View Full Version : Something Wrong
Hello Forum,
I have something wrong with this computor. I was told it had Vundo on it along with some PUP. My son tried to clean it up using CCleaner, Malwarebyte, and something called Hitman and allowed these programs to fix it. The system became unstable so he did a restore.
Here is the DDS along with aswMDR
DS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16514
Run by EMachUser at 15:31:23 on 2013-11-01
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.894.94 [GMT -5:00]
.
AV: Kaspersky Internet Security *Enabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Users\EMachUser\AppData\Local\NexGenMediaPlayer\NexGenMediaPlayerApp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5062
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5062
uProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Swift Browse: {808dc83c-d35b-4fba-a5b5-9a52103204df} - c:\program files\swift browse\SwiftBrowsebho.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe"
StartupFolder: c:\users\emachu~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\nexgen~1.lnk - c:\users\emachuser\appdata\local\nexgenmediaplayer\NexGenMediaPlayerApp.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2012\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
LSP: c:\windows\system32\wpclsp.dll
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 68.94.156.1 68.94.157.1
TCP: Interfaces\{D122C78F-1EB5-4E6F-B163-D2F3CBC3B553} : DHCPNameServer = 68.94.156.1 68.94.157.1
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs= c:\progra~1\google\google~1\GOEC62~1.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R0 txtidwow;txtidwow;c:\windows\system32\drivers\txtidwow.sys [2011-7-13 43520]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2011-3-10 23856]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe [2011-4-25 202296]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-18 21504]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S4 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-5-29 29744]
.
=============== File Associations ===============
.
ShellExec: pi11.exe: Open="c:\program files\microsoft digital image 2006\pi.exe" "%1"
.
=============== Created Last 30 ================
.
2013-11-01 20:09:26 388096 ----a-r- c:\users\emachuser\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2013-11-01 20:09:17 -------- d-----w- c:\program files\Trend Micro
2013-11-01 15:50:17 7796464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9fcb1166-dd61-4201-b42c-a66ff18f6395}\mpengine.dll
2013-10-31 15:34:34 -------- d-----w- C:\564c0b1906d847d402cfc34485e17a
2013-10-31 15:27:38 -------- d-----w- C:\72018930be9e0dffa9df21
2013-10-31 04:11:26 -------- d-----w- c:\programdata\HitmanPro
2013-10-30 14:02:07 -------- d-----w- c:\users\emachuser\appdata\roaming\Malwarebytes
2013-10-30 14:01:10 -------- d-----w- c:\programdata\Malwarebytes
2013-10-30 14:00:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-10-10 20:45:17 1069056 ----a-w- c:\windows\system32\DWrite.dll
2013-10-10 20:44:58 2050048 ----a-w- c:\windows\system32\win32k.sys
2013-10-10 20:44:28 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-10-10 20:44:28 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-10-10 20:44:28 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-10-10 20:44:28 197632 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-10-10 20:44:27 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-10-10 20:44:27 19456 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-10-10 20:44:25 73344 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2013-10-10 20:44:23 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-10-10 20:42:39 25472 ----a-w- c:\windows\system32\drivers\hidparse.sys
2013-10-10 20:42:35 532480 ----a-w- c:\windows\system32\comctl32.dll
.
==================== Find3M ====================
.
2013-10-10 18:49:51 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-10 18:49:51 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-22 10:22:59 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-09-22 10:14:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-09-22 10:13:22 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-09-22 10:08:41 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-09-22 10:06:58 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-09-22 10:03:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-09-03 19:35:12 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-08-27 02:47:50 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-08-27 02:47:50 189952 ----a-w- c:\windows\system32\d3d10core.dll
2013-08-27 02:47:50 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2013-08-27 02:47:50 1029120 ----a-w- c:\windows\system32\d3d10.dll
2013-08-27 01:52:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2013-08-27 01:50:40 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2013-08-27 01:32:20 683008 ----a-w- c:\windows\system32\d2d1.dll
2013-08-27 01:28:35 798208 ----a-w- c:\windows\system32\FntCache.dll
.
============= FINISH: 15:34:19.01 ===============
version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-11-01 15:49:14
-----------------------------
15:49:14.626 OS Version: Windows 6.0.6002 Service Pack 2
15:49:14.626 Number of processors: 1 586 0x5F02
15:49:14.626 ComputerName: FRONTDESK UserName: EMachUser
15:49:32.110 Initialze error C000010E - driver not loaded
15:49:32.303 write error "aswCmnB.dll". The process cannot access the file because it is being used by another process.
16:01:39.432 AVAST engine defs: 13110201
16:03:05.773 The log file has been saved successfully to "C:\Users\EMachUser\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-11-01 16:06:39
-----------------------------
16:06:39.213 OS Version: Windows 6.0.6002 Service Pack 2
16:06:39.213 Number of processors: 1 586 0x5F02
16:06:39.213 ComputerName: FRONTDESK UserName: EMachUser
16:06:43.003 Initialize success
16:18:56.145 AVAST engine defs: 13110201
16:34:45.656 The log file has been saved successfully to "C:\Users\EMachUser\Desktop\aswMBR.txt"
Hi Frosty,
My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.
Please stay with this topic until I let you know that your system appears to be "All Clear"
Important: All tools MUST be run from the Desktop.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Security Check
Download Security Check by screen317 from here (http://screen317.spywareinfoforum.org/SecurityCheck.exe) or here (http://screen317.changelog.fr/SecurityCheck.exe).
Save it to your Desktop.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=========================
Your aswMBR scan is not complete, please delete the copy you previously downloaded and download a fresh copy.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) aswMBR
Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) and save it to your desktop.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When asked if you want to download Avast's virus definitions please select Yes.
Click Scan
Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) OTL
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Make sure all other windows are closed and to let it run uninterrupted.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under Custom Scan paste this in
%USERPROFILE%\..|smtmp;true;true;true /FP
%temp%\smtmp\*.* /s >
/md5start
iexplore.*
explorer.*
winlogon.*
dll
zx.dll
hlp.dat
consrv.dll
services.*
/md5stop
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
dir "%systemdrive%\*" /S /A:L /C
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%PROGRAMFILES%\Internet Explorer\*.dat
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
BASESERVICES
DRIVES
CREATERESTOREPOINT
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
You may need two posts to fit them both in.
=========================
In your next post please provide the following:
checkup.txt
aswMBR.txt
attach MBR.zip
OTL.txt
Extras.txt
Hello OCD,
Thanks for your help. I hve the information you requested.
CHECKUP:
Results of screen317's Security Check version 0.99.76
Windows Vista Service Pack 2 x86 (UAC is disabled!)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Kaspersky Internet Security
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 7
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Kaspersky Lab Kaspersky Internet Security 2012 avp.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
aswMBR:
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-11-01 13:55:45
-----------------------------
13:55:45.790 OS Version: Windows 6.0.6002 Service Pack 2
13:55:45.790 Number of processors: 1 586 0x5F02
13:55:45.790 ComputerName: FRONTDESK UserName: EMachUser
13:56:00.423 Initialize success
14:08:02.598 AVAST engine defs: 13110500
14:08:10.851 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000055
14:08:10.851 Disk 0 Vendor: ST316081 3.AA Size: 152627MB BusType: 6
14:08:11.412 Disk 0 MBR read successfully
14:08:11.412 Disk 0 MBR scan
14:08:11.677 Disk 0 Windows VISTA default MBR code
14:08:11.724 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 10064 MB offset 63
14:08:11.771 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 142562 MB offset 20611395
14:08:11.771 Disk 0 scanning sectors +312579760
14:08:12.130 Disk 0 scanning C:\Windows\system32\drivers
14:08:23.814 Service scanning
14:08:40.475 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
14:08:40.522 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5
14:08:40.756 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
14:08:40.803 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
14:09:06.090 Modules scanning
14:09:30.894 Disk 0 trace - called modules:
14:09:30.910 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
14:09:30.925 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8db30480]
14:09:30.925 3 CLASSPNP.SYS[8f3b98b3] -> nt!IofCallDriver -> [0x8cbfcf08]
14:09:30.925 5 acpi.sys[8b2156bc] -> nt!IofCallDriver -> \Device\00000055[0x8cbfda58]
14:09:32.361 AVAST engine scan C:\Windows
14:09:37.836 AVAST engine scan C:\Windows\system32
14:12:07.971 File: C:\Windows\system32\rtfossnd.exe **HIDDEN**
14:13:13.506 AVAST engine scan C:\Windows\system32\drivers
14:13:33.318 AVAST engine scan C:\Users\EMachUser
14:14:58.011 AVAST engine scan C:\ProgramData
14:22:36.916 Scan finished successfully
14:23:25.822 Disk 0 MBR has been saved successfully to "C:\Users\EMachUser\Desktop\MBR.dat"
14:23:25.837 The log file has been saved successfully to "C:\Users\EMachUser\Desktop\aswMBR.txt"
OTL and Extra in next reply
Here is part two of the story,
OTL:
OTL logfile created on: 11/1/2013 2:26:02 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\EMachUser\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
893.76 Mb Total Physical Memory | 450.62 Mb Available Physical Memory | 50.42% Memory free
2.00 Gb Paging File | 1.23 Gb Available in Paging File | 61.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.22 Gb Total Space | 80.32 Gb Free Space | 57.70% Space Free | Partition Type: NTFS
Drive D: | 9.83 Gb Total Space | 4.41 Gb Free Space | 44.88% Space Free | Partition Type: NTFS
Computer Name: FRONTDESK | User Name: EMachUser | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\EMachUser\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\EMachUser\AppData\Local\NexGenMediaPlayer\NexGenMediaPlayerApp.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f453ecc6bb7fc8d52d61247676944623\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\73d9bc894522543b561a0342dac87c06\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e77e7cdf3072d5a658832b8863ff439e\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09f5b3f7a363b742a73937e818595597\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c0df7e124d8d5e2821fd7d3921d404f7\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\1eff630f4194c74287d1dd4a859693f7\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\05034abc5246a6fef208f73cb912d971\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll ()
MOD - C:\Users\EMachUser\AppData\Local\NexGenMediaPlayer\NexGenMediaPlayerApp.exe ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
========== Services (SafeList) ==========
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Util Swift Browse) -- C:\Program Files\Swift Browse\bin\utilSwiftBrowse.exe ()
SRV - (Update Swift Browse) -- C:\Program Files\Swift Browse\updateSwiftBrowse.exe ()
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (GameConsoleService) -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (rpcapd) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (MSSQL$UPSWSDBSERVER) -- c:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
========== Driver Services (SafeList) ==========
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (aswMBR) -- C:\Users\EMACHU~1\AppData\Local\Temp\aswMBR.sys File not found
DRV - (USB_RNDIS) -- C:\Windows\System32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (txtidwow) -- C:\Windows\System32\drivers\txtidwow.sys ()
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (NETw2v32) -- C:\Windows\System32\drivers\NETw2v32.sys (Intel® Corporation)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (Cdralw2k) -- C:\Windows\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\Windows\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (DeviceGuys, Inc.)
DRV - (BrPar) -- C:\Windows\System32\drivers\BRPAR.SYS (Brother Industries Ltd.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5062
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5062
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {D98FBCDE-CE80-40BC-A775-1E7901C4A600}
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKxdm011YYUS&fl=0&ptb=4vJSZENCg_19vR6GCO1.eg&url=http://search.mywebsearch.com/mywebsearch/GGmain.jhtml&st=sb&searchfor={searchTerms}&si=137395&n=77ce820b
IE - HKLM\..\SearchScopes\{D98FBCDE-CE80-40BC-A775-1E7901C4A600}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {676FC0DB-138B-4F55-9F2F-2BE262E72B4E}
IE - HKCU\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKxdm011YYUS&fl=0&ptb=4vJSZENCg_19vR6GCO1.eg&url=http://search.mywebsearch.com/mywebsearch/GGmain.jhtml&st=sb&searchfor={searchTerms}&si=137395&n=77ce820b
IE - HKCU\..\SearchScopes\{676FC0DB-138B-4F55-9F2F-2BE262E72B4E}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{D98FBCDE-CE80-40BC-A775-1E7901C4A600}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/09/04 12:35:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012/09/04 12:35:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012/09/04 12:35:33 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Swift Browse) - {808dc83c-d35b-4fba-a5b5-9a52103204df} - C:\Program Files\Swift Browse\SwiftBrowseBHO.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll (Gateway Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - Startup: C:\Users\EMachUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\EMachUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexGen Media Player.lnk = C:\Users\EMachUser\AppData\Local\NexGenMediaPlayer\NexGenMediaPlayerApp.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab (Fun Web Products Installer Start)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D122C78F-1EB5-4E6F-B163-D2F3CBC3B553}: DhcpNameServer = 68.94.156.1 68.94.157.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/23 19:02:49 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 04:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{5e094961-2908-11dc-ab3e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5e094961-2908-11dc-ab3e-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SPSETUP.EXE
O33 - MountPoints2\{88f79cf2-40f8-11df-8291-001bb95f5c4b}\Shell - "" = AutoRun
O33 - MountPoints2\{88f79cf2-40f8-11df-8291-001bb95f5c4b}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.divxa32 - C:\Windows\System32\DivXa32.acm (Kristal StudioD��FileDescription)
Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.g723 - g723.acm File not found
Drivers32: msacm.iac2 - C:\Windows\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIV3 - C:\Windows\System32\DivXc32.dll (Hacked with Joy !)
Drivers32: vidc.DIV4 - C:\Windows\System32\DivXc32f.dll (Hacked with Joy !)
Drivers32: vidc.I263 - C:\Windows\System32\i263_32.drv (Intel Corporation)
Drivers32: vidc.i420 - C:\Windows\System32\i263_32.drv (Intel Corporation)
Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.JPEG - C:\Windows\System32\JpegCode.dll (Zoran Microelectronics Ltd.)
Drivers32: VIDC.MJPG - C:\Windows\System32\JpegCode.dll (Zoran Microelectronics Ltd.)
Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2013/11/01 16:32:59 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013/11/01 16:30:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/11/01 16:30:38 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2013/11/01 16:30:01 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\EMachUser\Desktop\erunt-setup.exe
[2013/11/01 15:31:01 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\EMachUser\Desktop\dds.scr
[2013/11/01 15:09:17 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013/11/01 15:09:17 | 000,000,000 | ---D | C] -- C:\Users\EMachUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/11/01 13:23:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\EMachUser\Desktop\OTL.exe
[2013/11/01 13:22:51 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\EMachUser\Desktop\aswMBR.exe
[2013/10/31 10:34:34 | 000,000,000 | ---D | C] -- C:\564c0b1906d847d402cfc34485e17a
[2013/10/31 10:27:38 | 000,000,000 | ---D | C] -- C:\72018930be9e0dffa9df21
[2013/10/30 23:11:26 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/10/30 22:48:56 | 000,000,000 | ---D | C] -- C:\Users\EMachUser\Desktop\RK_Quarantine
[2013/10/30 09:02:07 | 000,000,000 | ---D | C] -- C:\Users\EMachUser\AppData\Roaming\Malwarebytes
[2013/10/30 09:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/10/30 09:00:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/10/29 17:31:01 | 000,000,000 | ---D | C] -- C:\Users\EMachUser\Documents\NexGen Media Player
[2013/10/11 10:44:44 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/10/11 10:44:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/10/11 10:44:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/10/11 10:44:42 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/10/11 10:44:41 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/10/11 10:44:40 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/10/11 10:44:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/10/11 10:44:38 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/10/10 15:45:17 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/10/10 15:45:16 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013/10/10 15:45:15 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013/10/10 15:45:15 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013/10/10 15:45:15 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013/10/10 15:45:15 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013/10/10 15:45:14 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013/10/10 15:45:14 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013/10/10 15:45:10 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013/10/10 15:45:09 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013/10/10 15:45:05 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013/10/10 15:45:02 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2013/10/10 15:44:58 | 002,050,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/10/10 15:44:28 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2013/10/10 15:44:28 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2013/10/10 15:42:39 | 000,025,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2007/12/16 17:49:08 | 000,147,456 | ---- | C] (Info-ZIP) -- C:\Users\EMachUser\vbzip10.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/11/01 16:30:47 | 000,000,913 | ---- | M] () -- C:\Users\EMachUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/11/01 16:30:38 | 000,000,714 | ---- | M] () -- C:\Users\EMachUser\Desktop\ERUNT.lnk
[2013/11/01 16:30:06 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\EMachUser\Desktop\erunt-setup.exe
[2013/11/01 15:31:11 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\EMachUser\Desktop\dds.scr
[2013/11/01 15:10:37 | 000,002,531 | ---- | M] () -- C:\Users\EMachUser\Desktop\HiJackThis.lnk
[2013/11/01 15:07:28 | 001,402,880 | ---- | M] () -- C:\Users\EMachUser\Desktop\HijackThis.msi
[2013/11/01 14:23:25 | 000,000,512 | ---- | M] () -- C:\Users\EMachUser\Desktop\MBR.dat
[2013/11/01 14:21:03 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/01 13:46:11 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/01 13:23:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\EMachUser\Desktop\OTL.exe
[2013/11/01 13:23:14 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\EMachUser\Desktop\aswMBR.exe
[2013/11/01 13:22:33 | 000,891,184 | ---- | M] () -- C:\Users\EMachUser\Desktop\SecurityCheck.exe
[2013/11/01 13:19:50 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/01 13:06:11 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/01 13:06:11 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/01 09:05:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/01 09:05:43 | 937,943,040 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/11 11:31:11 | 000,654,114 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/10/11 11:31:11 | 000,122,868 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/10/11 11:23:40 | 000,454,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/10/10 13:49:51 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/10/10 13:49:51 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/11/01 16:30:47 | 000,000,913 | ---- | C] () -- C:\Users\EMachUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/11/01 16:30:38 | 000,000,714 | ---- | C] () -- C:\Users\EMachUser\Desktop\ERUNT.lnk
[2013/11/01 15:09:17 | 000,002,531 | ---- | C] () -- C:\Users\EMachUser\Desktop\HiJackThis.lnk
[2013/11/01 15:06:59 | 001,402,880 | ---- | C] () -- C:\Users\EMachUser\Desktop\HijackThis.msi
[2013/11/01 14:23:25 | 000,000,512 | ---- | C] () -- C:\Users\EMachUser\Desktop\MBR.dat
[2013/11/01 13:22:28 | 000,891,184 | ---- | C] () -- C:\Users\EMachUser\Desktop\SecurityCheck.exe
[2013/10/31 11:17:39 | 937,943,040 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/10 20:50:10 | 000,017,388 | ---- | C] () -- C:\Windows\System32\usboktcp.dll
[2011/11/06 18:14:51 | 000,017,408 | ---- | C] () -- C:\Users\EMachUser\AppData\Local\WebpageIcons.db
[2011/11/06 18:11:47 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2011/11/06 18:11:46 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010/03/26 19:42:33 | 000,023,580 | ---- | C] () -- C:\Users\EMachUser\AppData\Roaming\UserTile.png
[2008/12/08 12:04:41 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/08/07 16:09:54 | 000,000,000 | ---- | C] () -- C:\Users\EMachUser\AppData\Roaming\wklnhst.dat
[2008/03/08 12:32:19 | 000,004,096 | -H-- | C] () -- C:\Users\EMachUser\AppData\Local\keyfile3.drm
[2008/03/08 11:46:08 | 000,007,268 | ---- | C] () -- C:\Users\EMachUser\AppData\Local\d3d9caps.dat
[2008/02/01 10:38:53 | 000,000,632 | RHS- | C] () -- C:\Users\EMachUser\ntuser.pol
[2008/01/30 01:23:12 | 000,008,017 | ---- | C] () -- C:\Users\EMachUser\ia_remove.sh
[2007/12/23 19:57:43 | 000,000,363 | ---- | C] () -- C:\ProgramData\lxdc
[2007/09/28 15:49:19 | 000,036,352 | ---- | C] () -- C:\Users\EMachUser\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2008/01/10 23:58:48 | 000,000,000 | ---D | M] -- C:\Users\EMachUser\AppData\Roaming\Lexmark Productivity Studio
[2010/03/26 19:42:33 | 000,000,000 | ---D | M] -- C:\Users\EMachUser\AppData\Roaming\PeerNetworking
[2007/09/28 15:58:51 | 000,000,000 | ---D | M] -- C:\Users\EMachUser\AppData\Roaming\SampleView
[2008/08/07 16:09:56 | 000,000,000 | ---D | M] -- C:\Users\EMachUser\AppData\Roaming\Template
[2008/01/10 22:42:21 | 000,000,000 | ---D | M] -- C:\Users\EMachUser\AppData\Roaming\Ulead Systems
[2007/12/14 20:37:01 | 000,000,000 | ---D | M] -- C:\Users\EMachUser\AppData\Roaming\WildTangent
[2008/12/08 12:04:14 | 000,000,000 | ---D | M] -- C:\Users\EMachUser\AppData\Roaming\Wireshark
========== Purity Check ==========
========== Custom Scans ==========
< %USERPROFILE%\..|smtmp;true;true;true /FP >
< %temp%\smtmp\*.* /s > >
< MD5 for: EXPLORER.EXE >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/02/01 18:40:24 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/02/01 18:40:23 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 04:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 02:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
< MD5 for: EXPLORER.EXE.MUI >
[2006/11/02 07:41:18 | 000,036,864 | ---- | M] (Microsoft Corporation) MD5=192DD053B43250E264383CDC3D564A18 -- C:\Windows\en-US\explorer.exe.mui
[2006/11/02 07:41:18 | 000,036,864 | ---- | M] (Microsoft Corporation) MD5=192DD053B43250E264383CDC3D564A18 -- C:\Windows\winsxs\x86_microsoft-windows-explorer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_03bbc52176b6ba20\explorer.exe.mui
< MD5 for: EXPLORER.EXE-A80E4F97.PF >
[2013/11/02 17:09:57 | 000,073,858 | ---- | M] () MD5=C432762CBFCCE7F07D93C1FEE940A0EA -- C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf
< MD5 for: IEXPLORE.EXE >
[2012/05/17 18:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=0129BB16161C2FD9A6B19111AB047198 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16446_none_5898f8e3ebb5c47b\iexplore.exe
[2011/07/23 06:02:27 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=04D1DC458C723B291179F8449ACC281D -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19120_none_12355fcb2fdc2111\iexplore.exe
[2008/04/24 23:22:36 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=07ED775D6DB4BFA96D7CFB09EB228418 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16681_none_2d26424d1d17e8b7\iexplore.exe
[2009/01/14 23:14:36 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=0844F5B9CB3BB85A917D347EF1565B6C -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16809_none_2d84c7c91ccfce35\iexplore.exe
[2012/11/13 21:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=0D286C0FE561D1A7EB30E83A0FF305B2 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16457_none_588f2941ebbcf9c3\iexplore.exe
[2011/09/30 18:49:11 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=0E1695AD4C30E72D68170F01B4818A80 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23250_none_129e8cd2491214ae\iexplore.exe
[2013/07/31 05:18:24 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=10C1F2EC48D524AE10229AACD37B172A -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20617_none_594407a304ba26f0\iexplore.exe
[2013/07/24 21:48:45 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=139C8953AC56A9E559C7DEF07BC45ED7 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20613_none_5940067b04bdc194\iexplore.exe
[2008/06/26 22:54:09 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=157F8DE991396C536820D7FA5C8DCF7D -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16711_none_2d71f3a71cdf2247\iexplore.exe
[2008/02/21 21:44:11 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=182CAF7403705ACCB51211A761080B8F -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_2dc0b0c03628049a\iexplore.exe
[2008/10/01 22:50:01 | 000,633,632 | ---- | M] (Microsoft Corporation) MD5=19403B64906C9EAC627E3C10847B0FDA -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16757_none_2d4cb5b31cfa2a15\iexplore.exe
[2009/11/21 01:42:38 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=1B6362BB14FCEB9E76BCF9A953B04788 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18865_none_120f459f2ff7e1f8\iexplore.exe
[2009/07/18 07:16:49 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=1D5A01AA2DE47C052AF46D7EBCB003A3 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16890_none_2d1a75e31d20e59f\iexplore.exe
[2009/07/18 16:39:09 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=1D8163DBFECAEDB9C48C5F55084BC491 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18294_none_2f04b5b11a43dbec\iexplore.exe
[2009/03/02 23:18:52 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=1DD66A2851DACDEC32EAE8F9A8865ABD -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21023_none_2df29b2236034119\iexplore.exe
[2009/04/24 11:25:27 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=1F44940EF1D07D0BDAF80E55853DFBD0 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16851_none_2d46b5dd1cff8f32\iexplore.exe
[2012/08/24 02:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=22CC6CDBA678790046693654C3B212E4 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16450_none_5888273bebc34862\iexplore.exe
[2010/02/23 10:06:13 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=25DB705A7DC85C208B3CF2D20F118AA7 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22995_none_127872a6492dd595\iexplore.exe
[2012/05/17 17:59:46 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=268982F1FD671A077C6A2AF41E351436 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20551_none_5912c45104e00183\iexplore.exe
[2012/10/08 03:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=270A1342BD5AF95CA25A586B4C2F1522 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16455_none_588d28adebbec715\iexplore.exe
[2011/11/03 02:33:09 | 000,638,240 | ---- | M] (Microsoft Corporation) MD5=2A268DF89913A0E927091077878EDB3E -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23266_none_1299bea24914c8a9\iexplore.exe
[2009/04/11 01:27:44 | 000,636,080 | ---- | M] (Microsoft Corporation) MD5=2C5168C856455CC43C4B4E1CC1920001 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6002.18005_none_314d791517204c15\iexplore.exe
[2009/08/27 00:23:17 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=2E48756F12C21F46895036AC089AAD97 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18828_none_123d862d2fd4be39\iexplore.exe
[2013/02/21 23:10:00 | 000,757,376 | ---- | M] (Microsoft Corporation) MD5=32732CEDE2A1106B736EF3D84054EE04 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16476_none_5878891febce184e\iexplore.exe
[2013/05/28 22:32:47 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=33E62E4EFC2ACA8EC63A8926F26D3889 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20606_none_594dd74504b2f1a8\iexplore.exe
[2012/06/02 04:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=34B01BBD8F00B6B9C9248DC4F1E3CD01 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16447_none_5899f92debb4ddd2\iexplore.exe
[2010/01/02 09:58:26 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=3D8DA00B028DEA9517066F1CECBFC4A2 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22973_none_128c11ea491f6b05\iexplore.exe
[2013/04/04 17:47:49 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=3F00BE80B9CEA20B7FE7363D15EDDB94 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16483_none_586ab855ebd8e83a\iexplore.exe
[2013/02/21 23:10:31 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=4145E2B5663F6FACC08EFDB17B658BB2 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20586_none_58f755ff04f3d409\iexplore.exe
[2013/09/22 05:59:54 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=45BDA923BE52906D1460BCB13AC2AB7A -- C:\Program Files\Internet Explorer\iexplore.exe
[2013/09/22 05:59:54 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=45BDA923BE52906D1460BCB13AC2AB7A -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16514_none_58b769f9eb9f3b21\iexplore.exe
[2010/05/04 01:32:18 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=48A6109E8DF0365195298CC527B7426A -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23019_none_12d2cb5048e98eab\iexplore.exe
[2010/09/08 01:26:34 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=4A719476A6393B1DCACFEB4F3AC6599C -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23067_none_129abb204913e7b2\iexplore.exe
[2008/02/01 18:23:45 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=4C1528C481FFE6E4EFE4BAC7271CE251 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20697_none_2dab0f0236383f55\iexplore.exe
[2008/10/15 23:27:53 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=4CBA2F58668F2D5F3259CBE73E227F25 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20937_none_2debf43c36078f24\iexplore.exe
[2011/07/23 06:42:34 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=4D08A4234D645EFCB30605CC0BFA87F4 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23216_none_12cfce3e48ec3cf4\iexplore.exe
[2008/06/26 20:41:30 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=4DBD95312B1C96C5285D38F1D748CD4D -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20868_none_2dcc82dc361eff27\iexplore.exe
[2011/12/15 02:36:29 | 000,638,240 | ---- | M] (Microsoft Corporation) MD5=54EF418BD99720658CCE24210799BD1A -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23286_none_12841eca4925008b\iexplore.exe
[2013/07/24 21:42:37 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=57EC630DBD5F0713E77CB3540AB80A8E -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16502_none_58c03951eb98ec82\iexplore.exe
[2010/11/02 01:03:13 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=5AB037B17F8A87D052F5A88E0D29A3C8 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18999_none_11f2d8e9300c984e\iexplore.exe
[2008/01/19 02:33:12 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=5B92133D3E7FB2644677686305E29E81 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_2f62000919fe80c9\iexplore.exe
[2010/05/04 01:00:35 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=5C9B1062EA7A44E8F6BFDE994B68C7AA -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18928_none_123d88132fd4bb60\iexplore.exe
[2012/08/24 02:49:25 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=62188720CE27B982B4285C03163C9FB3 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20557_none_5918c60d04da998d\iexplore.exe
[2008/10/01 22:32:01 | 000,633,632 | ---- | M] (Microsoft Corporation) MD5=6655B851D9EEF7C83395EE52D551B448 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20927_none_2df6c42835ff7333\iexplore.exe
[2013/05/16 18:34:33 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=67EE46FD4D3B56531C5DD1BDC149275A -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16490_none_585ce78bebe3b826\iexplore.exe
[2013/01/08 17:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=698EB1E5F8C66344D97C00B5699E871D -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16464_none_58815877ebc7c9af\iexplore.exe
[2008/02/01 18:23:46 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=7023BC3AF58F0C47856AF147E290D81A -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16575_none_2d35117b1d0c34fb\iexplore.exe
[2010/06/26 01:06:48 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=7420BE0E7D3D1320054F7ACA0594953D -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18943_none_1222e6c92fe9748f\iexplore.exe
[2010/12/18 02:19:44 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=7852371DA9EFBC17B645558E23780EAC -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23111_none_12cacae648f0c11a\iexplore.exe
[2011/09/30 18:07:49 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=7ACBBC85FCE4989B533220FC3B291633 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19154_none_1218f12f2ff0da40\iexplore.exe
[2009/08/27 08:31:08 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=7DD482E4A2E3CBB0A72F718C342F5B75 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22918_none_12d1f2e448ea4212\iexplore.exe
[2011/05/28 02:09:20 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=7EE10C5413AD7ED1AF9E8FAE1B58FC3E -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23181_none_127f1b72492984b1\iexplore.exe
[2008/02/14 14:35:26 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=7F2693693511F7ECD2762081F2F19864 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20734_none_2de8ef92360a48d1\iexplore.exe
[2009/07/18 07:16:45 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=7FCF4E704A48D95202F3E7A1E1A21412 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21089_none_2db7bd56362e80c9\iexplore.exe
[2006/11/02 04:45:14 | 000,623,616 | ---- | M] (Microsoft Corporation) MD5=8308F01F27DF839E0010B0F72F855E35 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16386_none_2d2b3e0d1d136ff5\iexplore.exe
[2010/01/02 01:40:20 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=88BD42DAE7CFFEB256CA7145A15E4843 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18882_none_11f6a4e9300acdd5\iexplore.exe
[2009/03/02 23:32:44 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=8BA2B7A05F88BE0D45237A0994AD8366 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22389_none_2f9e23da3354de78\iexplore.exe
[2012/03/16 09:16:47 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16421_none_58a99749ebaa0de6\iexplore.exe
[2008/02/14 14:35:29 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=9143C721DD6482374EFB35BC35944324 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16609_none_2d84c3fd1ccfd3e7\iexplore.exe
[2010/11/02 02:13:47 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=92A17B0A89D14815AACC62CD190B6CE3 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23091_none_127449a04931a37b\iexplore.exe
[2012/06/28 20:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=93569D46D79F9756ED077156496AFE23 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16448_none_589af977ebb3f729\iexplore.exe
[2008/02/20 23:43:03 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=9437CA21CD48C9B6BFD6F5AC0143D251 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_2d5382911cf5aba1\iexplore.exe
[2011/02/22 02:18:28 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=9CE5543464432CA73134F170FA2BF823 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23143_none_12ac5bb64907479b\iexplore.exe
[2009/08/27 09:04:53 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=9E45866CD349219784CD5A7620DBEB8A -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16916_none_2d76f8e51cda9b48\iexplore.exe
[2009/03/02 23:40:22 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=9E6C1527D9A2C64BFD780AA23075380F -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18226_none_2f5265b91a094b03\iexplore.exe
[2008/04/24 21:04:08 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=9F1427F203CA078005C9943800929640 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20823_none_2df2c11a360310b0\iexplore.exe
