Something Wrong

[Frosty]

Hello Forum,
I have something wrong with this computor. I was told it had Vundo on it along with some PUP. My son tried to clean it up using CCleaner, Malwarebyte, and something called Hitman and allowed these programs to fix it. The system became unstable so he did a restore.

Here is the DDS along with aswMDR
DS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16514
Run by EMachUser at 15:31:23 on 2013-11-01
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.894.94 [GMT -5:00]
.
AV: Kaspersky Internet Security *Enabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Users\EMachUser\AppData\Local\NexGenMediaPlayer\NexGenMediaPlayerApp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5062
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5062
uProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Swift Browse: {808dc83c-d35b-4fba-a5b5-9a52103204df} - c:\program files\swift browse\SwiftBrowsebho.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe"
StartupFolder: c:\users\emachu~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\nexgen~1.lnk - c:\users\emachuser\appdata\local\nexgenmediaplayer\NexGenMediaPlayerApp.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2012\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
LSP: c:\windows\system32\wpclsp.dll
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 68.94.156.1 68.94.157.1
TCP: Interfaces\{D122C78F-1EB5-4E6F-B163-D2F3CBC3B553} : DHCPNameServer = 68.94.156.1 68.94.157.1
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs= c:\progra~1\google\google~1\GOEC62~1.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R0 txtidwow;txtidwow;c:\windows\system32\drivers\txtidwow.sys [2011-7-13 43520]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2011-3-10 23856]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe [2011-4-25 202296]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-18 21504]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S4 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-5-29 29744]
.
=============== File Associations ===============
.
ShellExec: pi11.exe: Open="c:\program files\microsoft digital image 2006\pi.exe" "%1"
.
=============== Created Last 30 ================
.
2013-11-01 20:09:26 388096 ----a-r- c:\users\emachuser\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2013-11-01 20:09:17 -------- d-----w- c:\program files\Trend Micro
2013-11-01 15:50:17 7796464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9fcb1166-dd61-4201-b42c-a66ff18f6395}\mpengine.dll
2013-10-31 15:34:34 -------- d-----w- C:\564c0b1906d847d402cfc34485e17a
2013-10-31 15:27:38 -------- d-----w- C:\72018930be9e0dffa9df21
2013-10-31 04:11:26 -------- d-----w- c:\programdata\HitmanPro
2013-10-30 14:02:07 -------- d-----w- c:\users\emachuser\appdata\roaming\Malwarebytes
2013-10-30 14:01:10 -------- d-----w- c:\programdata\Malwarebytes
2013-10-30 14:00:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-10-10 20:45:17 1069056 ----a-w- c:\windows\system32\DWrite.dll
2013-10-10 20:44:58 2050048 ----a-w- c:\windows\system32\win32k.sys
2013-10-10 20:44:28 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-10-10 20:44:28 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-10-10 20:44:28 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-10-10 20:44:28 197632 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-10-10 20:44:27 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-10-10 20:44:27 19456 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-10-10 20:44:25 73344 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2013-10-10 20:44:23 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-10-10 20:42:39 25472 ----a-w- c:\windows\system32\drivers\hidparse.sys
2013-10-10 20:42:35 532480 ----a-w- c:\windows\system32\comctl32.dll
.
==================== Find3M ====================
.
2013-10-10 18:49:51 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-10 18:49:51 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-22 10:22:59 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-09-22 10:14:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-09-22 10:13:22 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-09-22 10:08:41 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-09-22 10:06:58 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-09-22 10:03:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-09-03 19:35:12 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-08-27 02:47:50 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-08-27 02:47:50 189952 ----a-w- c:\windows\system32\d3d10core.dll
2013-08-27 02:47:50 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2013-08-27 02:47:50 1029120 ----a-w- c:\windows\system32\d3d10.dll
2013-08-27 01:52:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2013-08-27 01:50:40 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2013-08-27 01:32:20 683008 ----a-w- c:\windows\system32\d2d1.dll
2013-08-27 01:28:35 798208 ----a-w- c:\windows\system32\FntCache.dll
.
============= FINISH: 15:34:19.01 ===============

version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-11-01 15:49:14
-----------------------------
15:49:14.626 OS Version: Windows 6.0.6002 Service Pack 2
15:49:14.626 Number of processors: 1 586 0x5F02
15:49:14.626 ComputerName: FRONTDESK UserName: EMachUser
15:49:32.110 Initialze error C000010E - driver not loaded
15:49:32.303 write error "aswCmnB.dll". The process cannot access the file because it is being used by another process.
16:01:39.432 AVAST engine defs: 13110201
16:03:05.773 The log file has been saved successfully to "C:\Users\EMachUser\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-11-01 16:06:39
-----------------------------
16:06:39.213 OS Version: Windows 6.0.6002 Service Pack 2
16:06:39.213 Number of processors: 1 586 0x5F02
16:06:39.213 ComputerName: FRONTDESK UserName: EMachUser
16:06:43.003 Initialize success
16:18:56.145 AVAST engine defs: 13110201
16:34:45.656 The log file has been saved successfully to "C:\Users\EMachUser\Desktop\aswMBR.txt"

[OCD]

Hi Frosty,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

• I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for the issues on this machine.
• Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
• It's often worth reading through these instructions and printing them for ease of reference.
• If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
• Please reply to this thread. Do not start a new topic.
• Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

Security Check

Download Security Check by screen317 from here or here.

• Save it to your Desktop.
  
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=========================

Your aswMBR scan is not complete, please delete the copy you previously downloaded and download a fresh copy.

=========================

aswMBR

Download aswMBR.exe and save it to your desktop.

• • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
• When asked if you want to download Avast's virus definitions please select Yes.
• Click Scan
• Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
• You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

=========================
OTL

Download OTL to your desktop.

• Make sure all other windows are closed and to let it run uninterrupted.
  
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Under Custom Scan paste this in
  
  %USERPROFILE%\..|smtmp;true;true;true /FP
  %temp%\smtmp\*.* /s >
  /md5start
  iexplore.*
  explorer.*
  winlogon.*
  dll
  zx.dll
  hlp.dat
  consrv.dll
  services.*
  /md5stop
  netsvcs
  drivers32
  %SYSTEMDRIVE%\*.*
  %systemroot%\Fonts\*.com
  %systemroot%\Fonts\*.dll
  %systemroot%\Fonts\*.ini
  %systemroot%\Fonts\*.ini2
  %systemroot%\Fonts\*.exe
  %systemroot%\system32\spool\prtprocs\w32x86\*.*
  %systemroot%\REPAIR\*.bak1
  %systemroot%\REPAIR\*.ini
  %systemroot%\system32\*.jpg
  %systemroot%\*.jpg
  %systemroot%\*.png
  %systemroot%\*.scr
  %systemroot%\*._sy
  %APPDATA%\Adobe\Update\*.*
  %ALLUSERSPROFILE%\Favorites\*.*
  %APPDATA%\Microsoft\*.*
  %PROGRAMFILES%\*.*
  %APPDATA%\Update\*.*
  %systemroot%\*. /mp /s
  dir "%systemdrive%\*" /S /A:L /C
  CREATERESTOREPOINT
  %systemroot%\System32\config\*.sav
  %PROGRAMFILES%\bak. /s
  %systemroot%\system32\bak. /s
  %ALLUSERSPROFILE%\Start Menu\*.lnk /x
  %systemroot%\system32\config\systemprofile\*.dat /x
  %systemroot%\*.config
  %systemroot%\system32\*.db
  %PROGRAMFILES%\Internet Explorer\*.dat
  %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
  %USERPROFILE%\Desktop\*.exe
  %PROGRAMFILES%\Common Files\*.*
  %systemroot%\*.src
  %systemroot%\install\*.*
  %systemroot%\system32\DLL\*.*
  %systemroot%\system32\HelpFiles\*.*
  %systemroot%\system32\rundll\*.*
  %systemroot%\winn32\*.*
  %systemroot%\Java\*.*
  %systemroot%\system32\test\*.*
  %systemroot%\system32\Rundll32\*.*
  %systemroot%\AppPatch\Custom\*.*
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  BASESERVICES
  DRIVES
  CREATERESTOREPOINT
  
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • You may need two posts to fit them both in.

=========================

In your next post please provide the following:

• checkup.txt
• aswMBR.txt
• attach MBR.zip
• OTL.txt
• Extras.txt

[Frosty]

Hello OCD,

Thanks for your help. I hve the information you requested.

CHECKUP:
Results of screen317's Security Check version 0.99.76
Windows Vista Service Pack 2 x86 (UAC is disabled!)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Kaspersky Internet Security
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 7
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Kaspersky Lab Kaspersky Internet Security 2012 avp.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

aswMBR:
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-11-01 13:55:45
-----------------------------
13:55:45.790 OS Version: Windows 6.0.6002 Service Pack 2
13:55:45.790 Number of processors: 1 586 0x5F02
13:55:45.790 ComputerName: FRONTDESK UserName: EMachUser
13:56:00.423 Initialize success
14:08:02.598 AVAST engine defs: 13110500
14:08:10.851 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000055
14:08:10.851 Disk 0 Vendor: ST316081 3.AA Size: 152627MB BusType: 6
14:08:11.412 Disk 0 MBR read successfully
14:08:11.412 Disk 0 MBR scan
14:08:11.677 Disk 0 Windows VISTA default MBR code
14:08:11.724 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 10064 MB offset 63
14:08:11.771 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 142562 MB offset 20611395
14:08:11.771 Disk 0 scanning sectors +312579760
14:08:12.130 Disk 0 scanning C:\Windows\system32\drivers
14:08:23.814 Service scanning
14:08:40.475 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
14:08:40.522 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5
14:08:40.756 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
14:08:40.803 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
14:09:06.090 Modules scanning
14:09:30.894 Disk 0 trace - called modules:
14:09:30.910 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
14:09:30.925 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8db30480]
14:09:30.925 3 CLASSPNP.SYS[8f3b98b3] -> nt!IofCallDriver -> [0x8cbfcf08]
14:09:30.925 5 acpi.sys[8b2156bc] -> nt!IofCallDriver -> \Device\00000055[0x8cbfda58]
14:09:32.361 AVAST engine scan C:\Windows
14:09:37.836 AVAST engine scan C:\Windows\system32
14:12:07.971 File: C:\Windows\system32\rtfossnd.exe **HIDDEN**
14:13:13.506 AVAST engine scan C:\Windows\system32\drivers
14:13:33.318 AVAST engine scan C:\Users\EMachUser
14:14:58.011 AVAST engine scan C:\ProgramData
14:22:36.916 Scan finished successfully
14:23:25.822 Disk 0 MBR has been saved successfully to "C:\Users\EMachUser\Desktop\MBR.dat"
14:23:25.837 The log file has been saved successfully to "C:\Users\EMachUser\Desktop\aswMBR.txt"

OTL and Extra in next reply

[Frosty]

Here is part two of the story,

OTL:
OTL logfile created on: 11/1/2013 2:26:02 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\EMachUser\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.76 Mb Total Physical Memory | 450.62 Mb Available Physical Memory | 50.42% Memory free
2.00 Gb Paging File | 1.23 Gb Available in Paging File | 61.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.22 Gb Total Space | 80.32 Gb Free Space | 57.70% Space Free | Partition Type: NTFS
Drive D: | 9.83 Gb Total Space | 4.41 Gb Free Space | 44.88% Space Free | Partition Type: NTFS

Computer Name: FRONTDESK | User Name: EMachUser | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\EMachUser\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\EMachUser\AppData\Local\NexGenMediaPlayer\NexGenMediaPlayerApp.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f453ecc6bb7fc8d52d61247676944623\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\73d9bc894522543b561a0342dac87c06\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e77e7cdf3072d5a658832b8863ff439e\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09f5b3f7a363b742a73937e818595597\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c0df7e124d8d5e2821fd7d3921d404f7\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\1eff630f4194c74287d1dd4a859693f7\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\05034abc5246a6fef208f73cb912d971\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll ()
MOD - C:\Users\EMachUser\AppData\Local\NexGenMediaPlayer\NexGenMediaPlayerApp.exe ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()


========== Services (SafeList) ==========

SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Util Swift Browse) -- C:\Program Files\Swift Browse\bin\utilSwiftBrowse.exe ()
SRV - (Update Swift Browse) -- C:\Program Files\Swift Browse\updateSwiftBrowse.exe ()
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (GameConsoleService) -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (rpcapd) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (MSSQL$UPSWSDBSERVER) -- c:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (aswMBR) -- C:\Users\EMACHU~1\AppData\Local\Temp\aswMBR.sys File not found
DRV - (USB_RNDIS) -- C:\Windows\System32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (txtidwow) -- C:\Windows\System32\drivers\txtidwow.sys ()
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (NETw2v32) -- C:\Windows\System32\drivers\NETw2v32.sys (Intel® Corporation)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (Cdralw2k) -- C:\Windows\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\Windows\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (DeviceGuys, Inc.)
DRV - (BrPar) -- C:\Windows\System32\drivers\BRPAR.SYS (Brother Industries Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.h...ys=DTP&M=T5062
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.h...ys=DTP&M=T5062
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {D98FBCDE-CE80-40BC-A775-1E7901C4A600}
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKxdm011YYUS&fl=0&ptb=4vJSZENCg_19vR6GCO1.eg&url=http://search.mywebsearch.com/mywebsearch/GGmain.jhtml&st=sb&searchfor={searchTerms}&si=137395&n=77ce820b
IE - HKLM\..\SearchScopes\{D98FBCDE-CE80-40BC-A775-1E7901C4A600}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {676FC0DB-138B-4F55-9F2F-2BE262E72B4E}
IE - HKCU\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKxdm011YYUS&fl=0&ptb=4vJSZENCg_19vR6GCO1.eg&url=http://search.mywebsearch.com/mywebsearch/GGmain.jhtml&st=sb&searchfor={searchTerms}&si=137395&n=77ce820b
IE - HKCU\..\SearchScopes\{676FC0DB-138B-4F55-9F2F-2BE262E72B4E}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{D98FBCDE-CE80-40BC-A775-1E7901C4A600}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/09/04 12:35:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012/09/04 12:35:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012/09/04 12:35:33 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Swift Browse) - {808dc83c-d35b-4fba-a5b5-9a52103204df} - C:\Program Files\Swift Browse\SwiftBrowseBHO.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll (Gateway Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - Startup: C:\Users\EMachUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\EMachUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexGen Media Player.lnk = C:\Users\EMachUser\AppData\Local\NexGenMediaPlayer\NexGenMediaPlayerApp.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/noc...tup1.0.1.1.cab (Fun Web Products Installer Start)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D122C78F-1EB5-4E6F-B163-D2F3CBC3B553}: DhcpNameServer = 68.94.156.1 68.94.157.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/23 19:02:49 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 04:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{5e094961-2908-11dc-ab3e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5e094961-2908-11dc-ab3e-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SPSETUP.EXE
O33 - MountPoints2\{88f79cf2-40f8-11df-8291-001bb95f5c4b}\Shell - "" = AutoRun
O33 - MountPoints2\{88f79cf2-40f8-11df-8291-001bb95f5c4b}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.divxa32 - C:\Windows\System32\DivXa32.acm (Kristal StudioD
FileDescription)
Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.g723 - g723.acm File not found
Drivers32: msacm.iac2 - C:\Windows\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIV3 - C:\Windows\System32\DivXc32.dll (Hacked with Joy !)
Drivers32: vidc.DIV4 - C:\Windows\System32\DivXc32f.dll (Hacked with Joy !)
Drivers32: vidc.I263 - C:\Windows\System32\i263_32.drv (Intel Corporation)
Drivers32: vidc.i420 - C:\Windows\System32\i263_32.drv (Intel Corporation)
Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.JPEG - C:\Windows\System32\JpegCode.dll (Zoran Microelectronics Ltd.)
Drivers32: VIDC.MJPG - C:\Windows\System32\JpegCode.dll (Zoran Microelectronics Ltd.)
Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/11/01 16:32:59 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013/11/01 16:30:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/11/01 16:30:38 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2013/11/01 16:30:01 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\EMachUser\Desktop\erunt-setup.exe
[2013/11/01 15:31:01 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\EMachUser\Desktop\dds.scr
[2013/11/01 15:09:17 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013/11/01 15:09:17 | 000,000,000 | ---D | C] -- C:\Users\EMachUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/11/01 13:23:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\EMachUser\Desktop\OTL.exe
[2013/11/01 13:22:51 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\EMachUser\Desktop\aswMBR.exe
[2013/10/31 10:34:34 | 000,000,000 | ---D | C] -- C:\564c0b1906d847d402cfc34485e17a
[2013/10/31 10:27:38 | 000,000,000 | ---D | C] -- C:\72018930be9e0dffa9df21
[2013/10/30 23:11:26 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/10/30 22:48:56 | 000,000,000 | ---D | C] -- C:\Users\EMachUser\Desktop\RK_Quarantine
[2013/10/30 09:02:07 | 000,000,000 | ---D | C] -- C:\Users\EMachUser\AppData\Roaming\Malwarebytes
[2013/10/30 09:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/10/30 09:00:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/10/29 17:31:01 | 000,000,000 | ---D | C] -- C:\Users\EMachUser\Documents\NexGen Media Player
[2013/10/11 10:44:44 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/10/11 10:44:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/10/11 10:44:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/10/11 10:44:42 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/10/11 10:44:41 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/10/11 10:44:40 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/10/11 10:44:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/10/11 10:44:38 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/10/10 15:45:17 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/10/10 15:45:16 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013/10/10 15:45:15 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013/10/10 15:45:15 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013/10/10 15:45:15 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013/10/10 15:45:15 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013/10/10 15:45:14 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013/10/10 15:45:14 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013/10/10 15:45:10 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013/10/10 15:45:09 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013/10/10 15:45:05 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013/10/10 15:45:02 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2013/10/10 15:44:58 | 002,050,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/10/10 15:44:28 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2013/10/10 15:44:28 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2013/10/10 15:42:39 | 000,025,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2007/12/16 17:49:08 | 000,147,456 | ---- | C] (Info-ZIP) -- C:\Users\EMachUser\vbzip10.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/01 16:30:47 | 000,000,913 | ---- | M] () -- C:\Users\EMachUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/11/01 16:30:38 | 000,000,714 | ---- | M] () -- C:\Users\EMachUser\Desktop\ERUNT.lnk
[2013/11/01 16:30:06 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\EMachUser\Desktop\erunt-setup.exe
[2013/11/01 15:31:11 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\EMachUser\Desktop\dds.scr
[2013/11/01 15:10:37 | 000,002,531 | ---- | M] () -- C:\Users\EMachUser\Desktop\HiJackThis.lnk
[2013/11/01 15:07:28 | 001,402,880 | ---- | M] () -- C:\Users\EMachUser\Desktop\HijackThis.msi
[2013/11/01 14:23:25 | 000,000,512 | ---- | M] () -- C:\Users\EMachUser\Desktop\MBR.dat
[2013/11/01 14:21:03 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/01 13:46:11 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/01 13:23:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\EMachUser\Desktop\OTL.exe
[2013/11/01 13:23:14 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\EMachUser\Desktop\aswMBR.exe
[2013/11/01 13:22:33 | 000,891,184 | ---- | M] () -- C:\Users\EMachUser\Desktop\SecurityCheck.exe
[2013/11/01 13:19:50 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/01 13:06:11 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/01 13:06:11 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/01 09:05:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/01 09:05:43 | 937,943,040 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/11 11:31:11 | 000,654,114 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/10/11 11:31:11 | 000,122,868 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/10/11 11:23:40 | 000,454,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/10/10 13:49:51 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/10/10 13:49:51 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/01 16:30:47 | 000,000,913 | ---- | C] () -- C:\Users\EMachUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/11/01 16:30:38 | 000,000,714 | ---- | C] () -- C:\Users\EMachUser\Desktop\ERUNT.lnk
[2013/11/01 15:09:17 | 000,002,531 | ---- | C] () -- C:\Users\EMachUser\Desktop\HiJackThis.lnk
[2013/11/01 15:06:59 | 001,402,880 | ---- | C] () -- C:\Users\EMachUser\Desktop\HijackThis.msi
[2013/11/01 14:23:25 | 000,000,512 | ---- | C] () -- C:\Users\EMachUser\Desktop\MBR.dat
[2013/11/01 13:22:28 | 000,891,184 | ---- | C] () -- C:\Users\EMachUser\Desktop\SecurityCheck.exe
[2013/10/31 11:17:39 | 937,943,040 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/10 20:50:10 | 000,017,388 | ---- | C] () -- C:\Windows\System32\usboktcp.dll
[2011/11/06 18:14:51 | 000,017,408 | ---- | C] () -- C:\Users\EMachUser\AppData\Local\WebpageIcons.db
[2011/11/06 18:11:47 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2011/11/06 18:11:46 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010/03/26 19:42:33 | 000,023,580 | ---- | C] () -- C:\Users\EMachUser\AppData\Roaming\UserTile.png
[2008/12/08 12:04:41 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/08/07 16:09:54 | 000,000,000 | ---- | C] () -- C:\Users\EMachUser\AppData\Roaming\wklnhst.dat
[2008/03/08 12:32:19 | 000,004,096 | -H-- | C] () -- C:\Users\EMachUser\AppData\Local\keyfile3.drm
[2008/03/08 11:46:08 | 000,007,268 | ---- | C] () -- C:\Users\EMachUser\AppData\Local\d3d9caps.dat
[2008/02/01 10:38:53 | 000,000,632 | RHS- | C] () -- C:\Users\EMachUser\ntuser.pol
[2008/01/30 01:23:12 | 000,008,017 | ---- | C] () -- C:\Users\EMachUser\ia_remove.sh
[2007/12/23 19:57:43 | 000,000,363 | ---- | C] () -- C:\ProgramData\lxdc
[2007/09/28 15:49:19 | 000,036,352 | ---- | C] () -- C:\Users\EMachUser\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2008/01/10 23:58:48 | 000,000,000 | ---D | M] -- C:\Users\EMachUser\AppData\Roaming\Lexmark Productivity Studio
[2010/03/26 19:42:33 | 000,000,000 | ---D | M] -- C:\Users\EMachUser\AppData\Roaming\PeerNetworking
[2007/09/28 15:58:51 | 000,000,000 | ---D | M] -- C:\Users\EMachUser\AppData\Roaming\SampleView
[2008/08/07 16:09:56 | 000,000,000 | ---D | M] -- C:\Users\EMachUser\AppData\Roaming\Template
[2008/01/10 22:42:21 | 000,000,000 | ---D | M] -- C:\Users\EMachUser\AppData\Roaming\Ulead Systems
[2007/12/14 20:37:01 | 000,000,000 | ---D | M] -- C:\Users\EMachUser\AppData\Roaming\WildTangent
[2008/12/08 12:04:14 | 000,000,000 | ---D | M] -- C:\Users\EMachUser\AppData\Roaming\Wireshark

