33b87) C:\Windows\system32\drivers\pctEFA.sys

19:32:45.0555 3808 pctEFA - ok

19:32:46.0007 3808 PCTFW-PacketFilter (054526743b36d659c3e3d20710b99361) C:\Windows\system32\drivers\pctNdis-PacketFilter.sys

19:32:46.0020 3808 PCTFW-PacketFilter - ok

19:32:47.0091 3808 pctgntdi (44f1a3783bfb232117210a1ca7458f29) C:\Windows\System32\drivers\pctgntdi.sys

19:32:47.0107 3808 pctgntdi - ok

19:32:47.0292 3808 pctNdisLW (912033291bac95bcf12977ac966cd798) C:\Windows\system32\DRIVERS\pctNdisLW.sys

19:32:47.0307 3808 pctNdisLW - ok

19:32:47.0670 3808 pctplfw (d4d98ad14e2cf1103151f5b2fff9878d) C:\Windows\System32\drivers\pctplfw.sys

19:32:47.0685 3808 pctplfw - ok

19:32:47.0927 3808 pctplsg (e0ad22bc7e8147e669d5cb894fc02df1) C:\Windows\System32\drivers\pctplsg.sys

19:32:47.0940 3808 pctplsg - ok

19:32:48.0170 3808 PCTSD (4ef1f03db9064459b9019a19a860db89) C:\Windows\system32\Drivers\PCTSD.sys

19:32:48.0196 3808 PCTSD - ok

19:32:48.0489 3808 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

19:32:48.0504 3808 pcw - ok

19:32:49.0552 3808 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

19:32:49.0671 3808 PEAUTH - ok

19:32:50.0104 3808 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll

19:32:50.0149 3808 pla - ok

19:32:50.0778 3808 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll

19:32:50.0808 3808 PlugPlay - ok

19:32:50.0844 3808 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll

19:32:50.0888 3808 PNRPAutoReg - ok

19:32:50.0990 3808 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll

19:32:51.0011 3808 PNRPsvc - ok

19:32:51.0257 3808 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll

19:32:51.0323 3808 PolicyAgent - ok

19:32:51.0368 3808 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll

19:32:51.0400 3808 Power - ok

19:32:51.0530 3808 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

19:32:51.0560 3808 PptpMiniport - ok

19:32:51.0602 3808 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

19:32:51.0644 3808 Processor - ok

19:32:51.0838 3808 ProfSvc (aea3bdbdba667aa6f678cb38907e4f5e) C:\Windows\system32\profsvc.dll

19:32:51.0903 3808 ProfSvc - ok

19:32:51.0938 3808 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe

19:32:51.0983 3808 ProtectedStorage - ok

19:32:52.0555 3808 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

19:32:52.0628 3808 Psched - ok

19:32:52.0861 3808 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys

19:32:52.0877 3808 PxHelp20 - ok

19:32:55.0165 3808 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

19:32:55.0274 3808 ql2300 - ok

19:32:59.0623 3808 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

19:32:59.0699 3808 ql40xx - ok

19:32:59.0853 3808 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll

19:32:59.0916 3808 QWAVE - ok

19:33:00.0033 3808 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

19:33:00.0061 3808 QWAVEdrv - ok

19:33:00.0095 3808 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

19:33:00.0140 3808 RasAcd - ok

19:33:00.0188 3808 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

19:33:00.0230 3808 RasAgileVpn - ok

19:33:00.0265 3808 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll

19:33:00.0299 3808 RasAuto - ok

19:33:00.0317 3808 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

19:33:00.0388 3808 Rasl2tp - ok

19:33:00.0434 3808 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll

19:33:00.0478 3808 RasMan - ok

19:33:00.0508 3808 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

19:33:00.0551 3808 RasPppoe - ok

19:33:00.0601 3808 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

19:33:00.0643 3808 RasSstp - ok

19:33:00.0683 3808 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys

19:33:00.0714 3808 rdbss - ok

19:33:00.0734 3808 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

19:33:00.0767 3808 rdpbus - ok

19:33:00.0784 3808 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys

19:33:00.0829 3808 RDPCDD - ok

19:33:00.0880 3808 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

19:33:00.0907 3808 RDPENCDD - ok

19:33:00.0926 3808 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

19:33:00.0969 3808 RDPREFMP - ok

19:33:01.0014 3808 RDPWD (c5b8d47a4688de9d335204ea757c2240) C:\Windows\system32\drivers\RDPWD.sys

19:33:01.0034 3808 RDPWD - ok

19:33:01.0079 3808 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys

19:33:01.0098 3808 rdyboost - ok

19:33:01.0127 3808 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll

19:33:01.0167 3808 RemoteAccess - ok

19:33:01.0199 3808 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll

19:33:01.0238 3808 RemoteRegistry - ok

19:33:01.0255 3808 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll

19:33:01.0298 3808 RpcEptMapper - ok

19:33:01.0311 3808 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe

19:33:01.0330 3808 RpcLocator - ok

19:33:01.0363 3808 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll

19:33:01.0395 3808 RpcSs - ok

19:33:01.0424 3808 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

19:33:01.0469 3808 rspndr - ok

19:33:01.0500 3808 RTL8167 (26a9d6227d12b9d9da5a81bb9b55d810) C:\Windows\system32\DRIVERS\Rt86win7.sys

19:33:01.0528 3808 RTL8167 - ok

19:33:01.0568 3808 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe

19:33:01.0587 3808 SamSs - ok

19:33:01.0616 3808 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys

19:33:01.0634 3808 sbp2port - ok

19:33:01.0652 3808 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll

19:33:01.0681 3808 SCardSvr - ok

19:33:01.0691 3808 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys

19:33:01.0733 3808 scfilter - ok

19:33:01.0855 3808 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll

19:33:01.0897 3808 Schedule - ok

19:33:01.0957 3808 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll

19:33:01.0988 3808 SCPolicySvc - ok

19:33:02.0478 3808 sdAuxService (17d6a03103586d7954ba74c2219ce1bb) C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe

19:33:02.0498 3808 sdAuxService - ok

19:33:02.0901 3808 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys

19:33:02.0928 3808 sdbus - ok

19:33:03.0154 3808 sdCoreService (44323c0bcbffa66a7a90e93f5d027999) C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe

19:33:03.0183 3808 sdCoreService - ok

19:33:03.0577 3808 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll

19:33:03.0611 3808 SDRSVC - ok

19:33:03.0675 3808 SeaPort (d358e077a0a05d9b12da22d137ee8464) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