[2010/02/23 01:39:16 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=9F52FBE99C749E3F32C75124F09F1B03 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18904_none_124f26c32fc81e22\iexplore.exe
[2013/02/01 23:19:03 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=A285E1965C115031DA02B777EE9D7689 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20580_none_58f1544304f93bff\iexplore.exe
[2009/08/27 08:43:41 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=A76AFC309AA55CD607A28AC41C7D7603 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21116_none_2e006dd235f86e54\iexplore.exe
[2013/05/16 17:27:11 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=A8732CEDB2C0EE7AFC08F867A47BB3EC -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20600_none_5947d58904b8599e\iexplore.exe
[2013/07/31 05:39:59 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=AA9CBDCD4675A48755DDA3A73BE3E283 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16506_none_58c43a79eb9551de\iexplore.exe
[2011/12/15 01:22:33 | 000,638,240 | ---- | M] (Microsoft Corporation) MD5=AB18B8902C06954F8DFBAC5C6DC7E1E8 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19190_none_11e9b0573014e4a8\iexplore.exe
[2009/03/08 16:09:24 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_124d22632fc9f126\iexplore.exe
[2010/12/18 01:28:35 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=B988D7F127B94BD5BF8356FE81B985C4 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19019_none_1249306b2fcbec08\iexplore.exe
[2009/08/27 08:38:13 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=BBF84F317553520BB78AEF7B047325C1 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18319_none_2f60386919fe783e\iexplore.exe
[2012/06/02 03:51:58 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=BE967C74B89577B78FB57C061E12B04C -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20553_none_5914c4e504de3431\iexplore.exe
[2013/04/04 16:55:02 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=C036AB1ED8BAC04FE4A349BA263077BB -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20593_none_58e9853504fea3f5\iexplore.exe
[2011/02/22 01:21:12 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=C1D36A2CBE0CEC4DF593DB1288CF586E -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19048_none_1227c05d2fe52684\iexplore.exe
[2011/11/03 01:23:19 | 000,638,240 | ---- | M] (Microsoft Corporation) MD5=CCDB0B2D1F2E016966B1DB1097E24842 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19170_none_11ff502f3004acc6\iexplore.exe
[2012/10/08 03:22:05 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=CECB15F834FC2B4B150449717ADE18DD -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20562_none_5908f4af04e736cb\iexplore.exe
[2009/04/24 11:03:18 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=D5271AC4A06AD9D1E2EA0151B79B2657 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21046_none_2ddffc283610c500\iexplore.exe
[2010/09/08 01:02:42 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=D5A730DFDEAE005373E62BC2A866E3BB -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18975_none_120477992ffffb10\iexplore.exe
[2009/04/24 11:01:36 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=D6157423C117F24D24695866A1D0A93F -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22418_none_2fe8d4ea331cfeb1\iexplore.exe
[2008/10/15 23:42:58 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=D762642A109433EEDCD332B0A9511137 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16764_none_2d3ee4e91d04fa01\iexplore.exe
[2013/02/01 23:19:04 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=DDE5A0DFAF7C6370FB36402D7A746ED3 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16470_none_58728763ebd38044\iexplore.exe
[2009/11/21 10:05:17 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=E7F8DF50E483D165BB01F367D3519AA7 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22956_none_12a4b2a0490c7f28\iexplore.exe
[2009/03/02 23:22:10 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=EA4BE33726155F89D89A3FE7142878E0 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16830_none_2d5b556b1cf03df9\iexplore.exe
[2012/06/28 18:35:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=EB4105348272018D096FEB655CD1608C -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20554_none_5915c52f04dd4d88\iexplore.exe
[2009/07/18 06:55:42 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=EBEE9E4421F35CD861107DDA0266FBB1 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22475_none_2fa4f48433505a52\iexplore.exe
[2011/05/28 01:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=ED65737D70FDEAC29F738E77D2496EE5 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19088_none_11fc80ad30059648\iexplore.exe
[2013/05/28 21:24:32 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=EE12BA876C4190532A4085994BA9B616 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16496_none_5862e947ebde5030\iexplore.exe
[2013/01/08 16:32:42 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F05982E56ABD835AA8DF260EEC873E5B -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20573_none_58ff250d04ee6c13\iexplore.exe
[2010/06/26 01:52:42 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=F05B3A2C6CB319DD1377AD566CF5ECE5 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23040_none_12a958f24909fe6f\iexplore.exe
[2009/01/14 23:18:47 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=F0B1CA517977BA2FF6DA33F1B966C488 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20996_none_2daa146a36391d73\iexplore.exe
[2009/04/24 11:08:04 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=F294D8EEB05C835EC44A12CE0A1DFE7A -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18248_none_2f3ec6751a17b593\iexplore.exe
[2012/11/13 21:19:28 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F691418EE9A6344AEB5C1B0518FBF8AE -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20565_none_590bf58d04e482d0\iexplore.exe
[2013/09/22 07:14:29 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=F87E95A127E83277B9AE500D7A18C998 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20625_none_5937372304c41033\iexplore.exe
[2009/08/27 08:19:25 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=FE2DFF83B7753AC47C553EF7D5289BEE -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22508_none_2ff3a6bc3314dfe7\iexplore.exe
< MD5 for: IEXPLORE.EXE.MUI >
[2006/11/02 07:41:15 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=3CCDDDBC49DEACA370F39A9F0E146A1B -- C:\Windows\winsxs\x86_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_3b55b11a57da5590\iexplore.exe.mui
[2012/03/16 09:16:52 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2012/03/16 09:16:52 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.1.8112.16421_en-us_52562cc123574ecd\iexplore.exe.mui
[2009/03/08 16:27:11 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Windows\winsxs\x86_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_8.0.6001.18702_en-us_207795706a90d6c1\iexplore.exe.mui
< MD5 for: IEXPLORE.EXE-908C99F8.PF >
[2013/11/01 15:25:23 | 000,128,768 | ---- | M] () MD5=55F44A887CB338AD2AFD406DCC385990 -- C:\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf
< MD5 for: SERVICES >
[2006/09/18 16:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 16:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services
[2008/10/20 16:20:04 | 000,769,039 | ---- | M] () MD5=C540D44DF0E96D39EA4AF5C7B3FA64C5 -- C:\Program Files\Wireshark\services
< MD5 for: SERVICES.CNF >
[2000/11/16 11:13:16 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Users\Marco-FD\Documents\My Documents\My Webs\marco\_vti_pvt\services.cnf
< MD5 for: SERVICES.EXE >
[2008/01/19 02:33:28 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2006/11/02 04:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 07:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 07:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui
< MD5 for: SERVICES.HTM >
[2001/03/04 11:44:14 | 000,004,604 | ---- | M] () MD5=199DFA01F16D18A1BCD1E0D45A6037AA -- C:\Users\Marco-FD\Documents\My Documents\My Webs\marco\services.htm
[2001/03/04 11:44:16 | 000,001,550 | ---- | M] () MD5=46A53A39F9056079F81A7D8B4E374C73 -- C:\Users\Marco-FD\Documents\My Documents\My Webs\marco\_vti_cnf\services.htm
< MD5 for: SERVICES.HTM_CMP_BLENDS110_BNR.GIF >
[2000/11/16 11:29:56 | 000,000,325 | ---- | M] () MD5=23E4B1B16629AE97471FAA19D166764F -- C:\Users\Marco-FD\Documents\My Documents\My Webs\marco\_derived\_vti_cnf\services.htm_cmp_blends110_bnr.gif
[2000/11/16 11:30:06 | 000,001,565 | ---- | M] () MD5=27571AA0DB495668F0DC4DC53E8F9F05 -- C:\Users\Marco-FD\Documents\My Documents\My Webs\marco\_derived\services.htm_cmp_blends110_bnr.gif
< MD5 for: SERVICES.HTM_CMP_BLENDS110_HBTN.GIF >
[2000/11/16 11:29:54 | 000,000,325 | ---- | M] () MD5=09750532ED447695C10F75C848C120CA -- C:\Users\Marco-FD\Documents\My Documents\My Webs\marco\_derived\_vti_cnf\services.htm_cmp_blends110_hbtn.gif
[2000/11/16 11:30:08 | 000,000,668 | ---- | M] () MD5=2AB0BA1BBB72597A07FC3DD1D68A2791 -- C:\Users\Marco-FD\Documents\My Documents\My Webs\marco\_derived\services.htm_cmp_blends110_hbtn.gif
< MD5 for: SERVICES.HTM_CMP_BLENDS110_HBTN_A.GIF >
[2000/11/16 11:29:54 | 000,000,325 | ---- | M] () MD5=09750532ED447695C10F75C848C120CA -- C:\Users\Marco-FD\Documents\My Documents\My Webs\marco\_derived\_vti_cnf\services.htm_cmp_blends110_hbtn_a.gif
[2000/11/16 11:30:08 | 000,001,119 | ---- | M] () MD5=8E32CBF9B04207AA464DEDDB2EF6D571 -- C:\Users\Marco-FD\Documents\My Documents\My Webs\marco\_derived\services.htm_cmp_blends110_hbtn_a.gif
< MD5 for: SERVICES.HTM_CMP_BLENDS110_HBTN_P.GIF >
[2000/11/16 11:29:56 | 000,000,325 | ---- | M] () MD5=23E4B1B16629AE97471FAA19D166764F -- C:\Users\Marco-FD\Documents\My Documents\My Webs\marco\_derived\_vti_cnf\services.htm_cmp_blends110_hbtn_p.gif
[2000/11/16 11:30:08 | 000,001,896 | ---- | M] () MD5=5982C16906FFA2E07DCA83655A291784 -- C:\Users\Marco-FD\Documents\My Documents\My Webs\marco\_derived\services.htm_cmp_blends110_hbtn_p.gif
< MD5 for: SERVICES.HTM_CMP_BLENDS110_VBTN.GIF >
[2000/11/16 11:29:54 | 000,000,325 | ---- | M] () MD5=09750532ED447695C10F75C848C120CA -- C:\Users\Marco-FD\Documents\My Documents\My Webs\marco\_derived\_vti_cnf\services.htm_cmp_blends110_vbtn.gif
[2000/11/16 11:30:08 | 000,000,750 | ---- | M] () MD5=3BFF60205B8A04835485583D22579BD8 -- C:\Users\Marco-FD\Documents\My Documents\My Webs\marco\_derived\services.htm_cmp_blends110_vbtn.gif
< MD5 for: SERVICES.HTM_CMP_BLENDS110_VBTN_A.GIF >
[2000/11/16 11:29:54 | 000,000,325 | ---- | M] () MD5=09750532ED447695C10F75C848C120CA -- C:\Users\Marco-FD\Documents\My Documents\My Webs\marco\_derived\_vti_cnf\services.htm_cmp_blends110_vbtn_a.gif
[2000/11/16 11:30:08 | 000,001,198 | ---- | M] () MD5=A2229D1E74C48C16BC26157EFB86E7B4 -- C:\Users\Marco-FD\Documents\My Documents\My Webs\marco\_derived\services.htm_cmp_blends110_vbtn_a.gif
< MD5 for: SERVICES.HTM_NAV_BLENDS010_BNR.GIF >
[2000/11/16 11:30:10 | 000,000,443 | ---- | M] () MD5=9DBF40D94F7D2473E40F9D455E2E8C39 -- C:\Users\Marco-FD\Documents\My Documents\My Webs\marco\_overlay\_vti_cnf\services.htm_nav_blends010_bnr.gif
[2000/11/16 11:30:04 | 000,000,340 | ---- | M] () MD5=BDB856F706941B2B940E3404AB800097 -- C:\Users\Marco-FD\Documents\My Documents\My Webs\marco\_overlay\services.htm_nav_blends010_bnr.gif
Here is the rest of the story.
color=#A23BEC]< MD5 for: SERVICES.HTM_NAV_BLENDS010_HBTN.GIF >[/color]
[2000/11/16 11:30:06 | 000,000,142 | ---- | M] () MD5=5469E0F6615953C7F7CF160A782269AD -- C:\Users\Marco-FD\Documents\My Documents\My Webs\marco\_overlay\services.htm_nav_blends010_hbtn.gif
[2000/11/16 11:30:10 | 000,000,443 | ---- | M] () MD5=A7B8CF80822471C68F3A7CFCEB3E77B6 -- C:\Users\Marco-FD\Documents\My Documents\My Webs\marco\_overlay\_vti_cnf\services.htm_nav_blends010_hbtn.gif
< MD5 for: SERVICES.HTM_NAV_BLENDS010_VBTN.GIF >
[2000/11/16 11:30:08 | 000,000,142 | ---- | M] () MD5=5469E0F6615953C7F7CF160A782269AD -- C:\Users\Marco-FD\Documents\My Documents\My Webs\marco\_overlay\services.htm_nav_blends010_vbtn.gif
[2000/11/16 11:30:10 | 000,000,443 | ---- | M] () MD5=738B1D74184FC6AC9D6AE1CB83E9C39D -- C:\Users\Marco-FD\Documents\My Documents\My Webs\marco\_overlay\_vti_cnf\services.htm_nav_blends010_vbtn.gif
< MD5 for: SERVICES.LNK >
[2008/09/26 11:58:59 | 000,001,688 | ---- | M] () MD5=CBC1C0134FE1F95F3AC15F1EAB4625D7 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/09/26 11:58:59 | 000,001,688 | ---- | M] () MD5=CBC1C0134FE1F95F3AC15F1EAB4625D7 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
< MD5 for: SERVICES.MOF >
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.mof
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof
< MD5 for: SERVICES.MSC >
[2006/11/02 07:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/18 16:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 07:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 16:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6000.16386_none_cd2d20a848cfd40f\services.msc
[2006/09/18 16:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc
< MD5 for: WINLOGON.EXE >
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 04:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 02:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< MD5 for: WINLOGON.EXE.MUI >
[2008/01/19 02:40:57 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=26AC28BF50DC112BAA794A83E08588F0 -- C:\Windows\System32\en-US\winlogon.exe.mui
[2008/01/19 02:40:57 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=26AC28BF50DC112BAA794A83E08588F0 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6001.18000_en-us_caf8918b0416723a\winlogon.exe.mui
[2006/11/02 07:40:50 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=A1D2856F3EC3C86EBBF1442B0245A8B3 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6000.16386_en-us_c8c1cf8f072b6166\winlogon.exe.mui
< MD5 for: WINLOGON.EXE-B020DC41.PF >
[2013/11/01 17:25:51 | 000,040,648 | ---- | M] () MD5=AE607F23DE7F6B913A322F8F5A6B1524 -- C:\Windows\Prefetch\WINLOGON.EXE-B020DC41.pf
< MD5 for: WINLOGON.MOF >
[2006/09/18 16:41:56 | 000,002,794 | ---- | M] () MD5=545C578F290B9CDD280966939935B9EA -- C:\Windows\System32\wbem\winlogon.mof
[2006/09/18 16:41:56 | 000,002,794 | ---- | M] () MD5=545C578F290B9CDD280966939935B9EA -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.0.6000.16386_none_7e0207d478fccc94\winlogon.mof
< %SYSTEMDRIVE%\*.* >
[2010/03/23 19:02:49 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/06/11 19:36:06 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2006/12/07 13:24:36 | 000,241,664 | ---- | M] (Alcor Micro, Corp.) -- C:\EMicon.dll
[2013/11/01 09:05:43 | 937,943,040 | -HS- | M] () -- C:\hiberfil.sys
[2008/01/16 23:15:08 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/01/18 20:05:12 | 000,000,198 | ---- | M] () -- C:\log.txt
[2008/12/01 10:02:25 | 000,000,152 | ---- | M] () -- C:\lxdc.log
[2008/01/16 23:15:08 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013/11/01 09:05:41 | 1251,749,888 | -HS- | M] () -- C:\pagefile.sys
[2007/05/29 12:55:36 | 000,000,163 | ---- | M] () -- C:\power2go.log
[2007/05/29 12:43:56 | 000,000,345 | ---- | M] () -- C:\RHDSetup.log
[2013/10/30 19:58:21 | 000,004,016 | ---- | M] () -- C:\TDSSKiller.3.0.0.14_30.10.2013_19.56.01_log.txt
[2013/10/30 20:05:52 | 000,341,818 | ---- | M] () -- C:\TDSSKiller.3.0.0.14_30.10.2013_20.00.14_log.txt
[2013/10/30 20:08:40 | 000,174,890 | ---- | M] () -- C:\TDSSKiller.3.0.0.14_30.10.2013_20.06.28_log.txt
[2011/05/05 15:25:10 | 000,558,232 | ---- | M] () -- C:\Temp
< %systemroot%\Fonts\*.com >
[2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/01/03 17:03:10 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/01/16 12:26:40 | 000,019,456 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\system32\spool\prtprocs\w32x86\clpa1pc.dll
[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 21:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2003/01/13 12:19:58 | 000,106,496 | ---- | M] () -- C:\Windows\UPSCR.Scr
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2008/09/26 11:59:43 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 427A-20F7
Directory of C:\
09/28/2007 03:39 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
09/28/2007 03:39 PM <JUNCTION> Application Data [C:\ProgramData]
09/28/2007 03:39 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
09/28/2007 03:39 PM <JUNCTION> Documents [C:\Users\Public\Documents]
09/28/2007 03:39 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
09/28/2007 03:39 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
09/28/2007 03:39 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
09/28/2007 03:39 PM <SYMLINKD> All Users [C:\ProgramData]
09/28/2007 03:39 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
09/28/2007 03:39 PM <JUNCTION> Application Data [C:\ProgramData]
09/28/2007 03:39 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
09/28/2007 03:39 PM <JUNCTION> Documents [C:\Users\Public\Documents]
09/28/2007 03:39 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
09/28/2007 03:39 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
09/28/2007 03:39 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
09/28/2007 03:39 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
09/28/2007 03:39 PM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
09/28/2007 03:39 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
09/28/2007 03:39 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
09/28/2007 03:39 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
09/28/2007 03:39 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
09/28/2007 03:39 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
09/28/2007 03:39 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
09/28/2007 03:39 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
09/28/2007 03:39 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
09/28/2007 03:39 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
09/28/2007 03:39 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
09/28/2007 03:39 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
09/28/2007 03:39 PM <JUNCTION> My Music [C:\Users\Default\Music]
09/28/2007 03:39 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
09/28/2007 03:39 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\EMachUser
09/28/2007 03:43 PM <JUNCTION> Application Data [C:\Users\EMachUser\AppData\Roaming]
09/28/2007 03:43 PM <JUNCTION> Cookies [C:\Users\EMachUser\AppData\Roaming\Microsoft\Windows\Cookies]
09/28/2007 03:43 PM <JUNCTION> Local Settings [C:\Users\EMachUser\AppData\Local]
09/28/2007 03:43 PM <JUNCTION> My Documents [C:\Users\EMachUser\Documents]
09/28/2007 03:43 PM <JUNCTION> NetHood [C:\Users\EMachUser\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
09/28/2007 03:43 PM <JUNCTION> PrintHood [C:\Users\EMachUser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
09/28/2007 03:43 PM <JUNCTION> Recent [C:\Users\EMachUser\AppData\Roaming\Microsoft\Windows\Recent]
09/28/2007 03:43 PM <JUNCTION> SendTo [C:\Users\EMachUser\AppData\Roaming\Microsoft\Windows\SendTo]
09/28/2007 03:43 PM <JUNCTION> Start Menu [C:\Users\EMachUser\AppData\Roaming\Microsoft\Windows\Start Menu]
09/28/2007 03:43 PM <JUNCTION> Templates [C:\Users\EMachUser\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\EMachUser\AppData\Local
09/28/2007 03:43 PM <JUNCTION> Application Data [C:\Users\EMachUser\AppData\Local]
09/28/2007 03:43 PM <JUNCTION> History [C:\Users\EMachUser\AppData\Local\Microsoft\Windows\History]
09/28/2007 03:43 PM <JUNCTION> Temporary Internet Files [C:\Users\EMachUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\EMachUser\Documents
09/28/2007 03:43 PM <JUNCTION> My Music [C:\Users\EMachUser\Music]
09/28/2007 03:43 PM <JUNCTION> My Pictures [C:\Users\EMachUser\Pictures]
09/28/2007 03:43 PM <JUNCTION> My Videos [C:\Users\EMachUser\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Marco-FD
02/01/2008 11:40 AM <JUNCTION> Application Data [C:\Users\Marco-FD\AppData\Roaming]
02/01/2008 11:40 AM <JUNCTION> Cookies [C:\Users\Marco-FD\AppData\Roaming\Microsoft\Windows\Cookies]
02/01/2008 11:40 AM <JUNCTION> Local Settings [C:\Users\Marco-FD\AppData\Local]
02/01/2008 11:40 AM <JUNCTION> My Documents [C:\Users\Marco-FD\Documents]
02/01/2008 11:40 AM <JUNCTION> NetHood [C:\Users\Marco-FD\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
02/01/2008 11:40 AM <JUNCTION> PrintHood [C:\Users\Marco-FD\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02/01/2008 11:40 AM <JUNCTION> Recent [C:\Users\Marco-FD\AppData\Roaming\Microsoft\Windows\Recent]
02/01/2008 11:40 AM <JUNCTION> SendTo [C:\Users\Marco-FD\AppData\Roaming\Microsoft\Windows\SendTo]
02/01/2008 11:40 AM <JUNCTION> Start Menu [C:\Users\Marco-FD\AppData\Roaming\Microsoft\Windows\Start Menu]
02/01/2008 11:40 AM <JUNCTION> Templates [C:\Users\Marco-FD\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Marco-FD\AppData\Local
02/01/2008 11:40 AM <JUNCTION> Application Data [C:\Users\Marco-FD\AppData\Local]
02/01/2008 11:40 AM <JUNCTION> History [C:\Users\Marco-FD\AppData\Local\Microsoft\Windows\History]
02/01/2008 11:40 AM <JUNCTION> Temporary Internet Files [C:\Users\Marco-FD\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Marco-FD\Documents
02/01/2008 11:40 AM <JUNCTION> My Music [C:\Users\Marco-FD\Music]
02/01/2008 11:40 AM <JUNCTION> My Pictures [C:\Users\Marco-FD\Pictures]
02/01/2008 11:40 AM <JUNCTION> My Videos [C:\Users\Marco-FD\Videos]
0 File(s) 0 bytes
Directory of C:\Users\mark
12/08/2008 11:14 AM <JUNCTION> Application Data [C:\Users\mark\AppData\Roaming]
12/08/2008 11:14 AM <JUNCTION> Cookies [C:\Users\mark\AppData\Roaming\Microsoft\Windows\Cookies]
12/08/2008 11:14 AM <JUNCTION> Local Settings [C:\Users\mark\AppData\Local]
12/08/2008 11:14 AM <JUNCTION> My Documents [C:\Users\mark\Documents]
12/08/2008 11:14 AM <JUNCTION> NetHood [C:\Users\mark\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
12/08/2008 11:14 AM <JUNCTION> PrintHood [C:\Users\mark\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
12/08/2008 11:14 AM <JUNCTION> Recent [C:\Users\mark\AppData\Roaming\Microsoft\Windows\Recent]
12/08/2008 11:14 AM <JUNCTION> SendTo [C:\Users\mark\AppData\Roaming\Microsoft\Windows\SendTo]
12/08/2008 11:14 AM <JUNCTION> Start Menu [C:\Users\mark\AppData\Roaming\Microsoft\Windows\Start Menu]
12/08/2008 11:14 AM <JUNCTION> Templates [C:\Users\mark\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\mark\AppData\Local
12/08/2008 11:14 AM <JUNCTION> Application Data [C:\Users\mark\AppData\Local]
12/08/2008 11:14 AM <JUNCTION> History [C:\Users\mark\AppData\Local\Microsoft\Windows\History]
12/08/2008 11:14 AM <JUNCTION> Temporary Internet Files [C:\Users\mark\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\mark\Documents
12/08/2008 11:14 AM <JUNCTION> My Music [C:\Users\mark\Music]
12/08/2008 11:14 AM <JUNCTION> My Pictures [C:\Users\mark\Pictures]
12/08/2008 11:14 AM <JUNCTION> My Videos [C:\Users\mark\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
09/28/2007 03:39 PM <JUNCTION> My Music [C:\Users\Public\Music]
09/28/2007 03:39 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
09/28/2007 03:39 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
82 Dir(s) 85,142,859,776 bytes free
< %systemroot%\System32\config\*.sav >
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
[2010/12/09 11:58:18 | 000,204,800 | ---- | M] () -- C:\Windows\system32\cert7.db
[2010/12/09 11:58:18 | 000,016,384 | ---- | M] () -- C:\Windows\system32\KEY3.DB
[2010/12/09 11:58:20 | 000,016,384 | ---- | M] () -- C:\Windows\system32\SECMOD.DB
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/04/02 15:49:10 | 000,000,286 | -HS- | M] () -- C:\Users\EMachUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
< %USERPROFILE%\Desktop\*.exe >
[2013/11/01 13:23:14 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\EMachUser\Desktop\aswMBR.exe
[2013/11/01 16:30:06 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\EMachUser\Desktop\erunt-setup.exe
[2013/11/01 13:23:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\EMachUser\Desktop\OTL.exe
[2013/11/01 13:22:33 | 000,891,184 | ---- | M] () -- C:\Users\EMachUser\Desktop\SecurityCheck.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2013-11-01 15:50:38
========== Base Services ==========
SRV - [2006/11/02 04:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2008/01/19 02:33:43 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2008/01/19 02:33:01 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2009/04/11 01:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2009/04/11 01:28:18 | 000,334,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/16 09:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/04/11 01:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2008/01/19 02:33:49 | 000,081,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2013/07/07 23:16:55 | 000,133,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/04/11 01:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/04/11 01:28:18 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2011/03/02 10:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/01/19 02:34:08 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/04/11 01:28:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2008/01/19 02:34:34 | 000,288,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/04/11 01:28:20 | 000,364,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/04/11 01:28:24 | 000,311,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2008/01/19 02:34:49 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2008/01/19 02:35:36 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2008/01/19 02:35:36 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2008/01/19 02:35:38 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2008/01/19 02:35:57 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2009/04/11 01:28:25 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/08/17 09:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/16 09:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2009/04/11 01:28:19 | 000,564,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2008/01/19 02:36:15 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009/04/11 01:28:24 | 000,262,144 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009/04/11 01:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2008/01/19 02:36:20 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/16 09:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/04/11 01:28:26 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/09/06 11:20:29 | 000,125,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/10 06:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/04/11 01:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2010/11/04 13:55:12 | 000,601,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2009/04/11 01:28:24 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/10 06:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (Themes)
SRV - [2009/04/11 01:28:23 | 000,153,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/04/11 01:28:10 | 001,055,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2009/04/11 01:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/04/11 01:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2008/01/19 02:36:20 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/11 01:28:25 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)
SRV - [2009/04/11 01:28:20 | 000,407,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2009/04/11 01:28:25 | 000,453,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (stisvc)
SRV - [2009/04/11 01:27:45 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/04/11 01:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 17:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/04/11 01:28:18 | 000,175,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/11 14:01:42 | 000,513,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/06/10 06:42:23 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)
========== Drive Information ==========
Physical Drives
---------------
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST316081 5AS SCSI Disk Device
Partitions: 2
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: Generic USB SD Reader USB Device
Partitions: 0
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE2 -
Interface type: USB
Media Type:
Model: Generic USB CF Reader USB Device
Partitions: 0
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE3 -
Interface type: USB
Media Type:
Model: Generic USB SM Reader USB Device
Partitions: 0
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE4 -
Interface type: USB
Media Type:
Model: Generic USB MS Reader USB Device
Partitions: 0
Status: OK
Status Info: 0
Partitions
---------------
DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 10.00GB
Starting Offset: 32256
Hidden sectors: 0
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 139.00GB
Starting Offset: 10553034240
Hidden sectors: 0
========== Alternate Data Streams ==========
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2615E8F1
< End of report >
EXTRA:
OTL Extras logfile created on: 11/1/2013 2:26:02 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\EMachUser\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
893.76 Mb Total Physical Memory | 450.62 Mb Available Physical Memory | 50.42% Memory free
2.00 Gb Paging File | 1.23 Gb Available in Paging File | 61.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.22 Gb Total Space | 80.32 Gb Free Space | 57.70% Space Free | Partition Type: NTFS
Drive D: | 9.83 Gb Total Space | 4.41 Gb Free Space | 44.88% Space Free | Partition Type: NTFS
Computer Name: FRONTDESK | User Name: EMachUser | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1C142CD8-3AAF-4414-9B78-F3E7A885E1B1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{28AE5399-8284-4AE1-A1E5-5074DFAA73B7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{31CBE75D-12DF-4372-A02E-AAC068B76AE6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3DB03933-087D-4B85-AB78-1C95E2F1A00C}" = lport=445 | protocol=6 | dir=in | app=system |
"{8333C903-0940-4E19-BF5E-A581354D1F04}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8D841A75-A5E1-405F-BB48-E3B748691F01}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B79E1C1D-9DD1-43F7-AB0A-548E7FE0D5C3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D958C058-C660-4B6C-AAB3-C11B927C1456}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DC6F9548-74DC-473E-B31F-FCCD61C93CC5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F076A7E2-8005-409D-B62A-D1F6CC00177C}" = lport=10243 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1F5BD914-8A5E-4C87-91CF-0B676FCDBD77}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{200B3252-BA0D-451E-A300-DDD9A8C52160}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2FFC1D42-D086-4C32-BC12-8FBC592F281E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3B79FF0D-9641-4816-A517-FFA5C6964B1E}" = protocol=6 | dir=in | app=c:\program files\lexmark 1300 series\lxdcamon.exe |
"{402DE45A-AD76-43D9-B5D7-51B0756CE8F7}" = protocol=17 | dir=in | app=c:\windows\system32\lxdccoms.exe |
"{478CD000-BA2B-47EE-89BA-C236DCF07E48}" = protocol=17 | dir=in | app=c:\program files\lexmark 1300 series\lxdcamon.exe |
"{51539436-79E2-41FD-B1F3-6BA7682091F3}" = protocol=17 | dir=in | app=c:\windows\aromis.exe |
"{58A690B9-2C49-44B1-B203-D8E9BFA152CF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5BD5B2B1-5349-498D-AFF9-0614FE9D786D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5FA7BE39-4919-49D8-A57C-8E7C85BC4A17}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{63E4F19A-184B-478A-9493-2A73CED95188}" = protocol=17 | dir=in | app=c:\program files\lexmark 1300 series\app4r.exe |
"{79B82E60-B1E9-4EE1-920C-4E495891C371}" = protocol=6 | dir=in | app=c:\windows\system32\lxdccoms.exe |
"{822F5359-1D13-47B2-8A6D-F73D85DB8B12}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8D73C3E4-D269-41A9-959E-CB44FB7EE40D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B0EF4FA3-0067-42B5-B5CB-BA1670680A1B}" = protocol=6 | dir=in | app=c:\windows\aromis.exe |
"{BE38CABB-6364-41F5-BA5B-6137D01FD397}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdcjswx.exe |
"{C4461222-A43B-4F30-AE04-D4CD08409427}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdctime.exe |
"{C541C045-29DF-42A6-990A-998E30C2A6CF}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdcjswx.exe |
"{CEF106F8-0C69-4376-B255-65037795791D}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdctime.exe |
"{D121351C-3131-488D-8AE7-FEC31FD9CD34}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdcpswx.exe |
"{D1C1A9DC-430C-4FF1-B42D-BC17733F00B9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DE47A74D-C99F-425C-90E2-F5FEAE9D24F2}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdcpswx.exe |
"{E2D8264F-B65D-4972-97DD-2F5EF2315FAD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F58EB561-1D17-4547-829F-A2CEC16B979A}" = protocol=6 | dir=out | app=system |
"{F5A8711F-9F69-41A8-B73A-B6AEF39321F4}" = protocol=6 | dir=in | app=c:\program files\lexmark 1300 series\app4r.exe |
"{F64130FD-F023-40BF-BE37-25E730407931}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{0198B350-016B-43D7-9720-C8D8FA128C74}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{F9CBFF89-134B-4FCE-B388-91F42B7076EA}C:\program files\lexmark 1300 series\lxdcamon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 1300 series\lxdcamon.exe |
"UDP Query User{35A64618-15EE-4670-A8D5-70A259799559}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{70ABBAB4-A5DD-48F2-98FC-1914D91590B6}C:\program files\lexmark 1300 series\lxdcamon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 1300 series\lxdcamon.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A3238D7-AA32-1030-B717-F3E3F18B4A8C}" = Pervasive PSQL v10 SP3 Client (32-bit)
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1FAF0F08-7120-4192-BF6A-B1EC7E26A935}" = UPSVCMM
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A033A00-FE0D-4609-B0E8-2C49CC494FC8}" = WorldShip
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (UPSWSDBSERVER)
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33035862-543C-4405-9CC6-08593CF2C25F}" = ReportServer
"{34FF0741-EC67-4C05-AC2A-6D257123DF2E}" = BigFix
"{390160B4-D276-4A04-8002-8D3101A0D367}" = UPSICC
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CEA4CA8-CDD4-451C-B673-E8F17BE01B15}" = Ulead COOL 360 1.0
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{44C05309-60F4-410B-BC32-31733CFF1A41}" = Microsoft Digital Image Starter Edition 2006 Editor
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{4AE3EAC8-FAD9-4ECC-A339-BBAD8C72DE71}" = UPSDB
"{4FE542EB-FF0B-4739-94DD-25C8AE0AB251}" = Microsoft Digital Image Starter Edition 2006 Library
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B59C2A-EFB8-44AC-88F5-3280171E4522}" = PolicyManager
"{5AE59A84-B2F3-42CC-A246-5AF80F6EE770}" = Reconciler
"{65A35D6C-C10D-4C6D-9DAA-682EED0422C8}" = AlignmentUtility
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{68AF09E3-1167-4771-903C-CCCDCF7E171C}" = NRF
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}" = Ulead VideoStudio 7 SE VCD
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = eMachines Recovery Center Installer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C5BD501-AD5D-4A75-9321-076509B438FC}" = WebHelp
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91B3BEC8-748B-4912-82ED-29D38E140B2A}" = Linkit_eBay
"{95749C5B-BC37-41E3-8D39-EEF4C21A2825}" = CCC
"{95BFC573-7D09-46C9-B458-A75BA947FFCB}" = UPSVC2008MM
"{96327C3C-96BE-4C7A-A6F7-A71635E5949A}" = Microsoft SQL Server 2005 Backward compatibility
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5763105-D1D5-4862-A3FE-EC058F9AA73E}" = ICCHelp
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABD8CD0D-613A-4516-A5F9-1931CFE7604F}" = Brother HL-5370DW
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BC728F95-2D3F-4D05-9E1E-F2A3CEBF3FE8}" = FormsComponent
"{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"{C23415D8-FE94-4F52-B5C4-0FFA2202C6D9}" = UPSVCMM
"{C30E30A6-0AB5-470A-AB67-D322938F5429}" = SupportUtility
"{C62D7344-8709-4443-9C95-F90659CBC27F}" = Art Explosion Publisher Pro
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{C9D43B38-34AD-4EC2-B696-46F42D49D174}" = MSIChecker
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF2962CB-E3E7-4AA5-B6CE-EE59A600ECBE}" = UnifiedPrinting
"{D271DAE0-8D68-4C97-8356-A126D48A1D8C}" = Ulead Photo Explorer 8.0 SE Basic
"{D44E7219-947E-4F1B-830E-66EF11ACC543}" = NA1Messenger
"{DB2C58E0-6284-4B48-97F2-22A980B6360B}" = System
"{DF86A72C-4585-4D75-B592-968C8C6604A1}" = eMachines Connect
"{E358CC1E-4953-4E27-ADEB-8B27D8BBC20E}" = UPSlinkHTTP
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EA9629DA-5715-48BA-B054-28169702B176}" = FOSS
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4FDE018-28CF-47AC-9B01-E5F63D9F5BC1}" = ImpExpSafety
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"Cakewalk Pro Audio 9" = Cakewalk Pro Audio 9
"CodInstl" = Intel A/V Codecs V2.0
"Collab" = Collab
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDXCopy" = DVDXCopy 1.3 b630 (remove only)
"eMachines Game Console" = eMachines Game Console
"ERUNT_is1" = ERUNT 1.1j
"exPressit S.E. 2.2" = exPressit S.E. 2.2
"Google Desktop" = Google Desktop
"Indeo® Software" = Indeo® Software
"InstallShield_{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Money2006b" = Microsoft Money 2006
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"NexGen Media Player" = NexGen Media Player - a modern video player
"NimoCorp" = Nimo Codecs Pack v4.33 (Remove Only)
"NVIDIA Drivers" = NVIDIA Drivers
"Pervasive PSQL v10 SP3 Client (32-bit)" = Pervasive PSQL v10 SP3 Client (32-bit)
"PictureItSuiteTrial_v12" = Microsoft Digital Image Starter Edition 2006
"Samsung CLP-510 Series" = Samsung CLP-510 Series
"SHARP MX-2300 2700 3500 4500 Series PC-Fax Driver" = SHARP MX/DX Series PC-Fax Driver
"SHARP MX-2300 2700 3500 4500 Series PCL PS Printer Driver" = SHARP MX/DX Series PCL/PS Printer Driver
"Swift Browse" = Swift Browse 3.0.0
"UPS WorldShip" = UPS WorldShip
"VivTV" = VivTV
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WinPcapInst" = WinPcap 4.0.2
"Wireshark" = Wireshark 1.0.4
"WT021681" = FATE
"WT021906" = Bejeweled 2 Deluxe
"WT021907" = Blackhawk Striker 2
"WT021908" = Blasterball 3
"WT021909" = Diner Dash - Flo on the Go
"WT021910" = Family Feud 2
"WT021912" = Penguins!