========== Purity Check ==========



========== Custom Scans ==========

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s > >

< MD5 for: EXPLORER.EXE >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/02/01 18:40:24 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/02/01 18:40:23 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 04:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 02:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: EXPLORER.EXE.MUI >
[2006/11/02 07:41:18 | 000,036,864 | ---- | M] (Microsoft Corporation) MD5=192DD053B43250E264383CDC3D564A18 -- C:\Windows\en-US\explorer.exe.mui
[2006/11/02 07:41:18 | 000,036,864 | ---- | M] (Microsoft Corporation) MD5=192DD053B43250E264383CDC3D564A18 -- C:\Windows\winsxs\x86_microsoft-windows-explorer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_03bbc52176b6ba20\explorer.exe.mui

< MD5 for: EXPLORER.EXE-A80E4F97.PF >
[2013/11/02 17:09:57 | 000,073,858 | ---- | M] () MD5=C432762CBFCCE7F07D93C1FEE940A0EA -- C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf

< MD5 for: IEXPLORE.EXE >
[2012/05/17 18:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=0129BB16161C2FD9A6B19111AB047198 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16446_none_5898f8e3ebb5c47b\iexplore.exe
[2011/07/23 06:02:27 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=04D1DC458C723B291179F8449ACC281D -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19120_none_12355fcb2fdc2111\iexplore.exe
[2008/04/24 23:22:36 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=07ED775D6DB4BFA96D7CFB09EB228418 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16681_none_2d26424d1d17e8b7\iexplore.exe
[2009/01/14 23:14:36 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=0844F5B9CB3BB85A917D347EF1565B6C -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16809_none_2d84c7c91ccfce35\iexplore.exe
[2012/11/13 21:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=0D286C0FE561D1A7EB30E83A0FF305B2 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16457_none_588f2941ebbcf9c3\iexplore.exe
[2011/09/30 18:49:11 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=0E1695AD4C30E72D68170F01B4818A80 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23250_none_129e8cd2491214ae\iexplore.exe
[2013/07/31 05:18:24 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=10C1F2EC48D524AE10229AACD37B172A -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20617_none_594407a304ba26f0\iexplore.exe
[2013/07/24 21:48:45 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=139C8953AC56A9E559C7DEF07BC45ED7 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20613_none_5940067b04bdc194\iexplore.exe
[2008/06/26 22:54:09 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=157F8DE991396C536820D7FA5C8DCF7D -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16711_none_2d71f3a71cdf2247\iexplore.exe
[2008/02/21 21:44:11 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=182CAF7403705ACCB51211A761080B8F -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_2dc0b0c03628049a\iexplore.exe
[2008/10/01 22:50:01 | 000,633,632 | ---- | M] (Microsoft Corporation) MD5=19403B64906C9EAC627E3C10847B0FDA -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16757_none_2d4cb5b31cfa2a15\iexplore.exe
[2009/11/21 01:42:38 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=1B6362BB14FCEB9E76BCF9A953B04788 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18865_none_120f459f2ff7e1f8\iexplore.exe
[2009/07/18 07:16:49 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=1D5A01AA2DE47C052AF46D7EBCB003A3 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16890_none_2d1a75e31d20e59f\iexplore.exe
[2009/07/18 16:39:09 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=1D8163DBFECAEDB9C48C5F55084BC491 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18294_none_2f04b5b11a43dbec\iexplore.exe
[2009/03/02 23:18:52 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=1DD66A2851DACDEC32EAE8F9A8865ABD -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21023_none_2df29b2236034119\iexplore.exe
[2009/04/24 11:25:27 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=1F44940EF1D07D0BDAF80E55853DFBD0 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16851_none_2d46b5dd1cff8f32\iexplore.exe
[2012/08/24 02:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=22CC6CDBA678790046693654C3B212E4 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16450_none_5888273bebc34862\iexplore.exe
[2010/02/23 10:06:13 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=25DB705A7DC85C208B3CF2D20F118AA7 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22995_none_127872a6492dd595\iexplore.exe
[2012/05/17 17:59:46 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=268982F1FD671A077C6A2AF41E351436 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20551_none_5912c45104e00183\iexplore.exe
[2012/10/08 03:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=270A1342BD5AF95CA25A586B4C2F1522 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16455_none_588d28adebbec715\iexplore.exe
[2011/11/03 02:33:09 | 000,638,240 | ---- | M] (Microsoft Corporation) MD5=2A268DF89913A0E927091077878EDB3E -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23266_none_1299bea24914c8a9\iexplore.exe
[2009/04/11 01:27:44 | 000,636,080 | ---- | M] (Microsoft Corporation) MD5=2C5168C856455CC43C4B4E1CC1920001 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6002.18005_none_314d791517204c15\iexplore.exe
[2009/08/27 00:23:17 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=2E48756F12C21F46895036AC089AAD97 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18828_none_123d862d2fd4be39\iexplore.exe
[2013/02/21 23:10:00 | 000,757,376 | ---- | M] (Microsoft Corporation) MD5=32732CEDE2A1106B736EF3D84054EE04 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16476_none_5878891febce184e\iexplore.exe
[2013/05/28 22:32:47 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=33E62E4EFC2ACA8EC63A8926F26D3889 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20606_none_594dd74504b2f1a8\iexplore.exe
[2012/06/02 04:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=34B01BBD8F00B6B9C9248DC4F1E3CD01 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16447_none_5899f92debb4ddd2\iexplore.exe
[2010/01/02 09:58:26 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=3D8DA00B028DEA9517066F1CECBFC4A2 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22973_none_128c11ea491f6b05\iexplore.exe
[2013/04/04 17:47:49 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=3F00BE80B9CEA20B7FE7363D15EDDB94 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16483_none_586ab855ebd8e83a\iexplore.exe
[2013/02/21 23:10:31 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=4145E2B5663F6FACC08EFDB17B658BB2 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20586_none_58f755ff04f3d409\iexplore.exe
[2013/09/22 05:59:54 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=45BDA923BE52906D1460BCB13AC2AB7A -- C:\Program Files\Internet Explorer\iexplore.exe
[2013/09/22 05:59:54 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=45BDA923BE52906D1460BCB13AC2AB7A -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16514_none_58b769f9eb9f3b21\iexplore.exe
[2010/05/04 01:32:18 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=48A6109E8DF0365195298CC527B7426A -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23019_none_12d2cb5048e98eab\iexplore.exe
[2010/09/08 01:26:34 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=4A719476A6393B1DCACFEB4F3AC6599C -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23067_none_129abb204913e7b2\iexplore.exe
[2008/02/01 18:23:45 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=4C1528C481FFE6E4EFE4BAC7271CE251 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20697_none_2dab0f0236383f55\iexplore.exe
[2008/10/15 23:27:53 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=4CBA2F58668F2D5F3259CBE73E227F25 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20937_none_2debf43c36078f24\iexplore.exe
[2011/07/23 06:42:34 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=4D08A4234D645EFCB30605CC0BFA87F4 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23216_none_12cfce3e48ec3cf4\iexplore.exe
[2008/06/26 20:41:30 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=4DBD95312B1C96C5285D38F1D748CD4D -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20868_none_2dcc82dc361eff27\iexplore.exe
[2011/12/15 02:36:29 | 000,638,240 | ---- | M] (Microsoft Corporation) MD5=54EF418BD99720658CCE24210799BD1A -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23286_none_12841eca4925008b\iexplore.exe
[2013/07/24 21:42:37 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=57EC630DBD5F0713E77CB3540AB80A8E -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16502_none_58c03951eb98ec82\iexplore.exe
[2010/11/02 01:03:13 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=5AB037B17F8A87D052F5A88E0D29A3C8 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18999_none_11f2d8e9300c984e\iexplore.exe
[2008/01/19 02:33:12 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=5B92133D3E7FB2644677686305E29E81 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_2f62000919fe80c9\iexplore.exe
[2010/05/04 01:00:35 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=5C9B1062EA7A44E8F6BFDE994B68C7AA -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18928_none_123d88132fd4bb60\iexplore.exe
[2012/08/24 02:49:25 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=62188720CE27B982B4285C03163C9FB3 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20557_none_5918c60d04da998d\iexplore.exe
[2008/10/01 22:32:01 | 000,633,632 | ---- | M] (Microsoft Corporation) MD5=6655B851D9EEF7C83395EE52D551B448 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20927_none_2df6c42835ff7333\iexplore.exe
[2013/05/16 18:34:33 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=67EE46FD4D3B56531C5DD1BDC149275A -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16490_none_585ce78bebe3b826\iexplore.exe
[2013/01/08 17:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=698EB1E5F8C66344D97C00B5699E871D -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16464_none_58815877ebc7c9af\iexplore.exe
[2008/02/01 18:23:46 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=7023BC3AF58F0C47856AF147E290D81A -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16575_none_2d35117b1d0c34fb\iexplore.exe
[2010/06/26 01:06:48 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=7420BE0E7D3D1320054F7ACA0594953D -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18943_none_1222e6c92fe9748f\iexplore.exe
[2010/12/18 02:19:44 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=7852371DA9EFBC17B645558E23780EAC -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23111_none_12cacae648f0c11a\iexplore.exe
[2011/09/30 18:07:49 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=7ACBBC85FCE4989B533220FC3B291633 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19154_none_1218f12f2ff0da40\iexplore.exe
[2009/08/27 08:31:08 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=7DD482E4A2E3CBB0A72F718C342F5B75 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22918_none_12d1f2e448ea4212\iexplore.exe
[2011/05/28 02:09:20 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=7EE10C5413AD7ED1AF9E8FAE1B58FC3E -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23181_none_127f1b72492984b1\iexplore.exe
[2008/02/14 14:35:26 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=7F2693693511F7ECD2762081F2F19864 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20734_none_2de8ef92360a48d1\iexplore.exe
[2009/07/18 07:16:45 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=7FCF4E704A48D95202F3E7A1E1A21412 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21089_none_2db7bd56362e80c9\iexplore.exe
[2006/11/02 04:45:14 | 000,623,616 | ---- | M] (Microsoft Corporation) MD5=8308F01F27DF839E0010B0F72F855E35 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16386_none_2d2b3e0d1d136ff5\iexplore.exe
[2010/01/02 01:40:20 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=88BD42DAE7CFFEB256CA7145A15E4843 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18882_none_11f6a4e9300acdd5\iexplore.exe
[2009/03/02 23:32:44 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=8BA2B7A05F88BE0D45237A0994AD8366 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22389_none_2f9e23da3354de78\iexplore.exe
[2012/03/16 09:16:47 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16421_none_58a99749ebaa0de6\iexplore.exe
[2008/02/14 14:35:29 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=9143C721DD6482374EFB35BC35944324 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16609_none_2d84c3fd1ccfd3e7\iexplore.exe
[2010/11/02 02:13:47 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=92A17B0A89D14815AACC62CD190B6CE3 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23091_none_127449a04931a37b\iexplore.exe
[2012/06/28 20:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=93569D46D79F9756ED077156496AFE23 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16448_none_589af977ebb3f729\iexplore.exe
[2008/02/20 23:43:03 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=9437CA21CD48C9B6BFD6F5AC0143D251 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_2d5382911cf5aba1\iexplore.exe
[2011/02/22 02:18:28 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=9CE5543464432CA73134F170FA2BF823 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23143_none_12ac5bb64907479b\iexplore.exe
[2009/08/27 09:04:53 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=9E45866CD349219784CD5A7620DBEB8A -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16916_none_2d76f8e51cda9b48\iexplore.exe
[2009/03/02 23:40:22 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=9E6C1527D9A2C64BFD780AA23075380F -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18226_none_2f5265b91a094b03\iexplore.exe
[2008/04/24 21:04:08 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=9F1427F203CA078005C9943800929640 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20823_none_2df2c11a360310b0\iexplore.exe
[2010/02/23 01:39:16 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=9F52FBE99C749E3F32C75124F09F1B03 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18904_none_124f26c32fc81e22\iexplore.exe
[2013/02/01 23:19:03 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=A285E1965C115031DA02B777EE9D7689 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20580_none_58f1544304f93bff\iexplore.exe
[2009/08/27 08:43:41 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=A76AFC309AA55CD607A28AC41C7D7603 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21116_none_2e006dd235f86e54\iexplore.exe
[2013/05/16 17:27:11 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=A8732CEDB2C0EE7AFC08F867A47BB3EC -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20600_none_5947d58904b8599e\iexplore.exe
[2013/07/31 05:39:59 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=AA9CBDCD4675A48755DDA3A73BE3E283 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16506_none_58c43a79eb9551de\iexplore.exe
[2011/12/15 01:22:33 | 000,638,240 | ---- | M] (Microsoft Corporation) MD5=AB18B8902C06954F8DFBAC5C6DC7E1E8 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19190_none_11e9b0573014e4a8\iexplore.exe
[2009/03/08 16:09:24 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_124d22632fc9f126\iexplore.exe
[2010/12/18 01:28:35 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=B988D7F127B94BD5BF8356FE81B985C4 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19019_none_1249306b2fcbec08\iexplore.exe
[2009/08/27 08:38:13 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=BBF84F317553520BB78AEF7B047325C1 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18319_none_2f60386919fe783e\iexplore.exe
[2012/06/02 03:51:58 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=BE967C74B89577B78FB57C061E12B04C -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20553_none_5914c4e504de3431\iexplore.exe
[2013/04/04 16:55:02 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=C036AB1ED8BAC04FE4A349BA263077BB -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20593_none_58e9853504fea3f5\iexplore.exe
[2011/02/22 01:21:12 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=C1D36A2CBE0CEC4DF593DB1288CF586E -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19048_none_1227c05d2fe52684\iexplore.exe
[2011/11/03 01:23:19 | 000,638,240 | ---- | M] (Microsoft Corporation) MD5=CCDB0B2D1F2E016966B1DB1097E24842 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19170_none_11ff502f3004acc6\iexplore.exe
[2012/10/08 03:22:05 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=CECB15F834FC2B4B150449717ADE18DD -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20562_none_5908f4af04e736cb\iexplore.exe
[2009/04/24 11:03:18 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=D5271AC4A06AD9D1E2EA0151B79B2657 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21046_none_2ddffc283610c500\iexplore.exe
[2010/09/08 01:02:42 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=D5A730DFDEAE005373E62BC2A866E3BB -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18975_none_120477992ffffb10\iexplore.exe
[2009/04/24 11:01:36 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=D6157423C117F24D24695866A1D0A93F -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22418_none_2fe8d4ea331cfeb1\iexplore.exe
[2008/10/15 23:42:58 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=D762642A109433EEDCD332B0A9511137 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16764_none_2d3ee4e91d04fa01\iexplore.exe
[2013/02/01 23:19:04 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=DDE5A0DFAF7C6370FB36402D7A746ED3 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16470_none_58728763ebd38044\iexplore.exe
[2009/11/21 10:05:17 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=E7F8DF50E483D165BB01F367D3519AA7 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22956_none_12a4b2a0490c7f28\iexplore.exe
[2009/03/02 23:22:10 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=EA4BE33726155F89D89A3FE7142878E0 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16830_none_2d5b556b1cf03df9\iexplore.exe
[2012/06/28 18:35:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=EB4105348272018D096FEB655CD1608C -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20554_none_5915c52f04dd4d88\iexplore.exe
[2009/07/18 06:55:42 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=EBEE9E4421F35CD861107DDA0266FBB1 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22475_none_2fa4f48433505a52\iexplore.exe
[2011/05/28 01:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=ED65737D70FDEAC29F738E77D2496EE5 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19088_none_11fc80ad30059648\iexplore.exe
[2013/05/28 21:24:32 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=EE12BA876C4190532A4085994BA9B616 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16496_none_5862e947ebde5030\iexplore.exe
[2013/01/08 16:32:42 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F05982E56ABD835AA8DF260EEC873E5B -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20573_none_58ff250d04ee6c13\iexplore.exe
[2010/06/26 01:52:42 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=F05B3A2C6CB319DD1377AD566CF5ECE5 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23040_none_12a958f24909fe6f\iexplore.exe
[2009/01/14 23:18:47 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=F0B1CA517977BA2FF6DA33F1B966C488 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20996_none_2daa146a36391d73\iexplore.exe
[2009/04/24 11:08:04 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=F294D8EEB05C835EC44A12CE0A1DFE7A -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18248_none_2f3ec6751a17b593\iexplore.exe
[2012/11/13 21:19:28 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F691418EE9A6344AEB5C1B0518FBF8AE -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20565_none_590bf58d04e482d0\iexplore.exe
[2013/09/22 07:14:29 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=F87E95A127E83277B9AE500D7A18C998 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20625_none_5937372304c41033\iexplore.exe
[2009/08/27 08:19:25 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=FE2DFF83B7753AC47C553EF7D5289BEE -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22508_none_2ff3a6bc3314dfe7\iexplore.exe