19:33:03.0690 3808 SeaPort - ok

19:33:03.0748 3808 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

19:33:03.0794 3808 secdrv - ok

19:33:03.0824 3808 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll

19:33:03.0867 3808 seclogon - ok

19:33:03.0894 3808 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll

19:33:03.0934 3808 SENS - ok

19:33:04.0015 3808 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll

19:33:04.0058 3808 SensrSvc - ok

19:33:04.0096 3808 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

19:33:04.0112 3808 Serenum - ok

19:33:04.0128 3808 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

19:33:04.0147 3808 Serial - ok

19:33:04.0175 3808 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

19:33:04.0191 3808 sermouse - ok

19:33:04.0226 3808 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll

19:33:04.0266 3808 SessionEnv - ok

19:33:04.0280 3808 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys

19:33:04.0324 3808 sffdisk - ok

19:33:04.0329 3808 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys

19:33:04.0350 3808 sffp_mmc - ok

19:33:04.0377 3808 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys

19:33:04.0410 3808 sffp_sd - ok

19:33:04.0446 3808 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

19:33:04.0473 3808 sfloppy - ok

19:33:04.0506 3808 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll

19:33:04.0529 3808 ShellHWDetection - ok

19:33:04.0616 3808 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys

19:33:04.0633 3808 sisagp - ok

19:33:04.0674 3808 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

19:33:04.0691 3808 SiSRaid2 - ok

19:33:04.0704 3808 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

19:33:04.0723 3808 SiSRaid4 - ok

19:33:04.0749 3808 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

19:33:04.0793 3808 Smb - ok

19:33:04.0864 3808 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe

19:33:04.0894 3808 SNMPTRAP - ok

19:33:04.0913 3808 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

19:33:04.0928 3808 spldr - ok

19:33:04.0967 3808 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe

19:33:05.0006 3808 Spooler - ok

19:33:05.0128 3808 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe

19:33:05.0196 3808 sppsvc - ok

19:33:05.0261 3808 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll

19:33:05.0302 3808 sppuinotify - ok

19:33:05.0379 3808 SQLBrowser (d2b096cd2f56fac6eeeed9a77ddf6dc8) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

19:33:05.0400 3808 SQLBrowser - ok

19:33:05.0425 3808 SQLWriter (54902536aad0e9b99bc65f89c0caf93f) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

19:33:05.0441 3808 SQLWriter - ok

19:33:05.0614 3808 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys

19:33:05.0645 3808 srv - ok

19:33:05.0668 3808 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys

19:33:05.0705 3808 srv2 - ok

19:33:05.0735 3808 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys

19:33:05.0769 3808 srvnet - ok

19:33:05.0814 3808 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll

19:33:05.0844 3808 SSDPSRV - ok

19:33:05.0873 3808 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll

19:33:05.0916 3808 SstpSvc - ok

19:33:05.0941 3808 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

19:33:05.0958 3808 stexstor - ok

19:33:05.0985 3808 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys

19:33:06.0019 3808 StillCam - ok

19:33:06.0058 3808 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll

19:33:06.0094 3808 StiSvc - ok

19:33:06.0146 3808 stllssvr (e476c66713c842f58e61a95826ed1d57) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

19:33:06.0160 3808 stllssvr - ok

19:33:06.0186 3808 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

19:33:06.0200 3808 swenum - ok

19:33:06.0226 3808 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll

19:33:06.0274 3808 swprv - ok

19:33:06.0339 3808 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll

19:33:06.0383 3808 SysMain - ok

19:33:06.0410 3808 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll

19:33:06.0431 3808 TabletInputService - ok

19:33:06.0458 3808 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll

19:33:06.0489 3808 TapiSrv - ok

19:33:06.0518 3808 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll

19:33:06.0564 3808 TBS - ok

19:33:06.0667 3808 Tcpip (55e9965552741f3850cb22cbba9671ed) C:\Windows\system32\drivers\tcpip.sys

19:33:06.0703 3808 Tcpip - ok

19:33:06.0798 3808 TCPIP6 (55e9965552741f3850cb22cbba9671ed) C:\Windows\system32\DRIVERS\tcpip.sys

19:33:06.0830 3808 TCPIP6 - ok

19:33:07.0129 3808 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys

19:33:07.0163 3808 tcpipreg - ok

19:33:07.0196 3808 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys

19:33:07.0228 3808 TDPIPE - ok

19:33:07.0255 3808 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys

19:33:07.0328 3808 TDTCP - ok

19:33:07.0352 3808 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys

19:33:07.0403 3808 tdx - ok

19:33:07.0429 3808 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys

19:33:07.0444 3808 TermDD - ok

19:33:07.0473 3808 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll

19:33:07.0520 3808 TermService - ok

19:33:07.0550 3808 TfFsMon (754f8fd78ea7fa2b9a0cb8a69e0f0822) C:\Windows\system32\drivers\TfFsMon.sys

19:33:07.0564 3808 TfFsMon - ok

19:33:07.0580 3808 TfNetMon (697f66899b4f0c2d8ae3e7473b4b6244) C:\Windows\system32\drivers\TfNetMon.sys

19:33:07.0592 3808 TfNetMon - ok

19:33:07.0631 3808 TFSysMon (e02f47b841be86bfdf4d7269ed0b95e4) C:\Windows\system32\drivers\TfSysMon.sys

19:33:07.0655 3808 TFSysMon - ok

19:33:07.0675 3808 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll

19:33:07.0697 3808 Themes - ok

19:33:07.0729 3808 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll

19:33:07.0757 3808 THREADORDER - ok

19:33:07.0874 3808 ThreatFire - ok

19:33:07.0930 3808 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll

19:33:07.0973 3808 TrkWks - ok

19:33:08.0026 3808 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe

19:33:08.0055 3808 TrustedInstaller - ok

19:33:08.0084 3808 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys

19:33:08.0123 3808 tssecsrv - ok

19:33:08.0149 3808 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys

19:33:08.0178 3808 tunnel - ok

19:33:08.0231 3808 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

19:33:08.0256 3808 uagp35 - ok

19:33:08.0284 3808 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys

19:33:08.0329 3808 udfs - ok

19:33:08.0402 3808 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe

19:33:08.0438 3808 UI0Detect - ok

19:33:08.0468 3808 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys

19:33:08.0485 3808 uliagpkx - ok

19:33:08.0647 3808 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys

19:33:08.0663 3808 umbus - ok

19:33:08.0689 3808 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

19:33:08.0719 3808 UmPass - ok

19:33:08.0762 3808 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll

19:33:08.0804 3808 upnphost - ok

19:33:08.0880 3808 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys

19:33:08.0907 3808 usbccgp - ok

19:33:08.0963 3808 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys

19:33:08.0984 3808 usbcir - ok

19:33:09.0000 3808 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys

19:33:09.0016 3808 usbehci - ok

19:33:09.0044 3808 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys

19:33:09.0063 3808 usbhub - ok

19:33:09.0080 3808 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys

19:33:09.0115 3808 usbohci - ok

19:33:09.0153 3808 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

19:33:09.0183 3808 usbprint - ok

19:33:09.0210 3808 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

19:33:09.0239 3808 usbscan - ok

19:33:09.0279 3808 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS

19:33:09.0297 3808 USBSTOR - ok

19:33:09.0321 3808 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\DRIVERS\usbuhci.sys