"WT021913" = Polar Bowler
"WT021914" = Polar Golfer
"WT022435" = Tradewinds
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10/31/2013 6:27:48 PM | Computer Name = FrontDesk | Source = Windows Search Service | ID = 3013
Description =
Error - 11/1/2013 9:36:26 AM | Computer Name = FrontDesk | Source = MSSQL$UPSWSDBSERVER | ID = 9003
Description = The log scan number (165:48:1) passed to log scan in database 'model'
is not valid. This error may indicate data corruption or that the log file (.ldf)
does not match the data file (.mdf). If this error occurred during replication,
re-create the publication. Otherwise, restore from backup if the problem results
in a failure during startup.
Error - 10/31/2013 3:10:50 PM | Computer Name = FrontDesk | Source = Windows Search Service | ID = 3013
Description =
Error - 10/31/2013 9:41:46 PM | Computer Name = FrontDesk | Source = Windows Search Service | ID = 3013
Description =
Error - 10/31/2013 9:46:16 PM | Computer Name = FrontDesk | Source = Windows Search Service | ID = 3013
Description =
Error - 10/31/2013 9:46:21 PM | Computer Name = FrontDesk | Source = Windows Search Service | ID = 3013
Description =
Error - 10/31/2013 9:46:28 PM | Computer Name = FrontDesk | Source = Windows Search Service | ID = 3013
Description =
Error - 10/31/2013 9:49:44 PM | Computer Name = FrontDesk | Source = Windows Search Service | ID = 3013
Description =
Error - 10/31/2013 10:04:19 PM | Computer Name = FrontDesk | Source = Windows Search Service | ID = 3013
Description =
Error - 11/1/2013 10:06:37 AM | Computer Name = FrontDesk | Source = MSSQL$UPSWSDBSERVER | ID = 9003
Description = The log scan number (165:48:1) passed to log scan in database 'model'
is not valid. This error may indicate data corruption or that the log file (.ldf)
does not match the data file (.mdf). If this error occurred during replication,
re-create the publication. Otherwise, restore from backup if the problem results
in a failure during startup.
[ Media Center Events ]
Error - 1/20/2008 2:27:31 AM | Computer Name = DRR | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide
Error - 1/24/2008 11:15:41 PM | Computer Name = DRR | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide
Error - 1/24/2008 11:28:36 PM | Computer Name = DRR | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide
Error - 2/1/2008 11:40:32 PM | Computer Name = Frosty-F | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide
Error - 6/3/2008 3:23:43 PM | Computer Name = Frosty-F | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 6/11/2009 4:44:06 PM | Computer Name = FrontDesk | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 6/3/2011 9:42:31 AM | Computer Name = FrontDesk | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide
[ System Events ]
Error - 11/1/2013 9:37:40 AM | Computer Name = FrontDesk | Source = Service Control Manager | ID = 7000
Description =
Error - 11/1/2013 9:37:40 AM | Computer Name = FrontDesk | Source = Service Control Manager | ID = 7024
Description =
Error - 11/1/2013 9:37:40 AM | Computer Name = FrontDesk | Source = Service Control Manager | ID = 7026
Description =
Error - 10/31/2013 10:45:56 AM | Computer Name = FrontDesk | Source = DCOM | ID = 10010
Description =
Error - 11/1/2013 10:06:44 AM | Computer Name = FrontDesk | Source = W32Time | ID = 39452706
Description = The time service has detected that the system time needs to be changed
by +349187 seconds. The time service will not change the system time by more than
+54000 seconds. Verify that your time and time zone are correct, and that the time
source time.windows.com,time.nist.gov (ntp.m|0x0|0.0.0.0:123->65.55.56.206:123)
is working properly.
Error - 11/1/2013 10:07:31 AM | Computer Name = FrontDesk | Source = Service Control Manager | ID = 7000
Description =
Error - 11/1/2013 10:07:31 AM | Computer Name = FrontDesk | Source = Service Control Manager | ID = 7000
Description =
Error - 11/1/2013 10:07:31 AM | Computer Name = FrontDesk | Source = Service Control Manager | ID = 7026
Description =
Error - 11/1/2013 10:07:31 AM | Computer Name = FrontDesk | Source = Service Control Manager | ID = 7024
Description =
Error - 11/1/2013 10:16:29 AM | Computer Name = FrontDesk | Source = DCOM | ID = 10010
Description =
< End of report >
Hi Frosty,
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Uninstall via Add/Remove Programs
Please go to Start > Control Panel > Add Remove Programs.
Locate the following programs: (if present)
Swift Browse 3.0.0
Click Remove and allow Windows to completely remove each one in turn.
Then reboot your computer to complete this part of the process.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) AdwCleaner v3: Scan & Clean (http://www.bleepingcomputer.com/download/adwcleaner/)
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
Click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that log file in your next reply.
A copy of that log file will also be saved in the C:\AdwCleaner folder.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Junkware Removal Tool
Download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Shut down your protection software now to avoid potential conflicts.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) Run OTL.exe
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKxdm011YYUS&fl=0&ptb=4vJSZENCg_19vR6GCO1.eg&url=http://search.mywebsearch.com/mywebsearch/GGmain.jhtml&st=sb&searchfor={searchTerms}&si=137395&n=77ce820b
IE - HKCU\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKxdm011YYUS&fl=0&ptb=4vJSZENCg_19vR6GCO1.eg&url=http://search.mywebsearch.com/mywebsearch/GGmain.jhtml&st=sb&searchfor={searchTerms}&si=137395&n=77ce820b
O2 - BHO: (Swift Browse) - {808dc83c-d35b-4fba-a5b5-9a52103204df} - C:\Program Files\Swift Browse\SwiftBrowseBHO.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No CLSID value found.
:Files
C:\Program Files\Swift Browse\bin\utilSwiftBrowse.exe
C:\Program Files\Swift Browse\updateSwiftBrowse.exe
:Services
Util Swift Browse
Update Swift Browse
:Commands
[purity]
[createrestorepoint]
[emptyjava]
[emptyflash]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then re-run OTL and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
=========================
Locate this log and post it in your next reply.
C:\TDSSKiller.3.0.0.14_30.10.2013_19.56.01_log.txt
=========================
In your next post please provide the following:
AdwCleaner[S0].txt
JRT.txt
New OTL.txt
TDSSKiller.3.0.0.14_30.10.2013_19.56.01_log.txt
What symptoms are you experiencing?
Hay OCD,
There was no Swift Browser in the Add/Remove.
Here is AdwCleaner:
# AdwCleaner v3.011 - Report created 01/11/2013 at 08:57:38
# Updated 03/11/2013 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : EMachUser - FRONTDESK
# Running from : C:\Users\EMachUser\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
[#] Service Deleted : Update Swift Browse
[#] Service Deleted : Util Swift Browse
***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files\Swift Browse
Folder Deleted : C:\Users\EMachUser\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\EMachUser\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\mark\AppData\LocalLow\MyWebSearch
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProductsInstaller.Start
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProductsInstaller.Start.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Key Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{808DC83C-D35B-4FBA-A5B5-9A52103204DF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D4DB7D0-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{808DC83C-D35B-4FBA-A5B5-9A52103204DF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{808DC83C-D35B-4FBA-A5B5-9A52103204DF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{808DC83C-D35B-4FBA-A5B5-9A52103204DF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
Key Deleted : HKCU\Software\MyWebSearch
Key Deleted : HKCU\Software\Swift Browse
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Deleted : HKLM\Software\FocusInteractive
Key Deleted : HKLM\Software\Fun Web Products
Key Deleted : HKLM\Software\FunWebProducts
Key Deleted : HKLM\Software\MyWebSearch
Key Deleted : HKLM\Software\Swift Browse
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Swift Browse
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16514
*************************
AdwCleaner[R0].txt - [4587 octets] - [01/11/2013 08:55:55]
AdwCleaner[S0].txt - [4626 octets] - [01/11/2013 08:57:38]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4686 octets] ##########
OTL:
OTL logfile created on: 11/1/2013 9:35:37 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\EMachUser\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
893.76 Mb Total Physical Memory | 290.25 Mb Available Physical Memory | 32.47% Memory free
2.00 Gb Paging File | 1.15 Gb Available in Paging File | 57.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.22 Gb Total Space | 78.56 Gb Free Space | 56.43% Space Free | Partition Type: NTFS
Drive D: | 9.83 Gb Total Space | 4.41 Gb Free Space | 44.88% Space Free | Partition Type: NTFS
Computer Name: FRONTDESK | User Name: EMachUser | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\EMachUser\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Users\EMachUser\AppData\Local\NexGenMediaPlayer\NexGenMediaPlayerApp.exe ()
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\wmi32.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files\Windows Calendar\WinCal.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f453ecc6bb7fc8d52d61247676944623\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\73d9bc894522543b561a0342dac87c06\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e77e7cdf3072d5a658832b8863ff439e\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09f5b3f7a363b742a73937e818595597\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c0df7e124d8d5e2821fd7d3921d404f7\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\1eff630f4194c74287d1dd4a859693f7\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll ()
MOD - C:\Users\EMachUser\AppData\Local\NexGenMediaPlayer\NexGenMediaPlayerApp.exe ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
========== Services (SafeList) ==========
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (GameConsoleService) -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (rpcapd) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (MSSQL$UPSWSDBSERVER) -- c:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
========== Driver Services (SafeList) ==========
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (USB_RNDIS) -- C:\Windows\System32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (txtidwow) -- C:\Windows\System32\drivers\txtidwow.sys ()
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (NETw2v32) -- C:\Windows\System32\drivers\NETw2v32.sys (Intel® Corporation)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (Cdralw2k) -- C:\Windows\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\Windows\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (DeviceGuys, Inc.)
DRV - (BrPar) -- C:\Windows\System32\drivers\BRPAR.SYS (Brother Industries Ltd.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5062
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5062
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{D98FBCDE-CE80-40BC-A775-1E7901C4A600}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {676FC0DB-138B-4F55-9F2F-2BE262E72B4E}
IE - HKCU\..\SearchScopes\{676FC0DB-138B-4F55-9F2F-2BE262E72B4E}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{D98FBCDE-CE80-40BC-A775-1E7901C4A600}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/09/04 12:35:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012/09/04 12:35:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012/09/04 12:35:33 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll (Gateway Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - Startup: C:\Users\EMachUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\EMachUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexGen Media Player.lnk = C:\Users\EMachUser\AppData\Local\NexGenMediaPlayer\NexGenMediaPlayerApp.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D122C78F-1EB5-4E6F-B163-D2F3CBC3B553}: DhcpNameServer = 68.94.156.1 68.94.157.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/23 19:02:49 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 04:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{5e094961-2908-11dc-ab3e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5e094961-2908-11dc-ab3e-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SPSETUP.EXE
O33 - MountPoints2\{88f79cf2-40f8-11df-8291-001bb95f5c4b}\Shell - "" = AutoRun
O33 - MountPoints2\{88f79cf2-40f8-11df-8291-001bb95f5c4b}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/11/01 16:32:59 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013/11/01 16:30:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/11/01 16:30:38 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2013/11/01 16:30:01 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\EMachUser\Desktop\erunt-setup.exe
[2013/11/01 15:31:01 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\EMachUser\Desktop\dds.scr
[2013/11/01 15:09:17 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013/11/01 15:09:17 | 000,000,000 | ---D | C] -- C:\Users\EMachUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/11/01 13:23:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\EMachUser\Desktop\OTL.exe
[2013/11/01 13:22:51 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\EMachUser\Desktop\aswMBR.exe
[2013/11/01 09:19:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/01 09:09:09 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/01 09:06:06 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\EMachUser\Desktop\JRT.exe
[2013/11/01 08:55:37 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/31 10:34:34 | 000,000,000 | ---D | C] -- C:\564c0b1906d847d402cfc34485e17a
[2013/10/31 10:27:38 | 000,000,000 | ---D | C] -- C:\72018930be9e0dffa9df21
[2013/10/30 23:11:26 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/10/30 22:48:56 | 000,000,000 | ---D | C] -- C:\Users\EMachUser\Desktop\RK_Quarantine
[2013/10/30 09:02:07 | 000,000,000 | ---D | C] -- C:\Users\EMachUser\AppData\Roaming\Malwarebytes
[2013/10/30 09:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/10/30 09:00:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/10/29 17:31:01 | 000,000,000 | ---D | C] -- C:\Users\EMachUser\Documents\NexGen Media Player
[2013/10/11 10:44:44 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/10/11 10:44:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/10/11 10:44:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/10/11 10:44:42 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/10/11 10:44:41 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/10/11 10:44:40 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/10/11 10:44:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/10/11 10:44:38 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/10/10 15:45:17 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/10/10 15:45:16 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013/10/10 15:45:15 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013/10/10 15:45:15 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013/10/10 15:45:15 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013/10/10 15:45:15 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013/10/10 15:45:14 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013/10/10 15:45:14 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013/10/10 15:45:10 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013/10/10 15:45:09 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013/10/10 15:45:05 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013/10/10 15:45:02 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2013/10/10 15:44:58 | 002,050,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/10/10 15:44:28 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2013/10/10 15:44:28 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2013/10/10 15:42:39 | 000,025,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2007/12/16 17:49:08 | 000,147,456 | ---- | C] (Info-ZIP) -- C:\Users\EMachUser\vbzip10.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/11/01 16:30:47 | 000,000,913 | ---- | M] () -- C:\Users\EMachUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/11/01 16:30:38 | 000,000,714 | ---- | M] () -- C:\Users\EMachUser\Desktop\ERUNT.lnk
[2013/11/01 16:30:06 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\EMachUser\Desktop\erunt-setup.exe
[2013/11/01 15:31:11 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\EMachUser\Desktop\dds.scr
[2013/11/01 15:17:44 | 000,000,553 | ---- | M] () -- C:\Users\EMachUser\Desktop\MBR.zip
[2013/11/01 15:10:37 | 000,002,531 | ---- | M] () -- C:\Users\EMachUser\Desktop\HiJackThis.lnk
[2013/11/01 15:07:28 | 001,402,880 | ---- | M] () -- C:\Users\EMachUser\Desktop\HijackThis.msi
[2013/11/01 14:23:25 | 000,000,512 | ---- | M] () -- C:\Users\EMachUser\Desktop\MBR.dat
[2013/11/01 13:23:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\EMachUser\Desktop\OTL.exe
[2013/11/01 13:23:14 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\EMachUser\Desktop\aswMBR.exe
[2013/11/01 13:22:33 | 000,891,184 | ---- | M] () -- C:\Users\EMachUser\Desktop\SecurityCheck.exe
[2013/11/01 09:46:10 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/01 09:35:52 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/01 09:32:02 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/01 09:32:02 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/01 09:31:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/01 09:31:32 | 937,943,040 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/01 09:22:51 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/01 09:06:07 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\EMachUser\Desktop\JRT.exe
[2013/11/01 08:53:44 | 001,073,262 | ---- | M] () -- C:\Users\EMachUser\Desktop\AdwCleaner.exe
[2013/10/11 11:31:11 | 000,654,114 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/10/11 11:31:11 | 000,122,868 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/10/11 11:23:40 | 000,454,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/10/10 13:49:51 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/10/10 13:49:51 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/11/01 16:30:47 | 000,000,913 | ---- | C] () -- C:\Users\EMachUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/11/01 16:30:38 | 000,000,714 | ---- | C] () -- C:\Users\EMachUser\Desktop\ERUNT.lnk
[2013/11/01 15:17:44 | 000,000,553 | ---- | C] () -- C:\Users\EMachUser\Desktop\MBR.zip
[2013/11/01 15:09:17 | 000,002,531 | ---- | C] () -- C:\Users\EMachUser\Desktop\HiJackThis.lnk
[2013/11/01 15:06:59 | 001,402,880 | ---- | C] () -- C:\Users\EMachUser\Desktop\HijackThis.msi
[2013/11/01 14:23:25 | 000,000,512 | ---- | C] () -- C:\Users\EMachUser\Desktop\MBR.dat
[2013/11/01 13:22:28 | 000,891,184 | ---- | C] () -- C:\Users\EMachUser\Desktop\SecurityCheck.exe
[2013/11/01 08:53:43 | 001,073,262 | ---- | C] () -- C:\Users\EMachUser\Desktop\AdwCleaner.exe
[2013/10/31 11:17:39 | 937,943,040 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/10 20:50:10 | 000,017,388 | ---- | C] () -- C:\Windows\System32\usboktcp.dll
[2011/11/06 18:14:51 | 000,017,408 | ---- | C] () -- C:\Users\EMachUser\AppData\Local\WebpageIcons.db
[2011/11/06 18:11:47 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2011/11/06 18:11:46 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010/03/26 19:42:33 | 000,023,580 | ---- | C] () -- C:\Users\EMachUser\AppData\Roaming\UserTile.png
[2008/12/08 12:04:41 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/08/07 16:09:54 | 000,000,000 | ---- | C] () -- C:\Users\EMachUser\AppData\Roaming\wklnhst.dat
[2008/03/08 12:32:19 | 000,004,096 | -H-- | C] () -- C:\Users\EMachUser\AppData\Local\keyfile3.drm
[2008/03/08 11:46:08 | 000,007,268 | ---- | C] () -- C:\Users\EMachUser\AppData\Local\d3d9caps.dat
[2008/02/01 10:38:53 | 000,000,632 | RHS- | C] () -- C:\Users\EMachUser\ntuser.pol
[2008/01/30 01:23:12 | 000,008,017 | ---- | C] () -- C:\Users\EMachUser\ia_remove.sh
[2007/12/23 19:57:43 | 000,000,363 | ---- | C] () -- C:\ProgramData\lxdc
[2007/09/28 15:49:19 | 000,036,352 | ---- | C] () -- C:\Users\EMachUser\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Alternate Data Streams ==========
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2615E8F1
< End of report >
TDSSKiller:
19:56:01.0924 0x3888 TDSS rootkit removing tool 3.0.0.14 Oct 15 2013 15:35:38
19:56:12.0043 0x3888 ============================================================
19:56:12.0043 0x3888 Current date / time: 2013/10/30 19:56:12.0043
19:56:12.0043 0x3888 SystemInfo:
19:56:12.0043 0x3888
19:56:12.0043 0x3888 OS Version: 6.0.6002 ServicePack: 2.0
19:56:12.0043 0x3888 Product type: Workstation
19:56:12.0044 0x3888 ComputerName: FRONTDESK
19:56:12.0045 0x3888 UserName: EMachUser
19:56:12.0045 0x3888 Windows directory: C:\Windows
19:56:12.0045 0x3888 System windows directory: C:\Windows
19:56:12.0045 0x3888 Processor architecture: Intel x86
19:56:12.0045 0x3888 Number of processors: 1
19:56:12.0045 0x3888 Page size: 0x1000
19:56:12.0045 0x3888 Boot type: Normal boot
19:56:12.0045 0x3888 ============================================================
19:56:23.0279 0x3888 System UUID: {45DAA3FF-936A-A206-1B52-4847C8C67C20}
19:56:26.0125 0x3888 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:56:26.0318 0x3888 ============================================================
19:56:26.0319 0x3888 \Device\Harddisk0\DR0:
19:56:26.0339 0x3888 MBR partitions:
19:56:26.0339 0x3888 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x13A8104
19:56:26.0339 0x3888 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13A8143, BlocksNum 0x1167156D
19:56:26.0339 0x3888 ============================================================
19:56:26.0703 0x3888 C: <-> \Device\Harddisk0\DR0\Partition2
19:56:26.0872 0x3888 D: <-> \Device\Harddisk0\DR0\Partition1
19:56:26.0883 0x3888 ============================================================
19:56:26.0883 0x3888 Initialize success
19:56:26.0883 0x3888 ============================================================
19:58:21.0942 0x3194 Deinitialize success
The Symptoms I am having that I have noticed is:
Slow at loading and slow responding.
Explorer loads very slow, I get pop up asking to clean the junk from your computor, fix computor bugs. coming from WWW1.latestvideoplayer and SonicDownloads - Moon Anti Virus.
Shut down is taking along time to turn off.
After we did the latest scans/fixes I know have 2 desktop.ini text file on my desk top. they are grayed out.
I also have a nextgen video player that i am not famillar with.
Hi Frosty,
Slow at loading and slow responding.
Explorer loads very slow
893.76 Mb Total Physical Memory | 290.25 Mb Available Physical Memory | 32.47% Memory free
Unfortunately some of the lag/freezing issues you may be encountering might be due to the fact that your computer has limited resources by today's standards.
Your computer's configuration (RAM - Random Access Memory) would be considered at the low end of what is needed to run at a smooth level.
To help improve this situation you have a few options:
Upgrade to a new computer
Upgrade your current computers RAM
Move as much programs, data to an external hard drive
Obviously, these options come with a financial commitment.
=========================
The Desktop.ini files are showing because you have it set that way. If you would like to "hide" those files do the following:
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) Show Hidden Files & Folders in Windows 7
To show hidden files, just click on the Organize button in any folder, and then select “Folder and Search Options” from the menu.
Click the View tab, and then make sure there is a check mark next to “Hide Protected Operating System Files” in the list.
Then click OK.
=========================
You seem to have overlooked the JRT log file in your last reply. Please post it in your next reply.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) Uninstall via Programs and Features
Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
NexGen Media Player
=========================
Locate this log and post:
C:\TDSSKiller.3.0.0.14_30.10.2013_20.00.14_log.txt
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) Run OTL.exe
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
[2013/10/29 17:31:01 | 000,000,000 | ---D | C] -- C:\Users\EMachUser\Documents\NexGen Media Player
:Commands
[purity]
[createrestorepoint]
[emptytemp]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then re-run OTL and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Malwarebytes' Anti-Malware
Locate Malwarebytes' Anti-Malware (it should be on your desktop).
If not, download it here (http://www.malwarebytes.org/mbam-download.php)
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Once the program has loaded, select the Update tab to get the latest updates before performing the scan.
Select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
=========================
In your next post please provide the following:
JRT.txt
TDSSKiller log requested
OTL.txt
MBAM log
Hi OCD,
The Lag/Frezzing I was having seems to be alot better. I will look into your suggestions. This computor is a few years old.
The DESKTOP.INI files have disappered without me doing anything.
Sorry about the JRT log I guess I overlooked that one.
Here it is:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by EMachUser on Fri 11/01/2013 at 9:09:34.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Program Files\bigfix"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 11/01/2013 at 9:14:11.14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I have uninstalled the NEXGEN MEDIA PLAYER.
While I was in there I noticed a few other programs that I'm not sure about: Should I remove these programs?
BIG FIX Publisher BIG FIX - I noticed that the JRT log said it removed this program.
Browser Address Error Redirector - No Publisher
CAKEWALK PRO AUDIO 9 - No Publisher
EXPRESSIT S.E. 2.2 - No Publisher
MORE NETWORKS MEDIA PLAYER FOR INTERNET EXPLORER - No Publisher
ULEAD COOL 360 1.0 - No Publisher.
The TDSSKiller log I will post last.
Here is the OTL Log:
All processes killed
========== OTL ==========
Folder C:\Users\EMachUser\Documents\NexGen Media Player\ not found.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: EMachUser
->Temp folder emptied: 131718856 bytes
->Temporary Internet Files folder emptied: 152952034 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Marco-FD
->Temp folder emptied: 93706521 bytes
->Temporary Internet Files folder emptied: 52391433 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: mark
->Temp folder emptied: 455240 bytes
->Temporary Internet Files folder emptied: 542459800 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1947 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12629088 bytes
RecycleBin emptied: 4754881 bytes
Total Files Cleaned = 945.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 11012013_085211
Files\Folders moved on Reboot...
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Web Photo Gallery Templates\Vertical Slide Show 2\images\arrow.gif not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Web Photo Gallery Templates\Vertical Slide Show 2\images\bkgnd.gif not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Web Photo Gallery Templates\Vertical Slide Show 2\FrameSet.htm not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Web Photo Gallery Templates\Vertical Slide Show 2\indexPage.htm not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Web Photo Gallery Templates\Vertical Slide Show 2\Thumbnail.htm not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Web Photo Gallery Templates\Vertical Slide Show 1\FrameSet.htm not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Web Photo Gallery Templates\Vertical Slide Show 1\indexPage.htm not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Web Photo Gallery Templates\Vertical Slide Show 1\Thumbnail.htm not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Web Photo Gallery Templates\Table - Blue\images\bannerimage.gif not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Web Photo Gallery Templates\Table - Blue\images\currentindex.gif not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Web Photo Gallery Templates\Horizontal Patterned\images\bkgnd.gif not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Web Photo Gallery Templates\Horizontal Patterned\images\nextimage.gif not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Web Photo Gallery Templates\Horizontal Patterned\images\previmage.gif not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Web Photo Gallery Templates\Horizontal Patterned\indexPage.htm not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Web Photo Gallery Templates\Horizontal Patterned\Thumbnail.htm not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Web Photo Gallery Templates\Horizontal Dark\images\bannerimage.gif not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Web Photo Gallery Templates\Horizontal Blue & Gray\Caption.htm not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Web Photo Gallery Templates\Horizontal Blue & Gray\FrameSet.htm not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Web Photo Gallery Templates\Horizontal Blue & Gray\indexPage.htm not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Web Photo Gallery Templates\Horizontal Blue & Gray\SubPage.htm not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Web Photo Gallery Templates\Horizontal Blue & Gray\Thumbnail.htm not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\AllowNetworkScratch_OFF_D.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\AllowNetworkScratch_ON.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\AllowRemovableScrtch_OFF_D.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\AllowRemovableScrtch_ON.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\AlwaysImportClipbd_OFF_D.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\AlwaysImportClipbd_ON.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\AlwaysShowPalettes_OFF_D.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\AlwaysShowPalettes_ON.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\BadDriverRGBBlitCheck_OFF.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\BadDriverRGBBlitCheck_ON_D.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\BadDriverStickyCrsr_OFF_D.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\BadDriverStickyCrsr_ON.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\BlitSingleScanLines_OFF_D.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\BlitSingleScanLines_ON.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\BrokenLargeCursors_OFF.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\BrokenLargeCursors_ON_D.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\ClipboardSizeLimit_OFF.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\ClipboardSizeLimit_ON_D.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\DisableScratchCmprs_OFF_D.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\DisableScratchCmprs_ON.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\ForceProgress_OFF_D.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\ForceProgress_ON.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\ForceVMCompression_OFF_D.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\ForceVMCompression_ON.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\IgnoreEXIFsRGB_OFF_D.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\IgnoreEXIFsRGB_ON.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\OptimizeResizeDrawing_OFF.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\OptimizeResizeDrawing_ON_D.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\PrintPassthrough_NORM_D.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\PrintPassthrough_PASS.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\PrintPassthrough_PS_PASS.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\Registry Keys Read Me.html not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\RememberSlowFiles_OFF_D.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\RememberSlowFiles_ON.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\ShowWindowsThumbnails_OFF.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\ShowWindowsThumbnails_ON_D.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\TaskDebugging_OFF_D.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\TaskDebugging_ON.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\UnlimitedPreviews_OFF_D.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\UnlimitedPreviews_ON.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\UseAsyncIO_OFF.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\UseAsyncIO_ON_D.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\UseAsyncScratch_OFF_D.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\UseAsyncScratch_ON.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\WarnSavePrefsFailure_OFF.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\Optional Extensions\WarnSavePrefsFailure_ON_D.reg not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Photoshop Only\File Formats\File Formats Read Me.html not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Optional Plug-Ins\Ffactory\Transparency Examples\Transparency Read Me.pdf not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Custom File Info Panels\Sample File Info Panels\CustomPanel_allWidgets.txt not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Custom File Info Panels\Sample File Info Panels\Description.txt not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Channel Mixer Presets\Special Effects\RGB Inverted Warm Brass.cha not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Channel Mixer Presets\Special Effects\RGB Sepiatone subtle color.cha not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Channel Mixer Presets\Special Effects\RGB Sepiatone subtle color2.cha not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Channel Mixer Presets\Special Effects\RGB Sepiatone subtle color3.cha not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Channel Mixer Presets\Special Effects\Yellows&Blues (RGB or CMYK).cha not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Channel Mixer Presets\Channel Swaps\CMYK Rotate Channels Back.cha not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Channel Mixer Presets\Channel Swaps\CMYK Rotate Channels Fore.cha not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Goodies\Channel Mixer Presets\Channel Swaps\CMYK Swap Cyan&Magenta.cha not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Adobe(R) Photoshop(R) CS2\stock photography\Adobe Stock Photos 1.0.msi not found!
File\Folder C:\Users\EMachUser\AppData\Local\Temp\Temp1_Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==\Photoshop_CS2_tryout\Photoshop CS2\Adobe(R) Photoshop(R) CS2\commonfilesinstaller\Adobe Common File Installer.msi not found!
C:\Users\EMachUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YVTEUMET\search[4].htm moved successfully.
C:\Users\EMachUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3X1WNDEE\showthread[4].htm moved successfully.
C:\Windows\temp\TMP00000048868EA1D9C7EC89E5 moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Here is the MBAM log:
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2013.11.07.05
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
EMachUser :: FRONTDESK [administrator]
Protection: Disabled
11/1/2013 9:25:00 AM
mbam-log-2013-11-01 (09-25-00).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 245888
Time elapsed: 9 minute(s), 58 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 2
HKCR\CLSID\{8AE72190-F8A5-B7C8-9572-98C79CDF00AF} (Trojan.P2P.Agent) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Hey OCD,
Here is the TDSSKiller log you requested. I will have to make two post for this log.