< MD5 for: IEXPLORE.EXE.MUI >
[2006/11/02 07:41:15 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=3CCDDDBC49DEACA370F39A9F0E146A1B -- C:\Windows\winsxs\x86_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_3b55b11a57da5590\iexplore.exe.mui
[2012/03/16 09:16:52 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2012/03/16 09:16:52 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.1.8112.16421_en-us_52562cc123574ecd\iexplore.exe.mui
[2009/03/08 16:27:11 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Windows\winsxs\x86_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_8.0.6001.18702_en-us_207795706a90d6c1\iexplore.exe.mui

< MD5 for: IEXPLORE.EXE-908C99F8.PF >
[2013/11/01 15:25:23 | 000,128,768 | ---- | M] () MD5=55F44A887CB338AD2AFD406DCC385990 -- C:\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf

< MD5 for: SERVICES >
[2006/09/18 16:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 16:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services
[2008/10/20 16:20:04 | 000,769,039 | ---- | M] () MD5=C540D44DF0E96D39EA4AF5C7B3FA64C5 -- C:\Program Files\Wireshark\services

< MD5 for: SERVICES.CNF >
[2000/11/16 11:13:16 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Users\Marco-FD\Documents\My Documents\My Webs\marco\_vti_pvt\services.cnf

< MD5 for: SERVICES.EXE >
[2008/01/19 02:33:28 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2006/11/02 04:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 07:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 07:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui

< MD5 for: SERVICES.HTM >
[2001/03/04 11:44:14 | 000,004,604 | ---- | M] () MD5=199DFA01F16D18A1BCD1E0D45A6037AA -- C:\Users\Marco-FD\Documents\My Documents\My Webs\marco\services.htm
[2001/03/04 11:44:16 | 000,001,550 | ---- | M] () MD5=46A53A39F9056079F81A7D8B4E374C73 -- C:\Users\Marco-FD\Documents\My Documents\My Webs\marco\_vti_cnf\services.htm

< MD5 for: SERVICES.HTM_CMP_BLENDS110_BNR.GIF >
[2000/11/16 11:29:56 | 000,000,325 | ---- | M] () MD5=23E4B1B16629AE97471FAA19D166764F -- C:\Users\Marco-FD\Documents\My Documents\My Webs\marco\_derived\_vti_cnf\services.htm_cmp_blends110_bnr.gif
[2000/11/16 11:30:06 | 000,001,565 | ---- | M] () MD5=27571AA0DB495668F0DC4DC53E8F9F05 -- C:\Users\Marco-FD\Documents\My Documents\My Webs\marco\_derived\services.htm_cmp_blends110_bnr.gif

< MD5 for: SERVICES.HTM_CMP_BLENDS110_HBTN.GIF >
[2000/11/16 11:29:54 | 000,000,325 | ---- | M] () MD5=09750532ED447695C10F75C848C120CA -- C:\Users\Marco-FD\Documents\My Documents\My Webs\marco\_derived\_vti_cnf\services.htm_cmp_blends110_hbtn.gif
[2000/11/16 11:30:08 | 000,000,668 | ---- | M] () MD5=2AB0BA1BBB72597A07FC3DD1D68A2791 -- C:\Users\Marco-FD\Documents\My Documents\My Webs\marco\_derived\services.htm_cmp_blends110_hbtn.gif

< MD5 for: SERVICES.HTM_CMP_BLENDS110_HBTN_A.GIF >
[2000/11/16 11:29:54 | 000,000,325 | ---- | M] () MD5=09750532ED447695C10F75C848C120CA -- C:\Users\Marco-FD\Documents\My Documents\My Webs\marco\_derived\_vti_cnf\services.htm_cmp_blends110_hbtn_a.gif
[2000/11/16 11:30:08 | 000,001,119 | ---- | M] () MD5=8E32CBF9B04207AA464DEDDB2EF6D571 -- C:\Users\Marco-FD\Documents\My Documents\My Webs\marco\_derived\services.htm_cmp_blends110_hbtn_a.gif

< MD5 for: SERVICES.HTM_CMP_BLENDS110_HBTN_P.GIF >
[2000/11/16 11:29:56 | 000,000,325 | ---- | M] () MD5=23E4B1B16629AE97471FAA19D166764F -- C:\Users\Marco-FD\Documents\My Documents\My Webs\marco\_derived\_vti_cnf\services.htm_cmp_blends110_hbtn_p.gif
[2000/11/16 11:30:08 | 000,001,896 | ---- | M] () MD5=5982C16906FFA2E07DCA83655A291784 -- C:\Users\Marco-FD\Documents\My Documents\My Webs\marco\_derived\services.htm_cmp_blends110_hbtn_p.gif

< MD5 for: SERVICES.HTM_CMP_BLENDS110_VBTN.GIF >
[2000/11/16 11:29:54 | 000,000,325 | ---- | M] () MD5=09750532ED447695C10F75C848C120CA -- C:\Users\Marco-FD\Documents\My Documents\My Webs\marco\_derived\_vti_cnf\services.htm_cmp_blends110_vbtn.gif
[2000/11/16 11:30:08 | 000,000,750 | ---- | M] () MD5=3BFF60205B8A04835485583D22579BD8 -- C:\Users\Marco-FD\Documents\My Documents\My Webs\marco\_derived\services.htm_cmp_blends110_vbtn.gif

< MD5 for: SERVICES.HTM_CMP_BLENDS110_VBTN_A.GIF >
[2000/11/16 11:29:54 | 000,000,325 | ---- | M] () MD5=09750532ED447695C10F75C848C120CA -- C:\Users\Marco-FD\Documents\My Documents\My Webs\marco\_derived\_vti_cnf\services.htm_cmp_blends110_vbtn_a.gif
[2000/11/16 11:30:08 | 000,001,198 | ---- | M] () MD5=A2229D1E74C48C16BC26157EFB86E7B4 -- C:\Users\Marco-FD\Documents\My Documents\My Webs\marco\_derived\services.htm_cmp_blends110_vbtn_a.gif

< MD5 for: SERVICES.HTM_NAV_BLENDS010_BNR.GIF >
[2000/11/16 11:30:10 | 000,000,443 | ---- | M] () MD5=9DBF40D94F7D2473E40F9D455E2E8C39 -- C:\Users\Marco-FD\Documents\My Documents\My Webs\marco\_overlay\_vti_cnf\services.htm_nav_blends010_bnr.gif
[2000/11/16 11:30:04 | 000,000,340 | ---- | M] () MD5=BDB856F706941B2B940E3404AB800097 -- C:\Users\Marco-FD\Documents\My Documents\My Webs\marco\_overlay\services.htm_nav_blends010_bnr.gif

[Frosty]

Here is the rest of the story.


color=#A23BEC]< MD5 for: SERVICES.HTM_NAV_BLENDS010_HBTN.GIF >[/color]
[2000/11/16 11:30:06 | 000,000,142 | ---- | M] () MD5=5469E0F6615953C7F7CF160A782269AD -- C:\Users\Marco-FD\Documents\My Documents\My Webs\marco\_overlay\services.htm_nav_blends010_hbtn.gif
[2000/11/16 11:30:10 | 000,000,443 | ---- | M] () MD5=A7B8CF80822471C68F3A7CFCEB3E77B6 -- C:\Users\Marco-FD\Documents\My Documents\My Webs\marco\_overlay\_vti_cnf\services.htm_nav_blends010_hbtn.gif

< MD5 for: SERVICES.HTM_NAV_BLENDS010_VBTN.GIF >
[2000/11/16 11:30:08 | 000,000,142 | ---- | M] () MD5=5469E0F6615953C7F7CF160A782269AD -- C:\Users\Marco-FD\Documents\My Documents\My Webs\marco\_overlay\services.htm_nav_blends010_vbtn.gif
[2000/11/16 11:30:10 | 000,000,443 | ---- | M] () MD5=738B1D74184FC6AC9D6AE1CB83E9C39D -- C:\Users\Marco-FD\Documents\My Documents\My Webs\marco\_overlay\_vti_cnf\services.htm_nav_blends010_vbtn.gif

< MD5 for: SERVICES.LNK >
[2008/09/26 11:58:59 | 000,001,688 | ---- | M] () MD5=CBC1C0134FE1F95F3AC15F1EAB4625D7 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/09/26 11:58:59 | 000,001,688 | ---- | M] () MD5=CBC1C0134FE1F95F3AC15F1EAB4625D7 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.mof
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2006/11/02 07:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/18 16:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 07:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 16:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6000.16386_none_cd2d20a848cfd40f\services.msc
[2006/09/18 16:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc

< MD5 for: WINLOGON.EXE >
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 04:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 02:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WINLOGON.EXE.MUI >
[2008/01/19 02:40:57 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=26AC28BF50DC112BAA794A83E08588F0 -- C:\Windows\System32\en-US\winlogon.exe.mui
[2008/01/19 02:40:57 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=26AC28BF50DC112BAA794A83E08588F0 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6001.18000_en-us_caf8918b0416723a\winlogon.exe.mui
[2006/11/02 07:40:50 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=A1D2856F3EC3C86EBBF1442B0245A8B3 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6000.16386_en-us_c8c1cf8f072b6166\winlogon.exe.mui

< MD5 for: WINLOGON.EXE-B020DC41.PF >
[2013/11/01 17:25:51 | 000,040,648 | ---- | M] () MD5=AE607F23DE7F6B913A322F8F5A6B1524 -- C:\Windows\Prefetch\WINLOGON.EXE-B020DC41.pf

< MD5 for: WINLOGON.MOF >
[2006/09/18 16:41:56 | 000,002,794 | ---- | M] () MD5=545C578F290B9CDD280966939935B9EA -- C:\Windows\System32\wbem\winlogon.mof
[2006/09/18 16:41:56 | 000,002,794 | ---- | M] () MD5=545C578F290B9CDD280966939935B9EA -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.0.6000.16386_none_7e0207d478fccc94\winlogon.mof

< %SYSTEMDRIVE%\*.* >
[2010/03/23 19:02:49 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/06/11 19:36:06 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2006/12/07 13:24:36 | 000,241,664 | ---- | M] (Alcor Micro, Corp.) -- C:\EMicon.dll
[2013/11/01 09:05:43 | 937,943,040 | -HS- | M] () -- C:\hiberfil.sys
[2008/01/16 23:15:08 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/01/18 20:05:12 | 000,000,198 | ---- | M] () -- C:\log.txt
[2008/12/01 10:02:25 | 000,000,152 | ---- | M] () -- C:\lxdc.log
[2008/01/16 23:15:08 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013/11/01 09:05:41 | 1251,749,888 | -HS- | M] () -- C:\pagefile.sys
[2007/05/29 12:55:36 | 000,000,163 | ---- | M] () -- C:\power2go.log
[2007/05/29 12:43:56 | 000,000,345 | ---- | M] () -- C:\RHDSetup.log
[2013/10/30 19:58:21 | 000,004,016 | ---- | M] () -- C:\TDSSKiller.3.0.0.14_30.10.2013_19.56.01_log.txt
[2013/10/30 20:05:52 | 000,341,818 | ---- | M] () -- C:\TDSSKiller.3.0.0.14_30.10.2013_20.00.14_log.txt
[2013/10/30 20:08:40 | 000,174,890 | ---- | M] () -- C:\TDSSKiller.3.0.0.14_30.10.2013_20.06.28_log.txt
[2011/05/05 15:25:10 | 000,558,232 | ---- | M] () -- C:\Temp

< %systemroot%\Fonts\*.com >
[2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/01/03 17:03:10 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/01/16 12:26:40 | 000,019,456 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\system32\spool\prtprocs\w32x86\clpa1pc.dll
[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 21:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2003/01/13 12:19:58 | 000,106,496 | ---- | M] () -- C:\Windows\UPSCR.Scr
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/09/26 11:59:43 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 427A-20F7
Directory of C:\
09/28/2007 03:39 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
09/28/2007 03:39 PM <JUNCTION> Application Data [C:\ProgramData]
09/28/2007 03:39 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
09/28/2007 03:39 PM <JUNCTION> Documents [C:\Users\Public\Documents]
09/28/2007 03:39 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
09/28/2007 03:39 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
09/28/2007 03:39 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
09/28/2007 03:39 PM <SYMLINKD> All Users [C:\ProgramData]
09/28/2007 03:39 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
09/28/2007 03:39 PM <JUNCTION> Application Data [C:\ProgramData]
09/28/2007 03:39 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
09/28/2007 03:39 PM <JUNCTION> Documents [C:\Users\Public\Documents]
09/28/2007 03:39 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
09/28/2007 03:39 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
09/28/2007 03:39 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
09/28/2007 03:39 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
09/28/2007 03:39 PM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
09/28/2007 03:39 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
09/28/2007 03:39 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
09/28/2007 03:39 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
09/28/2007 03:39 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
09/28/2007 03:39 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
09/28/2007 03:39 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
09/28/2007 03:39 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
09/28/2007 03:39 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
09/28/2007 03:39 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
09/28/2007 03:39 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
09/28/2007 03:39 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
09/28/2007 03:39 PM <JUNCTION> My Music [C:\Users\Default\Music]
09/28/2007 03:39 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
09/28/2007 03:39 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\EMachUser
09/28/2007 03:43 PM <JUNCTION> Application Data [C:\Users\EMachUser\AppData\Roaming]
09/28/2007 03:43 PM <JUNCTION> Cookies [C:\Users\EMachUser\AppData\Roaming\Microsoft\Windows\Cookies]
09/28/2007 03:43 PM <JUNCTION> Local Settings [C:\Users\EMachUser\AppData\Local]
09/28/2007 03:43 PM <JUNCTION> My Documents [C:\Users\EMachUser\Documents]
09/28/2007 03:43 PM <JUNCTION> NetHood [C:\Users\EMachUser\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
09/28/2007 03:43 PM <JUNCTION> PrintHood [C:\Users\EMachUser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
09/28/2007 03:43 PM <JUNCTION> Recent [C:\Users\EMachUser\AppData\Roaming\Microsoft\Windows\Recent]
09/28/2007 03:43 PM <JUNCTION> SendTo [C:\Users\EMachUser\AppData\Roaming\Microsoft\Windows\SendTo]
09/28/2007 03:43 PM <JUNCTION> Start Menu [C:\Users\EMachUser\AppData\Roaming\Microsoft\Windows\Start Menu]
09/28/2007 03:43 PM <JUNCTION> Templates [C:\Users\EMachUser\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\EMachUser\AppData\Local
09/28/2007 03:43 PM <JUNCTION> Application Data [C:\Users\EMachUser\AppData\Local]
09/28/2007 03:43 PM <JUNCTION> History [C:\Users\EMachUser\AppData\Local\Microsoft\Windows\History]
09/28/2007 03:43 PM <JUNCTION> Temporary Internet Files [C:\Users\EMachUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\EMachUser\Documents
09/28/2007 03:43 PM <JUNCTION> My Music [C:\Users\EMachUser\Music]
09/28/2007 03:43 PM <JUNCTION> My Pictures [C:\Users\EMachUser\Pictures]
09/28/2007 03:43 PM <JUNCTION> My Videos [C:\Users\EMachUser\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Marco-FD
02/01/2008 11:40 AM <JUNCTION> Application Data [C:\Users\Marco-FD\AppData\Roaming]
02/01/2008 11:40 AM <JUNCTION> Cookies [C:\Users\Marco-FD\AppData\Roaming\Microsoft\Windows\Cookies]
02/01/2008 11:40 AM <JUNCTION> Local Settings [C:\Users\Marco-FD\AppData\Local]
02/01/2008 11:40 AM <JUNCTION> My Documents [C:\Users\Marco-FD\Documents]
02/01/2008 11:40 AM <JUNCTION> NetHood [C:\Users\Marco-FD\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
02/01/2008 11:40 AM <JUNCTION> PrintHood [C:\Users\Marco-FD\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02/01/2008 11:40 AM <JUNCTION> Recent [C:\Users\Marco-FD\AppData\Roaming\Microsoft\Windows\Recent]
02/01/2008 11:40 AM <JUNCTION> SendTo [C:\Users\Marco-FD\AppData\Roaming\Microsoft\Windows\SendTo]
02/01/2008 11:40 AM <JUNCTION> Start Menu [C:\Users\Marco-FD\AppData\Roaming\Microsoft\Windows\Start Menu]
02/01/2008 11:40 AM <JUNCTION> Templates [C:\Users\Marco-FD\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Marco-FD\AppData\Local
02/01/2008 11:40 AM <JUNCTION> Application Data [C:\Users\Marco-FD\AppData\Local]
02/01/2008 11:40 AM <JUNCTION> History [C:\Users\Marco-FD\AppData\Local\Microsoft\Windows\History]
02/01/2008 11:40 AM <JUNCTION> Temporary Internet Files [C:\Users\Marco-FD\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Marco-FD\Documents
02/01/2008 11:40 AM <JUNCTION> My Music [C:\Users\Marco-FD\Music]
02/01/2008 11:40 AM <JUNCTION> My Pictures [C:\Users\Marco-FD\Pictures]
02/01/2008 11:40 AM <JUNCTION> My Videos [C:\Users\Marco-FD\Videos]
0 File(s) 0 bytes
Directory of C:\Users\mark
12/08/2008 11:14 AM <JUNCTION> Application Data [C:\Users\mark\AppData\Roaming]
12/08/2008 11:14 AM <JUNCTION> Cookies [C:\Users\mark\AppData\Roaming\Microsoft\Windows\Cookies]
12/08/2008 11:14 AM <JUNCTION> Local Settings [C:\Users\mark\AppData\Local]
12/08/2008 11:14 AM <JUNCTION> My Documents [C:\Users\mark\Documents]
12/08/2008 11:14 AM <JUNCTION> NetHood [C:\Users\mark\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
12/08/2008 11:14 AM <JUNCTION> PrintHood [C:\Users\mark\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
12/08/2008 11:14 AM <JUNCTION> Recent [C:\Users\mark\AppData\Roaming\Microsoft\Windows\Recent]
12/08/2008 11:14 AM <JUNCTION> SendTo [C:\Users\mark\AppData\Roaming\Microsoft\Windows\SendTo]
12/08/2008 11:14 AM <JUNCTION> Start Menu [C:\Users\mark\AppData\Roaming\Microsoft\Windows\Start Menu]
12/08/2008 11:14 AM <JUNCTION> Templates [C:\Users\mark\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\mark\AppData\Local
12/08/2008 11:14 AM <JUNCTION> Application Data [C:\Users\mark\AppData\Local]
12/08/2008 11:14 AM <JUNCTION> History [C:\Users\mark\AppData\Local\Microsoft\Windows\History]
12/08/2008 11:14 AM <JUNCTION> Temporary Internet Files [C:\Users\mark\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\mark\Documents
12/08/2008 11:14 AM <JUNCTION> My Music [C:\Users\mark\Music]
12/08/2008 11:14 AM <JUNCTION> My Pictures [C:\Users\mark\Pictures]
12/08/2008 11:14 AM <JUNCTION> My Videos [C:\Users\mark\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
09/28/2007 03:39 PM <JUNCTION> My Music [C:\Users\Public\Music]
09/28/2007 03:39 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
09/28/2007 03:39 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
82 Dir(s) 85,142,859,776 bytes free