19:33:09.0350 3808 usbuhci - ok

19:33:09.0373 3808 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll

19:33:09.0400 3808 UxSms - ok

19:33:09.0424 3808 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe

19:33:09.0440 3808 VaultSvc - ok

19:33:09.0473 3808 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys

19:33:09.0489 3808 vdrvroot - ok

19:33:09.0522 3808 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe

19:33:09.0558 3808 vds - ok

19:33:09.0591 3808 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

19:33:09.0610 3808 vga - ok

19:33:09.0633 3808 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

19:33:09.0661 3808 VgaSave - ok

19:33:09.0677 3808 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys

19:33:09.0695 3808 vhdmp - ok

19:33:09.0721 3808 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys

19:33:09.0738 3808 viaagp - ok

19:33:09.0750 3808 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

19:33:09.0779 3808 ViaC7 - ok

19:33:09.0808 3808 VIACRX86 (585d6a108b0101ce8aa7df648cf43d33) C:\Windows\system32\DRIVERS\viacr.sys

19:33:09.0822 3808 VIACRX86 - ok

19:33:09.0859 3808 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys

19:33:09.0874 3808 viaide - ok

19:33:09.0894 3808 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys

19:33:09.0909 3808 volmgr - ok

19:33:10.0078 3808 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

19:33:10.0100 3808 volmgrx - ok

19:33:10.0122 3808 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys

19:33:10.0141 3808 volsnap - ok

19:33:10.0178 3808 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

19:33:10.0197 3808 vsmraid - ok

19:33:10.0296 3808 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe

19:33:10.0385 3808 VSS - ok

19:33:10.0443 3808 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

19:33:10.0477 3808 vwifibus - ok

19:33:10.0504 3808 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

19:33:10.0524 3808 vwififlt - ok

19:33:10.0558 3808 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll

19:33:10.0589 3808 W32Time - ok

19:33:10.0617 3808 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

19:33:10.0634 3808 WacomPen - ok

19:33:10.0718 3808 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

19:33:10.0750 3808 WANARP - ok

19:33:10.0756 3808 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

19:33:10.0785 3808 Wanarpv6 - ok

19:33:10.0892 3808 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe

19:33:10.0951 3808 WatAdminSvc - ok

19:33:11.0420 3808 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe

19:33:11.0497 3808 wbengine - ok

19:33:11.0527 3808 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll

19:33:11.0562 3808 WbioSrvc - ok

19:33:11.0676 3808 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll

19:33:11.0734 3808 wcncsvc - ok

19:33:11.0782 3808 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll

19:33:11.0815 3808 WcsPlugInService - ok

19:33:11.0873 3808 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

19:33:11.0888 3808 Wd - ok

19:33:11.0911 3808 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

19:33:11.0934 3808 Wdf01000 - ok

19:33:11.0966 3808 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll

19:33:12.0007 3808 WdiServiceHost - ok

19:33:12.0017 3808 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll

19:33:12.0053 3808 WdiSystemHost - ok

19:33:12.0135 3808 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll

19:33:12.0174 3808 WebClient - ok

19:33:12.0202 3808 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll

19:33:12.0245 3808 Wecsvc - ok

19:33:12.0358 3808 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll

19:33:12.0415 3808 wercplsupport - ok

19:33:12.0496 3808 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll

19:33:12.0535 3808 WerSvc - ok

19:33:12.0579 3808 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

19:33:12.0617 3808 WfpLwf - ok

19:33:12.0665 3808 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

19:33:12.0685 3808 WIMMount - ok

19:33:12.0695 3808 WinHttpAutoProxySvc - ok

19:33:12.0748 3808 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll

19:33:12.0778 3808 Winmgmt - ok

19:33:13.0134 3808 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll

19:33:13.0182 3808 WinRM - ok

19:33:13.0241 3808 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys

19:33:13.0260 3808 WinUsb - ok

19:33:13.0298 3808 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll

19:33:13.0325 3808 Wlansvc - ok

19:33:13.0337 3808 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys

19:33:13.0363 3808 WmiAcpi - ok

19:33:13.0438 3808 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe

19:33:13.0475 3808 wmiApSrv - ok

19:33:13.0557 3808 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe

19:33:13.0633 3808 WMPNetworkSvc - ok

19:33:13.0728 3808 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll

19:33:13.0751 3808 WPCSvc - ok

19:33:13.0807 3808 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll

19:33:13.0826 3808 WPDBusEnum - ok

19:33:13.0862 3808 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

19:33:13.0904 3808 ws2ifsl - ok

19:33:13.0908 3808 WSearch - ok

19:33:14.0114 3808 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll

19:33:14.0163 3808 wuauserv - ok

19:33:14.0268 3808 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys

19:33:14.0296 3808 WudfPf - ok

19:33:14.0323 3808 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys

19:33:14.0353 3808 WUDFRd - ok

19:33:14.0374 3808 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll

19:33:14.0412 3808 wudfsvc - ok

19:33:14.0440 3808 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll

19:33:14.0471 3808 WwanSvc - ok

19:33:14.0498 3808 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

19:33:14.0758 3808 \Device\Harddisk0\DR0 - ok

19:33:14.0761 3808 Boot (0x1200) (106b0fcb3f8b2daee5b9e45c8429939a) \Device\Harddisk0\DR0\Partition0

19:33:14.0763 3808 \Device\Harddisk0\DR0\Partition0 - ok

19:33:14.0804 3808 Boot (0x1200) (487c8f8e000b601dfc8de36b45d1cf32) \Device\Harddisk0\DR0\Partition1

19:33:14.0808 3808 \Device\Harddisk0\DR0\Partition1 - ok

19:33:14.0808 3808 ============================================================

19:33:14.0808 3808 Scan finished

19:33:14.0808 3808 ============================================================

19:33:14.0823 3804 Detected object count: 0

19:33:14.0824 3804 Actual detected object count: 0

19:33:27.0389 3448 Deinitialize success

mdv_1999 · July 15, 2012

OTL log

OTL logfile created on: 7/14/2012 8:48:26 PM - Run 3

OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Sleep\Downloads

Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 0.33 Gb Available Physical Memory | 16.67% Memory free

3.93 Gb Paging File | 2.16 Gb Available in Paging File | 54.95% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 283.40 Gb Total Space | 247.03 Gb Free Space | 87.16% Space Free | Partition Type: NTFS

Computer Name: SLEEP-PC | User Name: Sleep | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/14 19:23:28 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Sleep\Downloads\OTL.exe

PRC - [2012/06/15 20:43:51 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe

PRC - [2012/06/14 12:31:06 | 000,575,448 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe

PRC - [2012/05/11 11:13:38 | 002,670,520 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe

PRC - [2012/05/11 11:13:38 | 001,118,648 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe

PRC - [2012/05/11 10:07:20 | 000,402,336 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe

PRC - [2012/05/11 10:07:14 | 000,071,008 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\TFEngine\TFService.exe

PRC - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/07/16 00:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2011/06/07 01:16:06 | 000,315,392 | ---- | M] () -- C:\Program Files\Fonality\HUD3.6\HUD3.exe

PRC - [2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009/03/30 16:00:54 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe

========== Modules (No Company Name) ==========

MOD - [2012/07/13 06:03:43 | 000,509,440 | ---- | M] () -- C:\Users\Sleep\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dll

MOD - [2012/05/11 11:14:02 | 000,862,648 | ---- | M] () -- C:\Program Files\PC Tools\PC Tools Security\SpamMonitor\SMPlugin.dll

MOD - [2012/05/11 11:13:38 | 000,376,248 | ---- | M] () -- C:\Program Files\PC Tools\PC Tools Security\PCTUI\PCTUI.dll

MOD - [2011/06/07 01:16:06 | 000,315,392 | ---- | M] () -- C:\Program Files\Fonality\HUD3.6\HUD3.exe

MOD - [2011/06/07 01:16:06 | 000,207,872 | ---- | M] () -- C:\Program Files\Fonality\HUD3.6\HUD3.dll

MOD - [2011/06/07 01:16:04 | 000,094,208 | ---- | M] () -- C:\Program Files\Fonality\HUD3.6\versions\3.6.0.005003\plugins\hudtapi\hudtapi_jni.dll

MOD - [2011/06/07 01:16:02 | 000,089,600 | ---- | M] () -- C:\Program Files\Fonality\HUD3.6\versions\3.6.0.005003\plugins\gui.win32\natives\EOS.dll

MOD - [2011/06/07 01:16:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Fonality\HUD3.6\versions\3.6.0.005003\plugins\outlook\natives\OutlookHUD.dll

MOD - [2009/07/13 21:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll

MOD - [2009/02/27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/06/14 12:31:06 | 000,575,448 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)

SRV - [2012/05/11 11:13:38 | 001,118,648 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService)

SRV - [2012/05/11 10:07:20 | 000,402,336 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService)

SRV - [2012/05/11 10:07:14 | 000,071,008 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Program Files\PC Tools\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)

SRV - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2010/12/24 04:01:58 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

========== Driver Services (SafeList) ==========

DRV - [2012/06/14 12:31:38 | 000,070,768 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PCTBD.sys -- (PCTBD)

DRV - [2012/05/11 11:14:44 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctplsg.sys -- (pctplsg)

DRV - [2012/05/11 11:14:32 | 000,125,888 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctplfw.sys -- (pctplfw)

DRV - [2012/05/11 11:14:20 | 000,203,088 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\PCTSD.sys -- (PCTSD)

DRV - [2012/05/11 11:08:46 | 000,254,912 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\pctgntdi.sys -- (pctgntdi)

DRV - [2012/05/11 10:07:16 | 000,574,424 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TfSysMon.sys -- (TFSysMon)

DRV - [2012/05/11 10:07:16 | 000,054,328 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TfFsMon.sys -- (TfFsMon)

DRV - [2012/05/11 10:07:16 | 000,035,264 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon)

DRV - [2012/04/23 12:36:50 | 000,383,368 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PCTCore.sys -- (PCTCore)

DRV - [2012/04/23 12:36:48 | 000,162,584 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PCTAppEvent.sys -- (PCTAppEvent)

DRV - [2012/04/19 09:56:54 | 000,091,648 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)

DRV - [2012/03/19 12:02:52 | 000,058,400 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\pctNdisLW.sys -- (pctNdisLW)

DRV - [2012/02/28 11:43:06 | 000,909,728 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\System32\drivers\pctEFA.sys -- (pctEFA)

DRV - [2012/02/28 11:43:00 | 000,342,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pctDS.sys -- (pctDS)

DRV - [2009/12/01 17:35:58 | 000,069,656 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\System32\drivers\nlem32nt.sys -- (nlem32nt)

DRV - [2009/08/06 03:28:28 | 000,488,448 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)

DRV - [2009/07/17 00:56:50 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)

DRV - [2009/07/14 03:52:46 | 000,059,392 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viacr.sys -- (VIACRX86)

DRV - [2009/07/13 20:56:07 | 000,265,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BrSerIb.sys -- (BrSerIb) Brother MFC Serial Interface Driver(WDM)

DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2009/07/13 18:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BrUsbSIb.sys -- (BrUsbSIb) Brother MFC Serial USB Driver(WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files\WhiteSmoke_US\prxtbWhit.dll (Conduit Ltd.)

IE - HKLM\..\SearchScopes,DefaultScope = {BAE4DEDF-ADE2-483C-BA7C-A3C85859EA8F}

IE - HKLM\..\SearchScopes\{BAE4DEDF-ADE2-483C-BA7C-A3C85859EA8F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {BAE4DEDF-ADE2-483C-BA7C-A3C85859EA8F}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {BAE4DEDF-ADE2-483C-BA7C-A3C85859EA8F}

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2679692679-3140905069-1768065139-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-2679692679-3140905069-1768065139-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://g.msn.com/USSMB/1

IE - HKU\S-1-5-21-2679692679-3140905069-1768065139-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

IE - HKU\S-1-5-21-2679692679-3140905069-1768065139-1000\..\URLSearchHook: {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files\WhiteSmoke_US\prxtbWhit.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-2679692679-3140905069-1768065139-1000\..\SearchScopes,DefaultScope = {BAE4DEDF-ADE2-483C-BA7C-A3C85859EA8F}

IE - HKU\S-1-5-21-2679692679-3140905069-1768065139-1000\..\SearchScopes\{409DD3B4-D1F8-EC6E-EDBD-2367FDA78762}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z015&form=ZGAIDF

IE - HKU\S-1-5-21-2679692679-3140905069-1768065139-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\ [2012/07/13 06:15:33 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2012/07/11 21:59:32 | 000,000,795 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (WhiteSmoke US Toolbar) - {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files\WhiteSmoke_US\prxtbWhit.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O3 - HKLM\..\Toolbar: (WhiteSmoke US Toolbar) - {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files\WhiteSmoke_US\prxtbWhit.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-2679692679-3140905069-1768065139-1000\..\Toolbar\WebBrowser: (WhiteSmoke US Toolbar) - {CCE665DD-F6DD-4808-968E-EAEC971F70EF} - C:\Program Files\WhiteSmoke_US\prxtbWhit.dll (Conduit Ltd.)