20:00:14.0776 0x30d0 TDSS rootkit removing tool 3.0.0.14 Oct 15 2013 15:35:38
20:00:18.0443 0x30d0 ============================================================
20:00:18.0443 0x30d0 Current date / time: 2013/10/30 20:00:18.0443
20:00:18.0443 0x30d0 SystemInfo:
20:00:18.0444 0x30d0
20:00:18.0444 0x30d0 OS Version: 6.0.6002 ServicePack: 2.0
20:00:18.0444 0x30d0 Product type: Workstation
20:00:18.0444 0x30d0 ComputerName: FRONTDESK
20:00:18.0444 0x30d0 UserName: EMachUser
20:00:18.0444 0x30d0 Windows directory: C:\Windows
20:00:18.0444 0x30d0 System windows directory: C:\Windows
20:00:18.0444 0x30d0 Processor architecture: Intel x86
20:00:18.0444 0x30d0 Number of processors: 1
20:00:18.0444 0x30d0 Page size: 0x1000
20:00:18.0444 0x30d0 Boot type: Normal boot
20:00:18.0444 0x30d0 ============================================================
20:00:20.0431 0x30d0 System UUID: {45DAA3FF-936A-A206-1B52-4847C8C67C20}
20:00:21.0605 0x30d0 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:00:21.0742 0x30d0 ============================================================
20:00:21.0742 0x30d0 \Device\Harddisk0\DR0:
20:00:21.0785 0x30d0 MBR partitions:
20:00:21.0785 0x30d0 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x13A8104
20:00:21.0785 0x30d0 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13A8143, BlocksNum 0x1167156D
20:00:21.0785 0x30d0 ============================================================
20:00:22.0175 0x30d0 C: <-> \Device\Harddisk0\DR0\Partition2
20:00:22.0203 0x30d0 D: <-> \Device\Harddisk0\DR0\Partition1
20:00:22.0204 0x30d0 ============================================================
20:00:22.0204 0x30d0 Initialize success
20:00:22.0204 0x30d0 ============================================================
20:00:24.0541 0x1500 ============================================================
20:00:24.0541 0x1500 Scan started
20:00:24.0541 0x1500 Mode: Manual;
20:00:24.0541 0x1500 ============================================================
20:00:24.0541 0x1500 KSN ping started
20:00:38.0393 0x1500 KSN ping finished: true
20:00:42.0250 0x1500 ================ Scan system memory ========================
20:00:42.0250 0x1500 System memory - ok
20:00:42.0251 0x1500 ================ Scan services =============================
20:00:42.0995 0x1500 [ 4B56CAAFED0B0B996341D74CE0E76565, 6DE24ABA96B924DE4EBEAA189613019FB9B8B0B13756A2A43AB8163B57978C86 ] ac97intc C:\Windows\system32\drivers\ac97intc.sys
20:00:43.0043 0x1500 ac97intc - ok
20:00:43.0140 0x1500 [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI C:\Windows\system32\drivers\acpi.sys
20:00:43.0174 0x1500 ACPI - ok
20:00:43.0386 0x1500 [ A283108E14F3970432C21AF4C0CB1BCE, 1D3219EF916D54232838870EDE557296AACB714B456ED0AAE0DE3CE3822F4643 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:00:43.0395 0x1500 AdobeFlashPlayerUpdateSvc - ok
20:00:43.0522 0x1500 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB, 0342700760874683A6DF4F149DACACEF0569D40C45FC5958C67100B3C5D9BBBC ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:00:43.0564 0x1500 adp94xx - ok
20:00:43.0601 0x1500 [ B84088CA3CDCA97DA44A984C6CE1CCAD, 87009809FB101BF51483FA32318CBCD209386582880C82417BE4FFAD1B04C8C1 ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:00:43.0611 0x1500 adpahci - ok
20:00:43.0638 0x1500 [ 7880C67BCCC27C86FD05AA2AFB5EA469, C8B06E203EEA6EAD19651F212432005ABADFF21E2AA5699E34040527394F2677 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
20:00:43.0643 0x1500 adpu160m - ok
20:00:43.0671 0x1500 [ 9AE713F8E30EFC2ABCCD84904333DF4D, B0C7801AC6E0811C38F0474703F34283914C8873D851F59EE232834F7C0D8087 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:00:43.0677 0x1500 adpu320 - ok
20:00:43.0733 0x1500 [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:00:43.0735 0x1500 AeLookupSvc - ok
20:00:43.0876 0x1500 [ 3911B972B55FEA0478476B2E777B29FA, 62545B90C7DD3F73777E62CD8264E611A4D71B6956CABFD2D820D25F41F471FD ] AFD C:\Windows\system32\drivers\afd.sys
20:00:43.0887 0x1500 AFD - ok
20:00:43.0936 0x1500 [ 39E435C90C9C4F780FA0ED05CA3C3A1B, 0006CC8CBFB775CA9C4121B4DDC80560DE35CCBB276DEE7A9F5148743529758A ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
20:00:43.0938 0x1500 AgereModemAudio - ok
20:00:44.0030 0x1500 [ 35C391E40471A0B479328FC7B1B5F40F, 6854C96569440408C26A621C2C2A5B56856211AED3BD0D2860DFAF8E7D09AC5B ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
20:00:44.0096 0x1500 AgereSoftModem - ok
20:00:44.0180 0x1500 [ EF23439CDD587F64C2C1B8825CEAD7D8, 762665CFC202B3E16CA2338887896FDF996331A363DC709F1EC088BF927133A3 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:00:44.0198 0x1500 agp440 - ok
20:00:44.0240 0x1500 [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
20:00:44.0244 0x1500 aic78xx - ok
20:00:44.0293 0x1500 [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG C:\Windows\System32\alg.exe
20:00:44.0313 0x1500 ALG - ok
20:00:44.0336 0x1500 [ 90395B64600EBB4552E26E178C94B2E4, 73095893964DC7915983B58A567184FC51949C99341E7E0D04D70CC4C4F95E37 ] aliide C:\Windows\system32\drivers\aliide.sys
20:00:44.0338 0x1500 aliide - ok
20:00:44.0354 0x1500 [ 2B13E304C9DFDFA5EB582F6A149FA2C7, 196CCE13E0376526B79D9C43D4071990576C4DD210A48E9E922B438AA11C95E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
20:00:44.0359 0x1500 amdagp - ok
20:00:44.0375 0x1500 [ 0577DF1D323FE75A739C787893D300EA, 079EF3CA18FB847DB7E62929071BFF007FAF390E1DBF4C59F28DAAC6B9C2DE51 ] amdide C:\Windows\system32\drivers\amdide.sys
20:00:44.0377 0x1500 amdide - ok
20:00:44.0427 0x1500 [ DC487885BCEF9F28EECE6FAC0E5DDFC5, 24A62F6E628AD46273BC226F7BC3453A9C7B76F81ABB9FB801EBEFADB2AB7C9B ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
20:00:44.0430 0x1500 AmdK7 - ok
20:00:44.0467 0x1500 [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:00:44.0470 0x1500 AmdK8 - ok
20:00:44.0522 0x1500 [ C6D704C7F0434DC791AAC37CAC4B6E14, 35CF7D1895F97637E0C678A39F3049B871BCA9526D379C7793ED33B87D2EAC4C ] Appinfo C:\Windows\System32\appinfo.dll
20:00:44.0545 0x1500 Appinfo - ok
20:00:44.0575 0x1500 [ 5F673180268BB1FDB69C99B6619FE379, C4307A861163F96648109046A6C7D53AB1C9B10D0B841DD1A7D147D22F462649 ] arc C:\Windows\system32\drivers\arc.sys
20:00:44.0578 0x1500 arc - ok
20:00:44.0635 0x1500 [ 957F7540B5E7F602E44648C7DE5A1C05, F03C7708A6C9D2579ECE5A7413AFA068E1067D7191EC653A78BA4FEDE76CFBD8 ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:00:44.0640 0x1500 arcsas - ok
20:00:44.0706 0x1500 [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:00:44.0732 0x1500 AsyncMac - ok
20:00:44.0772 0x1500 [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi C:\Windows\system32\drivers\atapi.sys
20:00:44.0775 0x1500 atapi - ok
20:00:44.0834 0x1500 [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:00:44.0863 0x1500 AudioEndpointBuilder - ok
20:00:44.0878 0x1500 [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] Audiosrv C:\Windows\System32\Audiosrv.dll
20:00:44.0886 0x1500 Audiosrv - ok
20:00:45.0441 0x1500 [ 2718DC27571BD1E37813F5759D2DC118, 3A822C3A0003B36F212A4184FC1F49CE65AAF1A2A481EE05DAAB868B2847945F ] AVP C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
20:00:45.0449 0x1500 AVP - ok
20:00:45.0551 0x1500 [ 08015D34F6FDD0B355805BAD978497C3, AAD5F919215B8630DCCADF2AC8DC82BAA543C52B1682B476093E014532B20EBD ] bcm4sbxp C:\Windows\system32\DRIVERS\bcm4sbxp.sys
20:00:45.0554 0x1500 bcm4sbxp - ok
20:00:45.0618 0x1500 [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep C:\Windows\system32\drivers\Beep.sys
20:00:45.0644 0x1500 Beep - ok
20:00:45.0809 0x1500 [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE C:\Windows\System32\bfe.dll
20:00:45.0885 0x1500 BFE - ok
20:00:45.0960 0x1500 [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS C:\Windows\System32\qmgr.dll
20:00:46.0027 0x1500 BITS - ok
20:00:46.0035 0x1500 blbdrive - ok
20:00:46.0099 0x1500 [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:00:46.0103 0x1500 bowser - ok
20:00:46.0171 0x1500 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
20:00:46.0173 0x1500 BrFiltLo - ok
20:00:46.0197 0x1500 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
20:00:46.0198 0x1500 BrFiltUp - ok
20:00:46.0269 0x1500 [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser C:\Windows\System32\browser.dll
20:00:46.0297 0x1500 Browser - ok
20:00:46.0330 0x1500 [ 2FE6D5BE0629F706197B30C0AA05DE30, 528ED3AA8129FDD6C8EF698E5ECE9BB93C0249CF0200115F13B36410A353F353 ] BrPar C:\Windows\System32\drivers\BrPar.sys
20:00:46.0332 0x1500 BrPar - ok
20:00:46.0395 0x1500 [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid C:\Windows\system32\drivers\brserid.sys
20:00:46.0399 0x1500 Brserid - ok
20:00:46.0421 0x1500 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
20:00:46.0425 0x1500 BrSerWdm - ok
20:00:46.0466 0x1500 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
20:00:46.0470 0x1500 BrUsbMdm - ok
20:00:46.0482 0x1500 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
20:00:46.0485 0x1500 BrUsbSer - ok
20:00:46.0533 0x1500 [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
20:00:46.0537 0x1500 BTHMODEM - ok
20:00:46.0612 0x1500 [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:00:46.0632 0x1500 cdfs - ok
20:00:46.0677 0x1500 [ 814ACB9B8A55804D9878248B3C79F862, 1A88B286C7F4472EA30DB3D911FBA89D2D63BC89C58873F2ADA6ADF95271B0ED ] Cdr4_xp C:\Windows\system32\drivers\Cdr4_xp.sys
20:00:46.0681 0x1500 Cdr4_xp - ok
20:00:46.0696 0x1500 [ BCE7213F8AA1BC9D5C08F81CB05E10A7, DAE2D78BD4304C387A56D51C0BD8D9374F34C0788C1CF99BE3E9882033930934 ] Cdralw2k C:\Windows\system32\drivers\Cdralw2k.sys
20:00:46.0699 0x1500 Cdralw2k - ok
20:00:46.0753 0x1500 [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:00:46.0756 0x1500 cdrom - ok
20:00:46.0829 0x1500 [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc C:\Windows\System32\certprop.dll
20:00:46.0855 0x1500 CertPropSvc - ok
20:00:46.0900 0x1500 [ DA8E0AFC7BAA226C538EF53AC2F90897, 2BBB9966671A3B8325D215DBC29FBD7D912C13ADC562A0D4521D1FF9A6F445C0 ] circlass C:\Windows\system32\drivers\circlass.sys
20:00:46.0904 0x1500 circlass - ok
20:00:47.0003 0x1500 [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS C:\Windows\system32\CLFS.sys
20:00:47.0030 0x1500 CLFS - ok
20:00:47.0403 0x1500 [ 8EE772032E2FE80A924F3B8DD5082194, B743DF91563A22CC15D9B44105804B5866A29D3DFC156DBE88DFAFEF903B94C0 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:00:47.0431 0x1500 clr_optimization_v2.0.50727_32 - ok
20:00:47.0518 0x1500 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:00:47.0623 0x1500 clr_optimization_v4.0.30319_32 - ok
20:00:47.0688 0x1500 [ 0FED59EDB4A83FF17F1778827B88AB1A, FC6E72D9EF2B6CB652B688BC604B553119679323A73E3EA6ED0024D2A25AC354 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:00:47.0690 0x1500 CmBatt - ok
20:00:47.0733 0x1500 [ 45201046C776FFDAF3FC8A0029C581C8, 68A68CF2B76598BC8610EB5B2D3FD5BDC9D51CFC6F51FB7A0B0C92A2BE910FC6 ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:00:47.0748 0x1500 cmdide - ok
20:00:47.0807 0x1500 [ 7A0B457EEFEF8CBAA0CC44C8819113BD, F041B2DF7A68E9231DFF289056EF633FC4EED84C754A3D5EBD64C92FF468F3A1 ] CoachUsb C:\Windows\system32\DRIVERS\CoachUsb.sys
20:00:47.0822 0x1500 CoachUsb - ok
20:00:47.0863 0x1500 [ 614CA0BFA09861E42AD8D14B83540758, F51917D30E7A7F286231B1E0A8F6C0E2C245AF96110D64D1A37A96EA683EF559 ] CoachVc C:\Windows\system32\DRIVERS\CoachVc.sys
20:00:47.0884 0x1500 CoachVc - ok
20:00:47.0922 0x1500 [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:00:47.0932 0x1500 Compbatt - ok
20:00:47.0962 0x1500 COMSysApp - ok
20:00:47.0999 0x1500 [ 2A213AE086BBEC5E937553C7D9A2B22C, 1F91ACC0426E0ED1717555B282F65629EF15021375B24A63C29C89ADE916EE2A ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
20:00:48.0002 0x1500 crcdisk - ok
20:00:48.0056 0x1500 [ 22A7F883508176489F559EE745B5BF5D, D6341E3FBC8A46D2D1F0477FA60EC4828B585D35B14609CD02868FD04ECD14DB ] Crusoe C:\Windows\system32\drivers\crusoe.sys
20:00:48.0073 0x1500 Crusoe - ok
20:00:48.0111 0x1500 [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:00:48.0117 0x1500 CryptSvc - ok
20:00:48.0399 0x1500 [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:00:48.0432 0x1500 DcomLaunch - ok
20:00:48.0466 0x1500 [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:00:48.0470 0x1500 DfsC - ok
20:00:49.0132 0x1500 [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR C:\Windows\system32\DFSR.exe
20:00:49.0314 0x1500 DFSR - ok
20:00:49.0382 0x1500 [ A5034F77B278F07E224FE07CF98A8B76, C670181FE028EA2E0219E9AED222D6FBAC541D548F0FFB58CAB850A2C979CD05 ] DgiVecp C:\Windows\system32\Drivers\DgiVecp.sys
20:00:49.0385 0x1500 DgiVecp - ok
20:00:49.0457 0x1500 [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
20:00:49.0465 0x1500 Dhcp - ok
20:00:49.0530 0x1500 [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk C:\Windows\system32\drivers\disk.sys
20:00:49.0547 0x1500 disk - ok
20:00:49.0608 0x1500 [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:00:49.0613 0x1500 Dnscache - ok
20:00:49.0634 0x1500 [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc C:\Windows\System32\dot3svc.dll
20:00:49.0642 0x1500 dot3svc - ok
20:00:49.0757 0x1500 [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS C:\Windows\system32\dps.dll
20:00:49.0764 0x1500 DPS - ok
20:00:49.0829 0x1500 [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:00:49.0831 0x1500 drmkaud - ok
20:00:50.0075 0x1500 [ 988670D8343EF9835FB3659DB71B2EFA, 5F5370FDD08C4BFF0828341952E98E95F722CB779EEC08C9DD6212C4DF3CD33B ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:00:50.0108 0x1500 DXGKrnl - ok
20:00:50.0165 0x1500 [ F88FB26547FD2CE6D0A5AF2985892C48, F02E06E16830F5D3FAF61991F5A91E54BB3461F58AFE3BFB7A9066CD302B879F ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
20:00:50.0171 0x1500 E1G60 - ok
20:00:50.0210 0x1500 [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost C:\Windows\System32\eapsvc.dll
20:00:50.0214 0x1500 EapHost - ok
20:00:50.0270 0x1500 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache C:\Windows\system32\drivers\ecache.sys
20:00:50.0287 0x1500 Ecache - ok
20:00:50.0401 0x1500 [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:00:50.0412 0x1500 ehRecvr - ok
20:00:50.0446 0x1500 [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched C:\Windows\ehome\ehsched.exe
20:00:50.0463 0x1500 ehSched - ok
20:00:50.0501 0x1500 [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart C:\Windows\ehome\ehstart.dll
20:00:50.0516 0x1500 ehstart - ok
20:00:50.0566 0x1500 [ E8F3F21A71720C84BCF423B80028359F, 63114E6120F634224A0E83A5047B37C7D6F26CF99FE3C01CFC0AB8B1763BB084 ] elxstor C:\Windows\system32\drivers\elxstor.sys
20:00:50.0577 0x1500 elxstor - ok
20:00:50.0896 0x1500 [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
20:00:50.0929 0x1500 EMDMgmt - ok
20:00:51.0079 0x1500 [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem C:\Windows\system32\es.dll
20:00:51.0133 0x1500 EventSystem - ok
20:00:51.0254 0x1500 [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat C:\Windows\system32\drivers\exfat.sys
20:00:51.0269 0x1500 exfat - ok
20:00:51.0362 0x1500 [ 1E9B9A70D332103C52995E957DC09EF8, 7E709D545D4025A2E9F3489CF2A231040904CB53E3E4EEAC15A22468FAB2A5B3 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:00:51.0380 0x1500 fastfat - ok
20:00:51.0430 0x1500 [ 63BDADA84951B9C03E641800E176898A, AD3EA20CAD0E0C438422D5D39AEA9E0AAD9E1DC866A696AE503C76F5FAC4BE6E ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:00:51.0432 0x1500 fdc - ok
20:00:51.0484 0x1500 [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost C:\Windows\system32\fdPHost.dll
20:00:51.0509 0x1500 fdPHost - ok
20:00:51.0558 0x1500 [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub C:\Windows\system32\fdrespub.dll
20:00:51.0572 0x1500 FDResPub - ok
20:00:51.0611 0x1500 [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:00:51.0633 0x1500 FileInfo - ok
20:00:51.0665 0x1500 [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:00:51.0684 0x1500 Filetrace - ok
20:00:51.0724 0x1500 [ 6603957EFF5EC62D25075EA8AC27DE68, B52D112301A6BFBD60959D7D2502AB2E1EB6BB7F5DCED46899F1F006C7F1E887 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:00:51.0727 0x1500 flpydisk - ok
20:00:51.0804 0x1500 [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:00:51.0839 0x1500 FltMgr - ok
20:00:52.0072 0x1500 [ 2AFA3A46986AE935DAECEBC7E66314CF, 747FAF9B7F8291B83EE44B91E5708395E749DC87BD42CC3BF2CD41209C298F4D ] FontCache C:\Windows\system32\FntCache.dll
20:00:52.0139 0x1500 FontCache - ok
20:00:52.0198 0x1500 [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:00:52.0203 0x1500 FontCache3.0.0.0 - ok
20:00:52.0223 0x1500 [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:00:52.0226 0x1500 Fs_Rec - ok
20:00:52.0249 0x1500 [ 4E1CD0A45C50A8882616CAE5BF82F3C5, 1B909AF150F7119A5685999451A85012F4A92F15F38390A281EA507E2D247BAE ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:00:52.0252 0x1500 gagp30kx - ok
20:00:52.0333 0x1500 [ 617DC2877015270914CA3C03873560D5, A4A7673B2377C9EC1E6F98B73AE809E5E5F913732C1D4F0AD431122D16B5323F ] GameConsoleService C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
20:00:52.0340 0x1500 GameConsoleService - ok
20:00:52.0454 0x1500 [ 6542DC2E93BCE4D4289FA70A4D367DC2, 7E8E498646724437F34797EB228DD8789A5F422149003E312D60ACCFB2C2465C ] GoogleDesktopManager-061008-081103 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
20:00:52.0457 0x1500 GoogleDesktopManager-061008-081103 - ok
20:00:52.0515 0x1500 [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc C:\Windows\System32\gpsvc.dll
20:00:52.0533 0x1500 gpsvc - ok
20:00:52.0599 0x1500 [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
20:00:52.0606 0x1500 gupdate - ok
20:00:52.0666 0x1500 [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:00:52.0670 0x1500 gupdatem - ok
20:00:52.0715 0x1500 [ CB04C744BE0A61B1D648FAED182C3B59, 61DC0FF94325DAFCCB7B3980A48727EFBF1283FCF753EC16EF04C730525994C0 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:00:52.0724 0x1500 HdAudAddService - ok
20:00:52.0781 0x1500 [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:00:52.0807 0x1500 HDAudBus - ok
20:00:52.0867 0x1500 [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth C:\Windows\system32\drivers\hidbth.sys
20:00:52.0870 0x1500 HidBth - ok
20:00:52.0910 0x1500 [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr C:\Windows\system32\drivers\hidir.sys
20:00:52.0913 0x1500 HidIr - ok
20:00:52.0942 0x1500 [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv C:\Windows\system32\hidserv.dll
20:00:52.0945 0x1500 hidserv - ok
20:00:52.0953 0x1500 [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:00:52.0958 0x1500 HidUsb - ok
20:00:53.0017 0x1500 [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc C:\Windows\system32\kmsvc.dll
20:00:53.0022 0x1500 hkmsvc - ok
20:00:53.0061 0x1500 [ DF353B401001246853763C4B7AAA6F50, 05C043493BDD99DEFBB0F5C3D8C475B06C2BF5629565ACF6F3B754002519B836 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
20:00:53.0065 0x1500 HpCISSs - ok
20:00:53.0107 0x1500 [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:00:53.0132 0x1500 HTTP - ok
20:00:53.0154 0x1500 [ 324C2152FF2C61ABAE92D09F3CCA4D63, 2D09964C8003277F7DB1FFAA0DAEF15B205F3C4100FF601950BC9E544DC0B91F ] i2omp C:\Windows\system32\drivers\i2omp.sys
20:00:53.0157 0x1500 i2omp - ok
20:00:53.0225 0x1500 [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:00:53.0229 0x1500 i8042prt - ok
20:00:53.0341 0x1500 [ 8318E04A6455CED1020BCC5039B62CFA, 56AAE6E5912A8B10F253783C49AB79C77411F84E32045F1C54E9925728006636 ] ialm C:\Windows\system32\DRIVERS\ialmnt5.sys
20:00:53.0398 0x1500 ialm - ok
20:00:53.0436 0x1500 [ C957BF4B5D80B46C5017BF0101E6C906, 6B9186335E50E7E0DBAF574A224E524EC526B57AA02F509E4A8D0F905C9CE880 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
20:00:53.0445 0x1500 iaStorV - ok
20:00:53.0546 0x1500 [ 98477B08E61945F974ED9FDC4CB6BDAB, C7E8F661F6FBF6AB493E950D2E70363496E155B1838CE7B490B981BD840B04FC ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:00:53.0587 0x1500 idsvc - ok
20:00:53.0607 0x1500 [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:00:53.0610 0x1500 iirsp - ok
20:00:53.0669 0x1500 [ 9908D8A397B76CD8D31D0D383C5773C9, FFA6996BE9F11A81CB63C849C2400EB44A07706D1EEB7A3502D4110DAC3684A2 ] IKEEXT C:\Windows\System32\ikeext.dll
20:00:53.0694 0x1500 IKEEXT - ok
20:00:53.0815 0x1500 [ 721B1A0434647418F98D034BEBD4B4DB, FC7E466F87F57D52F288F3F4043CE9B13E5D34F60556978125B43D7C0930B786 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
20:00:53.0881 0x1500 IntcAzAudAddService - ok
20:00:53.0921 0x1500 [ 97469037714070E45194ED318D636401, DDB5AE39BE0BD37ECB44969A5FA740E5B1169342347D0DB3E5DF0353A6708271 ] intelide C:\Windows\system32\drivers\intelide.sys
20:00:53.0924 0x1500 intelide - ok
20:00:53.0962 0x1500 [ CE44CC04262F28216DD4341E9E36A16F, 2B316C4124DCFEAD7838B3D8FB8DBEC3F3B1EA8EA612AABB05B1275D0B230CCD ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:00:53.0965 0x1500 intelppm - ok
20:00:53.0999 0x1500 [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:00:54.0005 0x1500 IPBusEnum - ok
20:00:54.0034 0x1500 [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:00:54.0037 0x1500 IpFilterDriver - ok
20:00:54.0073 0x1500 [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:00:54.0081 0x1500 iphlpsvc - ok
20:00:54.0088 0x1500 IpInIp - ok
20:00:54.0121 0x1500 [ 40F34F8ABA2A015D780E4B09138B6C17, 22F86888C6B4F76836E863A90730D8F0DBD518305D87A399A159387E79E9D2F7 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
20:00:54.0124 0x1500 IPMIDRV - ok
20:00:54.0165 0x1500 [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
20:00:54.0171 0x1500 IPNAT - ok
20:00:54.0210 0x1500 [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:00:54.0213 0x1500 IRENUM - ok
20:00:54.0253 0x1500 [ 350FCA7E73CF65BCEF43FAE1E4E91293, 68403FE3F4DC40919CD26A2CC42BE4386AE6874F47DD382348FFD79080721A13 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:00:54.0257 0x1500 isapnp - ok
20:00:54.0319 0x1500 [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
20:00:54.0327 0x1500 iScsiPrt - ok
20:00:54.0371 0x1500 [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
20:00:54.0374 0x1500 iteatapi - ok
20:00:54.0393 0x1500 [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid C:\Windows\system32\drivers\iteraid.sys
20:00:54.0396 0x1500 iteraid - ok
20:00:54.0439 0x1500 [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:00:54.0443 0x1500 kbdclass - ok
20:00:54.0504 0x1500 [ EDE59EC70E25C24581ADD1FBEC7325F7, 41B37778E9A12675FC0DF74606AAF18C652EB88513B3C4889C5C512E14587CEE ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:00:54.0507 0x1500 kbdhid - ok
20:00:54.0537 0x1500 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso C:\Windows\system32\lsass.exe
20:00:54.0540 0x1500 KeyIso - ok
20:00:54.0604 0x1500 [ 186B54479D98E48AEE0E9ADA4B3C4D31, A8C1577876CF16186610F26D7D859F8FDA4057AAFC33E8212339F56DA6A5F874 ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
20:00:54.0610 0x1500 KL1 - ok
20:00:54.0622 0x1500 [ BF485BFBA13C0AB116701FD9C55324D0, AA08276E8534D2ED9D714C43D6968524E74EE6101913B370CABF6D52842EF6EF ] kl2 C:\Windows\system32\DRIVERS\kl2.sys
20:00:54.0624 0x1500 kl2 - ok
20:00:54.0707 0x1500 [ AF04D0CE7939324E9A605B159295706C, 1C78DA30B11B1D7EBE70846CB28E6FF899DE59F4703D01D572A253AB3EF88E40 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
20:00:54.0732 0x1500 KLIF - ok
20:00:54.0754 0x1500 [ 6295A19003F935ECC6CCBE9E2376427B, 1FBC41D7B6AD73F171FBAF65523BE688C9733D2D654B414B5AF7F2F0AE65E2B5 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
20:00:54.0757 0x1500 KLIM6 - ok
20:00:54.0783 0x1500 [ 3DE1771C135328420315E21DDE229BBA, BBF25C20C3CD30E4A0E8952E95F0E5D3C80037F0CEBFE13C90C9D0422B5608E6 ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
20:00:54.0785 0x1500 klmouflt - ok
20:00:54.0832 0x1500 [ 4A1445EFA932A3BAF5BDB02D7131EE20, 9DD262ED72DF268FE024063788F54124E320D0775D8DC0C5CAD099CD5F655DA2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:00:54.0857 0x1500 KSecDD - ok
20:00:54.0936 0x1500 [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm C:\Windows\system32\msdtckrm.dll
20:00:54.0952 0x1500 KtmRm - ok
20:00:54.0993 0x1500 [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer C:\Windows\system32\srvsvc.dll
20:00:55.0002 0x1500 LanmanServer - ok
20:00:55.0064 0x1500 [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:00:55.0081 0x1500 LanmanWorkstation - ok
20:00:55.0117 0x1500 [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:00:55.0120 0x1500 lltdio - ok
20:00:55.0163 0x1500 [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:00:55.0172 0x1500 lltdsvc - ok
20:00:55.0203 0x1500 [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:00:55.0207 0x1500 lmhosts - ok
20:00:55.0279 0x1500 [ A2262FB9F28935E862B4DB46438C80D2, 792684A68726BC007ACABB584682FDF4F059AE60888FB5B47ED68A97EA0BB5E6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
20:00:55.0284 0x1500 LSI_FC - ok
20:00:55.0301 0x1500 [ 30D73327D390F72A62F32C103DAF1D6D, 7BB5BFB0DCF33AF9907539B52DF7BA1943C1E75A17715B58DBC702ACA6D406EA ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:00:55.0305 0x1500 LSI_SAS - ok
20:00:55.0344 0x1500 [ E1E36FEFD45849A95F1AB81DE0159FE3, DA02B23A881D156A02D3874B41E6D042F84AD558B434280A6A6AC6B619668647 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:00:55.0348 0x1500 LSI_SCSI - ok
20:00:55.0392 0x1500 [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv C:\Windows\system32\drivers\luafv.sys
20:00:55.0397 0x1500 luafv - ok
20:00:55.0459 0x1500 [ 4470E3C1E0C3378E4CAB137893C12C3A, CA8E66356F0E671D5454E561E7EAD74DE25DCF53BE452369F96ECACFA8709489 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
20:00:55.0461 0x1500 MBAMProtector - ok
20:00:55.0532 0x1500 [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:00:55.0545 0x1500 MBAMScheduler - ok
20:00:55.0594 0x1500 [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:00:55.0627 0x1500 MBAMService - ok
20:00:55.0651 0x1500 [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:00:55.0657 0x1500 Mcx2Svc - ok
20:00:55.0718 0x1500 [ D153B14FC6598EAE8422A2037553ADCE, D5408B07B6EBA0146A605F11106497DC3DF8EC72E0DCC44BE1366A2A58ABE478 ] megasas C:\Windows\system32\drivers\megasas.sys
20:00:55.0722 0x1500 megasas - ok
20:00:55.0747 0x1500 [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS C:\Windows\system32\mmcss.dll
20:00:55.0750 0x1500 MMCSS - ok
20:00:55.0813 0x1500 [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem C:\Windows\system32\drivers\modem.sys
20:00:55.0816 0x1500 Modem - ok
20:00:55.0866 0x1500 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:00:55.0869 0x1500 monitor - ok
20:00:55.0908 0x1500 [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:00:55.0911 0x1500 mouclass - ok
20:00:55.0971 0x1500 [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:00:55.0973 0x1500 mouhid - ok
20:00:56.0009 0x1500 [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
20:00:56.0013 0x1500 MountMgr - ok
20:00:56.0067 0x1500 [ 583A41F26278D9E0EA548163D6139397, 1F09D2FEEE1A8D4F1D9E53596158154099FD436A408F7E72E40F50778A3838A1 ] mpio C:\Windows\system32\drivers\mpio.sys
20:00:56.0071 0x1500 mpio - ok
20:00:56.0102 0x1500 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:00:56.0106 0x1500 mpsdrv - ok
20:00:56.0184 0x1500 [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:00:56.0211 0x1500 MpsSvc - ok
20:00:56.0240 0x1500 [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
20:00:56.0243 0x1500 Mraid35x - ok
20:00:56.0265 0x1500 [ 82CEA0395524AACFEB58BA1448E8325C, 16E37990A291C848DE35F48EA7E09AE5B258AE589EB08A3FA2C60DC1278DE182 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:00:56.0271 0x1500 MRxDAV - ok