< %systemroot%\System32\config\*.sav >
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >
[2010/12/09 11:58:18 | 000,204,800 | ---- | M] () -- C:\Windows\system32\cert7.db
[2010/12/09 11:58:18 | 000,016,384 | ---- | M] () -- C:\Windows\system32\KEY3.DB
[2010/12/09 11:58:20 | 000,016,384 | ---- | M] () -- C:\Windows\system32\SECMOD.DB

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/04/02 15:49:10 | 000,000,286 | -HS- | M] () -- C:\Users\EMachUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2013/11/01 13:23:14 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\EMachUser\Desktop\aswMBR.exe
[2013/11/01 16:30:06 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\EMachUser\Desktop\erunt-setup.exe
[2013/11/01 13:23:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\EMachUser\Desktop\OTL.exe
[2013/11/01 13:22:33 | 000,891,184 | ---- | M] () -- C:\Users\EMachUser\Desktop\SecurityCheck.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2013-11-01 15:50:38

========== Base Services ==========
SRV - [2006/11/02 04:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2008/01/19 02:33:43 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2008/01/19 02:33:01 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2009/04/11 01:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2009/04/11 01:28:18 | 000,334,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/16 09:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/04/11 01:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2008/01/19 02:33:49 | 000,081,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2013/07/07 23:16:55 | 000,133,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/04/11 01:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/04/11 01:28:18 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2011/03/02 10:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/01/19 02:34:08 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/04/11 01:28:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2008/01/19 02:34:34 | 000,288,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/04/11 01:28:20 | 000,364,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/04/11 01:28:24 | 000,311,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2008/01/19 02:34:49 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2008/01/19 02:35:36 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2008/01/19 02:35:36 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2008/01/19 02:35:38 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2008/01/19 02:35:57 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2009/04/11 01:28:25 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/08/17 09:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/16 09:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2009/04/11 01:28:19 | 000,564,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2008/01/19 02:36:15 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009/04/11 01:28:24 | 000,262,144 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009/04/11 01:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2008/01/19 02:36:20 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/16 09:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/04/11 01:28:26 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/09/06 11:20:29 | 000,125,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/10 06:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/04/11 01:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2010/11/04 13:55:12 | 000,601,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2009/04/11 01:28:24 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/10 06:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (Themes)
SRV - [2009/04/11 01:28:23 | 000,153,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/04/11 01:28:10 | 001,055,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2009/04/11 01:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/04/11 01:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2008/01/19 02:36:20 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/11 01:28:25 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)
SRV - [2009/04/11 01:28:20 | 000,407,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2009/04/11 01:28:25 | 000,453,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (stisvc)
SRV - [2009/04/11 01:27:45 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/04/11 01:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 17:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/04/11 01:28:18 | 000,175,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/11 14:01:42 | 000,513,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/06/10 06:42:23 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST316081 5AS SCSI Disk Device
Partitions: 2
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: Generic USB SD Reader USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 -
Interface type: USB
Media Type:
Model: Generic USB CF Reader USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE3 -
Interface type: USB
Media Type:
Model: Generic USB SM Reader USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE4 -
Interface type: USB
Media Type:
Model: Generic USB MS Reader USB Device
Partitions: 0
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 10.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 139.00GB
Starting Offset: 10553034240
Hidden sectors: 0


========== Alternate Data Streams ==========

@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2615E8F1

< End of report >

EXTRA:
OTL Extras logfile created on: 11/1/2013 2:26:02 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\EMachUser\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.76 Mb Total Physical Memory | 450.62 Mb Available Physical Memory | 50.42% Memory free
2.00 Gb Paging File | 1.23 Gb Available in Paging File | 61.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.22 Gb Total Space | 80.32 Gb Free Space | 57.70% Space Free | Partition Type: NTFS
Drive D: | 9.83 Gb Total Space | 4.41 Gb Free Space | 44.88% Space Free | Partition Type: NTFS

Computer Name: FRONTDESK | User Name: EMachUser | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1C142CD8-3AAF-4414-9B78-F3E7A885E1B1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{28AE5399-8284-4AE1-A1E5-5074DFAA73B7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{31CBE75D-12DF-4372-A02E-AAC068B76AE6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3DB03933-087D-4B85-AB78-1C95E2F1A00C}" = lport=445 | protocol=6 | dir=in | app=system |
"{8333C903-0940-4E19-BF5E-A581354D1F04}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8D841A75-A5E1-405F-BB48-E3B748691F01}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B79E1C1D-9DD1-43F7-AB0A-548E7FE0D5C3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D958C058-C660-4B6C-AAB3-C11B927C1456}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DC6F9548-74DC-473E-B31F-FCCD61C93CC5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F076A7E2-8005-409D-B62A-D1F6CC00177C}" = lport=10243 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1F5BD914-8A5E-4C87-91CF-0B676FCDBD77}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{200B3252-BA0D-451E-A300-DDD9A8C52160}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2FFC1D42-D086-4C32-BC12-8FBC592F281E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3B79FF0D-9641-4816-A517-FFA5C6964B1E}" = protocol=6 | dir=in | app=c:\program files\lexmark 1300 series\lxdcamon.exe |
"{402DE45A-AD76-43D9-B5D7-51B0756CE8F7}" = protocol=17 | dir=in | app=c:\windows\system32\lxdccoms.exe |
"{478CD000-BA2B-47EE-89BA-C236DCF07E48}" = protocol=17 | dir=in | app=c:\program files\lexmark 1300 series\lxdcamon.exe |
"{51539436-79E2-41FD-B1F3-6BA7682091F3}" = protocol=17 | dir=in | app=c:\windows\aromis.exe |
"{58A690B9-2C49-44B1-B203-D8E9BFA152CF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5BD5B2B1-5349-498D-AFF9-0614FE9D786D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5FA7BE39-4919-49D8-A57C-8E7C85BC4A17}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{63E4F19A-184B-478A-9493-2A73CED95188}" = protocol=17 | dir=in | app=c:\program files\lexmark 1300 series\app4r.exe |
"{79B82E60-B1E9-4EE1-920C-4E495891C371}" = protocol=6 | dir=in | app=c:\windows\system32\lxdccoms.exe |
"{822F5359-1D13-47B2-8A6D-F73D85DB8B12}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8D73C3E4-D269-41A9-959E-CB44FB7EE40D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B0EF4FA3-0067-42B5-B5CB-BA1670680A1B}" = protocol=6 | dir=in | app=c:\windows\aromis.exe |
"{BE38CABB-6364-41F5-BA5B-6137D01FD397}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdcjswx.exe |
"{C4461222-A43B-4F30-AE04-D4CD08409427}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdctime.exe |
"{C541C045-29DF-42A6-990A-998E30C2A6CF}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdcjswx.exe |
"{CEF106F8-0C69-4376-B255-65037795791D}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdctime.exe |
"{D121351C-3131-488D-8AE7-FEC31FD9CD34}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdcpswx.exe |
"{D1C1A9DC-430C-4FF1-B42D-BC17733F00B9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DE47A74D-C99F-425C-90E2-F5FEAE9D24F2}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdcpswx.exe |
"{E2D8264F-B65D-4972-97DD-2F5EF2315FAD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F58EB561-1D17-4547-829F-A2CEC16B979A}" = protocol=6 | dir=out | app=system |
"{F5A8711F-9F69-41A8-B73A-B6AEF39321F4}" = protocol=6 | dir=in | app=c:\program files\lexmark 1300 series\app4r.exe |
"{F64130FD-F023-40BF-BE37-25E730407931}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{0198B350-016B-43D7-9720-C8D8FA128C74}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{F9CBFF89-134B-4FCE-B388-91F42B7076EA}C:\program files\lexmark 1300 series\lxdcamon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 1300 series\lxdcamon.exe |
"UDP Query User{35A64618-15EE-4670-A8D5-70A259799559}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{70ABBAB4-A5DD-48F2-98FC-1914D91590B6}C:\program files\lexmark 1300 series\lxdcamon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 1300 series\lxdcamon.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A3238D7-AA32-1030-B717-F3E3F18B4A8C}" = Pervasive PSQL v10 SP3 Client (32-bit)
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1FAF0F08-7120-4192-BF6A-B1EC7E26A935}" = UPSVCMM
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A033A00-FE0D-4609-B0E8-2C49CC494FC8}" = WorldShip
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (UPSWSDBSERVER)
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33035862-543C-4405-9CC6-08593CF2C25F}" = ReportServer
"{34FF0741-EC67-4C05-AC2A-6D257123DF2E}" = BigFix
"{390160B4-D276-4A04-8002-8D3101A0D367}" = UPSICC
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CEA4CA8-CDD4-451C-B673-E8F17BE01B15}" = Ulead COOL 360 1.0
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{44C05309-60F4-410B-BC32-31733CFF1A41}" = Microsoft Digital Image Starter Edition 2006 Editor
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{4AE3EAC8-FAD9-4ECC-A339-BBAD8C72DE71}" = UPSDB
"{4FE542EB-FF0B-4739-94DD-25C8AE0AB251}" = Microsoft Digital Image Starter Edition 2006 Library
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B59C2A-EFB8-44AC-88F5-3280171E4522}" = PolicyManager
"{5AE59A84-B2F3-42CC-A246-5AF80F6EE770}" = Reconciler
"{65A35D6C-C10D-4C6D-9DAA-682EED0422C8}" = AlignmentUtility
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{68AF09E3-1167-4771-903C-CCCDCF7E171C}" = NRF
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}" = Ulead VideoStudio 7 SE VCD
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = eMachines Recovery Center Installer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C5BD501-AD5D-4A75-9321-076509B438FC}" = WebHelp
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91B3BEC8-748B-4912-82ED-29D38E140B2A}" = Linkit_eBay
"{95749C5B-BC37-41E3-8D39-EEF4C21A2825}" = CCC
"{95BFC573-7D09-46C9-B458-A75BA947FFCB}" = UPSVC2008MM
"{96327C3C-96BE-4C7A-A6F7-A71635E5949A}" = Microsoft SQL Server 2005 Backward compatibility
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5763105-D1D5-4862-A3FE-EC058F9AA73E}" = ICCHelp
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABD8CD0D-613A-4516-A5F9-1931CFE7604F}" = Brother HL-5370DW
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BC728F95-2D3F-4D05-9E1E-F2A3CEBF3FE8}" = FormsComponent
"{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"{C23415D8-FE94-4F52-B5C4-0FFA2202C6D9}" = UPSVCMM
"{C30E30A6-0AB5-470A-AB67-D322938F5429}" = SupportUtility
"{C62D7344-8709-4443-9C95-F90659CBC27F}" = Art Explosion Publisher Pro
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{C9D43B38-34AD-4EC2-B696-46F42D49D174}" = MSIChecker
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF2962CB-E3E7-4AA5-B6CE-EE59A600ECBE}" = UnifiedPrinting
"{D271DAE0-8D68-4C97-8356-A126D48A1D8C}" = Ulead Photo Explorer 8.0 SE Basic
"{D44E7219-947E-4F1B-830E-66EF11ACC543}" = NA1Messenger
"{DB2C58E0-6284-4B48-97F2-22A980B6360B}" = System
"{DF86A72C-4585-4D75-B592-968C8C6604A1}" = eMachines Connect
"{E358CC1E-4953-4E27-ADEB-8B27D8BBC20E}" = UPSlinkHTTP
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EA9629DA-5715-48BA-B054-28169702B176}" = FOSS
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4FDE018-28CF-47AC-9B01-E5F63D9F5BC1}" = ImpExpSafety
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"Cakewalk Pro Audio 9" = Cakewalk Pro Audio 9
"CodInstl" = Intel A/V Codecs V2.0
"Collab" = Collab
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDXCopy" = DVDXCopy 1.3 b630 (remove only)
"eMachines Game Console" = eMachines Game Console
"ERUNT_is1" = ERUNT 1.1j
"exPressit S.E. 2.2" = exPressit S.E. 2.2
"Google Desktop" = Google Desktop
"Indeo® Software" = Indeo® Software
"InstallShield_{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Money2006b" = Microsoft Money 2006
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"NexGen Media Player" = NexGen Media Player - a modern video player
"NimoCorp" = Nimo Codecs Pack v4.33 (Remove Only)
"NVIDIA Drivers" = NVIDIA Drivers
"Pervasive PSQL v10 SP3 Client (32-bit)" = Pervasive PSQL v10 SP3 Client (32-bit)
"PictureItSuiteTrial_v12" = Microsoft Digital Image Starter Edition 2006
"Samsung CLP-510 Series" = Samsung CLP-510 Series
"SHARP MX-2300 2700 3500 4500 Series PC-Fax Driver" = SHARP MX/DX Series PC-Fax Driver
"SHARP MX-2300 2700 3500 4500 Series PCL PS Printer Driver" = SHARP MX/DX Series PCL/PS Printer Driver
"Swift Browse" = Swift Browse 3.0.0
"UPS WorldShip" = UPS WorldShip
"VivTV" = VivTV
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WinPcapInst" = WinPcap 4.0.2
"Wireshark" = Wireshark 1.0.4
"WT021681" = FATE
"WT021906" = Bejeweled 2 Deluxe
"WT021907" = Blackhawk Striker 2
"WT021908" = Blasterball 3
"WT021909" = Diner Dash - Flo on the Go
"WT021910" = Family Feud 2
"WT021912" = Penguins!
"WT021913" = Polar Bowler
"WT021914" = Polar Golfer
"WT022435" = Tradewinds

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/31/2013 6:27:48 PM | Computer Name = FrontDesk | Source = Windows Search Service | ID = 3013
Description =

Error - 11/1/2013 9:36:26 AM | Computer Name = FrontDesk | Source = MSSQL$UPSWSDBSERVER | ID = 9003
Description = The log scan number (165:48:1) passed to log scan in database 'model'
is not valid. This error may indicate data corruption or that the log file (.ldf)
does not match the data file (.mdf). If this error occurred during replication,
re-create the publication. Otherwise, restore from backup if the problem results
in a failure during startup.

Error - 10/31/2013 3:10:50 PM | Computer Name = FrontDesk | Source = Windows Search Service | ID = 3013
Description =

Error - 10/31/2013 9:41:46 PM | Computer Name = FrontDesk | Source = Windows Search Service | ID = 3013
Description =

Error - 10/31/2013 9:46:16 PM | Computer Name = FrontDesk | Source = Windows Search Service | ID = 3013
Description =

Error - 10/31/2013 9:46:21 PM | Computer Name = FrontDesk | Source = Windows Search Service | ID = 3013
Description =

Error - 10/31/2013 9:46:28 PM | Computer Name = FrontDesk | Source = Windows Search Service | ID = 3013
Description =

Error - 10/31/2013 9:49:44 PM | Computer Name = FrontDesk | Source = Windows Search Service | ID = 3013
Description =

Error - 10/31/2013 10:04:19 PM | Computer Name = FrontDesk | Source = Windows Search Service | ID = 3013
Description =

Error - 11/1/2013 10:06:37 AM | Computer Name = FrontDesk | Source = MSSQL$UPSWSDBSERVER | ID = 9003
Description = The log scan number (165:48:1) passed to log scan in database 'model'
is not valid. This error may indicate data corruption or that the log file (.ldf)
does not match the data file (.mdf). If this error occurred during replication,
re-create the publication. Otherwise, restore from backup if the problem results
in a failure during startup.