O4 - HKLM..\Run: [iSTray] C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe (PC Tools)

O4 - HKU\.DEFAULT..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe File not found

O4 - HKU\.DEFAULT..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()

O4 - HKU\S-1-5-18..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe File not found

O4 - HKU\S-1-5-18..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Sleep\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HUD 3.6.0.lnk = C:\Program Files\Fonality\HUD3.6\HUD3.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-21-2679692679-3140905069-1768065139-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2679692679-3140905069-1768065139-1000\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O7 - HKU\S-1-5-21-2679692679-3140905069-1768065139-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-21-2679692679-3140905069-1768065139-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-2679692679-3140905069-1768065139-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0

O7 - HKU\S-1-5-21-2679692679-3140905069-1768065139-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-2679692679-3140905069-1768065139-1000\..Trusted Domains: cch.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-2679692679-3140905069-1768065139-1000\..Trusted Domains: cchsfs.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-2679692679-3140905069-1768065139-1000\..Trusted Domains: refund-advantage.com ([www] * in Trusted sites)

O15 - HKU\S-1-5-21-2679692679-3140905069-1768065139-1000\..Trusted Domains: refund-advantage.com ([www] http in Trusted sites)

O15 - HKU\S-1-5-21-2679692679-3140905069-1768065139-1000\..Trusted Domains: refund-advantage.com ([www] https in Trusted sites)

O15 - HKU\S-1-5-21-2679692679-3140905069-1768065139-1000\..Trusted Domains: taxwise.com ([]* in Trusted sites)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} https://www.refund-advantage.com/pcheck041911/smsx.cab (MeadCo ScriptX)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1330F94-5E07-4159-81A5-2FEBD1EDB1DF}: DhcpNameServer = 10.1.10.1

O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/13 06:16:19 | 000,000,000 | ---D | C] -- C:\Users\Sleep\AppData\Roaming\PC Tools

[2012/07/13 06:16:18 | 000,000,000 | ---D | C] -- C:\Users\Sleep\AppData\Roaming\Spam Monitor

[2012/07/13 06:15:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security

[2012/07/13 06:15:04 | 000,574,424 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\TfSysMon.sys

[2012/07/13 06:15:04 | 000,054,328 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\TfFsMon.sys

[2012/07/13 06:15:04 | 000,035,264 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\TfNetMon.sys

[2012/07/13 06:15:00 | 000,125,888 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplfw.sys

[2012/07/13 06:15:00 | 000,091,648 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys

[2012/07/13 06:15:00 | 000,058,400 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdisLW.sys

[2012/07/13 06:15:00 | 000,032,936 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-DNS.sys

[2012/07/13 06:04:14 | 000,254,912 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys

[2012/07/13 06:04:14 | 000,107,864 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys

[2012/07/13 06:04:13 | 000,017,848 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctBTFix.sys

[2012/07/13 06:04:11 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys

[2012/07/13 05:58:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools File and Registry Tool

[2012/07/13 05:58:13 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Registry Tool

[2012/07/13 05:54:33 | 000,909,728 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys

[2012/07/13 05:54:33 | 000,342,168 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys

[2012/07/13 05:54:32 | 000,383,368 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys

[2012/07/13 05:54:32 | 000,162,584 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys

[2012/07/13 05:41:12 | 000,000,000 | ---D | C] -- C:\Users\Sleep\AppData\Local\ElevatedDiagnostics

[2012/07/13 04:43:19 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit

[2012/07/13 04:42:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2012/07/13 04:42:24 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2012/07/13 04:41:19 | 000,000,000 | ---D | C] -- C:\Users\Sleep\AppData\Local\Conduit

[2012/07/13 04:41:17 | 000,000,000 | ---D | C] -- C:\Program Files\WhiteSmoke_US

[2012/07/12 02:38:01 | 000,000,000 | ---D | C] -- C:\Users\Sleep\Documents\tdsskiller

[2012/07/10 23:02:48 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%

[2012/06/15 12:59:53 | 000,000,000 | ---D | C] -- C:\Users\Sleep\Desktop\Cars

[13 C:\Users\Sleep\Documents\*.tmp files -> C:\Users\Sleep\Documents\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/14 19:38:27 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/07/14 19:38:27 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/07/14 19:36:59 | 000,706,776 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/07/14 19:36:59 | 000,138,518 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/07/14 19:32:40 | 002,055,429 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB

[2012/07/14 19:30:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/07/14 19:30:57 | 1582,931,968 | -HS- | M] () -- C:\hiberfil.sys

[2012/07/14 02:47:13 | 000,315,392 | ---- | M] () -- C:\Users\Sleep\AppData\Local\ijrbtzcj.exe

[2012/07/13 06:16:16 | 000,000,000 | ---- | M] () -- C:\Windows\System32\SM.lock

[2012/07/13 06:15:05 | 000,002,199 | ---- | M] () -- C:\Users\Public\Desktop\PC Tools Internet Security.lnk

[2012/07/13 06:04:13 | 000,002,193 | ---- | M] () -- C:\Users\Public\Desktop\PC Tools Spyware Doctor.lnk

[2012/07/13 05:59:27 | 000,454,600 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012/07/13 05:58:14 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\PC Tools File and Registry Tool.lnk

[2012/07/13 04:43:25 | 000,000,009 | ---- | M] () -- C:\END

[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012/06/18 18:40:31 | 000,116,502 | ---- | M] () -- C:\Users\Sleep\Documents\Empire Music EIN.pdf

[2012/06/15 20:41:24 | 000,090,020 | ---- | M] () -- C:\Users\Sleep\Documents\Fraud Affidavit.pdf

[13 C:\Users\Sleep\Documents\*.tmp files -> C:\Users\Sleep\Documents\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/14 02:47:13 | 000,315,392 | ---- | C] () -- C:\Users\Sleep\AppData\Local\ijrbtzcj.exe

[2012/07/13 12:48:15 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{02003428-8fdc-7a58-9377-f7b03ed8a90e}\U\00000008.@

[2012/07/13 12:48:13 | 000,012,288 | ---- | C] () -- C:\Windows\Installer\{02003428-8fdc-7a58-9377-f7b03ed8a90e}\U\80000000.@

[2012/07/13 12:48:12 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{02003428-8fdc-7a58-9377-f7b03ed8a90e}\U\00000004.@

[2012/07/13 12:48:12 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{02003428-8fdc-7a58-9377-f7b03ed8a90e}\U\000000cb.@

[2012/07/13 06:16:16 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SM.lock

[2012/07/13 06:15:05 | 000,002,199 | ---- | C] () -- C:\Users\Public\Desktop\PC Tools Internet Security.lnk

[2012/07/13 06:04:13 | 000,002,193 | ---- | C] () -- C:\Users\Public\Desktop\PC Tools Spyware Doctor.lnk

[2012/07/13 05:59:16 | 000,454,600 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2012/07/13 05:58:14 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\PC Tools File and Registry Tool.lnk