20:00:56.0299 0x1500 [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:00:56.0304 0x1500 mrxsmb - ok
20:00:56.0336 0x1500 [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:00:56.0345 0x1500 mrxsmb10 - ok
20:00:56.0361 0x1500 [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:00:56.0365 0x1500 mrxsmb20 - ok
20:00:56.0395 0x1500 [ 742AED7939E734C36B7E8D6228CE26B7, 6F727144BBD42C9C5555087CA51DE8D501B5CBEFB9967866CC578733E3C5E681 ] msahci C:\Windows\system32\drivers\msahci.sys
20:00:56.0398 0x1500 msahci - ok
20:00:56.0423 0x1500 [ 3FC82A2AE4CC149165A94699183D3028, 8575BE62A209672A5D8C68D75BBBB4FF06220CA73A939B0793442DAD2272598C ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:00:56.0427 0x1500 msdsm - ok
20:00:56.0466 0x1500 [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC C:\Windows\System32\msdtc.exe
20:00:56.0474 0x1500 MSDTC - ok
20:00:56.0516 0x1500 [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:00:56.0518 0x1500 Msfs - ok
20:00:56.0559 0x1500 [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:00:56.0562 0x1500 msisadrv - ok
20:00:56.0623 0x1500 [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:00:56.0630 0x1500 MSiSCSI - ok
20:00:56.0639 0x1500 msiserver - ok
20:00:56.0715 0x1500 [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:00:56.0717 0x1500 MSKSSRV - ok
20:00:56.0744 0x1500 [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:00:56.0746 0x1500 MSPCLOCK - ok
20:00:56.0781 0x1500 [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:00:56.0783 0x1500 MSPQM - ok
20:00:56.0825 0x1500 [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:00:56.0842 0x1500 MsRPC - ok
20:00:56.0861 0x1500 [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:00:56.0864 0x1500 mssmbios - ok
20:00:56.0969 0x1500 MSSQL$UPSWSDBSERVER - ok
20:00:57.0016 0x1500 [ ADAF062116B4E6D96E44D26486A87AF6, 1A2EE7C4598E8442F24A5C97FEBF7AC6A20703F7EA9097B6E48BE4A05E231D8C ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
20:00:57.0019 0x1500 MSSQLServerADHelper - ok
20:00:57.0077 0x1500 [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:00:57.0079 0x1500 MSTEE - ok
20:00:57.0133 0x1500 [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup C:\Windows\system32\Drivers\mup.sys
20:00:57.0137 0x1500 Mup - ok
20:00:57.0178 0x1500 [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent C:\Windows\system32\qagentRT.dll
20:00:57.0195 0x1500 napagent - ok
20:00:57.0271 0x1500 [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:00:57.0278 0x1500 NativeWifiP - ok
20:00:57.0344 0x1500 [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:00:57.0370 0x1500 NDIS - ok
20:00:57.0411 0x1500 [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:00:57.0414 0x1500 NdisTapi - ok
20:00:57.0447 0x1500 [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:00:57.0450 0x1500 Ndisuio - ok
20:00:57.0493 0x1500 [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:00:57.0499 0x1500 NdisWan - ok
20:00:57.0522 0x1500 [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:00:57.0525 0x1500 NDProxy - ok
20:00:57.0540 0x1500 [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:00:57.0543 0x1500 NetBIOS - ok
20:00:57.0580 0x1500 [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt C:\Windows\system32\DRIVERS\netbt.sys
20:00:57.0587 0x1500 netbt - ok
20:00:57.0602 0x1500 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon C:\Windows\system32\lsass.exe
20:00:57.0605 0x1500 Netlogon - ok
20:00:57.0666 0x1500 [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman C:\Windows\System32\netman.dll
20:00:57.0720 0x1500 Netman - ok
20:00:57.0800 0x1500 [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm C:\Windows\System32\netprofm.dll
20:00:57.0825 0x1500 netprofm - ok
20:00:57.0888 0x1500 [ D6C4E4A39A36029AC0813D476FBD0248, A0907D98580D1CD3007365CBBB53E84BEF39001E05912776F68EB0564B54B6EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:00:57.0894 0x1500 NetTcpPortSharing - ok
20:00:58.0059 0x1500 [ 6E9EDC1020B319E7676387B8CDF2398C, EF9B26369A845FC1E96ADD4051E52DA13CAA54158956F36CB10CBF3610D2B678 ] NETw2v32 C:\Windows\system32\DRIVERS\NETw2v32.sys
20:00:58.0208 0x1500 NETw2v32 - ok
20:00:58.0234 0x1500 [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
20:00:58.0241 0x1500 nfrd960 - ok
20:00:58.0280 0x1500 [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc C:\Windows\System32\nlasvc.dll
20:00:58.0288 0x1500 NlaSvc - ok
20:00:58.0345 0x1500 [ 6623E51595C0076755C29C00846C4EB2, EB661942E3C552DD33B197A9A0BF6AB56CE5CB92BAC183A02B918F0CD3D80F97 ] NPF C:\Windows\system32\drivers\npf.sys
20:00:58.0348 0x1500 NPF - ok
20:00:58.0380 0x1500 [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:00:58.0384 0x1500 Npfs - ok
20:00:58.0432 0x1500 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi C:\Windows\system32\nsisvc.dll
20:00:58.0436 0x1500 nsi - ok
20:00:58.0467 0x1500 [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:00:58.0470 0x1500 nsiproxy - ok
20:00:58.0574 0x1500 [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:00:58.0653 0x1500 Ntfs - ok
20:00:58.0701 0x1500 [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
20:00:58.0703 0x1500 ntrigdigi - ok
20:00:58.0731 0x1500 [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null C:\Windows\system32\drivers\Null.sys
20:00:58.0733 0x1500 Null - ok
20:00:59.0072 0x1500 [ FF58C7A7DA6116C1F71E883CB088D598, 057DADC88BB2B8D29BE14D94CC81546826D64E76F50C6E359506DB954EAE0847 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:00:59.0360 0x1500 nvlddmkm - ok
20:00:59.0416 0x1500 [ E69E946F80C1C31C53003BFBF50CBB7C, A0A4BC57822B2CBC75602A969E28DCEDE04B41CC084E1EF1532B1BCDAEAA43BB ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:00:59.0420 0x1500 nvraid - ok
20:00:59.0449 0x1500 [ 9E0BA19A28C498A6D323D065DB76DFFC, EA9E33ED2820ED39932FAE114A9CF1D87780ED6605D0260A6F22F920B48F34E9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:00:59.0453 0x1500 nvstor - ok
20:00:59.0512 0x1500 [ DC5F166422BEEBF195E3E4BB8AB4EE22, C98539C12588A79ECAAA2CE50DCDDA801FB62AD401D7DA1056BE30F266F0E63B ] nvstor32 C:\Windows\system32\DRIVERS\nvstor32.sys
20:00:59.0515 0x1500 nvstor32 - ok
20:00:59.0585 0x1500 [ 56407B8616E4206EE02892A2AC712EF3, 78D44BCD0E4CF8CB1A7C3A76977A748BC23ADD925683D639CB22A131F67F89F0 ] nvsvc C:\Windows\system32\nvvsvc.exe
20:00:59.0605 0x1500 nvsvc - ok
20:00:59.0654 0x1500 [ 07C186427EB8FCC3D8D7927187F260F7, 9AFDE1CB7B7232BD019804BFC691580B9CC2E51A5BC0E5584B23907D532600D8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:00:59.0659 0x1500 nv_agp - ok
20:00:59.0672 0x1500 NwlnkFlt - ok
20:00:59.0685 0x1500 NwlnkFwd - ok
20:00:59.0748 0x1500 [ BE32DA025A0BE1878F0EE8D6D9386CD5, B9D6CB4626FC67D108D713467C9ED8D0E2A071D98621B5531AD9D0C172FE7B89 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
20:00:59.0752 0x1500 ohci1394 - ok
20:00:59.0837 0x1500 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:00:59.0846 0x1500 ose - ok
20:00:59.0932 0x1500 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc C:\Windows\system32\p2psvc.dll
20:00:59.0964 0x1500 p2pimsvc - ok
20:01:00.0006 0x1500 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc C:\Windows\system32\p2psvc.dll
20:01:00.0024 0x1500 p2psvc - ok
20:01:00.0090 0x1500 [ 8A79FDF04A73428597E2CAF9D0D67850, DB438FDE5510AB2F350ED1AC4CF0E99D3CC665FE46533A438A8FDA4DAF950F93 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:01:00.0095 0x1500 Parport - ok
20:01:00.0153 0x1500 [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:01:00.0157 0x1500 partmgr - ok
20:01:00.0173 0x1500 [ 6C580025C81CAF3AE9E3617C22CAD00E, 64F9061196462085E5DCD3ACB97A0D8FC67CA9A96DDD6E2103AFFF1593AE236A ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
20:01:00.0177 0x1500 Parvdm - ok
20:01:00.0208 0x1500 [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc C:\Windows\System32\pcasvc.dll
20:01:00.0213 0x1500 PcaSvc - ok
20:01:00.0253 0x1500 [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci C:\Windows\system32\drivers\pci.sys
20:01:00.0260 0x1500 pci - ok
20:01:00.0317 0x1500 [ 1636D43F10416AEB483BC6001097B26C, 36E61A993693A46538FE0F726D67BB28886F61D53384AD600D1282296A27662E ] pciide C:\Windows\system32\drivers\pciide.sys
20:01:00.0319 0x1500 pciide - ok
20:01:00.0411 0x1500 [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:01:00.0419 0x1500 pcmcia - ok
20:01:00.0517 0x1500 [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:01:00.0559 0x1500 PEAUTH - ok
20:01:00.0670 0x1500 [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla C:\Windows\system32\pla.dll
20:01:00.0728 0x1500 pla - ok
20:01:00.0776 0x1500 [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:01:00.0787 0x1500 PlugPlay - ok
20:01:00.0831 0x1500 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
20:01:00.0864 0x1500 PNRPAutoReg - ok
20:01:00.0908 0x1500 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc C:\Windows\system32\p2psvc.dll
20:01:00.0927 0x1500 PNRPsvc - ok
20:01:01.0009 0x1500 [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:01:01.0024 0x1500 PolicyAgent - ok
20:01:01.0066 0x1500 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:01:01.0070 0x1500 PptpMiniport - ok
20:01:01.0139 0x1500 [ 0E3CEF5D28B40CF273281D620C50700A, 8ADA99B4563AE2129B95136295EE92A94102B035EBBC83D4C8587ECE8B0DEE60 ] Processor C:\Windows\system32\drivers\processr.sys
20:01:01.0144 0x1500 Processor - ok
20:01:01.0188 0x1500 [ 0508FAA222D28835310B7BFCA7A77346, 3AE2340C6E365F137CC00D9560069501DD2724756EA9EBF7A6CDFFC91B43709C ] ProfSvc C:\Windows\system32\profsvc.dll
20:01:01.0197 0x1500 ProfSvc - ok
20:01:01.0218 0x1500 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
20:01:01.0221 0x1500 ProtectedStorage - ok
20:01:01.0255 0x1500 [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
20:01:01.0259 0x1500 PSched - ok
20:01:01.0361 0x1500 [ CCDAC889326317792480C0A67156A1EC, 3D3B561B6D4E12DE442C98993C929765F002AF5CFB5A00EFACE6ABE957F7E8AF ] ql2300 C:\Windows\system32\drivers\ql2300.sys
20:01:01.0402 0x1500 ql2300 - ok
20:01:01.0439 0x1500 [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
20:01:01.0444 0x1500 ql40xx - ok
20:01:01.0499 0x1500 [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE C:\Windows\system32\qwave.dll
20:01:01.0516 0x1500 QWAVE - ok
20:01:01.0555 0x1500 [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:01:01.0558 0x1500 QWAVEdrv - ok
20:01:01.0615 0x1500 [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:01:01.0618 0x1500 RasAcd - ok
20:01:01.0691 0x1500 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto C:\Windows\System32\rasauto.dll
20:01:01.0699 0x1500 RasAuto - ok
20:01:01.0737 0x1500 [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:01:01.0741 0x1500 Rasl2tp - ok
20:01:01.0781 0x1500 [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan C:\Windows\System32\rasmans.dll
20:01:01.0798 0x1500 RasMan - ok
20:01:01.0835 0x1500 [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:01:01.0838 0x1500 RasPppoe - ok
20:01:01.0871 0x1500 [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:01:01.0876 0x1500 RasSstp - ok
20:01:01.0917 0x1500 [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:01:01.0927 0x1500 rdbss - ok
20:01:01.0972 0x1500 [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:01:01.0974 0x1500 RDPCDD - ok
20:01:02.0024 0x1500 [ E8BD98D46F2ED77132BA927FCCB47D8B, 5187CF8F00AD67EDDF27DF675F3210C0D72E552578A89C58DF6953B1D5BEBCB8 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
20:01:02.0033 0x1500 rdpdr - ok
20:01:02.0045 0x1500 [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:01:02.0047 0x1500 RDPENCDD - ok
20:01:02.0110 0x1500 [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:01:02.0118 0x1500 RDPWD - ok
20:01:02.0184 0x1500 [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess C:\Windows\System32\mprdim.dll
20:01:02.0190 0x1500 RemoteAccess - ok
20:01:02.0253 0x1500 [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:01:02.0262 0x1500 RemoteRegistry - ok
20:01:02.0299 0x1500 [ E51A8D02B4BD33EBA1F7A5B76C3766ED, A1E5747F4034356CD3E8EDC2A847EB92CF1C9F6C0E865BDE8F46D90C005A7ED8 ] rpcapd C:\Program Files\WinPcap\rpcapd.exe
20:01:02.0304 0x1500 rpcapd - ok
20:01:02.0342 0x1500 [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator C:\Windows\system32\locator.exe
20:01:02.0346 0x1500 RpcLocator - ok
20:01:02.0386 0x1500 [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs C:\Windows\system32\rpcss.dll
20:01:02.0402 0x1500 RpcSs - ok
20:01:02.0445 0x1500 [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:01:02.0480 0x1500 rspndr - ok
20:01:02.0515 0x1500 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs C:\Windows\system32\lsass.exe
OK OCD, looks like I will have to make a thrid post for this log.
20:01:02.0517 0x1500 SamSs - ok
20:01:02.0574 0x1500 [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:01:02.0579 0x1500 sbp2port - ok
20:01:02.0618 0x1500 [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:01:02.0626 0x1500 SCardSvr - ok
20:01:02.0691 0x1500 [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule C:\Windows\system32\schedsvc.dll
20:01:02.0727 0x1500 Schedule - ok
20:01:02.0766 0x1500 [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc C:\Windows\System32\certprop.dll
20:01:02.0768 0x1500 SCPolicySvc - ok
20:01:02.0823 0x1500 [ 4339A2585708C7D9B0C0CE5AAD3DD6FF, 1B764838EC90A4F5A8130630BA32C014C033BF39C0DE1C114298F254580F0983 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
20:01:02.0828 0x1500 sdbus - ok
20:01:02.0870 0x1500 [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:01:02.0878 0x1500 SDRSVC - ok
20:01:02.0900 0x1500 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:01:02.0903 0x1500 secdrv - ok
20:01:02.0932 0x1500 [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon C:\Windows\system32\seclogon.dll
20:01:02.0937 0x1500 seclogon - ok
20:01:02.0969 0x1500 [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS C:\Windows\System32\sens.dll
20:01:02.0976 0x1500 SENS - ok
20:01:03.0004 0x1500 [ CE9EC966638EF0B10B864DDEDF62A099, 2DEC5A8C947D87C12B342F15B8A552A0D49B979A2AC32D2C97FC7A3A76C34524 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:01:03.0007 0x1500 Serenum - ok
20:01:03.0050 0x1500 [ 6D663022DB3E7058907784AE14B69898, 54263888C64A7F010D3B5E399369B0F3FF3AF0A0DE8ADB502B98277533E4D45F ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:01:03.0055 0x1500 Serial - ok
20:01:03.0102 0x1500 [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse C:\Windows\system32\drivers\sermouse.sys
20:01:03.0105 0x1500 sermouse - ok
20:01:03.0163 0x1500 [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv C:\Windows\system32\sessenv.dll
20:01:03.0170 0x1500 SessionEnv - ok
20:01:03.0204 0x1500 [ 103B79418DA647736EE95645F305F68A, E4D356FD8C62B616D3584FE84905995A1CEE452288E3A456CC358FF41FEAB1B7 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:01:03.0207 0x1500 sffdisk - ok
20:01:03.0234 0x1500 [ 8FD08A310645FE872EEEC6E08C6BF3EE, 702A148C9DE172E7B5E331F057487255E0729FD42F949BB0FF2D5A01775933CF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:01:03.0238 0x1500 sffp_mmc - ok
20:01:03.0259 0x1500 [ 9CFA05FCFCB7124E69CFC812B72F9614, E9CFCE695E4D1AF146781CFAA295878536E573F06AEA65438878DE29EC9959AD ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:01:03.0261 0x1500 sffp_sd - ok
20:01:03.0279 0x1500 [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
20:01:03.0282 0x1500 sfloppy - ok
20:01:03.0325 0x1500 [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:01:03.0342 0x1500 SharedAccess - ok
20:01:03.0392 0x1500 [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:01:03.0409 0x1500 ShellHWDetection - ok
20:01:03.0442 0x1500 [ D2A595D6EEBEEAF4334F8E50EFBC9931, 851B8205C657BF806C4D815DC75356E99B4246016B6E1C1F51BAF8AD1E6D5299 ] sisagp C:\Windows\system32\drivers\sisagp.sys
20:01:03.0446 0x1500 sisagp - ok
20:01:03.0471 0x1500 [ CEDD6F4E7D84E9F98B34B3FE988373AA, E102977E6FAC30B5ABEEC0B412A9F2A10C5C42F4D9C3AD69296BF9E1E88B6141 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
20:01:03.0474 0x1500 SiSRaid2 - ok
20:01:03.0506 0x1500 [ DF843C528C4F69D12CE41CE462E973A7, A2BEC74FCB8D8B6B9D8DD4746C013DFDF1DD662AEFE9B88CA495E5B83B4A76F9 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
20:01:03.0511 0x1500 SiSRaid4 - ok
20:01:03.0683 0x1500 [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc C:\Windows\system32\SLsvc.exe
20:01:03.0824 0x1500 slsvc - ok
20:01:03.0882 0x1500 [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify C:\Windows\system32\SLUINotify.dll
20:01:03.0889 0x1500 SLUINotify - ok
20:01:03.0922 0x1500 [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:01:03.0926 0x1500 Smb - ok
20:01:04.0001 0x1500 [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:01:04.0006 0x1500 SNMPTRAP - ok
20:01:04.0042 0x1500 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr C:\Windows\system32\drivers\spldr.sys
20:01:04.0045 0x1500 spldr - ok
20:01:04.0098 0x1500 [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler C:\Windows\System32\spoolsv.exe
20:01:04.0106 0x1500 Spooler - ok
20:01:04.0181 0x1500 [ D2B096CD2F56FAC6EEEED9A77DDF6DC8, FD904FBB36ED60AE084F86F7196FCE48F798CF720DB1677C307059E45497E140 ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
20:01:04.0232 0x1500 SQLBrowser - ok
20:01:04.0302 0x1500 [ D89083C4EB02DACA8F944B0E05E57F9D, F96416B5877C280B4EE088A83956E0202F82DC5EACDEEFF06D5979FFFAA9FA74 ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
20:01:04.0305 0x1500 SQLWriter - ok
20:01:04.0354 0x1500 [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv C:\Windows\system32\DRIVERS\srv.sys
20:01:04.0371 0x1500 srv - ok
20:01:04.0411 0x1500 [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:01:04.0418 0x1500 srv2 - ok
20:01:04.0461 0x1500 [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:01:04.0466 0x1500 srvnet - ok
20:01:04.0517 0x1500 [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:01:04.0526 0x1500 SSDPSRV - ok
20:01:04.0602 0x1500 [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:01:04.0611 0x1500 SstpSvc - ok
20:01:04.0691 0x1500 [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc C:\Windows\System32\wiaservc.dll
20:01:04.0716 0x1500 stisvc - ok
20:01:04.0736 0x1500 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:01:04.0739 0x1500 swenum - ok
20:01:04.0809 0x1500 [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv C:\Windows\System32\swprv.dll
20:01:04.0824 0x1500 swprv - ok
20:01:04.0886 0x1500 [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
20:01:04.0889 0x1500 Symc8xx - ok
20:01:04.0927 0x1500 [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
20:01:04.0930 0x1500 Sym_hi - ok
20:01:04.0958 0x1500 [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
20:01:04.0961 0x1500 Sym_u3 - ok
20:01:05.0024 0x1500 [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain C:\Windows\system32\sysmain.dll
20:01:05.0049 0x1500 SysMain - ok
20:01:05.0075 0x1500 [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:01:05.0082 0x1500 TabletInputService - ok
20:01:05.0127 0x1500 [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:01:05.0144 0x1500 TapiSrv - ok
20:01:05.0178 0x1500 [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS C:\Windows\System32\tbssvc.dll
20:01:05.0185 0x1500 TBS - ok
20:01:05.0259 0x1500 [ D18D53974FD715D50FC76F9FFE1C830D, 50424BD5950D8FC7724A6E48AE5A39D6E727FAF326C31657C69F1DE13C1450E3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:01:05.0301 0x1500 Tcpip - ok
20:01:05.0359 0x1500 [ D18D53974FD715D50FC76F9FFE1C830D, 50424BD5950D8FC7724A6E48AE5A39D6E727FAF326C31657C69F1DE13C1450E3 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
20:01:05.0380 0x1500 Tcpip6 - ok
20:01:05.0429 0x1500 [ 608C345A255D82A6289C2D468EB41FD7, 74ECFDD45DC3EB3AFAEF9C42B546241AA1D6ACB2F6591A76DDB8BB1768545889 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:01:05.0433 0x1500 tcpipreg - ok
20:01:05.0495 0x1500 [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:01:05.0498 0x1500 TDPIPE - ok
20:01:05.0536 0x1500 [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:01:05.0539 0x1500 TDTCP - ok
20:01:05.0576 0x1500 [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:01:05.0580 0x1500 tdx - ok
20:01:05.0635 0x1500 [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:01:05.0638 0x1500 TermDD - ok
20:01:05.0706 0x1500 [ BB95DA09BEF6E7A131BFF3BA5032090D, BAF6997F8D944F85F0553957677866C7F22E72AA434BA45FFFB6CC41041070DC ] TermService C:\Windows\System32\termsrv.dll
20:01:05.0731 0x1500 TermService - ok
20:01:05.0759 0x1500 [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes C:\Windows\system32\shsvcs.dll
20:01:05.0768 0x1500 Themes - ok
20:01:05.0786 0x1500 [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER C:\Windows\system32\mmcss.dll
20:01:05.0791 0x1500 THREADORDER - ok
20:01:05.0844 0x1500 [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks C:\Windows\System32\trkwks.dll
20:01:05.0851 0x1500 TrkWks - ok
20:01:05.0908 0x1500 [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:01:05.0912 0x1500 TrustedInstaller - ok
20:01:05.0971 0x1500 [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:01:05.0974 0x1500 tssecsrv - ok
20:01:06.0014 0x1500 [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
20:01:06.0017 0x1500 tunmp - ok
20:01:06.0056 0x1500 [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:01:06.0059 0x1500 tunnel - ok
20:01:06.0141 0x1500 [ 539E1D1B453C47B1C4FD26EC5FE42DED, DF61D1601BD0A526728F05FF646EFA65A57FC9DF3C54114B21F38B4B30D62B22 ] txtidwow C:\Windows\system32\DRIVERS\txtidwow.sys
20:01:06.0147 0x1500 txtidwow - ok
20:01:06.0190 0x1500 [ C3ADE15414120033A36C0F293D4A4121, 74A002C4B5EBD94E33EDEACB6639AF44ED72A8DDE3083C6DE71C1EE937EF1A9C ] uagp35 C:\Windows\system32\drivers\uagp35.sys
20:01:06.0194 0x1500 uagp35 - ok
20:01:06.0241 0x1500 [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:01:06.0258 0x1500 udfs - ok
20:01:06.0302 0x1500 [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:01:06.0308 0x1500 UI0Detect - ok
20:01:06.0334 0x1500 [ 75E6890EBFCE0841D3291B02E7A8BDB0, FDF9CDCCCCC0AA2A52623C5A67AC5F5224557EE4C8F6487CB13CAEB012575E2A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:01:06.0338 0x1500 uliagpkx - ok
20:01:06.0369 0x1500 [ 3CD4EA35A6221B85DCC25DAA46313F8D, 100A7E12B8EA395F70A00874328E87B930CE88FF442F3576FE88B105A22E04C5 ] uliahci C:\Windows\system32\drivers\uliahci.sys
20:01:06.0378 0x1500 uliahci - ok
20:01:06.0400 0x1500 [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata C:\Windows\system32\drivers\ulsata.sys
20:01:06.0405 0x1500 UlSata - ok
20:01:06.0439 0x1500 [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
20:01:06.0453 0x1500 ulsata2 - ok
20:01:06.0490 0x1500 [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:01:06.0493 0x1500 umbus - ok
20:01:06.0604 0x1500 [ A95B7DD484887DCABC3897FA2FE06B50, 49BB7D1C911C6732C9D5F6BDD158363FE9400F8DA534346F6504DA64C1D22ED8 ] Update Swift Browse C:\Program Files\Swift Browse\updateSwiftBrowse.exe
20:01:06.0607 0x1500 Update Swift Browse - ok
20:01:06.0660 0x1500 [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost C:\Windows\System32\upnphost.dll
20:01:06.0672 0x1500 upnphost - ok
20:01:06.0744 0x1500 [ 1114579556DB85E9FAF9590DBC64CD62, 10479A3C12BBBB9B5759082358FE11AC20BAEFA6B4977C8AE6E60AA17BE6C7FA ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
20:01:06.0748 0x1500 usbaudio - ok
20:01:06.0822 0x1500 [ AAB0B5F72D2D726FBFDC895A2902DE1D, 7824AF6E2ADEA23F208526F3A62AD1BACDBBDB23E58EB5806890B0761529C50F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:01:06.0826 0x1500 usbccgp - ok
20:01:06.0895 0x1500 [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:01:06.0899 0x1500 usbcir - ok
20:01:06.0988 0x1500 [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:01:06.0992 0x1500 usbehci - ok
20:01:07.0039 0x1500 [ 2AE6BCEBD85D31317E433733DAF25888, 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:01:07.0047 0x1500 usbhub - ok
20:01:07.0080 0x1500 [ D457EBD0C3A8B3A3A144355B5EE91CBC, 6AD52BDBB1607A48F0B02E663B97C3A00E3345B1B12C259608A5AE728C1C06B2 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
20:01:07.0083 0x1500 usbohci - ok
20:01:07.0113 0x1500 [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:01:07.0116 0x1500 usbprint - ok
20:01:07.0170 0x1500 [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:01:07.0174 0x1500 USBSTOR - ok
20:01:07.0214 0x1500 [ 325DBBACB8A36AF9988CCF40EAC228CC, 22FE5658A12296634FBE9D8565485BEE8CB200C47182F70DC9D2B0442E10C4AA ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:01:07.0217 0x1500 usbuhci - ok
20:01:07.0288 0x1500 [ 8D31A140B55021BBD3A608F5A7AA2E18, EBD27A50DC3C009365DB64F7E7222F3075405ECD731B82229CDF0F500617C838 ] USB_RNDIS C:\Windows\system32\DRIVERS\usb8023.sys
20:01:07.0290 0x1500 USB_RNDIS - ok
20:01:07.0380 0x1500 Util Swift Browse - ok
20:01:07.0408 0x1500 [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms C:\Windows\System32\uxsms.dll
20:01:07.0413 0x1500 UxSms - ok
20:01:07.0503 0x1500 [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds C:\Windows\System32\vds.exe
20:01:07.0519 0x1500 vds - ok
20:01:07.0612 0x1500 [ 7D92BE0028ECDEDEC74617009084B5EF, D0749CE6FA3415BA4364299F8D6D53F133E8D2F44C6F1057996243415A540A53 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:01:07.0615 0x1500 vga - ok
20:01:07.0656 0x1500 [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave C:\Windows\System32\drivers\vga.sys
20:01:07.0660 0x1500 VgaSave - ok
20:01:07.0710 0x1500 [ 045D9961E591CF0674A920B6BA3BA5CB, EBF498A0424CEA0F7ECBAAE144A8669CE6B5DD67115DE22CEC5A46AED26CD90B ] viaagp C:\Windows\system32\drivers\viaagp.sys
20:01:07.0713 0x1500 viaagp - ok
20:01:07.0736 0x1500 [ 56A4DE5F02F2E88182B0981119B4DD98, 36FC94BCFD41907838DBCB02E6EA24065FDED4224239CD19E90D14433BE9108B ] ViaC7 C:\Windows\system32\drivers\viac7.sys
20:01:07.0740 0x1500 ViaC7 - ok
20:01:07.0762 0x1500 [ FD2E3175FCADA350C7AB4521DCA187EC, 1C914B184478611A27E0141F90EBC34FC63DFB2A83441DD36DFA43D945FB1C52 ] viaide C:\Windows\system32\drivers\viaide.sys
20:01:07.0765 0x1500 viaide - ok
20:01:07.0805 0x1500 [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:01:07.0809 0x1500 volmgr - ok
20:01:07.0854 0x1500 [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:01:07.0871 0x1500 volmgrx - ok
20:01:07.0918 0x1500 [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:01:07.0935 0x1500 volsnap - ok
20:01:07.0977 0x1500 [ D984439746D42B30FC65A4C3546C6829, B134A9890638C2B4964A9C30812A2828A3E0CC641690CBF22D9FCE65EE3C2385 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
20:01:07.0983 0x1500 vsmraid - ok
20:01:08.0061 0x1500 [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS C:\Windows\system32\vssvc.exe
20:01:08.0111 0x1500 VSS - ok
20:01:08.0161 0x1500 [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time C:\Windows\system32\w32time.dll
20:01:08.0178 0x1500 W32Time - ok
20:01:08.0214 0x1500 [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
20:01:08.0218 0x1500 WacomPen - ok
20:01:08.0257 0x1500 [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
20:01:08.0261 0x1500 Wanarp - ok
20:01:08.0282 0x1500 [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:01:08.0286 0x1500 Wanarpv6 - ok
20:01:08.0317 0x1500 [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:01:08.0336 0x1500 wcncsvc - ok
20:01:08.0364 0x1500 [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:01:08.0371 0x1500 WcsPlugInService - ok
20:01:08.0409 0x1500 [ AFC5AD65B991C1E205CF25CFDBF7A6F4, 544173AE85A11B99B9221DB30B6803DAEB3EB7FCA57FE62F0D13EF70B9C69A89 ] Wd C:\Windows\system32\drivers\wd.sys
20:01:08.0412 0x1500 Wd - ok
20:01:08.0470 0x1500 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:01:08.0537 0x1500 Wdf01000 - ok