[ Media Center Events ]
Error - 1/20/2008 2:27:31 AM | Computer Name = DRR | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 1/24/2008 11:15:41 PM | Computer Name = DRR | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 1/24/2008 11:28:36 PM | Computer Name = DRR | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 2/1/2008 11:40:32 PM | Computer Name = Frosty-F | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 6/3/2008 3:23:43 PM | Computer Name = Frosty-F | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/11/2009 4:44:06 PM | Computer Name = FrontDesk | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/3/2011 9:42:31 AM | Computer Name = FrontDesk | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 11/1/2013 9:37:40 AM | Computer Name = FrontDesk | Source = Service Control Manager | ID = 7000
Description =

Error - 11/1/2013 9:37:40 AM | Computer Name = FrontDesk | Source = Service Control Manager | ID = 7024
Description =

Error - 11/1/2013 9:37:40 AM | Computer Name = FrontDesk | Source = Service Control Manager | ID = 7026
Description =

Error - 10/31/2013 10:45:56 AM | Computer Name = FrontDesk | Source = DCOM | ID = 10010
Description =

Error - 11/1/2013 10:06:44 AM | Computer Name = FrontDesk | Source = W32Time | ID = 39452706
Description = The time service has detected that the system time needs to be changed
by +349187 seconds. The time service will not change the system time by more than
+54000 seconds. Verify that your time and time zone are correct, and that the time
source time.windows.com,time.nist.gov (ntp.m|0x0|0.0.0.0:123->65.55.56.206:123)
is working properly.

Error - 11/1/2013 10:07:31 AM | Computer Name = FrontDesk | Source = Service Control Manager | ID = 7000
Description =

Error - 11/1/2013 10:07:31 AM | Computer Name = FrontDesk | Source = Service Control Manager | ID = 7000
Description =

Error - 11/1/2013 10:07:31 AM | Computer Name = FrontDesk | Source = Service Control Manager | ID = 7026
Description =

Error - 11/1/2013 10:07:31 AM | Computer Name = FrontDesk | Source = Service Control Manager | ID = 7024
Description =

Error - 11/1/2013 10:16:29 AM | Computer Name = FrontDesk | Source = DCOM | ID = 10010
Description =


< End of report >

[OCD]

Hi Frosty,

Uninstall via Add/Remove Programs

• Please go to Start > Control Panel > Add Remove Programs.
  Locate the following programs: (if present)
  
  • Swift Browse 3.0.0
• Click Remove and allow Windows to completely remove each one in turn.
• Then reboot your computer to complete this part of the process.

=========================

AdwCleaner v3: Scan & Clean

• • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
• Click on the Scan button.
• AdwCleaner will begin to scan your computer like it did before.
• After the scan has finished...
• Click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
• Copy and paste the contents of that log file in your next reply.
• A copy of that log file will also be saved in the C:\AdwCleaner folder.

=========================

Junkware Removal Tool

Download Junkware Removal Tool to your desktop.

• • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
• Shut down your protection software now to avoid potential conflicts.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

=========================

Run OTL.exe

• • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  
  Code:

  :OTL
  IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKxdm011YYUS&fl=0&ptb=4vJSZENCg_19vR6GCO1.eg&url=http://search.mywebsearch.com/mywebsearch/GGmain.jhtml&st=sb&searchfor={searchTerms}&si=137395&n=77ce820b
  IE - HKCU\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKxdm011YYUS&fl=0&ptb=4vJSZENCg_19vR6GCO1.eg&url=http://search.mywebsearch.com/mywebsearch/GGmain.jhtml&st=sb&searchfor={searchTerms}&si=137395&n=77ce820b
  O2 - BHO: (Swift Browse) - {808dc83c-d35b-4fba-a5b5-9a52103204df} - C:\Program Files\Swift Browse\SwiftBrowseBHO.dll ()
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No CLSID value found.
  
  :Files
  C:\Program Files\Swift Browse\bin\utilSwiftBrowse.exe
  C:\Program Files\Swift Browse\updateSwiftBrowse.exe
  
  :Services
  Util Swift Browse
  Update Swift Browse
  
  :Commands
  [purity]
  [createrestorepoint]
  [emptyjava]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• Then re-run OTL and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

=========================

Locate this log and post it in your next reply.
C:\TDSSKiller.3.0.0.14_30.10.2013_19.56.01_log.txt

=========================

In your next post please provide the following:

• AdwCleaner[S0].txt
• JRT.txt
• New OTL.txt
• TDSSKiller.3.0.0.14_30.10.2013_19.56.01_log.txt
• What symptoms are you experiencing?

[Frosty]

Hay OCD,

There was no Swift Browser in the Add/Remove.

Here is AdwCleaner:
# AdwCleaner v3.011 - Report created 01/11/2013 at 08:57:38
# Updated 03/11/2013 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : EMachUser - FRONTDESK
# Running from : C:\Users\EMachUser\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Update Swift Browse
[#] Service Deleted : Util Swift Browse

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Swift Browse
Folder Deleted : C:\Users\EMachUser\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\EMachUser\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\mark\AppData\LocalLow\MyWebSearch

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\FunWebProductsInstaller.Start
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProductsInstaller.Start.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Key Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{808DC83C-D35B-4FBA-A5B5-9A52103204DF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D4DB7D0-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{808DC83C-D35B-4FBA-A5B5-9A52103204DF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{808DC83C-D35B-4FBA-A5B5-9A52103204DF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{808DC83C-D35B-4FBA-A5B5-9A52103204DF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
Key Deleted : HKCU\Software\MyWebSearch
Key Deleted : HKCU\Software\Swift Browse
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Deleted : HKLM\Software\FocusInteractive
Key Deleted : HKLM\Software\Fun Web Products
Key Deleted : HKLM\Software\FunWebProducts
Key Deleted : HKLM\Software\MyWebSearch
Key Deleted : HKLM\Software\Swift Browse
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Swift Browse

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16514


*************************

AdwCleaner[R0].txt - [4587 octets] - [01/11/2013 08:55:55]
AdwCleaner[S0].txt - [4626 octets] - [01/11/2013 08:57:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4686 octets] ##########

OTL:
OTL logfile created on: 11/1/2013 9:35:37 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\EMachUser\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.76 Mb Total Physical Memory | 290.25 Mb Available Physical Memory | 32.47% Memory free
2.00 Gb Paging File | 1.15 Gb Available in Paging File | 57.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.22 Gb Total Space | 78.56 Gb Free Space | 56.43% Space Free | Partition Type: NTFS
Drive D: | 9.83 Gb Total Space | 4.41 Gb Free Space | 44.88% Space Free | Partition Type: NTFS

Computer Name: FRONTDESK | User Name: EMachUser | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\EMachUser\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Users\EMachUser\AppData\Local\NexGenMediaPlayer\NexGenMediaPlayerApp.exe ()
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\wmi32.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files\Windows Calendar\WinCal.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f453ecc6bb7fc8d52d61247676944623\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\73d9bc894522543b561a0342dac87c06\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e77e7cdf3072d5a658832b8863ff439e\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09f5b3f7a363b742a73937e818595597\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c0df7e124d8d5e2821fd7d3921d404f7\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\1eff630f4194c74287d1dd4a859693f7\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll ()
MOD - C:\Users\EMachUser\AppData\Local\NexGenMediaPlayer\NexGenMediaPlayerApp.exe ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()


========== Services (SafeList) ==========

SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (GameConsoleService) -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (rpcapd) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (MSSQL$UPSWSDBSERVER) -- c:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (USB_RNDIS) -- C:\Windows\System32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (txtidwow) -- C:\Windows\System32\drivers\txtidwow.sys ()
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (NETw2v32) -- C:\Windows\System32\drivers\NETw2v32.sys (Intel® Corporation)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (Cdralw2k) -- C:\Windows\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\Windows\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (DeviceGuys, Inc.)
DRV - (BrPar) -- C:\Windows\System32\drivers\BRPAR.SYS (Brother Industries Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.h...ys=DTP&M=T5062
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.h...ys=DTP&M=T5062
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{D98FBCDE-CE80-40BC-A775-1E7901C4A600}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {676FC0DB-138B-4F55-9F2F-2BE262E72B4E}
IE - HKCU\..\SearchScopes\{676FC0DB-138B-4F55-9F2F-2BE262E72B4E}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{D98FBCDE-CE80-40BC-A775-1E7901C4A600}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/09/04 12:35:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012/09/04 12:35:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012/09/04 12:35:33 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll (Gateway Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - Startup: C:\Users\EMachUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\EMachUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexGen Media Player.lnk = C:\Users\EMachUser\AppData\Local\NexGenMediaPlayer\NexGenMediaPlayerApp.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/noc...tup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D122C78F-1EB5-4E6F-B163-D2F3CBC3B553}: DhcpNameServer = 68.94.156.1 68.94.157.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/23 19:02:49 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 04:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{5e094961-2908-11dc-ab3e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5e094961-2908-11dc-ab3e-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SPSETUP.EXE
O33 - MountPoints2\{88f79cf2-40f8-11df-8291-001bb95f5c4b}\Shell - "" = AutoRun
O33 - MountPoints2\{88f79cf2-40f8-11df-8291-001bb95f5c4b}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/01 16:32:59 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013/11/01 16:30:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/11/01 16:30:38 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2013/11/01 16:30:01 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\EMachUser\Desktop\erunt-setup.exe
[2013/11/01 15:31:01 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\EMachUser\Desktop\dds.scr
[2013/11/01 15:09:17 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013/11/01 15:09:17 | 000,000,000 | ---D | C] -- C:\Users\EMachUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/11/01 13:23:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\EMachUser\Desktop\OTL.exe
[2013/11/01 13:22:51 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\EMachUser\Desktop\aswMBR.exe
[2013/11/01 09:19:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/01 09:09:09 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/01 09:06:06 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\EMachUser\Desktop\JRT.exe
[2013/11/01 08:55:37 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/31 10:34:34 | 000,000,000 | ---D | C] -- C:\564c0b1906d847d402cfc34485e17a
[2013/10/31 10:27:38 | 000,000,000 | ---D | C] -- C:\72018930be9e0dffa9df21
[2013/10/30 23:11:26 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/10/30 22:48:56 | 000,000,000 | ---D | C] -- C:\Users\EMachUser\Desktop\RK_Quarantine
[2013/10/30 09:02:07 | 000,000,000 | ---D | C] -- C:\Users\EMachUser\AppData\Roaming\Malwarebytes
[2013/10/30 09:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/10/30 09:00:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/10/29 17:31:01 | 000,000,000 | ---D | C] -- C:\Users\EMachUser\Documents\NexGen Media Player
[2013/10/11 10:44:44 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/10/11 10:44:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/10/11 10:44:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/10/11 10:44:42 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/10/11 10:44:41 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/10/11 10:44:40 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/10/11 10:44:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/10/11 10:44:38 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/10/10 15:45:17 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/10/10 15:45:16 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013/10/10 15:45:15 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013/10/10 15:45:15 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013/10/10 15:45:15 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013/10/10 15:45:15 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013/10/10 15:45:14 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013/10/10 15:45:14 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013/10/10 15:45:10 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013/10/10 15:45:09 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013/10/10 15:45:05 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013/10/10 15:45:02 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2013/10/10 15:44:58 | 002,050,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/10/10 15:44:28 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2013/10/10 15:44:28 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2013/10/10 15:42:39 | 000,025,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2007/12/16 17:49:08 | 000,147,456 | ---- | C] (Info-ZIP) -- C:\Users\EMachUser\vbzip10.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/01 16:30:47 | 000,000,913 | ---- | M] () -- C:\Users\EMachUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/11/01 16:30:38 | 000,000,714 | ---- | M] () -- C:\Users\EMachUser\Desktop\ERUNT.lnk
[2013/11/01 16:30:06 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\EMachUser\Desktop\erunt-setup.exe
[2013/11/01 15:31:11 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\EMachUser\Desktop\dds.scr
[2013/11/01 15:17:44 | 000,000,553 | ---- | M] () -- C:\Users\EMachUser\Desktop\MBR.zip
[2013/11/01 15:10:37 | 000,002,531 | ---- | M] () -- C:\Users\EMachUser\Desktop\HiJackThis.lnk
[2013/11/01 15:07:28 | 001,402,880 | ---- | M] () -- C:\Users\EMachUser\Desktop\HijackThis.msi
[2013/11/01 14:23:25 | 000,000,512 | ---- | M] () -- C:\Users\EMachUser\Desktop\MBR.dat
[2013/11/01 13:23:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\EMachUser\Desktop\OTL.exe
[2013/11/01 13:23:14 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\EMachUser\Desktop\aswMBR.exe
[2013/11/01 13:22:33 | 000,891,184 | ---- | M] () -- C:\Users\EMachUser\Desktop\SecurityCheck.exe
[2013/11/01 09:46:10 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/01 09:35:52 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/01 09:32:02 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/01 09:32:02 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/01 09:31:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/01 09:31:32 | 937,943,040 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/01 09:22:51 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/01 09:06:07 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\EMachUser\Desktop\JRT.exe
[2013/11/01 08:53:44 | 001,073,262 | ---- | M] () -- C:\Users\EMachUser\Desktop\AdwCleaner.exe
[2013/10/11 11:31:11 | 000,654,114 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/10/11 11:31:11 | 000,122,868 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/10/11 11:23:40 | 000,454,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/10/10 13:49:51 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/10/10 13:49:51 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/01 16:30:47 | 000,000,913 | ---- | C] () -- C:\Users\EMachUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/11/01 16:30:38 | 000,000,714 | ---- | C] () -- C:\Users\EMachUser\Desktop\ERUNT.lnk
[2013/11/01 15:17:44 | 000,000,553 | ---- | C] () -- C:\Users\EMachUser\Desktop\MBR.zip
[2013/11/01 15:09:17 | 000,002,531 | ---- | C] () -- C:\Users\EMachUser\Desktop\HiJackThis.lnk
[2013/11/01 15:06:59 | 001,402,880 | ---- | C] () -- C:\Users\EMachUser\Desktop\HijackThis.msi
[2013/11/01 14:23:25 | 000,000,512 | ---- | C] () -- C:\Users\EMachUser\Desktop\MBR.dat
[2013/11/01 13:22:28 | 000,891,184 | ---- | C] () -- C:\Users\EMachUser\Desktop\SecurityCheck.exe
[2013/11/01 08:53:43 | 001,073,262 | ---- | C] () -- C:\Users\EMachUser\Desktop\AdwCleaner.exe
[2013/10/31 11:17:39 | 937,943,040 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/10 20:50:10 | 000,017,388 | ---- | C] () -- C:\Windows\System32\usboktcp.dll
[2011/11/06 18:14:51 | 000,017,408 | ---- | C] () -- C:\Users\EMachUser\AppData\Local\WebpageIcons.db
[2011/11/06 18:11:47 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2011/11/06 18:11:46 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010/03/26 19:42:33 | 000,023,580 | ---- | C] () -- C:\Users\EMachUser\AppData\Roaming\UserTile.png
[2008/12/08 12:04:41 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/08/07 16:09:54 | 000,000,000 | ---- | C] () -- C:\Users\EMachUser\AppData\Roaming\wklnhst.dat
[2008/03/08 12:32:19 | 000,004,096 | -H-- | C] () -- C:\Users\EMachUser\AppData\Local\keyfile3.drm
[2008/03/08 11:46:08 | 000,007,268 | ---- | C] () -- C:\Users\EMachUser\AppData\Local\d3d9caps.dat
[2008/02/01 10:38:53 | 000,000,632 | RHS- | C] () -- C:\Users\EMachUser\ntuser.pol
[2008/01/30 01:23:12 | 000,008,017 | ---- | C] () -- C:\Users\EMachUser\ia_remove.sh
[2007/12/23 19:57:43 | 000,000,363 | ---- | C] () -- C:\ProgramData\lxdc
[2007/09/28 15:49:19 | 000,036,352 | ---- | C] () -- C:\Users\EMachUser\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2615E8F1

< End of report >

TDSSKiller:
19:56:01.0924 0x3888 TDSS rootkit removing tool 3.0.0.14 Oct 15 2013 15:35:38
19:56:12.0043 0x3888 ============================================================
19:56:12.0043 0x3888 Current date / time: 2013/10/30 19:56:12.0043
19:56:12.0043 0x3888 SystemInfo:
19:56:12.0043 0x3888
19:56:12.0043 0x3888 OS Version: 6.0.6002 ServicePack: 2.0
19:56:12.0043 0x3888 Product type: Workstation
19:56:12.0044 0x3888 ComputerName: FRONTDESK
19:56:12.0045 0x3888 UserName: EMachUser
19:56:12.0045 0x3888 Windows directory: C:\Windows
19:56:12.0045 0x3888 System windows directory: C:\Windows
19:56:12.0045 0x3888 Processor architecture: Intel x86
19:56:12.0045 0x3888 Number of processors: 1
19:56:12.0045 0x3888 Page size: 0x1000
19:56:12.0045 0x3888 Boot type: Normal boot
19:56:12.0045 0x3888 ============================================================
19:56:23.0279 0x3888 System UUID: {45DAA3FF-936A-A206-1B52-4847C8C67C20}
19:56:26.0125 0x3888 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:56:26.0318 0x3888 ============================================================
19:56:26.0319 0x3888 \Device\Harddisk0\DR0:
19:56:26.0339 0x3888 MBR partitions:
19:56:26.0339 0x3888 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x13A8104
19:56:26.0339 0x3888 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13A8143, BlocksNum 0x1167156D
19:56:26.0339 0x3888 ============================================================
19:56:26.0703 0x3888 C: <-> \Device\Harddisk0\DR0\Partition2
19:56:26.0872 0x3888 D: <-> \Device\Harddisk0\DR0\Partition1
19:56:26.0883 0x3888 ============================================================
19:56:26.0883 0x3888 Initialize success
19:56:26.0883 0x3888 ============================================================
19:58:21.0942 0x3194 Deinitialize success

The Symptoms I am having that I have noticed is:
Slow at loading and slow responding.
Explorer loads very slow, I get pop up asking to clean the junk from your computor, fix computor bugs. coming from WWW1.latestvideoplayer and SonicDownloads - Moon Anti Virus.
Shut down is taking along time to turn off.
After we did the latest scans/fixes I know have 2 desktop.ini text file on my desk top. they are grayed out.

I also have a nextgen video player that i am not famillar with.

[OCD]

Hi Frosty,

Slow at loading and slow responding.
Explorer loads very slow

893.76 Mb Total Physical Memory | 290.25 Mb Available Physical Memory | 32.47% Memory free

Unfortunately some of the lag/freezing issues you may be encountering might be due to the fact that your computer has limited resources by today's standards.
Your computer's configuration (RAM - Random Access Memory) would be considered at the low end of what is needed to run at a smooth level.