[2012/07/13 04:43:24 | 000,000,009 | ---- | C] () -- C:\END

[2012/07/10 22:55:42 | 000,095,744 | ---- | C] () -- C:\Windows\Installer\{02003428-8fdc-7a58-9377-f7b03ed8a90e}\U\80000032.@

[2012/07/10 22:55:42 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{02003428-8fdc-7a58-9377-f7b03ed8a90e}\L\00000004.@

[2012/06/18 18:40:31 | 000,116,502 | ---- | C] () -- C:\Users\Sleep\Documents\Empire Music EIN.pdf

[2012/04/08 01:46:08 | 000,007,612 | ---- | C] () -- C:\Users\Sleep\AppData\Local\Resmon.ResmonCfg

[2012/04/05 13:33:51 | 000,767,960 | ---- | C] () -- C:\Windows\BDTSupport.dll0732.old

[2012/04/05 13:33:51 | 000,767,960 | ---- | C] () -- C:\Windows\BDTSupport.dll

[2012/04/05 13:33:51 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0755.old

[2012/01/10 18:33:07 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{02003428-8fdc-7a58-9377-f7b03ed8a90e}\@

[2012/01/10 18:33:07 | 000,002,048 | -HS- | C] () -- C:\Users\Sleep\AppData\Local\{02003428-8fdc-7a58-9377-f7b03ed8a90e}\@

[2011/03/01 09:08:22 | 000,000,355 | ---- | C] () -- C:\Users\Sleep\Computer - Shortcut.lnk

[2011/01/31 15:09:28 | 000,086,016 | ---- | C] () -- C:\Windows\System32\custmon32.dll

[2011/01/29 08:56:32 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini

[2011/01/29 08:56:31 | 000,000,324 | ---- | C] () -- C:\Windows\Brpfx04a.ini

[2011/01/29 08:55:12 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bd8480dn.dat

[2011/01/29 08:54:51 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll

[2011/01/29 08:54:51 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini

[2011/01/29 08:54:50 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat

[2011/01/29 08:53:37 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI

[2011/01/29 08:48:37 | 000,031,767 | ---- | C] () -- C:\Windows\maxlink.ini

[2011/01/27 14:22:02 | 003,125,760 | ---- | C] () -- C:\Windows\System32\u2ltw.dll

[2010/12/20 19:54:40 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini

[2010/12/19 23:00:28 | 000,001,014 | ---- | C] () -- C:\Windows\ODBC.INI

[2010/12/19 23:00:28 | 000,000,777 | ---- | C] () -- C:\Windows\ODBCINST.INI

[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin

[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin

[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin

[2010/08/25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll

[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll

========== LOP Check ==========

[2011/11/30 14:52:00 | 000,000,000 | ---D | M] -- C:\Users\Sleep\AppData\Roaming\AVG

[2011/11/30 13:58:01 | 000,000,000 | ---D | M] -- C:\Users\Sleep\AppData\Roaming\AVG2012

[2012/04/21 01:23:38 | 000,000,000 | ---D | M] -- C:\Users\Sleep\AppData\Roaming\Cakeym

[2011/03/10 16:52:12 | 000,000,000 | ---D | M] -- C:\Users\Sleep\AppData\Roaming\Fonality

[2011/01/18 14:07:29 | 000,000,000 | ---D | M] -- C:\Users\Sleep\AppData\Roaming\ooVoo Details

[2011/02/01 09:27:31 | 000,000,000 | ---D | M] -- C:\Users\Sleep\AppData\Roaming\PC-FAX TX

[2011/04/12 17:44:49 | 000,000,000 | ---D | M] -- C:\Users\Sleep\AppData\Roaming\ScanSoft

[2012/07/13 06:16:18 | 000,000,000 | ---D | M] -- C:\Users\Sleep\AppData\Roaming\Spam Monitor

[2012/04/05 13:31:00 | 000,000,000 | ---D | M] -- C:\Users\Sleep\AppData\Roaming\TestApp

[2012/04/21 18:02:28 | 000,000,000 | ---D | M] -- C:\Users\Sleep\AppData\Roaming\Utuqah

[2012/04/21 22:22:53 | 000,000,000 | ---D | M] -- C:\Users\Sleep\AppData\Roaming\Wiycqa

[2011/04/12 17:45:05 | 000,000,000 | ---D | M] -- C:\Users\Sleep\AppData\Roaming\Zeon

[2012/04/05 15:29:18 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:0B4227B4

@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:DFC5A2B2

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >

Extras.txt

OTL Extras logfile created on: 7/14/2012 7:23:39 PM - Run 1

OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Sleep\Downloads

Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 74.35% Memory free

3.93 Gb Paging File | 3.46 Gb Available in Paging File | 87.92% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 283.40 Gb Total Space | 247.04 Gb Free Space | 87.17% Space Free | Partition Type: NTFS

Drive T: | 149.05 Gb Total Space | 132.82 Gb Free Space | 89.11% Space Free | Partition Type: NTFS

Computer Name: SLEEP-PC | User Name: Sleep | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

========== Firewall Settings ==========

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{004B8D14-7E3A-490A-ABB3-753535E169E3}" = Brother MFL-Pro Suite MFC-8480DN

"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11

"{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer

"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data

"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java 6 Update 32

"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition

"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker

"{43742061-3D4A-42C0-B059-EA185EAACE9A}" = TaxWise 2010

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{499D9A73-0582-4F84-A499-21BEF7F5C8A4}" = TaxWise 2009

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5007E629-8769-44BB-BD51-A20B6DCC5CC9}" = Microsoft Office Accounting 2009

"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011

"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module

"{53276F5A-85AB-4BEF-BAA2-2490975DC006}" = Microsoft Office Accounting 2009 Fixed Asset Manager

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{731B0E4D-F4C7-450C-95B0-E1A3176B1C75}" = Dell Backup and Recovery Manager

"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio

"{74280B5D-A0AF-46c5-9C85-D9EA078262F1}" = HP LaserJet Professional M1530 MFP Series

"{7D00925D-DC3A-4DD5-A63A-4D482C729F01}" = Refund Advantage 2011

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A2F0810-3622-4E86-9072-973FBE1679C5}" = QuickBooks Pro 2009

"{9A2F0810-369F-4E86-9072-973FBE1679C5}" = QuickBooks

"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)

"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{C6C148EC-55FB-4FDF-AD4F-ECEA579D040D}" = Microsoft Office Accounting 2009 Equifax Addin

"{CE26F10F-C80F-4377-908B-1B7882AE2CE3}" = Crystal Reports Basic Runtime for Visual Studio 2008

"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery

"{D9AE6BE1-5847-4962-86B0-2A290B7E6C43}" = Microsoft Office Accounting 2009 Tax Integration Add-in

"{DC0C35E4-CD3D-4F12-95BB-7C74D9467BD7}" = Microsoft Office Accounting 2009 PayPal Addin