20:01:08.0584 0x1500 [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:01:08.0591 0x1500 WdiServiceHost - ok
20:01:08.0609 0x1500 [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:01:08.0616 0x1500 WdiSystemHost - ok
20:01:08.0650 0x1500 [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient C:\Windows\System32\webclnt.dll
20:01:08.0661 0x1500 WebClient - ok
20:01:08.0709 0x1500 [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:01:08.0754 0x1500 Wecsvc - ok
20:01:08.0804 0x1500 [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:01:08.0812 0x1500 wercplsupport - ok
20:01:08.0853 0x1500 [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc C:\Windows\System32\WerSvc.dll
20:01:08.0861 0x1500 WerSvc - ok
20:01:08.0924 0x1500 [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
20:01:08.0933 0x1500 WinDefend - ok
20:01:08.0950 0x1500 WinHttpAutoProxySvc - ok
20:01:08.0998 0x1500 [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:01:09.0005 0x1500 Winmgmt - ok
20:01:09.0113 0x1500 [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM C:\Windows\system32\WsmSvc.dll
20:01:09.0404 0x1500 WinRM - ok
20:01:09.0471 0x1500 [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:01:09.0491 0x1500 Wlansvc - ok
20:01:09.0519 0x1500 [ 701A9F884A294327E9141D73746EE279, C8A46B8C32F9EAC7848D385473F6B5C4B6DA719A941A75AD5F081757FC07A09D ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:01:09.0521 0x1500 WmiAcpi - ok
20:01:09.0572 0x1500 [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:01:09.0578 0x1500 wmiApSrv - ok
20:01:09.0659 0x1500 [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
20:01:09.0692 0x1500 WMPNetworkSvc - ok
20:01:09.0718 0x1500 [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:01:09.0728 0x1500 WPCSvc - ok
20:01:09.0795 0x1500 [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:01:09.0802 0x1500 WPDBusEnum - ok
20:01:09.0833 0x1500 [ DE9D36F91A4DF3D911626643DEBF11EA, 8029ECE76E29276BFB6ED3387AC560A9A779AAF683A4416E96334FAF7BDBADA0 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
20:01:09.0836 0x1500 WpdUsb - ok
20:01:09.0966 0x1500 [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:01:10.0007 0x1500 WPFFontCache_v0400 - ok
20:01:10.0062 0x1500 [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:01:10.0064 0x1500 ws2ifsl - ok
20:01:10.0101 0x1500 [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc C:\Windows\System32\wscsvc.dll
20:01:10.0108 0x1500 wscsvc - ok
20:01:10.0121 0x1500 WSearch - ok
20:01:10.0259 0x1500 [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv C:\Windows\system32\wuaueng.dll
20:01:10.0342 0x1500 wuauserv - ok
20:01:10.0428 0x1500 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:01:10.0433 0x1500 WudfPf - ok
20:01:10.0495 0x1500 [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:01:10.0503 0x1500 WUDFRd - ok
20:01:10.0555 0x1500 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:01:10.0563 0x1500 wudfsvc - ok
20:01:10.0651 0x1500 [ 04E268ADFC81964C49DC0C082D520F7E, 7D2574E366636AB1D59A08FE3038268095D627C39636C6ED6BCE1D5ACB44A179 ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
20:01:10.0662 0x1500 yukonwlh - ok
20:01:10.0678 0x1500 ================ Scan global ===============================
20:01:10.0712 0x1500 [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
20:01:10.0781 0x1500 [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
20:01:10.0839 0x1500 [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
20:01:10.0899 0x1500 [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe
20:01:10.0915 0x1500 [ Global ] - ok
20:01:10.0920 0x1500 ================ Scan MBR ==================================
20:01:10.0936 0x1500 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
20:01:11.0483 0x1500 \Device\Harddisk0\DR0 - ok
20:01:11.0488 0x1500 ================ Scan VBR ==================================
20:01:11.0492 0x1500 [ 4C007A8E6CEB52BA9D6D11621D1AA8C1 ] \Device\Harddisk0\DR0\Partition1
20:01:11.0494 0x1500 \Device\Harddisk0\DR0\Partition1 - ok
20:01:11.0501 0x1500 [ 19DC5944FA745607840AE0053DBB53E9 ] \Device\Harddisk0\DR0\Partition2
20:01:11.0503 0x1500 \Device\Harddisk0\DR0\Partition2 - ok
20:01:11.0509 0x1500 Waiting for KSN requests completion. In queue: 319
20:01:12.0509 0x1500 Waiting for KSN requests completion. In queue: 319
20:01:13.0510 0x1500 Waiting for KSN requests completion. In queue: 8
20:01:14.0722 0x1500 AV detected via SS2: Kaspersky Internet Security, C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\wmiav.exe ( 12.0.0.374 ), 0x41010 ( enabled : outofdate )
20:01:14.0812 0x1500 FW detected via SS2: Kaspersky Internet Security, C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\wmifw.exe ( 12.0.0.374 ), 0x41010 ( enabled )
20:01:17.0291 0x1500 ============================================================
20:01:17.0291 0x1500 Scan finished
20:01:17.0291 0x1500 ============================================================
20:01:17.0306 0x1d30 Detected object count: 0
20:01:17.0306 0x1d30 Actual detected object count: 0
20:01:45.0856 0x2774 ============================================================
20:01:45.0856 0x2774 Scan started
20:01:45.0856 0x2774 Mode: Manual; TDLFS;
20:01:45.0856 0x2774 ============================================================
20:01:45.0856 0x2774 KSN ping started
20:01:59.0411 0x2774 KSN ping finished: true
20:01:59.0607 0x2774 ================ Scan system memory ========================
20:01:59.0607 0x2774 System memory - ok
20:01:59.0610 0x2774 ================ Scan services =============================
20:01:59.0860 0x2774 [ 4B56CAAFED0B0B996341D74CE0E76565, 6DE24ABA96B924DE4EBEAA189613019FB9B8B0B13756A2A43AB8163B57978C86 ] ac97intc C:\Windows\system32\drivers\ac97intc.sys
20:01:59.0863 0x2774 ac97intc - ok
20:01:59.0930 0x2774 [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI C:\Windows\system32\drivers\acpi.sys
20:01:59.0937 0x2774 ACPI - ok
20:02:00.0008 0x2774 [ A283108E14F3970432C21AF4C0CB1BCE, 1D3219EF916D54232838870EDE557296AACB714B456ED0AAE0DE3CE3822F4643 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:02:00.0014 0x2774 AdobeFlashPlayerUpdateSvc - ok
20:02:00.0061 0x2774 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB, 0342700760874683A6DF4F149DACACEF0569D40C45FC5958C67100B3C5D9BBBC ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:02:00.0071 0x2774 adp94xx - ok
20:02:00.0107 0x2774 [ B84088CA3CDCA97DA44A984C6CE1CCAD, 87009809FB101BF51483FA32318CBCD209386582880C82417BE4FFAD1B04C8C1 ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:02:00.0114 0x2774 adpahci - ok
20:02:00.0136 0x2774 [ 7880C67BCCC27C86FD05AA2AFB5EA469, C8B06E203EEA6EAD19651F212432005ABADFF21E2AA5699E34040527394F2677 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
20:02:00.0139 0x2774 adpu160m - ok
20:02:00.0167 0x2774 [ 9AE713F8E30EFC2ABCCD84904333DF4D, B0C7801AC6E0811C38F0474703F34283914C8873D851F59EE232834F7C0D8087 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:02:00.0171 0x2774 adpu320 - ok
20:02:00.0214 0x2774 [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:02:00.0215 0x2774 AeLookupSvc - ok
20:02:00.0261 0x2774 [ 3911B972B55FEA0478476B2E777B29FA, 62545B90C7DD3F73777E62CD8264E611A4D71B6956CABFD2D820D25F41F471FD ] AFD C:\Windows\system32\drivers\afd.sys
20:02:00.0268 0x2774 AFD - ok
20:02:00.0325 0x2774 [ 39E435C90C9C4F780FA0ED05CA3C3A1B, 0006CC8CBFB775CA9C4121B4DDC80560DE35CCBB276DEE7A9F5148743529758A ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
20:02:00.0326 0x2774 AgereModemAudio - ok
20:02:00.0402 0x2774 [ 35C391E40471A0B479328FC7B1B5F40F, 6854C96569440408C26A621C2C2A5B56856211AED3BD0D2860DFAF8E7D09AC5B ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
20:02:00.0429 0x2774 AgereSoftModem - ok
20:02:00.0461 0x2774 [ EF23439CDD587F64C2C1B8825CEAD7D8, 762665CFC202B3E16CA2338887896FDF996331A363DC709F1EC088BF927133A3 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:02:00.0463 0x2774 agp440 - ok
20:02:00.0504 0x2774 [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
20:02:00.0506 0x2774 aic78xx - ok
20:02:00.0549 0x2774 [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG C:\Windows\System32\alg.exe
20:02:00.0551 0x2774 ALG - ok
20:02:00.0575 0x2774 [ 90395B64600EBB4552E26E178C94B2E4, 73095893964DC7915983B58A567184FC51949C99341E7E0D04D70CC4C4F95E37 ] aliide C:\Windows\system32\drivers\aliide.sys
20:02:00.0576 0x2774 aliide - ok
20:02:00.0593 0x2774 [ 2B13E304C9DFDFA5EB582F6A149FA2C7, 196CCE13E0376526B79D9C43D4071990576C4DD210A48E9E922B438AA11C95E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
20:02:00.0595 0x2774 amdagp - ok
20:02:00.0615 0x2774 [ 0577DF1D323FE75A739C787893D300EA, 079EF3CA18FB847DB7E62929071BFF007FAF390E1DBF4C59F28DAAC6B9C2DE51 ] amdide C:\Windows\system32\drivers\amdide.sys
20:02:00.0616 0x2774 amdide - ok
20:02:00.0633 0x2774 [ DC487885BCEF9F28EECE6FAC0E5DDFC5, 24A62F6E628AD46273BC226F7BC3453A9C7B76F81ABB9FB801EBEFADB2AB7C9B ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
20:02:00.0635 0x2774 AmdK7 - ok
20:02:00.0673 0x2774 [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:02:00.0675 0x2774 AmdK8 - ok
20:02:00.0703 0x2774 [ C6D704C7F0434DC791AAC37CAC4B6E14, 35CF7D1895F97637E0C678A39F3049B871BCA9526D379C7793ED33B87D2EAC4C ] Appinfo C:\Windows\System32\appinfo.dll
20:02:00.0705 0x2774 Appinfo - ok
20:02:00.0730 0x2774 [ 5F673180268BB1FDB69C99B6619FE379, C4307A861163F96648109046A6C7D53AB1C9B10D0B841DD1A7D147D22F462649 ] arc C:\Windows\system32\drivers\arc.sys
20:02:00.0733 0x2774 arc - ok
20:02:00.0750 0x2774 [ 957F7540B5E7F602E44648C7DE5A1C05, F03C7708A6C9D2579ECE5A7413AFA068E1067D7191EC653A78BA4FEDE76CFBD8 ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:02:00.0752 0x2774 arcsas - ok
20:02:00.0787 0x2774 [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:02:00.0788 0x2774 AsyncMac - ok
20:02:00.0820 0x2774 [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi C:\Windows\system32\drivers\atapi.sys
20:02:00.0821 0x2774 atapi - ok
20:02:00.0865 0x2774 [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:02:00.0873 0x2774 AudioEndpointBuilder - ok
20:02:00.0901 0x2774 [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] Audiosrv C:\Windows\System32\Audiosrv.dll
20:02:00.0908 0x2774 Audiosrv - ok
20:02:00.0981 0x2774 [ 2718DC27571BD1E37813F5759D2DC118, 3A822C3A0003B36F212A4184FC1F49CE65AAF1A2A481EE05DAAB868B2847945F ] AVP C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
20:02:00.0986 0x2774 AVP - ok
20:02:01.0032 0x2774 [ 08015D34F6FDD0B355805BAD978497C3, AAD5F919215B8630DCCADF2AC8DC82BAA543C52B1682B476093E014532B20EBD ] bcm4sbxp C:\Windows\system32\DRIVERS\bcm4sbxp.sys
20:02:01.0034 0x2774 bcm4sbxp - ok
20:02:01.0074 0x2774 [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep C:\Windows\system32\drivers\Beep.sys
20:02:01.0075 0x2774 Beep - ok
20:02:01.0141 0x2774 [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE C:\Windows\System32\bfe.dll
20:02:01.0149 0x2774 BFE - ok
20:02:01.0209 0x2774 [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS C:\Windows\System32\qmgr.dll
20:02:01.0229 0x2774 BITS - ok
20:02:01.0242 0x2774 blbdrive - ok
20:02:01.0280 0x2774 [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:02:01.0283 0x2774 bowser - ok
20:02:01.0319 0x2774 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
20:02:01.0320 0x2774 BrFiltLo - ok
20:02:01.0345 0x2774 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
20:02:01.0345 0x2774 BrFiltUp - ok
20:02:01.0384 0x2774 [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser C:\Windows\System32\browser.dll
20:02:01.0387 0x2774 Browser - ok
20:02:01.0427 0x2774 [ 2FE6D5BE0629F706197B30C0AA05DE30, 528ED3AA8129FDD6C8EF698E5ECE9BB93C0249CF0200115F13B36410A353F353 ] BrPar C:\Windows\System32\drivers\BrPar.sys
20:02:01.0428 0x2774 BrPar - ok
20:02:01.0452 0x2774 [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid C:\Windows\system32\drivers\brserid.sys
20:02:01.0455 0x2774 Brserid - ok
20:02:01.0486 0x2774 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
20:02:01.0488 0x2774 BrSerWdm - ok
20:02:01.0514 0x2774 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
20:02:01.0515 0x2774 BrUsbMdm - ok
20:02:01.0547 0x2774 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
20:02:01.0548 0x2774 BrUsbSer - ok
20:02:01.0573 0x2774 [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
20:02:01.0575 0x2774 BTHMODEM - ok
20:02:01.0619 0x2774 [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:02:01.0621 0x2774 cdfs - ok
20:02:01.0675 0x2774 [ 814ACB9B8A55804D9878248B3C79F862, 1A88B286C7F4472EA30DB3D911FBA89D2D63BC89C58873F2ADA6ADF95271B0ED ] Cdr4_xp C:\Windows\system32\drivers\Cdr4_xp.sys
20:02:01.0677 0x2774 Cdr4_xp - ok
20:02:01.0695 0x2774 [ BCE7213F8AA1BC9D5C08F81CB05E10A7, DAE2D78BD4304C387A56D51C0BD8D9374F34C0788C1CF99BE3E9882033930934 ] Cdralw2k C:\Windows\system32\drivers\Cdralw2k.sys
20:02:01.0697 0x2774 Cdralw2k - ok
20:02:01.0726 0x2774 [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:02:01.0728 0x2774 cdrom - ok
20:02:01.0761 0x2774 [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc C:\Windows\System32\certprop.dll
20:02:01.0762 0x2774 CertPropSvc - ok
20:02:01.0807 0x2774 [ DA8E0AFC7BAA226C538EF53AC2F90897, 2BBB9966671A3B8325D215DBC29FBD7D912C13ADC562A0D4521D1FF9A6F445C0 ] circlass C:\Windows\system32\drivers\circlass.sys
20:02:01.0808 0x2774 circlass - ok
20:02:01.0851 0x2774 [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS C:\Windows\system32\CLFS.sys
20:02:01.0857 0x2774 CLFS - ok
20:02:01.0918 0x2774 [ 8EE772032E2FE80A924F3B8DD5082194, B743DF91563A22CC15D9B44105804B5866A29D3DFC156DBE88DFAFEF903B94C0 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:02:01.0920 0x2774 clr_optimization_v2.0.50727_32 - ok
20:02:01.0974 0x2774 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:02:01.0978 0x2774 clr_optimization_v4.0.30319_32 - ok
20:02:02.0003 0x2774 [ 0FED59EDB4A83FF17F1778827B88AB1A, FC6E72D9EF2B6CB652B688BC604B553119679323A73E3EA6ED0024D2A25AC354 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:02:02.0004 0x2774 CmBatt - ok
20:02:02.0039 0x2774 [ 45201046C776FFDAF3FC8A0029C581C8, 68A68CF2B76598BC8610EB5B2D3FD5BDC9D51CFC6F51FB7A0B0C92A2BE910FC6 ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:02:02.0040 0x2774 cmdide - ok
20:02:02.0081 0x2774 [ 7A0B457EEFEF8CBAA0CC44C8819113BD, F041B2DF7A68E9231DFF289056EF633FC4EED84C754A3D5EBD64C92FF468F3A1 ] CoachUsb C:\Windows\system32\DRIVERS\CoachUsb.sys
20:02:02.0082 0x2774 CoachUsb - ok
20:02:02.0128 0x2774 [ 614CA0BFA09861E42AD8D14B83540758, F51917D30E7A7F286231B1E0A8F6C0E2C245AF96110D64D1A37A96EA683EF559 ] CoachVc C:\Windows\system32\DRIVERS\CoachVc.sys
20:02:02.0130 0x2774 CoachVc - ok
20:02:02.0170 0x2774 [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:02:02.0171 0x2774 Compbatt - ok
20:02:02.0182 0x2774 COMSysApp - ok
20:02:02.0195 0x2774 [ 2A213AE086BBEC5E937553C7D9A2B22C, 1F91ACC0426E0ED1717555B282F65629EF15021375B24A63C29C89ADE916EE2A ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
20:02:02.0196 0x2774 crcdisk - ok
20:02:02.0229 0x2774 [ 22A7F883508176489F559EE745B5BF5D, D6341E3FBC8A46D2D1F0477FA60EC4828B585D35B14609CD02868FD04ECD14DB ] Crusoe C:\Windows\system32\drivers\crusoe.sys
20:02:02.0231 0x2774 Crusoe - ok
20:02:02.0285 0x2774 [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:02:02.0289 0x2774 CryptSvc - ok
20:02:02.0355 0x2774 [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:02:02.0371 0x2774 DcomLaunch - ok
20:02:02.0406 0x2774 [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:02:02.0408 0x2774 DfsC - ok
20:02:02.0522 0x2774 [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR C:\Windows\system32\DFSR.exe
20:02:02.0571 0x2774 DFSR - ok
20:02:02.0614 0x2774 [ A5034F77B278F07E224FE07CF98A8B76, C670181FE028EA2E0219E9AED222D6FBAC541D548F0FFB58CAB850A2C979CD05 ] DgiVecp C:\Windows\system32\Drivers\DgiVecp.sys
20:02:02.0616 0x2774 DgiVecp - ok
20:02:02.0655 0x2774 [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
20:02:02.0662 0x2774 Dhcp - ok
20:02:02.0698 0x2774 [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk C:\Windows\system32\drivers\disk.sys
20:02:02.0700 0x2774 disk - ok
20:02:02.0740 0x2774 [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:02:02.0744 0x2774 Dnscache - ok
20:02:02.0783 0x2774 [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc C:\Windows\System32\dot3svc.dll
20:02:02.0789 0x2774 dot3svc - ok
20:02:02.0827 0x2774 [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS C:\Windows\system32\dps.dll
20:02:02.0831 0x2774 DPS - ok
20:02:02.0861 0x2774 [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:02:02.0863 0x2774 drmkaud - ok
20:02:02.0940 0x2774 [ 988670D8343EF9835FB3659DB71B2EFA, 5F5370FDD08C4BFF0828341952E98E95F722CB779EEC08C9DD6212C4DF3CD33B ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:02:02.0955 0x2774 DXGKrnl - ok
20:02:02.0989 0x2774 [ F88FB26547FD2CE6D0A5AF2985892C48, F02E06E16830F5D3FAF61991F5A91E54BB3461F58AFE3BFB7A9066CD302B879F ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
20:02:02.0992 0x2774 E1G60 - ok
20:02:03.0034 0x2774 [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost C:\Windows\System32\eapsvc.dll
20:02:03.0037 0x2774 EapHost - ok
20:02:03.0076 0x2774 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache C:\Windows\system32\drivers\ecache.sys
20:02:03.0080 0x2774 Ecache - ok
20:02:03.0133 0x2774 [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:02:03.0140 0x2774 ehRecvr - ok
20:02:03.0170 0x2774 [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched C:\Windows\ehome\ehsched.exe
20:02:03.0174 0x2774 ehSched - ok
20:02:03.0183 0x2774 [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart C:\Windows\ehome\ehstart.dll
20:02:03.0184 0x2774 ehstart - ok
20:02:03.0223 0x2774 [ E8F3F21A71720C84BCF423B80028359F, 63114E6120F634224A0E83A5047B37C7D6F26CF99FE3C01CFC0AB8B1763BB084 ] elxstor C:\Windows\system32\drivers\elxstor.sys
20:02:03.0231 0x2774 elxstor - ok
20:02:03.0294 0x2774 [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
20:02:03.0309 0x2774 EMDMgmt - ok
20:02:03.0365 0x2774 [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem C:\Windows\system32\es.dll
20:02:03.0373 0x2774 EventSystem - ok
20:02:03.0413 0x2774 [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat C:\Windows\system32\drivers\exfat.sys
20:02:03.0416 0x2774 exfat - ok
20:02:03.0471 0x2774 [ 1E9B9A70D332103C52995E957DC09EF8, 7E709D545D4025A2E9F3489CF2A231040904CB53E3E4EEAC15A22468FAB2A5B3 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:02:03.0475 0x2774 fastfat - ok
20:02:03.0522 0x2774 [ 63BDADA84951B9C03E641800E176898A, AD3EA20CAD0E0C438422D5D39AEA9E0AAD9E1DC866A696AE503C76F5FAC4BE6E ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:02:03.0523 0x2774 fdc - ok
20:02:03.0559 0x2774 [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost C:\Windows\system32\fdPHost.dll
20:02:03.0561 0x2774 fdPHost - ok
20:02:03.0592 0x2774 [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub C:\Windows\system32\fdrespub.dll
20:02:03.0594 0x2774 FDResPub - ok
20:02:03.0636 0x2774 [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:02:03.0638 0x2774 FileInfo - ok
20:02:03.0665 0x2774 [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:02:03.0667 0x2774 Filetrace - ok
20:02:03.0691 0x2774 [ 6603957EFF5EC62D25075EA8AC27DE68, B52D112301A6BFBD60959D7D2502AB2E1EB6BB7F5DCED46899F1F006C7F1E887 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:02:03.0692 0x2774 flpydisk - ok
20:02:03.0729 0x2774 [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:02:03.0734 0x2774 FltMgr - ok
20:02:03.0798 0x2774 [ 2AFA3A46986AE935DAECEBC7E66314CF, 747FAF9B7F8291B83EE44B91E5708395E749DC87BD42CC3BF2CD41209C298F4D ] FontCache C:\Windows\system32\FntCache.dll
20:02:03.0817 0x2774 FontCache - ok
20:02:03.0882 0x2774 [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:02:03.0884 0x2774 FontCache3.0.0.0 - ok
20:02:03.0915 0x2774 [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:02:03.0916 0x2774 Fs_Rec - ok
20:02:03.0949 0x2774 [ 4E1CD0A45C50A8882616CAE5BF82F3C5, 1B909AF150F7119A5685999451A85012F4A92F15F38390A281EA507E2D247BAE ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:02:03.0951 0x2774 gagp30kx - ok
20:02:04.0008 0x2774 [ 617DC2877015270914CA3C03873560D5, A4A7673B2377C9EC1E6F98B73AE809E5E5F913732C1D4F0AD431122D16B5323F ] GameConsoleService C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
20:02:04.0012 0x2774 GameConsoleService - ok
20:02:04.0063 0x2774 [ 6542DC2E93BCE4D4289FA70A4D367DC2, 7E8E498646724437F34797EB228DD8789A5F422149003E312D60ACCFB2C2465C ] GoogleDesktopManager-061008-081103 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
20:02:04.0064 0x2774 GoogleDesktopManager-061008-081103 - ok
20:02:04.0123 0x2774 [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc C:\Windows\System32\gpsvc.dll
20:02:04.0138 0x2774 gpsvc - ok
20:02:04.0233 0x2774 [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
20:02:04.0237 0x2774 gupdate - ok
20:02:04.0258 0x2774 [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:02:04.0262 0x2774 gupdatem - ok
20:02:04.0298 0x2774 [ CB04C744BE0A61B1D648FAED182C3B59, 61DC0FF94325DAFCCB7B3980A48727EFBF1283FCF753EC16EF04C730525994C0 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:02:04.0304 0x2774 HdAudAddService - ok
20:02:04.0417 0x2774 [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:02:04.0432 0x2774 HDAudBus - ok
20:02:04.0501 0x2774 [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth C:\Windows\system32\drivers\hidbth.sys
20:02:04.0502 0x2774 HidBth - ok
20:02:04.0544 0x2774 [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr C:\Windows\system32\drivers\hidir.sys
20:02:04.0545 0x2774 HidIr - ok
20:02:04.0626 0x2774 [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv C:\Windows\system32\hidserv.dll
20:02:04.0628 0x2774 hidserv - ok
20:02:04.0697 0x2774 [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:02:04.0698 0x2774 HidUsb - ok
20:02:04.0784 0x2774 [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc C:\Windows\system32\kmsvc.dll
20:02:04.0788 0x2774 hkmsvc - ok
20:02:04.0844 0x2774 [ DF353B401001246853763C4B7AAA6F50, 05C043493BDD99DEFBB0F5C3D8C475B06C2BF5629565ACF6F3B754002519B836 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
20:02:04.0846 0x2774 HpCISSs - ok
20:02:04.0898 0x2774 [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:02:04.0910 0x2774 HTTP - ok
20:02:04.0946 0x2774 [ 324C2152FF2C61ABAE92D09F3CCA4D63, 2D09964C8003277F7DB1FFAA0DAEF15B205F3C4100FF601950BC9E544DC0B91F ] i2omp C:\Windows\system32\drivers\i2omp.sys
20:02:04.0947 0x2774 i2omp - ok
20:02:05.0001 0x2774 [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:02:05.0003 0x2774 i8042prt - ok
20:02:05.0115 0x2774 [ 8318E04A6455CED1020BCC5039B62CFA, 56AAE6E5912A8B10F253783C49AB79C77411F84E32045F1C54E9925728006636 ] ialm C:\Windows\system32\DRIVERS\ialmnt5.sys
20:02:05.0145 0x2774 ialm - ok
20:02:05.0202 0x2774 [ C957BF4B5D80B46C5017BF0101E6C906, 6B9186335E50E7E0DBAF574A224E524EC526B57AA02F509E4A8D0F905C9CE880 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
20:02:05.0208 0x2774 iaStorV - ok
20:02:05.0337 0x2774 [ 98477B08E61945F974ED9FDC4CB6BDAB, C7E8F661F6FBF6AB493E950D2E70363496E155B1838CE7B490B981BD840B04FC ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:02:05.0357 0x2774 idsvc - ok
20:02:05.0389 0x2774 [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:02:05.0390 0x2774 iirsp - ok
20:02:05.0451 0x2774 [ 9908D8A397B76CD8D31D0D383C5773C9, FFA6996BE9F11A81CB63C849C2400EB44A07706D1EEB7A3502D4110DAC3684A2 ] IKEEXT C:\Windows\System32\ikeext.dll
20:02:05.0463 0x2774 IKEEXT - ok
20:02:05.0581 0x2774 [ 721B1A0434647418F98D034BEBD4B4DB, FC7E466F87F57D52F288F3F4043CE9B13E5D34F60556978125B43D7C0930B786 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
20:02:05.0622 0x2774 IntcAzAudAddService - ok
20:02:05.0662 0x2774 [ 97469037714070E45194ED318D636401, DDB5AE39BE0BD37ECB44969A5FA740E5B1169342347D0DB3E5DF0353A6708271 ] intelide C:\Windows\system32\drivers\intelide.sys
20:02:05.0664 0x2774 intelide - ok
20:02:05.0711 0x2774 [ CE44CC04262F28216DD4341E9E36A16F, 2B316C4124DCFEAD7838B3D8FB8DBEC3F3B1EA8EA612AABB05B1275D0B230CCD ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:02:05.0712 0x2774 intelppm - ok
20:02:05.0782 0x2774 [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:02:05.0786 0x2774 IPBusEnum - ok
20:02:05.0832 0x2774 [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:02:05.0834 0x2774 IpFilterDriver - ok
20:02:05.0882 0x2774 [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:02:05.0889 0x2774 iphlpsvc - ok
20:02:05.0903 0x2774 IpInIp - ok
20:02:05.0962 0x2774 [ 40F34F8ABA2A015D780E4B09138B6C17, 22F86888C6B4F76836E863A90730D8F0DBD518305D87A399A159387E79E9D2F7 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
20:02:05.0964 0x2774 IPMIDRV - ok
20:02:06.0014 0x2774 [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
20:02:06.0017 0x2774 IPNAT - ok
20:02:06.0068 0x2774 [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:02:06.0069 0x2774 IRENUM - ok
20:02:06.0153 0x2774 [ 350FCA7E73CF65BCEF43FAE1E4E91293, 68403FE3F4DC40919CD26A2CC42BE4386AE6874F47DD382348FFD79080721A13 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:02:06.0155 0x2774 isapnp - ok
20:02:06.0221 0x2774 [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
20:02:06.0226 0x2774 iScsiPrt - ok
20:02:06.0254 0x2774 [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
20:02:06.0255 0x2774 iteatapi - ok
20:02:06.0284 0x2774 [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid C:\Windows\system32\drivers\iteraid.sys
20:02:06.0285 0x2774 iteraid - ok
20:02:06.0330 0x2774 [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:02:06.0332 0x2774 kbdclass - ok
20:02:06.0387 0x2774 [ EDE59EC70E25C24581ADD1FBEC7325F7, 41B37778E9A12675FC0DF74606AAF18C652EB88513B3C4889C5C512E14587CEE ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:02:06.0388 0x2774 kbdhid - ok
20:02:06.0478 0x2774 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso C:\Windows\system32\lsass.exe
20:02:06.0483 0x2774 KeyIso - ok
20:02:06.0562 0x2774 [ 186B54479D98E48AEE0E9ADA4B3C4D31, A8C1577876CF16186610F26D7D859F8FDA4057AAFC33E8212339F56DA6A5F874 ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
20:02:06.0565 0x2774 KL1 - ok
20:02:06.0604 0x2774 [ BF485BFBA13C0AB116701FD9C55324D0, AA08276E8534D2ED9D714C43D6968524E74EE6101913B370CABF6D52842EF6EF ] kl2 C:\Windows\system32\DRIVERS\kl2.sys
20:02:06.0605 0x2774 kl2 - ok
20:02:06.0681 0x2774 [ AF04D0CE7939324E9A605B159295706C, 1C78DA30B11B1D7EBE70846CB28E6FF899DE59F4703D01D572A253AB3EF88E40 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
20:02:06.0694 0x2774 KLIF - ok
20:02:06.0709 0x2774 [ 6295A19003F935ECC6CCBE9E2376427B, 1FBC41D7B6AD73F171FBAF65523BE688C9733D2D654B414B5AF7F2F0AE65E2B5 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
20:02:06.0711 0x2774 KLIM6 - ok
20:02:06.0774 0x2774 [ 3DE1771C135328420315E21DDE229BBA, BBF25C20C3CD30E4A0E8952E95F0E5D3C80037F0CEBFE13C90C9D0422B5608E6 ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
20:02:06.0775 0x2774 klmouflt - ok
20:02:06.0840 0x2774 [ 4A1445EFA932A3BAF5BDB02D7131EE20, 9DD262ED72DF268FE024063788F54124E320D0775D8DC0C5CAD099CD5F655DA2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:02:06.0851 0x2774 KSecDD - ok
20:02:06.0902 0x2774 [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm C:\Windows\system32\msdtckrm.dll
20:02:06.0913 0x2774 KtmRm - ok
20:02:06.0968 0x2774 [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer C:\Windows\system32\srvsvc.dll
20:02:06.0974 0x2774 LanmanServer - ok
OK, OCD we got all here for the TDSSKiller log.
I hope I got every thing here you requested and that did not leave anything out.