To help improve this situation you have a few options:

• Upgrade to a new computer
• Upgrade your current computers RAM
• Move as much programs, data to an external hard drive

Obviously, these options come with a financial commitment.

=========================

The Desktop.ini files are showing because you have it set that way. If you would like to "hide" those files do the following:

Show Hidden Files & Folders in Windows 7

• To show hidden files, just click on the Organize button in any folder, and then select “Folder and Search Options” from the menu.
• Click the View tab, and then make sure there is a check mark next to “Hide Protected Operating System Files” in the list.
• Then click OK.

=========================

You seem to have overlooked the JRT log file in your last reply. Please post it in your next reply.

=========================

Uninstall via Programs and Features

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

• NexGen Media Player

=========================

Locate this log and post:
C:\TDSSKiller.3.0.0.14_30.10.2013_20.00.14_log.txt

=========================

Run OTL.exe

• • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  
  Code:

  :OTL
  [2013/10/29 17:31:01 | 000,000,000 | ---D | C] -- C:\Users\EMachUser\Documents\NexGen Media Player
  
  :Commands
  [purity]
  [createrestorepoint]
  [emptytemp]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• Then re-run OTL and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

=========================

Malwarebytes' Anti-Malware

Locate Malwarebytes' Anti-Malware (it should be on your desktop).
If not, download it here

• • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
• Once the program has loaded, select the Update tab to get the latest updates before performing the scan.
• Select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected .
• When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
• Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

=========================

In your next post please provide the following:

• JRT.txt
• TDSSKiller log requested
• OTL.txt
• MBAM log

[Frosty]

Hi OCD,

The Lag/Frezzing I was having seems to be alot better. I will look into your suggestions. This computor is a few years old.

The DESKTOP.INI files have disappered without me doing anything.

Sorry about the JRT log I guess I overlooked that one.

Here it is:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by EMachUser on Fri 11/01/2013 at 9:09:34.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\bigfix"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 11/01/2013 at 9:14:11.14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I have uninstalled the NEXGEN MEDIA PLAYER.
While I was in there I noticed a few other programs that I'm not sure about: Should I remove these programs?
BIG FIX Publisher BIG FIX - I noticed that the JRT log said it removed this program.
Browser Address Error Redirector - No Publisher
CAKEWALK PRO AUDIO 9 - No Publisher
EXPRESSIT S.E. 2.2 - No Publisher
MORE NETWORKS MEDIA PLAYER FOR INTERNET EXPLORER - No Publisher
ULEAD COOL 360 1.0 - No Publisher.

The TDSSKiller log I will post last.

Here is the OTL Log:
All processes killed
========== OTL ==========
Folder C:\Users\EMachUser\Documents\NexGen Media Player\ not found.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: EMachUser
->Temp folder emptied: 131718856 bytes
->Temporary Internet Files folder emptied: 152952034 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Marco-FD
->Temp folder emptied: 93706521 bytes
->Temporary Internet Files folder emptied: 52391433 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: mark
->Temp folder emptied: 455240 bytes
->Temporary Internet Files folder emptied: 542459800 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1947 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12629088 bytes
RecycleBin emptied: 4754881 bytes

Total Files Cleaned = 945.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11012013_085211

Files\Folders moved on Reboot...
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Web Photo Gallery Templates\Vertical Slide Show 2\images\arrow.gif not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Web Photo Gallery Templates\Vertical Slide Show 2\images\bkgnd.gif not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Web Photo Gallery Templates\Vertical Slide Show 2\FrameSet.htm not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Web Photo Gallery Templates\Vertical Slide Show 2\indexPage.htm not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Web Photo Gallery Templates\Vertical Slide Show 2\Thumbnail.htm not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Web Photo Gallery Templates\Vertical Slide Show 1\FrameSet.htm not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Web Photo Gallery Templates\Vertical Slide Show 1\indexPage.htm not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Web Photo Gallery Templates\Vertical Slide Show 1\Thumbnail.htm not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Web Photo Gallery Templates\Table - Blue\images\bannerimage.gif not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Web Photo Gallery Templates\Table - Blue\images\currentindex.gif not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Web Photo Gallery Templates\Horizontal Patterned\images\bkgnd.gif not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Web Photo Gallery Templates\Horizontal Patterned\images\nextimage.gif not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Web Photo Gallery Templates\Horizontal Patterned\images\previmage.gif not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Web Photo Gallery Templates\Horizontal Patterned\indexPage.htm not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Web Photo Gallery Templates\Horizontal Patterned\Thumbnail.htm not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Web Photo Gallery Templates\Horizontal Dark\images\bannerimage.gif not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Web Photo Gallery Templates\Horizontal Blue & Gray\Caption.htm not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Web Photo Gallery Templates\Horizontal Blue & Gray\FrameSet.htm not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Web Photo Gallery Templates\Horizontal Blue & Gray\indexPage.htm not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Web Photo Gallery Templates\Horizontal Blue & Gray\SubPage.htm not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Web Photo Gallery Templates\Horizontal Blue & Gray\Thumbnail.htm not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\AllowNetworkScratch_OFF_D.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\AllowNetworkScratch_ON.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\AllowRemovableScrtch_OFF_D.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\AllowRemovableScrtch_ON.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\AlwaysImportClipbd_OFF_D.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\AlwaysImportClipbd_ON.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\AlwaysShowPalettes_OFF_D.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\AlwaysShowPalettes_ON.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\BadDriverRGBBlitCheck_OFF.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\BadDriverRGBBlitCheck_ON_D.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\BadDriverStickyCrsr_OFF_D.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\BadDriverStickyCrsr_ON.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\BlitSingleScanLines_OFF_D.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\BlitSingleScanLines_ON.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\BrokenLargeCursors_OFF.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\BrokenLargeCursors_ON_D.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\ClipboardSizeLimit_OFF.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\ClipboardSizeLimit_ON_D.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\DisableScratchCmprs_OFF_D.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\DisableScratchCmprs_ON.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\ForceProgress_OFF_D.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\ForceProgress_ON.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\ForceVMCompression_OFF_D.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\ForceVMCompression_ON.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\IgnoreEXIFsRGB_OFF_D.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\IgnoreEXIFsRGB_ON.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\OptimizeResizeDrawing_OFF.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\OptimizeResizeDrawing_ON_D.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\PrintPassthrough_NORM_D.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\PrintPassthrough_PASS.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\PrintPassthrough_PS_PASS.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\Registry Keys Read Me.html not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\RememberSlowFiles_OFF_D.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\RememberSlowFiles_ON.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\ShowWindowsThumbnails_OFF.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\ShowWindowsThumbnails_ON_D.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\TaskDebugging_OFF_D.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\TaskDebugging_ON.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\UnlimitedPreviews_OFF_D.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\UnlimitedPreviews_ON.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\UseAsyncIO_OFF.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\UseAsyncIO_ON_D.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\UseAsyncScratch_OFF_D.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\UseAsyncScratch_ON.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\WarnSavePrefsFailure_OFF.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\WarnSavePrefsFailure_ON_D.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\File Formats\File Formats Read Me.html not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Ffactory\Transparency Examples\Transparency Read Me.pdf not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Custom File Info Panels\Sample File Info Panels\CustomPanel_allWidgets.txt not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Custom File Info Panels\Sample File Info Panels\Description.txt not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Channel Mixer Presets\Special Effects\RGB Inverted Warm Brass.cha not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Channel Mixer Presets\Special Effects\RGB Sepiatone subtle color.cha not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Channel Mixer Presets\Special Effects\RGB Sepiatone subtle color2.cha not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Channel Mixer Presets\Special Effects\RGB Sepiatone subtle color3.cha not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Channel Mixer Presets\Special Effects\Yellows&Blues (RGB or CMYK).cha not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Channel Mixer Presets\Channel Swaps\CMYK Rotate Channels Back.cha not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Channel Mixer Presets\Channel Swaps\CMYK Rotate Channels Fore.cha not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Channel Mixer Presets\Channel Swaps\CMYK Swap Cyan&Magenta.cha not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Adobe(R) Photoshop(R) CS2\stock photography\Adobe Stock Photos 1.0.msi not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Adobe(R) Photoshop(R) CS2\commonfilesinstaller\Adobe Common File Installer.msi not found!
C:\Users\EMachUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YVTEUMET\search[4].htm moved successfully.
C:\Users\EMachUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3X1WNDEE\showthread[4].htm moved successfully.
C:\Windows\temp\TMP00000048868EA1D9C7EC89E5 moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Here is the MBAM log:

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.07.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
EMachUser :: FRONTDESK [administrator]

Protection: Disabled

11/1/2013 9:25:00 AM
mbam-log-2013-11-01 (09-25-00).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 245888
Time elapsed: 9 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCR\CLSID\{8AE72190-F8A5-B7C8-9572-98C79CDF00AF} (Trojan.P2P.Agent) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[Frosty]

Hey OCD,

Here is the TDSSKiller log you requested. I will have to make two post for this log.