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E54EBA4E-1102-4858-8FA9-1E197D5C00A1}" = TaxWise 2011

"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer

"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3

"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Browser Defender_is1" = Browser Guard 4.0

"Browser Hijack Recover_is1" = Browser Hijack Recover(BHR) 3.0

"CCleaner" = CCleaner

"CNXT_AUDIO_HDA" = Conexant HD Audio

"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility

"DivX Setup.divx.com" = DivX Setup

"ENTERPRISE" = Microsoft Office Enterprise 2007

"Free Window Registry Repair" = Free Window Registry Repair

"GPL Ghostscript 8.63" = GPL Ghostscript 8.63

"HDMI" = Intel® Graphics Media Accelerator Driver

"HUD 3.6.0" = Fonality HUD 3.6.0

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft Office Accounting 2009" = Microsoft Office Accounting 2009

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"PC Tools File and Registry Tool_is1" = PC Tools Registry Tool

"SAII" = Conexant SmartAudio

"SmartDraw PDF Filter" = SmartDraw PDF Filter

"Spyware Doctor" = PC Tools Internet Security 9.0

"VLC media player" = VLC media player 1.1.11

"WhiteSmoke_US Toolbar" = WhiteSmoke US Toolbar

"Windows Doctor 2.7.1_is1" = Windows Doctor 2.7.1

"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 7/13/2012 9:24:09 PM | Computer Name = Sleep-PC | Source = Brother BrLog | ID = 1001

Description = WDLMW BrtWDLMW: [2012/07/13 21:24:09.422]: [00003568]: lperrcode->api

= 3 , lperrcode->code = 2

Error - 7/13/2012 9:24:10 PM | Computer Name = Sleep-PC | Source = Brother BrLog | ID = 1001

Description = STI BrtSTI: [2012/07/13 21:24:10.285]: [00000420]: CUsbScnDev: DeviceIoControl()

failed. ErrorCode = 2

Error - 7/13/2012 9:24:11 PM | Computer Name = Sleep-PC | Source = Brother BrLog | ID = 1001

Description = WDLMW BrtWDLMW: [2012/07/13 21:24:11.153]: [00003568]: lperrcode->api

= 1 , lperrcode->code = 2

Error - 7/13/2012 9:24:11 PM | Computer Name = Sleep-PC | Source = Brother BrLog | ID = 1001

Description = STI BrtSTI: [2012/07/13 21:24:11.285]: [00000420]: CUsbScnDev: DeviceIoControl()

failed. ErrorCode = 5

Error - 7/13/2012 9:24:13 PM | Computer Name = Sleep-PC | Source = Brother BrLog | ID = 1001

Description = WDLMW BrtWDLMW: [2012/07/13 21:24:13.716]: [00003568]: lperrcode->api

= 1 , lperrcode->code = 2

Error - 7/13/2012 9:24:15 PM | Computer Name = Sleep-PC | Source = Brother BrLog | ID = 1001

Description = WDLMW BrtWDLMW: [2012/07/13 21:24:15.217]: [00003568]: lperrcode->api

= 1 , lperrcode->code = 2

Error - 7/13/2012 9:24:16 PM | Computer Name = Sleep-PC | Source = Brother BrLog | ID = 1001

Description = WDLMW BrtWDLMW: [2012/07/13 21:24:16.719]: [00003568]: lperrcode->api

= 1 , lperrcode->code = 2

Error - 7/13/2012 9:24:18 PM | Computer Name = Sleep-PC | Source = Brother BrLog | ID = 1001

Description = WDLMW BrtWDLMW: [2012/07/13 21:24:18.219]: [00003568]: lperrcode->api

= 1 , lperrcode->code = 2

Error - 7/14/2012 2:46:19 AM | Computer Name = Sleep-PC | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16447,

time stamp: 0x4fc9cd53 Faulting module name: jvm.dll, version: 20.7.0.2, time stamp:

0x4f7e3cc7 Exception code: 0xc0000005 Fault offset: 0x0005e562 Faulting process id:

0x63c Faulting application start time: 0x01cd6118632c6293 Faulting application path:

C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\PROGRA~1\Java\jre6\bin\client\jvm.dll

Report

Id: 9d970c57-cd7f-11e1-b741-010101010000

Error - 7/14/2012 4:04:12 AM | Computer Name = Sleep-PC | Source = Application Error | ID = 1000

Description = Faulting application name: TWW11.EXE, version: 0.0.0.0, time stamp:

0x4f75ed3e Faulting module name: sqlite3.dll, version: 0.0.0.0, time stamp: 0x00000000

Exception

code: 0xc0000006 Fault offset: 0x00001000 Faulting process id: 0x1e24 Faulting application

start time: 0x01cd612240b5ea09 Faulting application path: T:\UTS11\TWW11.EXE Faulting

module path: T:\UTS11\sqlite3.dll Report Id: 7ec6bfb5-cd8a-11e1-b741-010101010000

Error - 7/14/2012 4:04:12 AM | Computer Name = Sleep-PC | Source = Application Error | ID = 1005

Description = Windows cannot access the file for one of the following reasons: there

is a problem with the network connection, the disk that the file is stored on,

or the storage drivers installed on this computer; or the disk is missing. Windows

closed the program TWW11.EXE because of this error. Program: TWW11.EXE File: The

error value is listed in the Additional Data section. User Action 1. Open the file

again. This situation might be a temporary problem that corrects itself when the

program runs again. 2. If the file still cannot be accessed and - It is on the network,

your

network administrator should verify that there is not a problem with the network

and that the server can be contacted. - It is on a removable disk, for example,

a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.

3.

Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,

click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,

and then press ENTER. 4. If the problem persists, restore the file from a backup

copy. 5. Determine whether other files on the same disk can be opened. If not, the

disk might be damaged. If it is a hard disk, contact your administrator or computer

hardware vendor for further assistance. Additional Data Error value: C000020C Disk

type: 0

[ Broadcom Wireless LAN Events ]

Error - 9/18/2011 9:25:43 AM | Computer Name = Sleep-PC | Source = WLAN-Tray | ID = 0

Description = 09:25:43, Sun, Sep 18, 11 Error - Unable to gain access to user store

Error - 9/27/2011 5:20:33 PM | Computer Name = Sleep-PC | Source = WLAN-Tray | ID = 0

Description = 17:20:33, Tue, Sep 27, 11 Error - Unable to gain access to user store

Error - 10/16/2011 2:42:49 PM | Computer Name = Sleep-PC | Source = WLAN-Tray | ID = 0

Description = 14:42:49, Sun, Oct 16, 11 Error - Unable to gain access to user store

Error - 10/19/2011 1:10:26 PM | Computer Name = Sleep-PC | Source = WLAN-Tray | ID = 0

Description = 13:10:26, Wed, Oct 19, 11 Error - Unable to gain access to user store