20:02:07.0022 0x2774 [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:02:07.0030 0x2774 LanmanWorkstation - ok
20:02:07.0074 0x2774 [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:02:07.0076 0x2774 lltdio - ok
20:02:07.0145 0x2774 [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:02:07.0152 0x2774 lltdsvc - ok
20:02:07.0194 0x2774 [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:02:07.0197 0x2774 lmhosts - ok
20:02:07.0295 0x2774 [ A2262FB9F28935E862B4DB46438C80D2, 792684A68726BC007ACABB584682FDF4F059AE60888FB5B47ED68A97EA0BB5E6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
20:02:07.0297 0x2774 LSI_FC - ok
20:02:07.0342 0x2774 [ 30D73327D390F72A62F32C103DAF1D6D, 7BB5BFB0DCF33AF9907539B52DF7BA1943C1E75A17715B58DBC702ACA6D406EA ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:02:07.0344 0x2774 LSI_SAS - ok
20:02:07.0367 0x2774 [ E1E36FEFD45849A95F1AB81DE0159FE3, DA02B23A881D156A02D3874B41E6D042F84AD558B434280A6A6AC6B619668647 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:02:07.0369 0x2774 LSI_SCSI - ok
20:02:07.0425 0x2774 [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv C:\Windows\system32\drivers\luafv.sys
20:02:07.0429 0x2774 luafv - ok
20:02:07.0475 0x2774 [ 4470E3C1E0C3378E4CAB137893C12C3A, CA8E66356F0E671D5454E561E7EAD74DE25DCF53BE452369F96ECACFA8709489 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
20:02:07.0478 0x2774 MBAMProtector - ok
20:02:07.0606 0x2774 [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:02:07.0631 0x2774 MBAMScheduler - ok
20:02:07.0702 0x2774 [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:02:07.0735 0x2774 MBAMService - ok
20:02:07.0783 0x2774 [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:02:07.0789 0x2774 Mcx2Svc - ok
20:02:07.0834 0x2774 [ D153B14FC6598EAE8422A2037553ADCE, D5408B07B6EBA0146A605F11106497DC3DF8EC72E0DCC44BE1366A2A58ABE478 ] megasas C:\Windows\system32\drivers\megasas.sys
20:02:07.0837 0x2774 megasas - ok
20:02:07.0871 0x2774 [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS C:\Windows\system32\mmcss.dll
20:02:07.0874 0x2774 MMCSS - ok
20:02:07.0921 0x2774 [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem C:\Windows\system32\drivers\modem.sys
20:02:07.0922 0x2774 Modem - ok
20:02:07.0982 0x2774 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:02:07.0984 0x2774 monitor - ok
20:02:08.0033 0x2774 [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:02:08.0036 0x2774 mouclass - ok
20:02:08.0095 0x2774 [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:02:08.0097 0x2774 mouhid - ok
20:02:08.0141 0x2774 [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
20:02:08.0143 0x2774 MountMgr - ok
20:02:08.0183 0x2774 [ 583A41F26278D9E0EA548163D6139397, 1F09D2FEEE1A8D4F1D9E53596158154099FD436A408F7E72E40F50778A3838A1 ] mpio C:\Windows\system32\drivers\mpio.sys
20:02:08.0187 0x2774 mpio - ok
20:02:08.0226 0x2774 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:02:08.0230 0x2774 mpsdrv - ok
20:02:08.0286 0x2774 [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:02:08.0298 0x2774 MpsSvc - ok
20:02:08.0322 0x2774 [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
20:02:08.0329 0x2774 Mraid35x - ok
20:02:08.0356 0x2774 [ 82CEA0395524AACFEB58BA1448E8325C, 16E37990A291C848DE35F48EA7E09AE5B258AE589EB08A3FA2C60DC1278DE182 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:02:08.0359 0x2774 MRxDAV - ok
20:02:08.0390 0x2774 [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:02:08.0409 0x2774 mrxsmb - ok
20:02:08.0452 0x2774 [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:02:08.0460 0x2774 mrxsmb10 - ok
20:02:08.0478 0x2774 [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:02:08.0482 0x2774 mrxsmb20 - ok
20:02:08.0552 0x2774 [ 742AED7939E734C36B7E8D6228CE26B7, 6F727144BBD42C9C5555087CA51DE8D501B5CBEFB9967866CC578733E3C5E681 ] msahci C:\Windows\system32\drivers\msahci.sys
20:02:08.0555 0x2774 msahci - ok
20:02:08.0579 0x2774 [ 3FC82A2AE4CC149165A94699183D3028, 8575BE62A209672A5D8C68D75BBBB4FF06220CA73A939B0793442DAD2272598C ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:02:08.0583 0x2774 msdsm - ok
20:02:08.0657 0x2774 [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC C:\Windows\System32\msdtc.exe
20:02:08.0664 0x2774 MSDTC - ok
20:02:08.0715 0x2774 [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:02:08.0717 0x2774 Msfs - ok
20:02:08.0750 0x2774 [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:02:08.0752 0x2774 msisadrv - ok
20:02:08.0789 0x2774 [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:02:08.0796 0x2774 MSiSCSI - ok
20:02:08.0807 0x2774 msiserver - ok
20:02:08.0847 0x2774 [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:02:08.0848 0x2774 MSKSSRV - ok
20:02:08.0877 0x2774 [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:02:08.0879 0x2774 MSPCLOCK - ok
20:02:08.0897 0x2774 [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:02:08.0899 0x2774 MSPQM - ok
20:02:08.0949 0x2774 [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:02:08.0954 0x2774 MsRPC - ok
20:02:08.0993 0x2774 [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:02:08.0995 0x2774 mssmbios - ok
20:02:09.0135 0x2774 MSSQL$UPSWSDBSERVER - ok
20:02:09.0265 0x2774 [ ADAF062116B4E6D96E44D26486A87AF6, 1A2EE7C4598E8442F24A5C97FEBF7AC6A20703F7EA9097B6E48BE4A05E231D8C ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
20:02:09.0281 0x2774 MSSQLServerADHelper - ok
20:02:09.0351 0x2774 [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:02:09.0353 0x2774 MSTEE - ok
20:02:09.0391 0x2774 [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup C:\Windows\system32\Drivers\mup.sys
20:02:09.0393 0x2774 Mup - ok
20:02:09.0444 0x2774 [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent C:\Windows\system32\qagentRT.dll
20:02:09.0460 0x2774 napagent - ok
20:02:09.0495 0x2774 [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:02:09.0502 0x2774 NativeWifiP - ok
20:02:09.0560 0x2774 [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:02:09.0586 0x2774 NDIS - ok
20:02:09.0627 0x2774 [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:02:09.0630 0x2774 NdisTapi - ok
20:02:09.0663 0x2774 [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:02:09.0665 0x2774 Ndisuio - ok
20:02:09.0700 0x2774 [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:02:09.0706 0x2774 NdisWan - ok
20:02:09.0746 0x2774 [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:02:09.0749 0x2774 NDProxy - ok
20:02:09.0764 0x2774 [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:02:09.0767 0x2774 NetBIOS - ok
20:02:09.0804 0x2774 [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt C:\Windows\system32\DRIVERS\netbt.sys
20:02:09.0825 0x2774 netbt - ok
20:02:09.0893 0x2774 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon C:\Windows\system32\lsass.exe
20:02:09.0896 0x2774 Netlogon - ok
20:02:09.0949 0x2774 [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman C:\Windows\System32\netman.dll
20:02:09.0958 0x2774 Netman - ok
20:02:10.0007 0x2774 [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm C:\Windows\System32\netprofm.dll
20:02:10.0016 0x2774 netprofm - ok
20:02:10.0062 0x2774 [ D6C4E4A39A36029AC0813D476FBD0248, A0907D98580D1CD3007365CBBB53E84BEF39001E05912776F68EB0564B54B6EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:02:10.0067 0x2774 NetTcpPortSharing - ok
20:02:10.0209 0x2774 [ 6E9EDC1020B319E7676387B8CDF2398C, EF9B26369A845FC1E96ADD4051E52DA13CAA54158956F36CB10CBF3610D2B678 ] NETw2v32 C:\Windows\system32\DRIVERS\NETw2v32.sys
20:02:10.0306 0x2774 NETw2v32 - ok
20:02:10.0333 0x2774 [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
20:02:10.0337 0x2774 nfrd960 - ok
20:02:10.0379 0x2774 [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc C:\Windows\System32\nlasvc.dll
20:02:10.0388 0x2774 NlaSvc - ok
20:02:10.0419 0x2774 [ 6623E51595C0076755C29C00846C4EB2, EB661942E3C552DD33B197A9A0BF6AB56CE5CB92BAC183A02B918F0CD3D80F97 ] NPF C:\Windows\system32\drivers\npf.sys
20:02:10.0422 0x2774 NPF - ok
20:02:10.0455 0x2774 [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:02:10.0457 0x2774 Npfs - ok
20:02:10.0489 0x2774 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi C:\Windows\system32\nsisvc.dll
20:02:10.0493 0x2774 nsi - ok
20:02:10.0533 0x2774 [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:02:10.0535 0x2774 nsiproxy - ok
20:02:10.0640 0x2774 [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:02:10.0690 0x2774 Ntfs - ok
20:02:10.0733 0x2774 [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
20:02:10.0736 0x2774 ntrigdigi - ok
20:02:10.0763 0x2774 [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null C:\Windows\system32\drivers\Null.sys
20:02:10.0765 0x2774 Null - ok
20:02:11.0075 0x2774 [ FF58C7A7DA6116C1F71E883CB088D598, 057DADC88BB2B8D29BE14D94CC81546826D64E76F50C6E359506DB954EAE0847 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:02:11.0347 0x2774 nvlddmkm - ok
20:02:11.0412 0x2774 [ E69E946F80C1C31C53003BFBF50CBB7C, A0A4BC57822B2CBC75602A969E28DCEDE04B41CC084E1EF1532B1BCDAEAA43BB ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:02:11.0424 0x2774 nvraid - ok
20:02:11.0449 0x2774 [ 9E0BA19A28C498A6D323D065DB76DFFC, EA9E33ED2820ED39932FAE114A9CF1D87780ED6605D0260A6F22F920B48F34E9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:02:11.0452 0x2774 nvstor - ok
20:02:11.0487 0x2774 [ DC5F166422BEEBF195E3E4BB8AB4EE22, C98539C12588A79ECAAA2CE50DCDDA801FB62AD401D7DA1056BE30F266F0E63B ] nvstor32 C:\Windows\system32\DRIVERS\nvstor32.sys
20:02:11.0490 0x2774 nvstor32 - ok
20:02:11.0543 0x2774 [ 56407B8616E4206EE02892A2AC712EF3, 78D44BCD0E4CF8CB1A7C3A76977A748BC23ADD925683D639CB22A131F67F89F0 ] nvsvc C:\Windows\system32\nvvsvc.exe
20:02:11.0549 0x2774 nvsvc - ok
20:02:11.0578 0x2774 [ 07C186427EB8FCC3D8D7927187F260F7, 9AFDE1CB7B7232BD019804BFC691580B9CC2E51A5BC0E5584B23907D532600D8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:02:11.0583 0x2774 nv_agp - ok
20:02:11.0596 0x2774 NwlnkFlt - ok
20:02:11.0607 0x2774 NwlnkFwd - ok
20:02:11.0647 0x2774 [ BE32DA025A0BE1878F0EE8D6D9386CD5, B9D6CB4626FC67D108D713467C9ED8D0E2A071D98621B5531AD9D0C172FE7B89 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
20:02:11.0651 0x2774 ohci1394 - ok
20:02:11.0703 0x2774 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:02:11.0709 0x2774 ose - ok
20:02:11.0772 0x2774 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc C:\Windows\system32\p2psvc.dll
20:02:11.0805 0x2774 p2pimsvc - ok
20:02:11.0847 0x2774 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc C:\Windows\system32\p2psvc.dll
20:02:11.0866 0x2774 p2psvc - ok
20:02:11.0931 0x2774 [ 8A79FDF04A73428597E2CAF9D0D67850, DB438FDE5510AB2F350ED1AC4CF0E99D3CC665FE46533A438A8FDA4DAF950F93 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:02:11.0935 0x2774 Parport - ok
20:02:11.0994 0x2774 [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:02:11.0997 0x2774 partmgr - ok
20:02:12.0014 0x2774 [ 6C580025C81CAF3AE9E3617C22CAD00E, 64F9061196462085E5DCD3ACB97A0D8FC67CA9A96DDD6E2103AFFF1593AE236A ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
20:02:12.0016 0x2774 Parvdm - ok
20:02:12.0049 0x2774 [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc C:\Windows\System32\pcasvc.dll
20:02:12.0053 0x2774 PcaSvc - ok
20:02:12.0094 0x2774 [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci C:\Windows\system32\drivers\pci.sys
20:02:12.0101 0x2774 pci - ok
20:02:12.0116 0x2774 [ 1636D43F10416AEB483BC6001097B26C, 36E61A993693A46538FE0F726D67BB28886F61D53384AD600D1282296A27662E ] pciide C:\Windows\system32\drivers\pciide.sys
20:02:12.0120 0x2774 pciide - ok
20:02:12.0160 0x2774 [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:02:12.0168 0x2774 pcmcia - ok
20:02:12.0233 0x2774 [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:02:12.0274 0x2774 PEAUTH - ok
20:02:12.0386 0x2774 [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla C:\Windows\system32\pla.dll
20:02:12.0448 0x2774 pla - ok
20:02:12.0492 0x2774 [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:02:12.0501 0x2774 PlugPlay - ok
20:02:12.0555 0x2774 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
20:02:12.0573 0x2774 PNRPAutoReg - ok
20:02:12.0613 0x2774 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc C:\Windows\system32\p2psvc.dll
20:02:12.0631 0x2774 PNRPsvc - ok
20:02:12.0684 0x2774 [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:02:12.0694 0x2774 PolicyAgent - ok
20:02:12.0740 0x2774 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:02:12.0744 0x2774 PptpMiniport - ok
20:02:12.0780 0x2774 [ 0E3CEF5D28B40CF273281D620C50700A, 8ADA99B4563AE2129B95136295EE92A94102B035EBBC83D4C8587ECE8B0DEE60 ] Processor C:\Windows\system32\drivers\processr.sys
20:02:12.0783 0x2774 Processor - ok
20:02:12.0821 0x2774 [ 0508FAA222D28835310B7BFCA7A77346, 3AE2340C6E365F137CC00D9560069501DD2724756EA9EBF7A6CDFFC91B43709C ] ProfSvc C:\Windows\system32\profsvc.dll
20:02:12.0828 0x2774 ProfSvc - ok
20:02:12.0850 0x2774 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
20:02:12.0853 0x2774 ProtectedStorage - ok
20:02:12.0888 0x2774 [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
20:02:12.0890 0x2774 PSched - ok
20:02:12.0960 0x2774 [ CCDAC889326317792480C0A67156A1EC, 3D3B561B6D4E12DE442C98993C929765F002AF5CFB5A00EFACE6ABE957F7E8AF ] ql2300 C:\Windows\system32\drivers\ql2300.sys
20:02:13.0001 0x2774 ql2300 - ok
20:02:13.0029 0x2774 [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
20:02:13.0034 0x2774 ql40xx - ok
20:02:13.0090 0x2774 [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE C:\Windows\system32\qwave.dll
20:02:13.0107 0x2774 QWAVE - ok
20:02:13.0146 0x2774 [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:02:13.0148 0x2774 QWAVEdrv - ok
20:02:13.0181 0x2774 [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:02:13.0184 0x2774 RasAcd - ok
20:02:13.0232 0x2774 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto C:\Windows\System32\rasauto.dll
20:02:13.0249 0x2774 RasAuto - ok
20:02:13.0294 0x2774 [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:02:13.0299 0x2774 Rasl2tp - ok
20:02:13.0339 0x2774 [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan C:\Windows\System32\rasmans.dll
20:02:13.0357 0x2774 RasMan - ok
20:02:13.0393 0x2774 [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:02:13.0396 0x2774 RasPppoe - ok
20:02:13.0430 0x2774 [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:02:13.0434 0x2774 RasSstp - ok
20:02:13.0475 0x2774 [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:02:13.0491 0x2774 rdbss - ok
20:02:13.0539 0x2774 [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:02:13.0541 0x2774 RDPCDD - ok
20:02:13.0591 0x2774 [ E8BD98D46F2ED77132BA927FCCB47D8B, 5187CF8F00AD67EDDF27DF675F3210C0D72E552578A89C58DF6953B1D5BEBCB8 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
20:02:13.0608 0x2774 rdpdr - ok
20:02:13.0619 0x2774 [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:02:13.0623 0x2774 RDPENCDD - ok
20:02:13.0686 0x2774 [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:02:13.0703 0x2774 RDPWD - ok
20:02:13.0768 0x2774 [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess C:\Windows\System32\mprdim.dll
20:02:13.0774 0x2774 RemoteAccess - ok
20:02:13.0812 0x2774 [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:02:13.0820 0x2774 RemoteRegistry - ok
20:02:13.0858 0x2774 [ E51A8D02B4BD33EBA1F7A5B76C3766ED, A1E5747F4034356CD3E8EDC2A847EB92CF1C9F6C0E865BDE8F46D90C005A7ED8 ] rpcapd C:\Program Files\WinPcap\rpcapd.exe
20:02:13.0862 0x2774 rpcapd - ok
20:02:13.0901 0x2774 [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator C:\Windows\system32\locator.exe
20:02:13.0904 0x2774 RpcLocator - ok
20:02:13.0953 0x2774 [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs C:\Windows\system32\rpcss.dll
20:02:13.0969 0x2774 RpcSs - ok
20:02:14.0011 0x2774 [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:02:14.0015 0x2774 rspndr - ok
20:02:14.0026 0x2774 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs C:\Windows\system32\lsass.exe
20:02:14.0029 0x2774 SamSs - ok
20:02:14.0066 0x2774 [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:02:14.0070 0x2774 sbp2port - ok
20:02:14.0110 0x2774 [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:02:14.0118 0x2774 SCardSvr - ok
20:02:14.0175 0x2774 [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule C:\Windows\system32\schedsvc.dll
20:02:14.0192 0x2774 Schedule - ok
20:02:14.0233 0x2774 [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc C:\Windows\System32\certprop.dll
20:02:14.0235 0x2774 SCPolicySvc - ok
20:02:14.0273 0x2774 [ 4339A2585708C7D9B0C0CE5AAD3DD6FF, 1B764838EC90A4F5A8130630BA32C014C033BF39C0DE1C114298F254580F0983 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
20:02:14.0278 0x2774 sdbus - ok
20:02:14.0320 0x2774 [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:02:14.0329 0x2774 SDRSVC - ok
20:02:14.0350 0x2774 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:02:14.0353 0x2774 secdrv - ok
20:02:14.0383 0x2774 [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon C:\Windows\system32\seclogon.dll
20:02:14.0387 0x2774 seclogon - ok
20:02:14.0420 0x2774 [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS C:\Windows\System32\sens.dll
20:02:14.0425 0x2774 SENS - ok
20:02:14.0455 0x2774 [ CE9EC966638EF0B10B864DDEDF62A099, 2DEC5A8C947D87C12B342F15B8A552A0D49B979A2AC32D2C97FC7A3A76C34524 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:02:14.0457 0x2774 Serenum - ok
20:02:14.0500 0x2774 [ 6D663022DB3E7058907784AE14B69898, 54263888C64A7F010D3B5E399369B0F3FF3AF0A0DE8ADB502B98277533E4D45F ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:02:14.0503 0x2774 Serial - ok
20:02:14.0544 0x2774 [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse C:\Windows\system32\drivers\sermouse.sys
20:02:14.0547 0x2774 sermouse - ok
20:02:14.0605 0x2774 [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv C:\Windows\system32\sessenv.dll
20:02:14.0614 0x2774 SessionEnv - ok
20:02:14.0646 0x2774 [ 103B79418DA647736EE95645F305F68A, E4D356FD8C62B616D3584FE84905995A1CEE452288E3A456CC358FF41FEAB1B7 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:02:14.0649 0x2774 sffdisk - ok
20:02:14.0668 0x2774 [ 8FD08A310645FE872EEEC6E08C6BF3EE, 702A148C9DE172E7B5E331F057487255E0729FD42F949BB0FF2D5A01775933CF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:02:14.0670 0x2774 sffp_mmc - ok
20:02:14.0693 0x2774 [ 9CFA05FCFCB7124E69CFC812B72F9614, E9CFCE695E4D1AF146781CFAA295878536E573F06AEA65438878DE29EC9959AD ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:02:14.0696 0x2774 sffp_sd - ok
20:02:14.0713 0x2774 [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
20:02:14.0716 0x2774 sfloppy - ok
20:02:14.0758 0x2774 [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:02:14.0775 0x2774 SharedAccess - ok
20:02:14.0825 0x2774 [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:02:14.0834 0x2774 ShellHWDetection - ok
20:02:14.0875 0x2774 [ D2A595D6EEBEEAF4334F8E50EFBC9931, 851B8205C657BF806C4D815DC75356E99B4246016B6E1C1F51BAF8AD1E6D5299 ] sisagp C:\Windows\system32\drivers\sisagp.sys
20:02:14.0877 0x2774 sisagp - ok
20:02:14.0903 0x2774 [ CEDD6F4E7D84E9F98B34B3FE988373AA, E102977E6FAC30B5ABEEC0B412A9F2A10C5C42F4D9C3AD69296BF9E1E88B6141 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
20:02:14.0906 0x2774 SiSRaid2 - ok
20:02:14.0931 0x2774 [ DF843C528C4F69D12CE41CE462E973A7, A2BEC74FCB8D8B6B9D8DD4746C013DFDF1DD662AEFE9B88CA495E5B83B4A76F9 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
20:02:14.0935 0x2774 SiSRaid4 - ok
20:02:15.0094 0x2774 [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc C:\Windows\system32\SLsvc.exe
20:02:15.0176 0x2774 slsvc - ok
20:02:15.0206 0x2774 [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify C:\Windows\system32\SLUINotify.dll
20:02:15.0213 0x2774 SLUINotify - ok
20:02:15.0246 0x2774 [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:02:15.0248 0x2774 Smb - ok
20:02:15.0284 0x2774 [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:02:15.0288 0x2774 SNMPTRAP - ok
20:02:15.0325 0x2774 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr C:\Windows\system32\drivers\spldr.sys
20:02:15.0328 0x2774 spldr - ok
20:02:15.0373 0x2774 [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler C:\Windows\System32\spoolsv.exe
20:02:15.0379 0x2774 Spooler - ok
20:02:15.0422 0x2774 [ D2B096CD2F56FAC6EEEED9A77DDF6DC8, FD904FBB36ED60AE084F86F7196FCE48F798CF720DB1677C307059E45497E140 ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
20:02:15.0431 0x2774 SQLBrowser - ok
20:02:15.0476 0x2774 [ D89083C4EB02DACA8F944B0E05E57F9D, F96416B5877C280B4EE088A83956E0202F82DC5EACDEEFF06D5979FFFAA9FA74 ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
20:02:15.0480 0x2774 SQLWriter - ok
20:02:15.0528 0x2774 [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv C:\Windows\system32\DRIVERS\srv.sys
20:02:15.0536 0x2774 srv - ok
20:02:15.0586 0x2774 [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:02:15.0590 0x2774 srv2 - ok
20:02:15.0611 0x2774 [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:02:15.0615 0x2774 srvnet - ok
20:02:15.0650 0x2774 [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:02:15.0658 0x2774 SSDPSRV - ok
20:02:15.0693 0x2774 [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:02:15.0705 0x2774 SstpSvc - ok
20:02:15.0740 0x2774 [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc C:\Windows\System32\wiaservc.dll
20:02:15.0755 0x2774 stisvc - ok
20:02:15.0778 0x2774 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:02:15.0780 0x2774 swenum - ok
20:02:15.0825 0x2774 [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv C:\Windows\System32\swprv.dll
20:02:15.0850 0x2774 swprv - ok
20:02:15.0886 0x2774 [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
20:02:15.0889 0x2774 Symc8xx - ok
20:02:15.0918 0x2774 [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
20:02:15.0921 0x2774 Sym_hi - ok
20:02:15.0949 0x2774 [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
20:02:15.0956 0x2774 Sym_u3 - ok
20:02:16.0015 0x2774 [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain C:\Windows\system32\sysmain.dll
20:02:16.0032 0x2774 SysMain - ok
20:02:16.0058 0x2774 [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:02:16.0064 0x2774 TabletInputService - ok
20:02:16.0110 0x2774 [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:02:16.0127 0x2774 TapiSrv - ok
20:02:16.0161 0x2774 [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS C:\Windows\System32\tbssvc.dll
20:02:16.0166 0x2774 TBS - ok
20:02:16.0243 0x2774 [ D18D53974FD715D50FC76F9FFE1C830D, 50424BD5950D8FC7724A6E48AE5A39D6E727FAF326C31657C69F1DE13C1450E3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:02:16.0283 0x2774 Tcpip - ok
20:02:16.0342 0x2774 [ D18D53974FD715D50FC76F9FFE1C830D, 50424BD5950D8FC7724A6E48AE5A39D6E727FAF326C31657C69F1DE13C1450E3 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
20:02:16.0369 0x2774 Tcpip6 - ok
20:02:16.0412 0x2774 [ 608C345A255D82A6289C2D468EB41FD7, 74ECFDD45DC3EB3AFAEF9C42B546241AA1D6ACB2F6591A76DDB8BB1768545889 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:02:16.0415 0x2774 tcpipreg - ok
20:02:16.0453 0x2774 [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:02:16.0456 0x2774 TDPIPE - ok
20:02:16.0495 0x2774 [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:02:16.0498 0x2774 TDTCP - ok
20:02:16.0542 0x2774 [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:02:16.0546 0x2774 tdx - ok
20:02:16.0585 0x2774 [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:02:16.0588 0x2774 TermDD - ok
20:02:16.0623 0x2774 [ BB95DA09BEF6E7A131BFF3BA5032090D, BAF6997F8D944F85F0553957677866C7F22E72AA434BA45FFFB6CC41041070DC ] TermService C:\Windows\System32\termsrv.dll
20:02:16.0638 0x2774 TermService - ok
20:02:16.0667 0x2774 [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes C:\Windows\system32\shsvcs.dll
20:02:16.0676 0x2774 Themes - ok
20:02:16.0694 0x2774 [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER C:\Windows\system32\mmcss.dll
20:02:16.0697 0x2774 THREADORDER - ok
20:02:16.0736 0x2774 [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks C:\Windows\System32\trkwks.dll
20:02:16.0742 0x2774 TrkWks - ok
20:02:16.0791 0x2774 [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:02:16.0794 0x2774 TrustedInstaller - ok
20:02:16.0854 0x2774 [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:02:16.0856 0x2774 tssecsrv - ok
20:02:16.0897 0x2774 [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
20:02:16.0899 0x2774 tunmp - ok
20:02:16.0939 0x2774 [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:02:16.0942 0x2774 tunnel - ok
20:02:16.0983 0x2774 [ 539E1D1B453C47B1C4FD26EC5FE42DED, DF61D1601BD0A526728F05FF646EFA65A57FC9DF3C54114B21F38B4B30D62B22 ] txtidwow C:\Windows\system32\DRIVERS\txtidwow.sys
20:02:16.0986 0x2774 txtidwow - ok
20:02:17.0023 0x2774 [ C3ADE15414120033A36C0F293D4A4121, 74A002C4B5EBD94E33EDEACB6639AF44ED72A8DDE3083C6DE71C1EE937EF1A9C ] uagp35 C:\Windows\system32\drivers\uagp35.sys
20:02:17.0026 0x2774 uagp35 - ok
20:02:17.0074 0x2774 [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:02:17.0086 0x2774 udfs - ok
20:02:17.0168 0x2774 [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:02:17.0188 0x2774 UI0Detect - ok
20:02:17.0235 0x2774 [ 75E6890EBFCE0841D3291B02E7A8BDB0, FDF9CDCCCCC0AA2A52623C5A67AC5F5224557EE4C8F6487CB13CAEB012575E2A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:02:17.0239 0x2774 uliagpkx - ok
20:02:17.0269 0x2774 [ 3CD4EA35A6221B85DCC25DAA46313F8D, 100A7E12B8EA395F70A00874328E87B930CE88FF442F3576FE88B105A22E04C5 ] uliahci C:\Windows\system32\drivers\uliahci.sys
20:02:17.0285 0x2774 uliahci - ok
20:02:17.0307 0x2774 [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata C:\Windows\system32\drivers\ulsata.sys
20:02:17.0312 0x2774 UlSata - ok
20:02:17.0339 0x2774 [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
20:02:17.0344 0x2774 ulsata2 - ok
20:02:17.0381 0x2774 [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:02:17.0384 0x2774 umbus - ok
20:02:17.0479 0x2774 [ A95B7DD484887DCABC3897FA2FE06B50, 49BB7D1C911C6732C9D5F6BDD158363FE9400F8DA534346F6504DA64C1D22ED8 ] Update Swift Browse C:\Program Files\Swift Browse\updateSwiftBrowse.exe
20:02:17.0481 0x2774 Update Swift Browse - ok
20:02:17.0534 0x2774 [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost C:\Windows\System32\upnphost.dll
20:02:17.0544 0x2774 upnphost - ok
20:02:17.0594 0x2774 [ 1114579556DB85E9FAF9590DBC64CD62, 10479A3C12BBBB9B5759082358FE11AC20BAEFA6B4977C8AE6E60AA17BE6C7FA ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
20:02:17.0598 0x2774 usbaudio - ok
20:02:17.0638 0x2774 [ AAB0B5F72D2D726FBFDC895A2902DE1D, 7824AF6E2ADEA23F208526F3A62AD1BACDBBDB23E58EB5806890B0761529C50F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:02:17.0642 0x2774 usbccgp - ok
20:02:17.0694 0x2774 [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:02:17.0696 0x2774 usbcir - ok
20:02:17.0738 0x2774 [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:02:17.0741 0x2774 usbehci - ok
20:02:17.0781 0x2774 [ 2AE6BCEBD85D31317E433733DAF25888, 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:02:17.0798 0x2774 usbhub - ok
20:02:17.0829 0x2774 [ D457EBD0C3A8B3A3A144355B5EE91CBC, 6AD52BDBB1607A48F0B02E663B97C3A00E3345B1B12C259608A5AE728C1C06B2 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
20:02:17.0832 0x2774 usbohci - ok
20:02:17.0863 0x2774 [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:02:17.0864 0x2774 usbprint - ok
20:02:17.0886 0x2774 [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:02:17.0892 0x2774 USBSTOR - ok
20:02:17.0939 0x2774 [ 325DBBACB8A36AF9988CCF40EAC228CC, 22FE5658A12296634FBE9D8565485BEE8CB200C47182F70DC9D2B0442E10C4AA ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:02:17.0942 0x2774 usbuhci - ok
20:02:17.0987 0x2774 [ 8D31A140B55021BBD3A608F5A7AA2E18, EBD27A50DC3C009365DB64F7E7222F3075405ECD731B82229CDF0F500617C838 ] USB_RNDIS C:\Windows\system32\DRIVERS\usb8023.sys
20:02:17.0989 0x2774 USB_RNDIS - ok
20:02:18.0004 0x2774 Util Swift Browse - ok
20:02:18.0041 0x2774 [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms C:\Windows\System32\uxsms.dll
20:02:18.0046 0x2774 UxSms - ok
20:02:18.0097 0x2774 [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds C:\Windows\System32\vds.exe
20:02:18.0122 0x2774 vds - ok
20:02:18.0153 0x2774 [ 7D92BE0028ECDEDEC74617009084B5EF, D0749CE6FA3415BA4364299F8D6D53F133E8D2F44C6F1057996243415A540A53 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:02:18.0156 0x2774 vga - ok
20:02:18.0189 0x2774 [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave C:\Windows\System32\drivers\vga.sys
20:02:18.0192 0x2774 VgaSave - ok
20:02:18.0226 0x2774 [ 045D9961E591CF0674A920B6BA3BA5CB, EBF498A0424CEA0F7ECBAAE144A8669CE6B5DD67115DE22CEC5A46AED26CD90B ] viaagp C:\Windows\system32\drivers\viaagp.sys
20:02:18.0230 0x2774 viaagp - ok
20:02:18.0254 0x2774 [ 56A4DE5F02F2E88182B0981119B4DD98, 36FC94BCFD41907838DBCB02E6EA24065FDED4224239CD19E90D14433BE9108B ] ViaC7 C:\Windows\system32\drivers\viac7.sys
20:02:18.0257 0x2774 ViaC7 - ok
20:02:18.0278 0x2774 [ FD2E3175FCADA350C7AB4521DCA187EC, 1C914B184478611A27E0141F90EBC34FC63DFB2A83441DD36DFA43D945FB1C52 ] viaide C:\Windows\system32\drivers\viaide.sys
20:02:18.0281 0x2774 viaide - ok
20:02:18.0321 0x2774 [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:02:18.0325 0x2774 volmgr - ok
20:02:18.0371 0x2774 [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:02:18.0387 0x2774 volmgrx - ok
20:02:18.0434 0x2774 [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:02:18.0451 0x2774 volsnap - ok
20:02:18.0493 0x2774 [ D984439746D42B30FC65A4C3546C6829, B134A9890638C2B4964A9C30812A2828A3E0CC641690CBF22D9FCE65EE3C2385 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
20:02:18.0503 0x2774 vsmraid - ok
20:02:18.0585 0x2774 [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS C:\Windows\system32\vssvc.exe
20:02:18.0635 0x2774 VSS - ok
20:02:18.0677 0x2774 [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time C:\Windows\system32\w32time.dll
20:02:18.0688 0x2774 W32Time - ok
20:02:18.0727 0x2774 [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
20:02:18.0729 0x2774 WacomPen - ok
20:02:18.0774 0x2774 [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
20:02:18.0778 0x2774 Wanarp - ok
20:02:18.0799 0x2774 [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:02:18.0801 0x2774 Wanarpv6 - ok
20:02:18.0833 0x2774 [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:02:18.0847 0x2774 wcncsvc - ok
20:02:18.0881 0x2774 [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:02:18.0887 0x2774 WcsPlugInService - ok
20:02:18.0934 0x2774 [ AFC5AD65B991C1E205CF25CFDBF7A6F4, 544173AE85A11B99B9221DB30B6803DAEB3EB7FCA57FE62F0D13EF70B9C69A89 ] Wd C:\Windows\system32\drivers\wd.sys
20:02:18.0937 0x2774 Wd - ok
20:02:18.0994 0x2774 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:02:19.0023 0x2774 Wdf01000 - ok
20:02:19.0067 0x2774 [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:02:19.0073 0x2774 WdiServiceHost - ok
20:02:19.0095 0x2774 [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:02:19.0101 0x2774 WdiSystemHost - ok
20:02:19.0141 0x2774 [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient C:\Windows\System32\webclnt.dll
20:02:19.0150 0x2774 WebClient - ok
20:02:19.0192 0x2774 [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:02:19.0217 0x2774 Wecsvc - ok
20:02:19.0262 0x2774 [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:02:19.0270 0x2774 wercplsupport - ok
20:02:19.0312 0x2774 [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc C:\Windows\System32\WerSvc.dll
20:02:19.0319 0x2774 WerSvc - ok
20:02:19.0373 0x2774 [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
20:02:19.0383 0x2774 WinDefend - ok
20:02:19.0400 0x2774 WinHttpAutoProxySvc - ok
20:02:19.0438 0x2774 [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:02:19.0443 0x2774 Winmgmt - ok
20:02:19.0520 0x2774 [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM C:\Windows\system32\WsmSvc.dll
20:02:19.0575 0x2774 WinRM - ok
20:02:19.0646 0x2774 [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:02:19.0662 0x2774 Wlansvc - ok
20:02:19.0694 0x2774 [ 701A9F884A294327E9141D73746EE279, C8A46B8C32F9EAC7848D385473F6B5C4B6DA719A941A75AD5F081757FC07A09D ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:02:19.0696 0x2774 WmiAcpi - ok
20:02:19.0739 0x2774 [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:02:19.0745 0x2774 wmiApSrv - ok
20:02:19.0825 0x2774 [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
20:02:19.0859 0x2774 WMPNetworkSvc - ok
20:02:19.0910 0x2774 [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:02:19.0919 0x2774 WPCSvc - ok
20:02:19.0961 0x2774 [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:02:19.0967 0x2774 WPDBusEnum - ok
20:02:19.0991 0x2774 [ DE9D36F91A4DF3D911626643DEBF11EA, 8029ECE76E29276BFB6ED3387AC560A9A779AAF683A4416E96334FAF7BDBADA0 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
20:02:19.0994 0x2774 WpdUsb - ok
20:02:20.0091 0x2774 [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:02:20.0124 0x2774 WPFFontCache_v0400 - ok
20:02:20.0170 0x2774 [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:02:20.0172 0x2774 ws2ifsl - ok
20:02:20.0209 0x2774 [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc C:\Windows\System32\wscsvc.dll
20:02:20.0216 0x2774 wscsvc - ok
20:02:20.0227 0x2774 WSearch - ok
20:02:20.0350 0x2774 [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv C:\Windows\system32\wuaueng.dll
20:02:20.0399 0x2774 wuauserv - ok
20:02:20.0461 0x2774 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:02:20.0464 0x2774 WudfPf - ok
20:02:20.0520 0x2774 [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:02:20.0527 0x2774 WUDFRd - ok
20:02:20.0588 0x2774 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:02:20.0595 0x2774 wudfsvc - ok
20:02:20.0659 0x2774 [ 04E268ADFC81964C49DC0C082D520F7E, 7D2574E366636AB1D59A08FE3038268095D627C39636C6ED6BCE1D5ACB44A179 ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
20:02:20.0671 0x2774 yukonwlh - ok
20:02:20.0691 0x2774 ================ Scan global ===============================
20:02:20.0721 0x2774 [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
20:02:20.0789 0x2774 [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
20:02:20.0833 0x2774 [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
20:02:20.0890 0x2774 [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe
20:02:20.0900 0x2774 [ Global ] - ok
20:02:20.0905 0x2774 ================ Scan MBR ==================================
20:02:20.0919 0x2774 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
20:02:21.0542 0x2774 \Device\Harddisk0\DR0 - ok
20:02:21.0547 0x2774 ================ Scan VBR ==================================
20:02:21.0551 0x2774 [ 4C007A8E6CEB52BA9D6D11621D1AA8C1 ] \Device\Harddisk0\DR0\Partition1
20:02:21.0552 0x2774 \Device\Harddisk0\DR0\Partition1 - ok
20:02:21.0586 0x2774 [ 19DC5944FA745607840AE0053DBB53E9 ] \Device\Harddisk0\DR0\Partition2
20:02:21.0587 0x2774 \Device\Harddisk0\DR0\Partition2 - ok
20:02:21.0626 0x2774 AV detected via SS2: Kaspersky Internet Security, C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\wmiav.exe ( 12.0.0.374 ), 0x41010 ( enabled : outofdate )
20:02:21.0629 0x2774 FW detected via SS2: Kaspersky Internet Security, C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\wmifw.exe ( 12.0.0.374 ), 0x41010 ( enabled )
20:02:24.0179 0x2774 ============================================================
20:02:24.0179 0x2774 Scan finished
20:02:24.0179 0x2774 ============================================================
20:02:24.0193 0x2068 Detected object count: 0
20:02:24.0193 0x2068 Actual detected object count: 0
20:05:52.0231 0x3dbc Deinitialize success
Hi Frosty,
Thanks for the logs, you did perfect. :bigthumb:
While I was in there I noticed a few other programs that I'm not sure about: Should I remove these programs?If you don't know how they got on your system and don't have any use for them, it is up to you if you want to remove them.
= = = = = = = = = = = = = = = = = = = =
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) ESET Online Scanner
*Note:
It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.
** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".
= = = = = = = = = = = = = = = = = = = =
Go here to run ESET Online Scanner (http://www.eset.eu/online-scanner)
(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
Click Start
Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
Click Scan.
Wait for the scan to finish.
When the scan completes, click List of found threats
click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
Include the contents of this report in your next reply
Note - when ESET doesn't find any threats, no report will be created.
Push the back button.
Push Finish
Re-enable your Antivirus software.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re-run OTL (it should be located on your desktop).
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Uncheck the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.
=========================
In your next post please provide the following:
ESET's log.txt
OTL.txt
How's the computer running, any symptoms?
Hi OCD,
Thanks for thumbs up.
I had ran into an error when running the ESET scan. I did get it done. There was no "Run as Administrator" on the short cut. Also when I went back to turn on A/V I notice that Defender must have turned itself on when I diabled the A/V. So it was running when I did the ESET Scan.