20:00:14.0776 0x30d0 TDSS rootkit removing tool 3.0.0.14 Oct 15 2013 15:35:38
20:00:18.0443 0x30d0 ============================================================
20:00:18.0443 0x30d0 Current date / time: 2013/10/30 20:00:18.0443
20:00:18.0443 0x30d0 SystemInfo:
20:00:18.0444 0x30d0
20:00:18.0444 0x30d0 OS Version: 6.0.6002 ServicePack: 2.0
20:00:18.0444 0x30d0 Product type: Workstation
20:00:18.0444 0x30d0 ComputerName: FRONTDESK
20:00:18.0444 0x30d0 UserName: EMachUser
20:00:18.0444 0x30d0 Windows directory: C:\Windows
20:00:18.0444 0x30d0 System windows directory: C:\Windows
20:00:18.0444 0x30d0 Processor architecture: Intel x86
20:00:18.0444 0x30d0 Number of processors: 1
20:00:18.0444 0x30d0 Page size: 0x1000
20:00:18.0444 0x30d0 Boot type: Normal boot
20:00:18.0444 0x30d0 ============================================================
20:00:20.0431 0x30d0 System UUID: {45DAA3FF-936A-A206-1B52-4847C8C67C20}
20:00:21.0605 0x30d0 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:00:21.0742 0x30d0 ============================================================
20:00:21.0742 0x30d0 \Device\Harddisk0\DR0:
20:00:21.0785 0x30d0 MBR partitions:
20:00:21.0785 0x30d0 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x13A8104
20:00:21.0785 0x30d0 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13A8143, BlocksNum 0x1167156D
20:00:21.0785 0x30d0 ============================================================
20:00:22.0175 0x30d0 C: <-> \Device\Harddisk0\DR0\Partition2
20:00:22.0203 0x30d0 D: <-> \Device\Harddisk0\DR0\Partition1
20:00:22.0204 0x30d0 ============================================================
20:00:22.0204 0x30d0 Initialize success
20:00:22.0204 0x30d0 ============================================================
20:00:24.0541 0x1500 ============================================================
20:00:24.0541 0x1500 Scan started
20:00:24.0541 0x1500 Mode: Manual;
20:00:24.0541 0x1500 ============================================================
20:00:24.0541 0x1500 KSN ping started
20:00:38.0393 0x1500 KSN ping finished: true
20:00:42.0250 0x1500 ================ Scan system memory ========================
20:00:42.0250 0x1500 System memory - ok
20:00:42.0251 0x1500 ================ Scan services =============================
20:00:42.0995 0x1500 [ 4B56CAAFED0B0B996341D74CE0E76565, 6DE24ABA96B924DE4EBEAA189613019FB9B8B0B13756A2A43AB8163B57978C86 ] ac97intc C:\Windows\system32\drivers\ac97intc.sys
20:00:43.0043 0x1500 ac97intc - ok
20:00:43.0140 0x1500 [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI C:\Windows\system32\drivers\acpi.sys
20:00:43.0174 0x1500 ACPI - ok
20:00:43.0386 0x1500 [ A283108E14F3970432C21AF4C0CB1BCE, 1D3219EF916D54232838870EDE557296AACB714B456ED0AAE0DE3CE3822F4643 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:00:43.0395 0x1500 AdobeFlashPlayerUpdateSvc - ok
20:00:43.0522 0x1500 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB, 0342700760874683A6DF4F149DACACEF0569D40C45FC5958C67100B3C5D9BBBC ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:00:43.0564 0x1500 adp94xx - ok
20:00:43.0601 0x1500 [ B84088CA3CDCA97DA44A984C6CE1CCAD, 87009809FB101BF51483FA32318CBCD209386582880C82417BE4FFAD1B04C8C1 ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:00:43.0611 0x1500 adpahci - ok
20:00:43.0638 0x1500 [ 7880C67BCCC27C86FD05AA2AFB5EA469, C8B06E203EEA6EAD19651F212432005ABADFF21E2AA5699E34040527394F2677 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
20:00:43.0643 0x1500 adpu160m - ok
20:00:43.0671 0x1500 [ 9AE713F8E30EFC2ABCCD84904333DF4D, B0C7801AC6E0811C38F0474703F34283914C8873D851F59EE232834F7C0D8087 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:00:43.0677 0x1500 adpu320 - ok
20:00:43.0733 0x1500 [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:00:43.0735 0x1500 AeLookupSvc - ok
20:00:43.0876 0x1500 [ 3911B972B55FEA0478476B2E777B29FA, 62545B90C7DD3F73777E62CD8264E611A4D71B6956CABFD2D820D25F41F471FD ] AFD C:\Windows\system32\drivers\afd.sys
20:00:43.0887 0x1500 AFD - ok
20:00:43.0936 0x1500 [ 39E435C90C9C4F780FA0ED05CA3C3A1B, 0006CC8CBFB775CA9C4121B4DDC80560DE35CCBB276DEE7A9F5148743529758A ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
20:00:43.0938 0x1500 AgereModemAudio - ok
20:00:44.0030 0x1500 [ 35C391E40471A0B479328FC7B1B5F40F, 6854C96569440408C26A621C2C2A5B56856211AED3BD0D2860DFAF8E7D09AC5B ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
20:00:44.0096 0x1500 AgereSoftModem - ok
20:00:44.0180 0x1500 [ EF23439CDD587F64C2C1B8825CEAD7D8, 762665CFC202B3E16CA2338887896FDF996331A363DC709F1EC088BF927133A3 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:00:44.0198 0x1500 agp440 - ok
20:00:44.0240 0x1500 [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
20:00:44.0244 0x1500 aic78xx - ok
20:00:44.0293 0x1500 [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG C:\Windows\System32\alg.exe
20:00:44.0313 0x1500 ALG - ok
20:00:44.0336 0x1500 [ 90395B64600EBB4552E26E178C94B2E4, 73095893964DC7915983B58A567184FC51949C99341E7E0D04D70CC4C4F95E37 ] aliide C:\Windows\system32\drivers\aliide.sys
20:00:44.0338 0x1500 aliide - ok
20:00:44.0354 0x1500 [ 2B13E304C9DFDFA5EB582F6A149FA2C7, 196CCE13E0376526B79D9C43D4071990576C4DD210A48E9E922B438AA11C95E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
20:00:44.0359 0x1500 amdagp - ok
20:00:44.0375 0x1500 [ 0577DF1D323FE75A739C787893D300EA, 079EF3CA18FB847DB7E62929071BFF007FAF390E1DBF4C59F28DAAC6B9C2DE51 ] amdide C:\Windows\system32\drivers\amdide.sys
20:00:44.0377 0x1500 amdide - ok
20:00:44.0427 0x1500 [ DC487885BCEF9F28EECE6FAC0E5DDFC5, 24A62F6E628AD46273BC226F7BC3453A9C7B76F81ABB9FB801EBEFADB2AB7C9B ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
20:00:44.0430 0x1500 AmdK7 - ok
20:00:44.0467 0x1500 [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:00:44.0470 0x1500 AmdK8 - ok
20:00:44.0522 0x1500 [ C6D704C7F0434DC791AAC37CAC4B6E14, 35CF7D1895F97637E0C678A39F3049B871BCA9526D379C7793ED33B87D2EAC4C ] Appinfo C:\Windows\System32\appinfo.dll
20:00:44.0545 0x1500 Appinfo - ok
20:00:44.0575 0x1500 [ 5F673180268BB1FDB69C99B6619FE379, C4307A861163F96648109046A6C7D53AB1C9B10D0B841DD1A7D147D22F462649 ] arc C:\Windows\system32\drivers\arc.sys
20:00:44.0578 0x1500 arc - ok
20:00:44.0635 0x1500 [ 957F7540B5E7F602E44648C7DE5A1C05, F03C7708A6C9D2579ECE5A7413AFA068E1067D7191EC653A78BA4FEDE76CFBD8 ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:00:44.0640 0x1500 arcsas - ok
20:00:44.0706 0x1500 [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:00:44.0732 0x1500 AsyncMac - ok
20:00:44.0772 0x1500 [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi C:\Windows\system32\drivers\atapi.sys
20:00:44.0775 0x1500 atapi - ok
20:00:44.0834 0x1500 [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:00:44.0863 0x1500 AudioEndpointBuilder - ok
20:00:44.0878 0x1500 [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] Audiosrv C:\Windows\System32\Audiosrv.dll
20:00:44.0886 0x1500 Audiosrv - ok
20:00:45.0441 0x1500 [ 2718DC27571BD1E37813F5759D2DC118, 3A822C3A0003B36F212A4184FC1F49CE65AAF1A2A481EE05DAAB868B2847945F ] AVP C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
20:00:45.0449 0x1500 AVP - ok
20:00:45.0551 0x1500 [ 08015D34F6FDD0B355805BAD978497C3, AAD5F919215B8630DCCADF2AC8DC82BAA543C52B1682B476093E014532B20EBD ] bcm4sbxp C:\Windows\system32\DRIVERS\bcm4sbxp.sys
20:00:45.0554 0x1500 bcm4sbxp - ok
20:00:45.0618 0x1500 [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep C:\Windows\system32\drivers\Beep.sys
20:00:45.0644 0x1500 Beep - ok
20:00:45.0809 0x1500 [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE C:\Windows\System32\bfe.dll
20:00:45.0885 0x1500 BFE - ok
20:00:45.0960 0x1500 [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS C:\Windows\System32\qmgr.dll
20:00:46.0027 0x1500 BITS - ok
20:00:46.0035 0x1500 blbdrive - ok
20:00:46.0099 0x1500 [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:00:46.0103 0x1500 bowser - ok
20:00:46.0171 0x1500 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
20:00:46.0173 0x1500 BrFiltLo - ok
20:00:46.0197 0x1500 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
20:00:46.0198 0x1500 BrFiltUp - ok
20:00:46.0269 0x1500 [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser C:\Windows\System32\browser.dll
20:00:46.0297 0x1500 Browser - ok
20:00:46.0330 0x1500 [ 2FE6D5BE0629F706197B30C0AA05DE30, 528ED3AA8129FDD6C8EF698E5ECE9BB93C0249CF0200115F13B36410A353F353 ] BrPar C:\Windows\System32\drivers\BrPar.sys
20:00:46.0332 0x1500 BrPar - ok
20:00:46.0395 0x1500 [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid C:\Windows\system32\drivers\brserid.sys
20:00:46.0399 0x1500 Brserid - ok
20:00:46.0421 0x1500 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
20:00:46.0425 0x1500 BrSerWdm - ok
20:00:46.0466 0x1500 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
20:00:46.0470 0x1500 BrUsbMdm - ok
20:00:46.0482 0x1500 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
20:00:46.0485 0x1500 BrUsbSer - ok
20:00:46.0533 0x1500 [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
20:00:46.0537 0x1500 BTHMODEM - ok
20:00:46.0612 0x1500 [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:00:46.0632 0x1500 cdfs - ok
20:00:46.0677 0x1500 [ 814ACB9B8A55804D9878248B3C79F862, 1A88B286C7F4472EA30DB3D911FBA89D2D63BC89C58873F2ADA6ADF95271B0ED ] Cdr4_xp C:\Windows\system32\drivers\Cdr4_xp.sys
20:00:46.0681 0x1500 Cdr4_xp - ok
20:00:46.0696 0x1500 [ BCE7213F8AA1BC9D5C08F81CB05E10A7, DAE2D78BD4304C387A56D51C0BD8D9374F34C0788C1CF99BE3E9882033930934 ] Cdralw2k C:\Windows\system32\drivers\Cdralw2k.sys
20:00:46.0699 0x1500 Cdralw2k - ok
20:00:46.0753 0x1500 [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:00:46.0756 0x1500 cdrom - ok
20:00:46.0829 0x1500 [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc C:\Windows\System32\certprop.dll
20:00:46.0855 0x1500 CertPropSvc - ok
20:00:46.0900 0x1500 [ DA8E0AFC7BAA226C538EF53AC2F90897, 2BBB9966671A3B8325D215DBC29FBD7D912C13ADC562A0D4521D1FF9A6F445C0 ] circlass C:\Windows\system32\drivers\circlass.sys
20:00:46.0904 0x1500 circlass - ok
20:00:47.0003 0x1500 [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS C:\Windows\system32\CLFS.sys
20:00:47.0030 0x1500 CLFS - ok
20:00:47.0403 0x1500 [ 8EE772032E2FE80A924F3B8DD5082194, B743DF91563A22CC15D9B44105804B5866A29D3DFC156DBE88DFAFEF903B94C0 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:00:47.0431 0x1500 clr_optimization_v2.0.50727_32 - ok
20:00:47.0518 0x1500 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:00:47.0623 0x1500 clr_optimization_v4.0.30319_32 - ok
20:00:47.0688 0x1500 [ 0FED59EDB4A83FF17F1778827B88AB1A, FC6E72D9EF2B6CB652B688BC604B553119679323A73E3EA6ED0024D2A25AC354 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:00:47.0690 0x1500 CmBatt - ok
20:00:47.0733 0x1500 [ 45201046C776FFDAF3FC8A0029C581C8, 68A68CF2B76598BC8610EB5B2D3FD5BDC9D51CFC6F51FB7A0B0C92A2BE910FC6 ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:00:47.0748 0x1500 cmdide - ok
20:00:47.0807 0x1500 [ 7A0B457EEFEF8CBAA0CC44C8819113BD, F041B2DF7A68E9231DFF289056EF633FC4EED84C754A3D5EBD64C92FF468F3A1 ] CoachUsb C:\Windows\system32\DRIVERS\CoachUsb.sys
20:00:47.0822 0x1500 CoachUsb - ok
20:00:47.0863 0x1500 [ 614CA0BFA09861E42AD8D14B83540758, F51917D30E7A7F286231B1E0A8F6C0E2C245AF96110D64D1A37A96EA683EF559 ] CoachVc C:\Windows\system32\DRIVERS\CoachVc.sys
20:00:47.0884 0x1500 CoachVc - ok
20:00:47.0922 0x1500 [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:00:47.0932 0x1500 Compbatt - ok
20:00:47.0962 0x1500 COMSysApp - ok
20:00:47.0999 0x1500 [ 2A213AE086BBEC5E937553C7D9A2B22C, 1F91ACC0426E0ED1717555B282F65629EF15021375B24A63C29C89ADE916EE2A ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
20:00:48.0002 0x1500 crcdisk - ok
20:00:48.0056 0x1500 [ 22A7F883508176489F559EE745B5BF5D, D6341E3FBC8A46D2D1F0477FA60EC4828B585D35B14609CD02868FD04ECD14DB ] Crusoe C:\Windows\system32\drivers\crusoe.sys
20:00:48.0073 0x1500 Crusoe - ok
20:00:48.0111 0x1500 [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:00:48.0117 0x1500 CryptSvc - ok
20:00:48.0399 0x1500 [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:00:48.0432 0x1500 DcomLaunch - ok
20:00:48.0466 0x1500 [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:00:48.0470 0x1500 DfsC - ok
20:00:49.0132 0x1500 [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR C:\Windows\system32\DFSR.exe
20:00:49.0314 0x1500 DFSR - ok
20:00:49.0382 0x1500 [ A5034F77B278F07E224FE07CF98A8B76, C670181FE028EA2E0219E9AED222D6FBAC541D548F0FFB58CAB850A2C979CD05 ] DgiVecp C:\Windows\system32\Drivers\DgiVecp.sys
20:00:49.0385 0x1500 DgiVecp - ok
20:00:49.0457 0x1500 [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
20:00:49.0465 0x1500 Dhcp - ok
20:00:49.0530 0x1500 [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk C:\Windows\system32\drivers\disk.sys
20:00:49.0547 0x1500 disk - ok
20:00:49.0608 0x1500 [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:00:49.0613 0x1500 Dnscache - ok
20:00:49.0634 0x1500 [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc C:\Windows\System32\dot3svc.dll
20:00:49.0642 0x1500 dot3svc - ok
20:00:49.0757 0x1500 [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS C:\Windows\system32\dps.dll
20:00:49.0764 0x1500 DPS - ok
20:00:49.0829 0x1500 [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:00:49.0831 0x1500 drmkaud - ok
20:00:50.0075 0x1500 [ 988670D8343EF9835FB3659DB71B2EFA, 5F5370FDD08C4BFF0828341952E98E95F722CB779EEC08C9DD6212C4DF3CD33B ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:00:50.0108 0x1500 DXGKrnl - ok
20:00:50.0165 0x1500 [ F88FB26547FD2CE6D0A5AF2985892C48, F02E06E16830F5D3FAF61991F5A91E54BB3461F58AFE3BFB7A9066CD302B879F ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
20:00:50.0171 0x1500 E1G60 - ok
20:00:50.0210 0x1500 [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost C:\Windows\System32\eapsvc.dll
20:00:50.0214 0x1500 EapHost - ok
20:00:50.0270 0x1500 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache C:\Windows\system32\drivers\ecache.sys
20:00:50.0287 0x1500 Ecache - ok
20:00:50.0401 0x1500 [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:00:50.0412 0x1500 ehRecvr - ok
20:00:50.0446 0x1500 [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched C:\Windows\ehome\ehsched.exe
20:00:50.0463 0x1500 ehSched - ok
20:00:50.0501 0x1500 [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart C:\Windows\ehome\ehstart.dll
20:00:50.0516 0x1500 ehstart - ok
20:00:50.0566 0x1500 [ E8F3F21A71720C84BCF423B80028359F, 63114E6120F634224A0E83A5047B37C7D6F26CF99FE3C01CFC0AB8B1763BB084 ] elxstor C:\Windows\system32\drivers\elxstor.sys
20:00:50.0577 0x1500 elxstor - ok
20:00:50.0896 0x1500 [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
20:00:50.0929 0x1500 EMDMgmt - ok
20:00:51.0079 0x1500 [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem C:\Windows\system32\es.dll
20:00:51.0133 0x1500 EventSystem - ok
20:00:51.0254 0x1500 [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat C:\Windows\system32\drivers\exfat.sys
20:00:51.0269 0x1500 exfat - ok
20:00:51.0362 0x1500 [ 1E9B9A70D332103C52995E957DC09EF8, 7E709D545D4025A2E9F3489CF2A231040904CB53E3E4EEAC15A22468FAB2A5B3 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:00:51.0380 0x1500 fastfat - ok
20:00:51.0430 0x1500 [ 63BDADA84951B9C03E641800E176898A, AD3EA20CAD0E0C438422D5D39AEA9E0AAD9E1DC866A696AE503C76F5FAC4BE6E ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:00:51.0432 0x1500 fdc - ok
20:00:51.0484 0x1500 [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost C:\Windows\system32\fdPHost.dll
20:00:51.0509 0x1500 fdPHost - ok
20:00:51.0558 0x1500 [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub C:\Windows\system32\fdrespub.dll
20:00:51.0572 0x1500 FDResPub - ok
20:00:51.0611 0x1500 [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:00:51.0633 0x1500 FileInfo - ok
20:00:51.0665 0x1500 [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:00:51.0684 0x1500 Filetrace - ok
20:00:51.0724 0x1500 [ 6603957EFF5EC62D25075EA8AC27DE68, B52D112301A6BFBD60959D7D2502AB2E1EB6BB7F5DCED46899F1F006C7F1E887 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:00:51.0727 0x1500 flpydisk - ok
20:00:51.0804 0x1500 [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:00:51.0839 0x1500 FltMgr - ok
20:00:52.0072 0x1500 [ 2AFA3A46986AE935DAECEBC7E66314CF, 747FAF9B7F8291B83EE44B91E5708395E749DC87BD42CC3BF2CD41209C298F4D ] FontCache C:\Windows\system32\FntCache.dll
20:00:52.0139 0x1500 FontCache - ok
20:00:52.0198 0x1500 [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:00:52.0203 0x1500 FontCache3.0.0.0 - ok
20:00:52.0223 0x1500 [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:00:52.0226 0x1500 Fs_Rec - ok
20:00:52.0249 0x1500 [ 4E1CD0A45C50A8882616CAE5BF82F3C5, 1B909AF150F7119A5685999451A85012F4A92F15F38390A281EA507E2D247BAE ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:00:52.0252 0x1500 gagp30kx - ok
20:00:52.0333 0x1500 [ 617DC2877015270914CA3C03873560D5, A4A7673B2377C9EC1E6F98B73AE809E5E5F913732C1D4F0AD431122D16B5323F ] GameConsoleService C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
20:00:52.0340 0x1500 GameConsoleService - ok
20:00:52.0454 0x1500 [ 6542DC2E93BCE4D4289FA70A4D367DC2, 7E8E498646724437F34797EB228DD8789A5F422149003E312D60ACCFB2C2465C ] GoogleDesktopManager-061008-081103 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
20:00:52.0457 0x1500 GoogleDesktopManager-061008-081103 - ok
20:00:52.0515 0x1500 [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc C:\Windows\System32\gpsvc.dll
20:00:52.0533 0x1500 gpsvc - ok
20:00:52.0599 0x1500 [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
20:00:52.0606 0x1500 gupdate - ok
20:00:52.0666 0x1500 [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:00:52.0670 0x1500 gupdatem - ok
20:00:52.0715 0x1500 [ CB04C744BE0A61B1D648FAED182C3B59, 61DC0FF94325DAFCCB7B3980A48727EFBF1283FCF753EC16EF04C730525994C0 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:00:52.0724 0x1500 HdAudAddService - ok
20:00:52.0781 0x1500 [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:00:52.0807 0x1500 HDAudBus - ok
20:00:52.0867 0x1500 [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth C:\Windows\system32\drivers\hidbth.sys
20:00:52.0870 0x1500 HidBth - ok
20:00:52.0910 0x1500 [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr C:\Windows\system32\drivers\hidir.sys
20:00:52.0913 0x1500 HidIr - ok
20:00:52.0942 0x1500 [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv C:\Windows\system32\hidserv.dll
20:00:52.0945 0x1500 hidserv - ok
20:00:52.0953 0x1500 [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:00:52.0958 0x1500 HidUsb - ok
20:00:53.0017 0x1500 [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc C:\Windows\system32\kmsvc.dll
20:00:53.0022 0x1500 hkmsvc - ok
20:00:53.0061 0x1500 [ DF353B401001246853763C4B7AAA6F50, 05C043493BDD99DEFBB0F5C3D8C475B06C2BF5629565ACF6F3B754002519B836 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
20:00:53.0065 0x1500 HpCISSs - ok
20:00:53.0107 0x1500 [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:00:53.0132 0x1500 HTTP - ok
20:00:53.0154 0x1500 [ 324C2152FF2C61ABAE92D09F3CCA4D63, 2D09964C8003277F7DB1FFAA0DAEF15B205F3C4100FF601950BC9E544DC0B91F ] i2omp C:\Windows\system32\drivers\i2omp.sys
20:00:53.0157 0x1500 i2omp - ok
20:00:53.0225 0x1500 [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:00:53.0229 0x1500 i8042prt - ok
20:00:53.0341 0x1500 [ 8318E04A6455CED1020BCC5039B62CFA, 56AAE6E5912A8B10F253783C49AB79C77411F84E32045F1C54E9925728006636 ] ialm C:\Windows\system32\DRIVERS\ialmnt5.sys
20:00:53.0398 0x1500 ialm - ok
20:00:53.0436 0x1500 [ C957BF4B5D80B46C5017BF0101E6C906, 6B9186335E50E7E0DBAF574A224E524EC526B57AA02F509E4A8D0F905C9CE880 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
20:00:53.0445 0x1500 iaStorV - ok
20:00:53.0546 0x1500 [ 98477B08E61945F974ED9FDC4CB6BDAB, C7E8F661F6FBF6AB493E950D2E70363496E155B1838CE7B490B981BD840B04FC ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:00:53.0587 0x1500 idsvc - ok
20:00:53.0607 0x1500 [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:00:53.0610 0x1500 iirsp - ok