Error - 3/8/2012 1:45:43 PM | Computer Name = Sleep-PC | Source = WLAN-Tray | ID = 0

Description = 12:45:43, Thu, Mar 08, 12 Error - Unable to gain access to user store

Error - 3/14/2012 1:21:13 PM | Computer Name = Sleep-PC | Source = WLAN-Tray | ID = 0

Description = 13:21:13, Wed, Mar 14, 12 Error - Unable to gain access to user store

Error - 3/17/2012 1:46:45 AM | Computer Name = Sleep-PC | Source = WLAN-Tray | ID = 0

Description = 01:46:45, Sat, Mar 17, 12 Error - Unable to gain access to user store

Error - 4/5/2012 11:32:49 AM | Computer Name = Sleep-PC | Source = WLAN-Tray | ID = 0

Description = 11:32:49, Thu, Apr 05, 12 Error - Unable to gain access to user store

Error - 4/5/2012 6:48:53 PM | Computer Name = Sleep-PC | Source = WLAN-Tray | ID = 0

Description = 18:48:53, Thu, Apr 05, 12 Error - Unable to gain access to user store

[ OSession Events ]

Error - 1/12/2011 4:15:48 AM | Computer Name = Sleep-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 36680

seconds with 2820 seconds of active time. This session ended with a crash.

Error - 5/7/2012 9:28:20 PM | Computer Name = Sleep-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 66642

seconds with 9060 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 7/13/2012 12:47:37 PM | Computer Name = Sleep-PC | Source = Service Control Manager | ID = 7023

Description = The Computer Browser service terminated with the following error:

%%1060

Error - 7/14/2012 7:17:53 PM | Computer Name = Sleep-PC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 7/14/2012 7:17:53 PM | Computer Name = Sleep-PC | Source = Service Control Manager | ID = 7003

Description = The IKE and AuthIP IPsec Keying Modules service depends the following

service: BFE. This service might not be installed.

Error - 7/14/2012 7:17:53 PM | Computer Name = Sleep-PC | Source = Service Control Manager | ID = 7003

Description = The IPsec Policy Agent service depends the following service: BFE.

This service might not be installed.

Error - 7/14/2012 7:17:55 PM | Computer Name = Sleep-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

discache PCTSD spldr TfFsMon TFSysMon Wanarpv6

Error - 7/14/2012 7:18:04 PM | Computer Name = Sleep-PC | Source = DCOM | ID = 10005

Description =

Error - 7/14/2012 7:18:10 PM | Computer Name = Sleep-PC | Source = DCOM | ID = 10005

Description =

Error - 7/14/2012 7:18:11 PM | Computer Name = Sleep-PC | Source = DCOM | ID = 10005

Description =

Error - 7/14/2012 7:18:11 PM | Computer Name = Sleep-PC | Source = DCOM | ID = 10005

Description =

Error - 7/14/2012 7:18:13 PM | Computer Name = Sleep-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000

Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv.dll

Error

Code: 21

< End of report >

Maniac · July 15, 2012

Step 1

Please uninstall WhiteSmoke US Toolbar.

Step 2

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKLM\..\URLSearchHook: {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files\WhiteSmoke_US\prxtbWhit.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2679692679-3140905069-1768065139-1000\..\URLSearchHook: {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files\WhiteSmoke_US\prxtbWhit.dll (Conduit Ltd.)
O2 - BHO: (WhiteSmoke US Toolbar) - {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files\WhiteSmoke_US\prxtbWhit.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (WhiteSmoke US Toolbar) - {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files\WhiteSmoke_US\prxtbWhit.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2679692679-3140905069-1768065139-1000\..\Toolbar\WebBrowser: (WhiteSmoke US Toolbar) - {CCE665DD-F6DD-4808-968E-EAEC971F70EF} - C:\Program Files\WhiteSmoke_US\prxtbWhit.dll (Conduit Ltd.)
O4 - HKU\.DEFAULT..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe File not found
O4 - HKU\S-1-5-18..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe File not found
[2012/07/13 04:43:19 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012/07/13 04:41:19 | 000,000,000 | ---D | C] -- C:\Users\Sleep\AppData\Local\Conduit
[2012/07/13 04:41:17 | 000,000,000 | ---D | C] -- C:\Program Files\WhiteSmoke_US
[2012/07/14 02:47:13 | 000,315,392 | ---- | M] () -- C:\Users\Sleep\AppData\Local\ijrbtzcj.exe
[2012/07/13 12:48:15 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{02003428-8fdc-7a58-9377-f7b03ed8a90e}\U\00000008.@
[2012/07/13 12:48:13 | 000,012,288 | ---- | C] () -- C:\Windows\Installer\{02003428-8fdc-7a58-9377-f7b03ed8a90e}\U\80000000.@
[2012/07/13 12:48:12 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{02003428-8fdc-7a58-9377-f7b03ed8a90e}\U\00000004.@
[2012/07/13 12:48:12 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{02003428-8fdc-7a58-9377-f7b03ed8a90e}\U\000000cb.@
[2012/07/10 22:55:42 | 000,095,744 | ---- | C] () -- C:\Windows\Installer\{02003428-8fdc-7a58-9377-f7b03ed8a90e}\U\80000032.@
[2012/07/10 22:55:42 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{02003428-8fdc-7a58-9377-f7b03ed8a90e}\L\00000004.@
[2012/01/10 18:33:07 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{02003428-8fdc-7a58-9377-f7b03ed8a90e}\@
[2012/01/10 18:33:07 | 000,002,048 | -HS- | C] () -- C:\Users\Sleep\AppData\Local\{02003428-8fdc-7a58-9377-f7b03ed8a90e}\@
[2011/11/30 14:52:00 | 000,000,000 | ---D | M] -- C:\Users\Sleep\AppData\Roaming\AVG
[2011/11/30 13:58:01 | 000,000,000 | ---D | M] -- C:\Users\Sleep\AppData\Roaming\AVG2012
[2012/04/21 18:02:28 | 000,000,000 | ---D | M] -- C:\Users\Sleep\AppData\Roaming\Utuqah
[2012/04/21 22:22:53 | 000,000,000 | ---D | M] -- C:\Users\Sleep\AppData\Roaming\Wiycqa
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

:files
C:\Windows\Installer\{02003428-8fdc-7a58-9377-f7b03ed8a90e}
C:\Users\Sleep\AppData\Local\{02003428-8fdc-7a58-9377-f7b03ed8a90e}
C:\Program Files\WhiteSmoke_US
ipconfig /flushdns /c

:Commands
[emptytemp]
[clearallrestorepoints]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Step 3

Launch Malwarebytes' Anti-Malware
Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
Go to Scanner tab and select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

OTL Fix log
Malwarebytes' Anti-Malware log

mdv_1999 · July 15, 2012

OTL Fix log

All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cce665dd-f6dd-4808-968e-eaec971f70ef} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cce665dd-f6dd-4808-968e-eaec971f70ef}\ not found.