20:00:53.0669 0x1500 [ 9908D8A397B76CD8D31D0D383C5773C9, FFA6996BE9F11A81CB63C849C2400EB44A07706D1EEB7A3502D4110DAC3684A2 ] IKEEXT C:\Windows\System32\ikeext.dll
20:00:53.0694 0x1500 IKEEXT - ok
20:00:53.0815 0x1500 [ 721B1A0434647418F98D034BEBD4B4DB, FC7E466F87F57D52F288F3F4043CE9B13E5D34F60556978125B43D7C0930B786 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
20:00:53.0881 0x1500 IntcAzAudAddService - ok
20:00:53.0921 0x1500 [ 97469037714070E45194ED318D636401, DDB5AE39BE0BD37ECB44969A5FA740E5B1169342347D0DB3E5DF0353A6708271 ] intelide C:\Windows\system32\drivers\intelide.sys
20:00:53.0924 0x1500 intelide - ok
20:00:53.0962 0x1500 [ CE44CC04262F28216DD4341E9E36A16F, 2B316C4124DCFEAD7838B3D8FB8DBEC3F3B1EA8EA612AABB05B1275D0B230CCD ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:00:53.0965 0x1500 intelppm - ok
20:00:53.0999 0x1500 [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:00:54.0005 0x1500 IPBusEnum - ok
20:00:54.0034 0x1500 [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:00:54.0037 0x1500 IpFilterDriver - ok
20:00:54.0073 0x1500 [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:00:54.0081 0x1500 iphlpsvc - ok
20:00:54.0088 0x1500 IpInIp - ok
20:00:54.0121 0x1500 [ 40F34F8ABA2A015D780E4B09138B6C17, 22F86888C6B4F76836E863A90730D8F0DBD518305D87A399A159387E79E9D2F7 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
20:00:54.0124 0x1500 IPMIDRV - ok
20:00:54.0165 0x1500 [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
20:00:54.0171 0x1500 IPNAT - ok
20:00:54.0210 0x1500 [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:00:54.0213 0x1500 IRENUM - ok
20:00:54.0253 0x1500 [ 350FCA7E73CF65BCEF43FAE1E4E91293, 68403FE3F4DC40919CD26A2CC42BE4386AE6874F47DD382348FFD79080721A13 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:00:54.0257 0x1500 isapnp - ok
20:00:54.0319 0x1500 [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
20:00:54.0327 0x1500 iScsiPrt - ok
20:00:54.0371 0x1500 [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
20:00:54.0374 0x1500 iteatapi - ok
20:00:54.0393 0x1500 [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid C:\Windows\system32\drivers\iteraid.sys
20:00:54.0396 0x1500 iteraid - ok
20:00:54.0439 0x1500 [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:00:54.0443 0x1500 kbdclass - ok
20:00:54.0504 0x1500 [ EDE59EC70E25C24581ADD1FBEC7325F7, 41B37778E9A12675FC0DF74606AAF18C652EB88513B3C4889C5C512E14587CEE ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:00:54.0507 0x1500 kbdhid - ok
20:00:54.0537 0x1500 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso C:\Windows\system32\lsass.exe
20:00:54.0540 0x1500 KeyIso - ok
20:00:54.0604 0x1500 [ 186B54479D98E48AEE0E9ADA4B3C4D31, A8C1577876CF16186610F26D7D859F8FDA4057AAFC33E8212339F56DA6A5F874 ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
20:00:54.0610 0x1500 KL1 - ok
20:00:54.0622 0x1500 [ BF485BFBA13C0AB116701FD9C55324D0, AA08276E8534D2ED9D714C43D6968524E74EE6101913B370CABF6D52842EF6EF ] kl2 C:\Windows\system32\DRIVERS\kl2.sys
20:00:54.0624 0x1500 kl2 - ok
20:00:54.0707 0x1500 [ AF04D0CE7939324E9A605B159295706C, 1C78DA30B11B1D7EBE70846CB28E6FF899DE59F4703D01D572A253AB3EF88E40 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
20:00:54.0732 0x1500 KLIF - ok
20:00:54.0754 0x1500 [ 6295A19003F935ECC6CCBE9E2376427B, 1FBC41D7B6AD73F171FBAF65523BE688C9733D2D654B414B5AF7F2F0AE65E2B5 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
20:00:54.0757 0x1500 KLIM6 - ok
20:00:54.0783 0x1500 [ 3DE1771C135328420315E21DDE229BBA, BBF25C20C3CD30E4A0E8952E95F0E5D3C80037F0CEBFE13C90C9D0422B5608E6 ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
20:00:54.0785 0x1500 klmouflt - ok
20:00:54.0832 0x1500 [ 4A1445EFA932A3BAF5BDB02D7131EE20, 9DD262ED72DF268FE024063788F54124E320D0775D8DC0C5CAD099CD5F655DA2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:00:54.0857 0x1500 KSecDD - ok
20:00:54.0936 0x1500 [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm C:\Windows\system32\msdtckrm.dll
20:00:54.0952 0x1500 KtmRm - ok
20:00:54.0993 0x1500 [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer C:\Windows\system32\srvsvc.dll
20:00:55.0002 0x1500 LanmanServer - ok
20:00:55.0064 0x1500 [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:00:55.0081 0x1500 LanmanWorkstation - ok
20:00:55.0117 0x1500 [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:00:55.0120 0x1500 lltdio - ok
20:00:55.0163 0x1500 [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:00:55.0172 0x1500 lltdsvc - ok
20:00:55.0203 0x1500 [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:00:55.0207 0x1500 lmhosts - ok
20:00:55.0279 0x1500 [ A2262FB9F28935E862B4DB46438C80D2, 792684A68726BC007ACABB584682FDF4F059AE60888FB5B47ED68A97EA0BB5E6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
20:00:55.0284 0x1500 LSI_FC - ok
20:00:55.0301 0x1500 [ 30D73327D390F72A62F32C103DAF1D6D, 7BB5BFB0DCF33AF9907539B52DF7BA1943C1E75A17715B58DBC702ACA6D406EA ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:00:55.0305 0x1500 LSI_SAS - ok
20:00:55.0344 0x1500 [ E1E36FEFD45849A95F1AB81DE0159FE3, DA02B23A881D156A02D3874B41E6D042F84AD558B434280A6A6AC6B619668647 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:00:55.0348 0x1500 LSI_SCSI - ok
20:00:55.0392 0x1500 [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv C:\Windows\system32\drivers\luafv.sys
20:00:55.0397 0x1500 luafv - ok
20:00:55.0459 0x1500 [ 4470E3C1E0C3378E4CAB137893C12C3A, CA8E66356F0E671D5454E561E7EAD74DE25DCF53BE452369F96ECACFA8709489 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
20:00:55.0461 0x1500 MBAMProtector - ok
20:00:55.0532 0x1500 [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:00:55.0545 0x1500 MBAMScheduler - ok
20:00:55.0594 0x1500 [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:00:55.0627 0x1500 MBAMService - ok
20:00:55.0651 0x1500 [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:00:55.0657 0x1500 Mcx2Svc - ok
20:00:55.0718 0x1500 [ D153B14FC6598EAE8422A2037553ADCE, D5408B07B6EBA0146A605F11106497DC3DF8EC72E0DCC44BE1366A2A58ABE478 ] megasas C:\Windows\system32\drivers\megasas.sys
20:00:55.0722 0x1500 megasas - ok
20:00:55.0747 0x1500 [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS C:\Windows\system32\mmcss.dll
20:00:55.0750 0x1500 MMCSS - ok
20:00:55.0813 0x1500 [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem C:\Windows\system32\drivers\modem.sys
20:00:55.0816 0x1500 Modem - ok
20:00:55.0866 0x1500 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:00:55.0869 0x1500 monitor - ok
20:00:55.0908 0x1500 [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:00:55.0911 0x1500 mouclass - ok
20:00:55.0971 0x1500 [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:00:55.0973 0x1500 mouhid - ok
20:00:56.0009 0x1500 [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
20:00:56.0013 0x1500 MountMgr - ok
20:00:56.0067 0x1500 [ 583A41F26278D9E0EA548163D6139397, 1F09D2FEEE1A8D4F1D9E53596158154099FD436A408F7E72E40F50778A3838A1 ] mpio C:\Windows\system32\drivers\mpio.sys
20:00:56.0071 0x1500 mpio - ok
20:00:56.0102 0x1500 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:00:56.0106 0x1500 mpsdrv - ok
20:00:56.0184 0x1500 [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:00:56.0211 0x1500 MpsSvc - ok
20:00:56.0240 0x1500 [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
20:00:56.0243 0x1500 Mraid35x - ok
20:00:56.0265 0x1500 [ 82CEA0395524AACFEB58BA1448E8325C, 16E37990A291C848DE35F48EA7E09AE5B258AE589EB08A3FA2C60DC1278DE182 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:00:56.0271 0x1500 MRxDAV - ok
20:00:56.0299 0x1500 [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:00:56.0304 0x1500 mrxsmb - ok
20:00:56.0336 0x1500 [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:00:56.0345 0x1500 mrxsmb10 - ok
20:00:56.0361 0x1500 [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:00:56.0365 0x1500 mrxsmb20 - ok
20:00:56.0395 0x1500 [ 742AED7939E734C36B7E8D6228CE26B7, 6F727144BBD42C9C5555087CA51DE8D501B5CBEFB9967866CC578733E3C5E681 ] msahci C:\Windows\system32\drivers\msahci.sys
20:00:56.0398 0x1500 msahci - ok
20:00:56.0423 0x1500 [ 3FC82A2AE4CC149165A94699183D3028, 8575BE62A209672A5D8C68D75BBBB4FF06220CA73A939B0793442DAD2272598C ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:00:56.0427 0x1500 msdsm - ok
20:00:56.0466 0x1500 [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC C:\Windows\System32\msdtc.exe
20:00:56.0474 0x1500 MSDTC - ok
20:00:56.0516 0x1500 [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:00:56.0518 0x1500 Msfs - ok
20:00:56.0559 0x1500 [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:00:56.0562 0x1500 msisadrv - ok
20:00:56.0623 0x1500 [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:00:56.0630 0x1500 MSiSCSI - ok
20:00:56.0639 0x1500 msiserver - ok
20:00:56.0715 0x1500 [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:00:56.0717 0x1500 MSKSSRV - ok
20:00:56.0744 0x1500 [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:00:56.0746 0x1500 MSPCLOCK - ok
20:00:56.0781 0x1500 [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:00:56.0783 0x1500 MSPQM - ok
20:00:56.0825 0x1500 [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:00:56.0842 0x1500 MsRPC - ok
20:00:56.0861 0x1500 [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:00:56.0864 0x1500 mssmbios - ok
20:00:56.0969 0x1500 MSSQL$UPSWSDBSERVER - ok
20:00:57.0016 0x1500 [ ADAF062116B4E6D96E44D26486A87AF6, 1A2EE7C4598E8442F24A5C97FEBF7AC6A20703F7EA9097B6E48BE4A05E231D8C ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
20:00:57.0019 0x1500 MSSQLServerADHelper - ok
20:00:57.0077 0x1500 [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:00:57.0079 0x1500 MSTEE - ok
20:00:57.0133 0x1500 [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup C:\Windows\system32\Drivers\mup.sys
20:00:57.0137 0x1500 Mup - ok
20:00:57.0178 0x1500 [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent C:\Windows\system32\qagentRT.dll
20:00:57.0195 0x1500 napagent - ok
20:00:57.0271 0x1500 [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:00:57.0278 0x1500 NativeWifiP - ok
20:00:57.0344 0x1500 [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:00:57.0370 0x1500 NDIS - ok
20:00:57.0411 0x1500 [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:00:57.0414 0x1500 NdisTapi - ok
20:00:57.0447 0x1500 [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:00:57.0450 0x1500 Ndisuio - ok
20:00:57.0493 0x1500 [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:00:57.0499 0x1500 NdisWan - ok
20:00:57.0522 0x1500 [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:00:57.0525 0x1500 NDProxy - ok
20:00:57.0540 0x1500 [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:00:57.0543 0x1500 NetBIOS - ok
20:00:57.0580 0x1500 [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt C:\Windows\system32\DRIVERS\netbt.sys
20:00:57.0587 0x1500 netbt - ok
20:00:57.0602 0x1500 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon C:\Windows\system32\lsass.exe
20:00:57.0605 0x1500 Netlogon - ok
20:00:57.0666 0x1500 [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman C:\Windows\System32\netman.dll
20:00:57.0720 0x1500 Netman - ok
20:00:57.0800 0x1500 [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm C:\Windows\System32\netprofm.dll
20:00:57.0825 0x1500 netprofm - ok
20:00:57.0888 0x1500 [ D6C4E4A39A36029AC0813D476FBD0248, A0907D98580D1CD3007365CBBB53E84BEF39001E05912776F68EB0564B54B6EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:00:57.0894 0x1500 NetTcpPortSharing - ok
20:00:58.0059 0x1500 [ 6E9EDC1020B319E7676387B8CDF2398C, EF9B26369A845FC1E96ADD4051E52DA13CAA54158956F36CB10CBF3610D2B678 ] NETw2v32 C:\Windows\system32\DRIVERS\NETw2v32.sys
20:00:58.0208 0x1500 NETw2v32 - ok
20:00:58.0234 0x1500 [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
20:00:58.0241 0x1500 nfrd960 - ok
20:00:58.0280 0x1500 [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc C:\Windows\System32\nlasvc.dll
20:00:58.0288 0x1500 NlaSvc - ok
20:00:58.0345 0x1500 [ 6623E51595C0076755C29C00846C4EB2, EB661942E3C552DD33B197A9A0BF6AB56CE5CB92BAC183A02B918F0CD3D80F97 ] NPF C:\Windows\system32\drivers\npf.sys
20:00:58.0348 0x1500 NPF - ok
20:00:58.0380 0x1500 [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:00:58.0384 0x1500 Npfs - ok
20:00:58.0432 0x1500 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi C:\Windows\system32\nsisvc.dll
20:00:58.0436 0x1500 nsi - ok
20:00:58.0467 0x1500 [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:00:58.0470 0x1500 nsiproxy - ok
20:00:58.0574 0x1500 [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:00:58.0653 0x1500 Ntfs - ok
20:00:58.0701 0x1500 [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
20:00:58.0703 0x1500 ntrigdigi - ok
20:00:58.0731 0x1500 [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null C:\Windows\system32\drivers\Null.sys
20:00:58.0733 0x1500 Null - ok
20:00:59.0072 0x1500 [ FF58C7A7DA6116C1F71E883CB088D598, 057DADC88BB2B8D29BE14D94CC81546826D64E76F50C6E359506DB954EAE0847 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:00:59.0360 0x1500 nvlddmkm - ok
20:00:59.0416 0x1500 [ E69E946F80C1C31C53003BFBF50CBB7C, A0A4BC57822B2CBC75602A969E28DCEDE04B41CC084E1EF1532B1BCDAEAA43BB ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:00:59.0420 0x1500 nvraid - ok
20:00:59.0449 0x1500 [ 9E0BA19A28C498A6D323D065DB76DFFC, EA9E33ED2820ED39932FAE114A9CF1D87780ED6605D0260A6F22F920B48F34E9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:00:59.0453 0x1500 nvstor - ok
20:00:59.0512 0x1500 [ DC5F166422BEEBF195E3E4BB8AB4EE22, C98539C12588A79ECAAA2CE50DCDDA801FB62AD401D7DA1056BE30F266F0E63B ] nvstor32 C:\Windows\system32\DRIVERS\nvstor32.sys
20:00:59.0515 0x1500 nvstor32 - ok
20:00:59.0585 0x1500 [ 56407B8616E4206EE02892A2AC712EF3, 78D44BCD0E4CF8CB1A7C3A76977A748BC23ADD925683D639CB22A131F67F89F0 ] nvsvc C:\Windows\system32\nvvsvc.exe
20:00:59.0605 0x1500 nvsvc - ok
20:00:59.0654 0x1500 [ 07C186427EB8FCC3D8D7927187F260F7, 9AFDE1CB7B7232BD019804BFC691580B9CC2E51A5BC0E5584B23907D532600D8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:00:59.0659 0x1500 nv_agp - ok
20:00:59.0672 0x1500 NwlnkFlt - ok
20:00:59.0685 0x1500 NwlnkFwd - ok
20:00:59.0748 0x1500 [ BE32DA025A0BE1878F0EE8D6D9386CD5, B9D6CB4626FC67D108D713467C9ED8D0E2A071D98621B5531AD9D0C172FE7B89 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
20:00:59.0752 0x1500 ohci1394 - ok
20:00:59.0837 0x1500 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:00:59.0846 0x1500 ose - ok
20:00:59.0932 0x1500 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc C:\Windows\system32\p2psvc.dll
20:00:59.0964 0x1500 p2pimsvc - ok
20:01:00.0006 0x1500 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc C:\Windows\system32\p2psvc.dll
20:01:00.0024 0x1500 p2psvc - ok
20:01:00.0090 0x1500 [ 8A79FDF04A73428597E2CAF9D0D67850, DB438FDE5510AB2F350ED1AC4CF0E99D3CC665FE46533A438A8FDA4DAF950F93 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:01:00.0095 0x1500 Parport - ok
20:01:00.0153 0x1500 [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:01:00.0157 0x1500 partmgr - ok
20:01:00.0173 0x1500 [ 6C580025C81CAF3AE9E3617C22CAD00E, 64F9061196462085E5DCD3ACB97A0D8FC67CA9A96DDD6E2103AFFF1593AE236A ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
20:01:00.0177 0x1500 Parvdm - ok
20:01:00.0208 0x1500 [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc C:\Windows\System32\pcasvc.dll
20:01:00.0213 0x1500 PcaSvc - ok
20:01:00.0253 0x1500 [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci C:\Windows\system32\drivers\pci.sys
20:01:00.0260 0x1500 pci - ok
20:01:00.0317 0x1500 [ 1636D43F10416AEB483BC6001097B26C, 36E61A993693A46538FE0F726D67BB28886F61D53384AD600D1282296A27662E ] pciide C:\Windows\system32\drivers\pciide.sys
20:01:00.0319 0x1500 pciide - ok
20:01:00.0411 0x1500 [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:01:00.0419 0x1500 pcmcia - ok
20:01:00.0517 0x1500 [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:01:00.0559 0x1500 PEAUTH - ok
20:01:00.0670 0x1500 [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla C:\Windows\system32\pla.dll
20:01:00.0728 0x1500 pla - ok
20:01:00.0776 0x1500 [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:01:00.0787 0x1500 PlugPlay - ok
20:01:00.0831 0x1500 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
20:01:00.0864 0x1500 PNRPAutoReg - ok
20:01:00.0908 0x1500 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc C:\Windows\system32\p2psvc.dll
20:01:00.0927 0x1500 PNRPsvc - ok
20:01:01.0009 0x1500 [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:01:01.0024 0x1500 PolicyAgent - ok
20:01:01.0066 0x1500 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:01:01.0070 0x1500 PptpMiniport - ok
20:01:01.0139 0x1500 [ 0E3CEF5D28B40CF273281D620C50700A, 8ADA99B4563AE2129B95136295EE92A94102B035EBBC83D4C8587ECE8B0DEE60 ] Processor C:\Windows\system32\drivers\processr.sys
20:01:01.0144 0x1500 Processor - ok
20:01:01.0188 0x1500 [ 0508FAA222D28835310B7BFCA7A77346, 3AE2340C6E365F137CC00D9560069501DD2724756EA9EBF7A6CDFFC91B43709C ] ProfSvc C:\Windows\system32\profsvc.dll
20:01:01.0197 0x1500 ProfSvc - ok
20:01:01.0218 0x1500 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
20:01:01.0221 0x1500 ProtectedStorage - ok
20:01:01.0255 0x1500 [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
20:01:01.0259 0x1500 PSched - ok
20:01:01.0361 0x1500 [ CCDAC889326317792480C0A67156A1EC, 3D3B561B6D4E12DE442C98993C929765F002AF5CFB5A00EFACE6ABE957F7E8AF ] ql2300 C:\Windows\system32\drivers\ql2300.sys
20:01:01.0402 0x1500 ql2300 - ok
20:01:01.0439 0x1500 [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
20:01:01.0444 0x1500 ql40xx - ok
20:01:01.0499 0x1500 [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE C:\Windows\system32\qwave.dll
20:01:01.0516 0x1500 QWAVE - ok
20:01:01.0555 0x1500 [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:01:01.0558 0x1500 QWAVEdrv - ok
20:01:01.0615 0x1500 [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:01:01.0618 0x1500 RasAcd - ok
20:01:01.0691 0x1500 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto C:\Windows\System32\rasauto.dll
20:01:01.0699 0x1500 RasAuto - ok
20:01:01.0737 0x1500 [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:01:01.0741 0x1500 Rasl2tp - ok
20:01:01.0781 0x1500 [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan C:\Windows\System32\rasmans.dll
20:01:01.0798 0x1500 RasMan - ok
20:01:01.0835 0x1500 [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:01:01.0838 0x1500 RasPppoe - ok
20:01:01.0871 0x1500 [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:01:01.0876 0x1500 RasSstp - ok
20:01:01.0917 0x1500 [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:01:01.0927 0x1500 rdbss - ok
20:01:01.0972 0x1500 [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:01:01.0974 0x1500 RDPCDD - ok
20:01:02.0024 0x1500 [ E8BD98D46F2ED77132BA927FCCB47D8B, 5187CF8F00AD67EDDF27DF675F3210C0D72E552578A89C58DF6953B1D5BEBCB8 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
20:01:02.0033 0x1500 rdpdr - ok
20:01:02.0045 0x1500 [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:01:02.0047 0x1500 RDPENCDD - ok
20:01:02.0110 0x1500 [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:01:02.0118 0x1500 RDPWD - ok
20:01:02.0184 0x1500 [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess C:\Windows\System32\mprdim.dll
20:01:02.0190 0x1500 RemoteAccess - ok
20:01:02.0253 0x1500 [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:01:02.0262 0x1500 RemoteRegistry - ok
20:01:02.0299 0x1500 [ E51A8D02B4BD33EBA1F7A5B76C3766ED, A1E5747F4034356CD3E8EDC2A847EB92CF1C9F6C0E865BDE8F46D90C005A7ED8 ] rpcapd C:\Program Files\WinPcap\rpcapd.exe
20:01:02.0304 0x1500 rpcapd - ok
20:01:02.0342 0x1500 [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator C:\Windows\system32\locator.exe
20:01:02.0346 0x1500 RpcLocator - ok
20:01:02.0386 0x1500 [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs C:\Windows\system32\rpcss.dll
20:01:02.0402 0x1500 RpcSs - ok
20:01:02.0445 0x1500 [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:01:02.0480 0x1500 rspndr - ok
20:01:02.0515 0x1500 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs C:\Windows\system32\lsass.exe