As for the system, I see improvements. seems to be running smooth. Yesterday it was running really good. Today running slower. I have no more pops asking me nicely to remove the junk from your computor. :bigthumb: When I start up I get a light blue screen at first and then shortly the login screen loads. When I launch programs, explorer I get not responding after a short time it loads. I never notice this before.
ESET Scan File:
C:\Windows\System32\seruntxt.dll a variant of Win32/Urlbot.NAN trojan
OTL Log:
OTL logfile created on: 11/2/2013 12:30:24 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\EMachUser\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
893.76 Mb Total Physical Memory | 231.57 Mb Available Physical Memory | 25.91% Memory free
2.00 Gb Paging File | 0.75 Gb Available in Paging File | 37.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.22 Gb Total Space | 79.12 Gb Free Space | 56.83% Space Free | Partition Type: NTFS
Drive D: | 9.83 Gb Total Space | 4.41 Gb Free Space | 44.88% Space Free | Partition Type: NTFS
Computer Name: FRONTDESK | User Name: EMachUser | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\EMachUser\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe (Kaspersky Lab ZAO)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\regsvr32.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll ()
========== Services (SafeList) ==========
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (GameConsoleService) -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (rpcapd) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (MSSQL$UPSWSDBSERVER) -- c:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
========== Driver Services (SafeList) ==========
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (USB_RNDIS) -- C:\Windows\System32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (txtidwow) -- C:\Windows\System32\drivers\txtidwow.sys ()
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (NETw2v32) -- C:\Windows\System32\drivers\NETw2v32.sys (Intel® Corporation)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (Cdralw2k) -- C:\Windows\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\Windows\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (DeviceGuys, Inc.)
DRV - (BrPar) -- C:\Windows\System32\drivers\BRPAR.SYS (Brother Industries Ltd.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5062
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5062
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{D98FBCDE-CE80-40BC-A775-1E7901C4A600}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {676FC0DB-138B-4F55-9F2F-2BE262E72B4E}
IE - HKCU\..\SearchScopes\{676FC0DB-138B-4F55-9F2F-2BE262E72B4E}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{D98FBCDE-CE80-40BC-A775-1E7901C4A600}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/09/04 12:35:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012/09/04 12:35:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012/09/04 12:35:33 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll (Gateway Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - Startup: C:\Users\EMachUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D122C78F-1EB5-4E6F-B163-D2F3CBC3B553}: DhcpNameServer = 68.94.156.1 68.94.157.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/23 19:02:49 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 04:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{5e094961-2908-11dc-ab3e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5e094961-2908-11dc-ab3e-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SPSETUP.EXE
O33 - MountPoints2\{88f79cf2-40f8-11df-8291-001bb95f5c4b}\Shell - "" = AutoRun
O33 - MountPoints2\{88f79cf2-40f8-11df-8291-001bb95f5c4b}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/11/02 09:43:27 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/11/01 16:32:59 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013/11/01 16:30:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/11/01 16:30:38 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2013/11/01 16:30:01 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\EMachUser\Desktop\erunt-setup.exe
[2013/11/01 15:31:01 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\EMachUser\Desktop\dds.scr
[2013/11/01 15:09:17 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013/11/01 15:09:17 | 000,000,000 | ---D | C] -- C:\Users\EMachUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/11/01 13:23:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\EMachUser\Desktop\OTL.exe
[2013/11/01 13:22:51 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\EMachUser\Desktop\aswMBR.exe
[2013/11/01 09:22:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/11/01 09:22:21 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/11/01 09:19:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/01 09:19:18 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\EMachUser\Desktop\mbam-setup-1.75.0.1300.exe
[2013/11/01 09:09:09 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/01 09:06:06 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\EMachUser\Desktop\JRT.exe
[2013/11/01 08:55:37 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/31 10:34:34 | 000,000,000 | ---D | C] -- C:\564c0b1906d847d402cfc34485e17a
[2013/10/31 10:27:38 | 000,000,000 | ---D | C] -- C:\72018930be9e0dffa9df21
[2013/10/30 23:11:26 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/10/30 22:48:56 | 000,000,000 | ---D | C] -- C:\Users\EMachUser\Desktop\RK_Quarantine
[2013/10/30 09:02:07 | 000,000,000 | ---D | C] -- C:\Users\EMachUser\AppData\Roaming\Malwarebytes
[2013/10/30 09:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/10/30 09:00:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/10/11 10:44:44 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/10/11 10:44:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/10/11 10:44:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/10/11 10:44:42 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/10/11 10:44:41 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/10/11 10:44:40 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/10/11 10:44:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/10/11 10:44:38 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/10/10 15:45:17 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/10/10 15:45:16 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013/10/10 15:45:15 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013/10/10 15:45:15 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013/10/10 15:45:15 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013/10/10 15:45:15 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013/10/10 15:45:14 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013/10/10 15:45:14 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013/10/10 15:45:10 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013/10/10 15:45:09 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013/10/10 15:45:05 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013/10/10 15:45:02 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2013/10/10 15:44:58 | 002,050,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/10/10 15:44:28 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2013/10/10 15:44:28 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2013/10/10 15:42:39 | 000,025,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2007/12/16 17:49:08 | 000,147,456 | ---- | C] (Info-ZIP) -- C:\Users\EMachUser\vbzip10.dll
========== Files - Modified Within 30 Days ==========
[2013/11/02 12:34:58 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/02 12:34:58 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/02 12:27:44 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/11/02 12:20:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/02 11:46:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/02 10:21:48 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/02 08:33:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/02 08:33:43 | 937,943,040 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/01 16:30:47 | 000,000,913 | ---- | M] () -- C:\Users\EMachUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/11/01 16:30:38 | 000,000,714 | ---- | M] () -- C:\Users\EMachUser\Desktop\ERUNT.lnk
[2013/11/01 16:30:06 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\EMachUser\Desktop\erunt-setup.exe
[2013/11/01 15:31:11 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\EMachUser\Desktop\dds.scr
[2013/11/01 15:17:44 | 000,000,553 | ---- | M] () -- C:\Users\EMachUser\Desktop\MBR.zip
[2013/11/01 15:10:37 | 000,002,531 | ---- | M] () -- C:\Users\EMachUser\Desktop\HiJackThis.lnk
[2013/11/01 15:07:28 | 001,402,880 | ---- | M] () -- C:\Users\EMachUser\Desktop\HijackThis.msi
[2013/11/01 14:23:25 | 000,000,512 | ---- | M] () -- C:\Users\EMachUser\Desktop\MBR.dat
[2013/11/01 13:23:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\EMachUser\Desktop\OTL.exe
[2013/11/01 13:23:14 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\EMachUser\Desktop\aswMBR.exe
[2013/11/01 13:22:33 | 000,891,184 | ---- | M] () -- C:\Users\EMachUser\Desktop\SecurityCheck.exe
[2013/11/01 09:20:10 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\EMachUser\Desktop\mbam-setup-1.75.0.1300.exe
[2013/11/01 09:06:07 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\EMachUser\Desktop\JRT.exe
[2013/11/01 08:53:44 | 001,073,262 | ---- | M] () -- C:\Users\EMachUser\Desktop\AdwCleaner.exe
[2013/10/11 11:31:11 | 000,654,114 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/10/11 11:31:11 | 000,122,868 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/10/11 11:23:40 | 000,454,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/10/10 13:49:51 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/10/10 13:49:51 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
========== Files Created - No Company Name ==========
[2013/11/01 16:30:47 | 000,000,913 | ---- | C] () -- C:\Users\EMachUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/11/01 16:30:38 | 000,000,714 | ---- | C] () -- C:\Users\EMachUser\Desktop\ERUNT.lnk
[2013/11/01 15:17:44 | 000,000,553 | ---- | C] () -- C:\Users\EMachUser\Desktop\MBR.zip
[2013/11/01 15:09:17 | 000,002,531 | ---- | C] () -- C:\Users\EMachUser\Desktop\HiJackThis.lnk
[2013/11/01 15:06:59 | 001,402,880 | ---- | C] () -- C:\Users\EMachUser\Desktop\HijackThis.msi
[2013/11/01 14:23:25 | 000,000,512 | ---- | C] () -- C:\Users\EMachUser\Desktop\MBR.dat
[2013/11/01 13:22:28 | 000,891,184 | ---- | C] () -- C:\Users\EMachUser\Desktop\SecurityCheck.exe
[2013/11/01 08:53:43 | 001,073,262 | ---- | C] () -- C:\Users\EMachUser\Desktop\AdwCleaner.exe
[2013/10/31 11:17:39 | 937,943,040 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/10 20:50:10 | 000,017,388 | ---- | C] () -- C:\Windows\System32\usboktcp.dll
[2011/11/06 18:14:51 | 000,017,408 | ---- | C] () -- C:\Users\EMachUser\AppData\Local\WebpageIcons.db
[2011/11/06 18:11:47 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2011/11/06 18:11:46 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010/03/26 19:42:33 | 000,023,580 | ---- | C] () -- C:\Users\EMachUser\AppData\Roaming\UserTile.png
[2008/12/08 12:04:41 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/08/07 16:09:54 | 000,000,000 | ---- | C] () -- C:\Users\EMachUser\AppData\Roaming\wklnhst.dat
[2008/03/08 12:32:19 | 000,004,096 | -H-- | C] () -- C:\Users\EMachUser\AppData\Local\keyfile3.drm
[2008/03/08 11:46:08 | 000,007,268 | ---- | C] () -- C:\Users\EMachUser\AppData\Local\d3d9caps.dat
[2008/02/01 10:38:53 | 000,000,632 | RHS- | C] () -- C:\Users\EMachUser\ntuser.pol
[2008/01/30 01:23:12 | 000,008,017 | ---- | C] () -- C:\Users\EMachUser\ia_remove.sh
[2007/12/23 19:57:43 | 000,000,363 | ---- | C] () -- C:\ProgramData\lxdc
[2007/09/28 15:49:19 | 000,036,352 | ---- | C] () -- C:\Users\EMachUser\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Alternate Data Streams ==========
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2615E8F1
< End of report >
Hi Frosty,
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) Run OTL.exe
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
:Files
C:\Windows\System32\seruntxt.dll
:Services
:Reg
:Commands
[purity]
[createrestorepoint]
[emptytemp]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) VirusTotal
Please go to: VirusTotal (http://www.virustotal.com/en/index.html)
http://i204.photobucket.com/albums/bb106/Juliet702/virustotal2-SWI.png
Click the Browse button and search for the following file: C:\Windows\System32\drivers\txtidwow.sys
Click Open
Then click Send File
Please be patient while the file is scanned.
Once the scan results appear, please provide them in your next reply.
If it says already scanned -- click "reanalyze now"
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) AdwCleaner v3: Scan & Clean (http://www.bleepingcomputer.com/download/adwcleaner/)
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
Click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that log file in your next reply.
A copy of that log file will also be saved in the C:\AdwCleaner folder.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re-run OTL (it should be located on your desktop).
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Uncheck the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.
=========================
In your next post please provide the following:
OTL fix log
AdwCleaner[S0].txt
VirusTotal results
New OTL.txt
Hi OCD,
I am working on the items you asked me to do. When I went to the Virus Total my browser is blocking it saying this is not good. "Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.
We recommend that you close this webpage and do not continue to this website. "
Is this normal to see and is it ok to go there?
Also, yesterday I did remove two programs from the computer and then I remembered that you asked me not to install or uninstall any programs. :oops: sorry about that. Hope it does not cause any problems. That BIGFIX was bothering me after I saw that the last JRT log said it removed it and it was still in my programs and feature.
The two programs that I removed was 1.) BIGFIX, when I did my A/V kicked in with a red box and said his program is trying to reach outside to a password protected something. So I blocked it and removed it. 2.) Google Tool Bar.
I wanted to let you of changes that was made that you where not aware of.
Hi OCD,
On the VIRUS TOTAL I got that message from my laptop. When I went to the computor we are working on I did not get that warning message. Was able to run the program. The only thing it did not give a text file so I copy and paste it.
OTL w/Code log:
All processes killed
========== OTL ==========
========== FILES ==========
C:\Windows\System32\seruntxt.dll moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== COMMANDS ==========
Restore point Set: OTL Restore Point
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: EMachUser
->Temp folder emptied: 159119 bytes
->Temporary Internet Files folder emptied: 28282742 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Marco-FD
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: mark
->Temp folder emptied: 123409 bytes
->Temporary Internet Files folder emptied: 3641770 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 926 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2152312 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 33.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 11032013_111509
Files\Folders moved on Reboot...
C:\Users\EMachUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TGVXHS92\search[2].htm moved successfully.
File\Folder C:\Windows\temp\TMP00000002559A4A9EDE7E6F55 not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
adwCleaner:
# AdwCleaner v3.011 - Report created 03/11/2013 at 12:25:40
# Updated 03/11/2013 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : EMachUser - FRONTDESK
# Running from : C:\Users\EMachUser\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16514
*************************
AdwCleaner[R0].txt - [4587 octets] - [01/11/2013 07:55:55]
AdwCleaner[R1].txt - [773 octets] - [03/11/2013 12:24:17]
AdwCleaner[S0].txt - [4766 octets] - [01/11/2013 07:57:38]
AdwCleaner[S1].txt - [695 octets] - [03/11/2013 12:25:40]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [754 octets] ##########
Virus Total Results:
Agnitum ok 20131109
AhnLab-V3 ok 20131109
AntiVir ok 20131109
Antiy-AVL ok 20131107
Avast ok 20131109
AVG ok 20131109
Baidu-International ok 20131109
BitDefender ok 20131109
Bkav ok 20131109
ByteHero ok 20131105
CAT-QuickHeal ok 20131109
ClamAV ok 20131109
Commtouch ok 20131109
Comodo ok 20131109
DrWeb ok 20131109
Emsisoft ok 20131109
ESET-NOD32 ok 20131109
F-Prot ok 20131109
F-Secure ok 20131109
Fortinet ok 20131109
GData ok 20131109
Ikarus ok 20131109
Jiangmin ok 20131109
K7AntiVirus ok 20131108
K7GW ok 20131108
Kaspersky ok 20131109
Kingsoft ok 20130829
Malwarebytes ok 20131109
McAfee Spyware-eBlaster.sys 20131109
McAfee-GW-Edition Spyware-eBlaster.sys 20131109
Microsoft ok 20131109
MicroWorld-eScan ok 20131109
NANO-Antivirus ok 20131109
Norman ok 20131109
nProtect ok 20131109
Panda ok 20131109
Rising ok 20131108
Sophos ok 20131109
SUPERAntiSpyware ok 20131109
Symantec ok 20131109
TheHacker ok 20131107
TotalDefense ok 20131108
TrendMicro ok 20131109
TrendMicro-HouseCall ok 20131109
VBA32 ok 20131108
VIPRE ok 20131109
ViRobot ok 20131109
OTL Log:
OTL logfile created on: 11/3/2013 12:36:27 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\EMachUser\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
893.76 Mb Total Physical Memory | 180.50 Mb Available Physical Memory | 20.20% Memory free
2.00 Gb Paging File | 0.95 Gb Available in Paging File | 47.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.22 Gb Total Space | 97.92 Gb Free Space | 70.33% Space Free | Partition Type: NTFS
Drive D: | 9.83 Gb Total Space | 4.41 Gb Free Space | 44.88% Space Free | Partition Type: NTFS
Computer Name: FRONTDESK | User Name: EMachUser | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\EMachUser\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll ()
========== Services (SafeList) ==========
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (GameConsoleService) -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (rpcapd) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (MSSQL$UPSWSDBSERVER) -- c:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
========== Driver Services (SafeList) ==========
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (USB_RNDIS) -- C:\Windows\System32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (txtidwow) -- C:\Windows\System32\drivers\txtidwow.sys ()
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (NETw2v32) -- C:\Windows\System32\drivers\NETw2v32.sys (Intel® Corporation)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (Cdralw2k) -- C:\Windows\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\Windows\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (DeviceGuys, Inc.)
DRV - (BrPar) -- C:\Windows\System32\drivers\BRPAR.SYS (Brother Industries Ltd.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5062
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5062
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{D98FBCDE-CE80-40BC-A775-1E7901C4A600}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {676FC0DB-138B-4F55-9F2F-2BE262E72B4E}
IE - HKCU\..\SearchScopes\{676FC0DB-138B-4F55-9F2F-2BE262E72B4E}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{D98FBCDE-CE80-40BC-A775-1E7901C4A600}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/09/04 11:35:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012/09/04 11:35:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012/09/04 11:35:33 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll (Gateway Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - Startup: C:\Users\EMachUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D122C78F-1EB5-4E6F-B163-D2F3CBC3B553}: DhcpNameServer = 68.94.156.1 68.94.157.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/23 18:02:49 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 03:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{5e094961-2908-11dc-ab3e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5e094961-2908-11dc-ab3e-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SPSETUP.EXE
O33 - MountPoints2\{88f79cf2-40f8-11df-8291-001bb95f5c4b}\Shell - "" = AutoRun
O33 - MountPoints2\{88f79cf2-40f8-11df-8291-001bb95f5c4b}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/11/02 08:43:27 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/11/01 15:32:59 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013/11/01 15:30:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/11/01 15:30:38 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2013/11/01 15:30:01 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\EMachUser\Desktop\erunt-setup.exe
[2013/11/01 14:31:01 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\EMachUser\Desktop\dds.scr
[2013/11/01 14:09:17 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013/11/01 14:09:17 | 000,000,000 | ---D | C] -- C:\Users\EMachUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/11/01 12:23:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\EMachUser\Desktop\OTL.exe
[2013/11/01 12:22:51 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\EMachUser\Desktop\aswMBR.exe
[2013/11/01 08:22:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/11/01 08:22:21 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/11/01 08:19:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/01 08:19:18 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\EMachUser\Desktop\mbam-setup-1.75.0.1300.exe
[2013/11/01 08:09:09 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/01 08:06:06 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\EMachUser\Desktop\JRT.exe
[2013/11/01 07:55:37 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/31 09:34:34 | 000,000,000 | ---D | C] -- C:\564c0b1906d847d402cfc34485e17a
[2013/10/31 09:27:38 | 000,000,000 | ---D | C] -- C:\72018930be9e0dffa9df21
[2013/10/30 22:11:26 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/10/30 21:48:56 | 000,000,000 | ---D | C] -- C:\Users\EMachUser\Desktop\RK_Quarantine
[2013/10/30 08:02:07 | 000,000,000 | ---D | C] -- C:\Users\EMachUser\AppData\Roaming\Malwarebytes
[2013/10/30 08:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/10/30 08:00:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/10/11 09:44:44 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/10/11 09:44:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/10/11 09:44:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/10/11 09:44:42 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/10/11 09:44:41 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/10/11 09:44:40 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/10/11 09:44:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/10/11 09:44:38 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/10/10 14:45:17 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/10/10 14:45:16 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013/10/10 14:45:15 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013/10/10 14:45:15 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013/10/10 14:45:15 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013/10/10 14:45:15 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013/10/10 14:45:14 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013/10/10 14:45:14 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013/10/10 14:45:10 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013/10/10 14:45:09 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013/10/10 14:45:05 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013/10/10 14:45:02 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2013/10/10 14:44:58 | 002,050,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/10/10 14:44:28 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2013/10/10 14:44:28 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2013/10/10 14:42:39 | 000,025,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2007/12/16 16:49:08 | 000,147,456 | ---- | C] (Info-ZIP) -- C:\Users\EMachUser\vbzip10.dll
========== Files - Modified Within 30 Days ==========
[2013/11/03 12:28:13 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/03 12:28:13 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/03 12:28:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/03 12:28:00 | 937,943,040 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/03 11:47:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/03 11:16:27 | 000,654,114 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/11/03 11:16:27 | 000,122,868 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/11/02 11:27:44 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/11/01 15:30:47 | 000,000,913 | ---- | M] () -- C:\Users\EMachUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/11/01 15:30:38 | 000,000,714 | ---- | M] () -- C:\Users\EMachUser\Desktop\ERUNT.lnk
[2013/11/01 15:30:06 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\EMachUser\Desktop\erunt-setup.exe
[2013/11/01 14:31:11 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\EMachUser\Desktop\dds.scr
[2013/11/01 14:17:44 | 000,000,553 | ---- | M] () -- C:\Users\EMachUser\Desktop\MBR.zip
[2013/11/01 14:10:37 | 000,002,531 | ---- | M] () -- C:\Users\EMachUser\Desktop\HiJackThis.lnk
[2013/11/01 14:07:28 | 001,402,880 | ---- | M] () -- C:\Users\EMachUser\Desktop\HijackThis.msi
[2013/11/01 13:23:25 | 000,000,512 | ---- | M] () -- C:\Users\EMachUser\Desktop\MBR.dat
[2013/11/01 12:23:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\EMachUser\Desktop\OTL.exe
[2013/11/01 12:23:14 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\EMachUser\Desktop\aswMBR.exe
[2013/11/01 12:22:33 | 000,891,184 | ---- | M] () -- C:\Users\EMachUser\Desktop\SecurityCheck.exe
[2013/11/01 08:20:10 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\EMachUser\Desktop\mbam-setup-1.75.0.1300.exe
[2013/11/01 08:06:07 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\EMachUser\Desktop\JRT.exe
[2013/11/01 07:53:44 | 001,073,262 | ---- | M] () -- C:\Users\EMachUser\Desktop\AdwCleaner.exe
[2013/10/11 10:23:40 | 000,454,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/10/10 12:49:51 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/10/10 12:49:51 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
========== Files Created - No Company Name ==========
[2013/11/01 15:30:47 | 000,000,913 | ---- | C] () -- C:\Users\EMachUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/11/01 15:30:38 | 000,000,714 | ---- | C] () -- C:\Users\EMachUser\Desktop\ERUNT.lnk
[2013/11/01 14:17:44 | 000,000,553 | ---- | C] () -- C:\Users\EMachUser\Desktop\MBR.zip
[2013/11/01 14:09:17 | 000,002,531 | ---- | C] () -- C:\Users\EMachUser\Desktop\HiJackThis.lnk
[2013/11/01 14:06:59 | 001,402,880 | ---- | C] () -- C:\Users\EMachUser\Desktop\HijackThis.msi
[2013/11/01 13:23:25 | 000,000,512 | ---- | C] () -- C:\Users\EMachUser\Desktop\MBR.dat
[2013/11/01 12:22:28 | 000,891,184 | ---- | C] () -- C:\Users\EMachUser\Desktop\SecurityCheck.exe
[2013/11/01 07:53:43 | 001,073,262 | ---- | C] () -- C:\Users\EMachUser\Desktop\AdwCleaner.exe
[2013/10/31 10:17:39 | 937,943,040 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/10 19:50:10 | 000,017,388 | ---- | C] () -- C:\Windows\System32\usboktcp.dll
[2011/11/06 17:14:51 | 000,017,408 | ---- | C] () -- C:\Users\EMachUser\AppData\Local\WebpageIcons.db
[2011/11/06 17:11:47 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2011/11/06 17:11:46 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010/03/26 18:42:33 | 000,023,580 | ---- | C] () -- C:\Users\EMachUser\AppData\Roaming\UserTile.png
[2008/12/08 11:04:41 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/08/07 15:09:54 | 000,000,000 | ---- | C] () -- C:\Users\EMachUser\AppData\Roaming\wklnhst.dat
[2008/03/08 11:32:19 | 000,004,096 | -H-- | C] () -- C:\Users\EMachUser\AppData\Local\keyfile3.drm
[2008/03/08 10:46:08 | 000,007,268 | ---- | C] () -- C:\Users\EMachUser\AppData\Local\d3d9caps.dat
[2008/02/01 09:38:53 | 000,000,632 | RHS- | C] () -- C:\Users\EMachUser\ntuser.pol
[2008/01/30 00:23:12 | 000,008,017 | ---- | C] () -- C:\Users\EMachUser\ia_remove.sh
[2007/12/23 18:57:43 | 000,000,363 | ---- | C] () -- C:\ProgramData\lxdc
[2007/09/28 14:49:19 | 000,036,352 | ---- | C] () -- C:\Users\EMachUser\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2006/11/02 06:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Alternate Data Streams ==========
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2615E8F1
< End of report >
Hi Frosty,
The VirusToal warning you received is probably due to a browser setting, but The VirusTotal website is OK.
OTL fix went as planned
As far as removing those programs, that's fine. :bigthumb:
VirusTotal log looks good
How is the computer running?
Hi OCD,
I will look into the setting on the browser.
The computor is running good other than the start up that I mentioned. The browser locked up on twice yesterday. Out side of those thing it running good.
Hi Frosty,
The computor is running good other than the start up that I mentioned. The browser locked up on twice yesterday.
Can you please refresh my memory as to the start-up issue? Also, which browser is locking up?
Hi OCD,
Sure, The start-up issue is when I log in the screen will go blue for a short time, then I will get the welcome message, then it will go to a white screen for a short time then the desk top will show up.
The internet explorer is the one that locks up. Some time it tell me the internet explorer is not responding.
Hi OCD,
Update on computer. I got back on it today and the system was running extremely slow. The system would lock up completely at desk top. Nothing would work, mouse, tab, ctrl-alt-del nothing complete lock down. It would hang up when you would log out it would go to a black screen and stay there. After about three or four shut downs the system started running better. I'm not sure what's going on.
IE 9 when I launched it this morning was asking me to set security setting. I use recommended setting. So something changed there.
Do you have any suggestions or thoughts?
Hi Frosty,
This problem doesn't seem malware related, more along the lines of corrupt file/s. Let's run a few scans and see if they yield any indication of the issue.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) Chkdsk in Vista/7
You must run the command prompt as an administrator or in an "elevated mode".
Start menu, in the search bar type "cmd"
Right-click the cmd icon, select "run as administrator"
If you have user account control (UAC) set up it may prompt you to accept that action.
Then type in "chkdsk /r" (make note of the space between chkdsk and /)
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) To view results log:
Open the Start Menu, and type eventvwr.msc in the search box and press enter.
If prompted by UAC, then click on Yes (Windows 7) or Continue (Vista).
In the left pane of Event Viewer, double click on Windows Logs to expand it, then right click on Application and click on Find.
Copy and paste Chkdsk into the line, and click on Find Next.
You will now see the system log for the scan results of Check Disk (chkdsk).
In the right had menu select copy, open notepad and paste the chkdsk results into notepad
Post in your next reply.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) System File Checker (SFC)
Click on the Start button and in the Search programs and files box type the following:
command
Don't press Enter, just let the search results populate above.
In the search results, locate the Programs section.
Locate the Command Prompt shortcut and right-click on it.
Select Run as administrator.
Click Yes on the User Account Control window that appears.
Important: If you are see a User Account Control window but also a message that says To continue, type an administrator password, and then click Yes, then your user account must be a standard account, not an administrator account. Before you can click Yes and open an elevated command prompt, you'll need to type the password of another user on your Windows 7 computer that has administrator level privileges.
Note: You will not see this window at all if your User Account Control settings are turned all the way down. See How To Disable User Account Control in Windows 7 (http://pcsupport.about.com/gi/o.htm?zi=1/XJ&zTi=1&sdn=pcsupport&cdn=compute&tm=8&f=11&su=p284.13.342.ip_p504.6.342.ip_&tt=2&bt=0&bts=0&zu=http%3A//windows.microsoft.com/en-us/windows7/turn-user-account-control-on-or-off) for more information.
An elevated Command Prompt window will appear.
Type: sfc /scannow (There's a space between sfc and /scannow.) , then hit Enter
After the scan runs type exit to close the command prompt window
=========================
IE 9 when I launched it this morning was asking me to set security setting. I use recommended setting. So something changed there.How long have you been using IE9?
=========================
Do you remember the date when you first started having the computer problem?
=========================
In your next post please provide the following:
chkdsk results
SFC scan results
Answer to the questions asked.
Hi OCD,
I have the info you requested.
Chkdsk log:
Information 11/11/2013 12:16:59 PM Wininit 1001 None
Log Name: Application
Source: Microsoft-Windows-Wininit
Date: 11/11/2013 12:16:59 PM
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: FrontDesk
Description:
Checking file system on C:
The type of the file system is NTFS.
A disk check has been scheduled.
Windows will now check the disk.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x128d209 for possibly 0xe2 clusters.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x128d209 for possibly 0xe2 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x103b6 is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 66486.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x12a7467 for possibly 0x38f clusters.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x12a7467 for possibly 0x38f clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x10d9e is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 69022.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x153fd99 for possibly 0x401 clusters.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x153fd99 for possibly 0x401 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x1970b is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 104203.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x1167040 for possibly 0xa91 clusters.
233792 file records processed.
1067 large file records processed.
0 bad file records processed.
Correcting cross-link for file 159178.
0 EA records processed.
76 reparse records processed.
286652 index entries processed.
0 unindexed files processed.
233792 security descriptors processed.
Cleaning up 271 unused index entries from index $SII of file 0x9.
Cleaning up 271 unused index entries from index $SDH of file 0x9.
Cleaning up 271 unused security descriptors.
Inserting data attribute into file 66486.
Inserting data attribute into file 69022.
Inserting data attribute into file 104203.
26434 data files processed.
CHKDSK is verifying Usn Journal...
37047760 USN bytes processed.
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
233776 files processed.
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
25358788 free clusters processed.
Free space verification is complete.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.
145984182 KB total disk space.
44111952 KB in 155121 files.
85276 KB in 26432 indexes.
0 KB in bad sectors.
351802 KB in use by the system.
65536 KB occupied by the log file.
101435152 KB available on disk.
4096 bytes in each allocation unit.
36496045 total allocation units on disk.
25358788 allocation units available on disk.
Internal Info:
40 91 03 00 3e c5 02 00 bd ba 04 00 00 00 00 00 @...>...........
6e 05 00 00 4c 00 00 00 00 00 00 00 00 00 00 00 n...L...........
42 00 00 00 e2 73 c1 77 80 e7 3f 00 80 df 3f 00 B....s.w..?...?.
Windows has finished checking your disk.
Please wait while your computer restarts.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-11-11T18:16:59.000Z" />
<EventRecordID>205098</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>FrontDesk</Computer>
<Security />
</System>
<EventData>
<Data>
Checking file system on C:
The type of the file system is NTFS.
A disk check has been scheduled.
Windows will now check the disk.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x128d209 for possibly 0xe2 clusters.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x128d209 for possibly 0xe2 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x103b6 is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 66486.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x12a7467 for possibly 0x38f clusters.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x12a7467 for possibly 0x38f clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x10d9e is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 69022.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x153fd99 for possibly 0x401 clusters.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x153fd99 for possibly 0x401 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x1970b is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 104203.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x1167040 for possibly 0xa91 clusters.
233792 file records processed.
1067 large file records processed.
0 bad file records processed.
Correcting cross-link for file 159178.
0 EA records processed.
76 reparse records processed.
286652 index entries processed.
0 unindexed files processed.
233792 security descriptors processed.
Cleaning up 271 unused index entries from index $SII of file 0x9.
Cleaning up 271 unused index entries from index $SDH of file 0x9.
Cleaning up 271 unused security descriptors.
Inserting data attribute into file 66486.
Inserting data attribute into file 69022.
Inserting data attribute into file 104203.
26434 data files processed.
CHKDSK is verifying Usn Journal...
37047760 USN bytes processed.
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
233776 files processed.
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
25358788 free clusters processed.
Free space verification is complete.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.
145984182 KB total disk space.
44111952 KB in 155121 files.
85276 KB in 26432 indexes.
0 KB in bad sectors.
351802 KB in use by the system.
65536 KB occupied by the log file.
101435152 KB available on disk.
4096 bytes in each allocation unit.
36496045 total allocation units on disk.
25358788 allocation units available on disk.
Internal Info:
40 91 03 00 3e c5 02 00 bd ba 04 00 00 00 00 00 @...>...........
6e 05 00 00 4c 00 00 00 00 00 00 00 00 00 00 00 n...L...........
42 00 00 00 e2 73 c1 77 80 e7 3f 00 80 df 3f 00 B....s.w..?...?.
Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
</EventData>
</Event>
sfc log:
Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\Users\EMachUser>sfc /scannow
Beginning system scan. This process will take some time.
Beginning verification phase of system scan.
Verification 100% complete.
Windows Resource Protection found corrupt files but was unable to fix some of th
em.
Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For example
C:\Windows\Logs\CBS\CBS.log
C:\Users\EMachUser>
Do you want me to get the CBS log file for you?
I have been using the IE 9 for quit some time. It's not something new.
The problem started back at the beginning of October. I was told that the A/V came up and said that it had found win32 trojan right after she went to WBAP.com
Hi Frosty,
Do you want me to get the CBS log file for you?Yes, please do. If the file is too large, attach it to your reply.
Hi OCD,
The CBS log file is large file so I Zip it for the attachment.
11020
Hi Frosty,
The CBS log file is a bit out of my knowledge range. I will ask for some help interpreting it, meanwhile let's try this.
Slightly different command, please run, reboot and post the log.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) Chkdsk in Vista/7
You must run the command prompt as an administrator or in an "elevated mode".
Start menu, in the search bar type "cmd"
Right-click the cmd icon, select "run as administrator"
If you have user account control (UAC) set up it may prompt you to accept that action.
Then type in "chkdsk /f" (make note of the space between chkdsk and /)
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) To view results log:
Open the Start Menu, and type eventvwr.msc in the search box and press enter.
If prompted by UAC, then click on Yes (Windows 7) or Continue (Vista).
In the left pane of Event Viewer, double click on Windows Logs to expand it, then right click on Application and click on Find.
Copy and paste Chkdsk into the line, and click on Find Next.
You will now see the system log for the scan results of Check Disk (chkdsk).
In the right had menu select copy, open notepad and paste the chkdsk results into notepad
Post in your next reply.
=========================
Any change in performance?
Hi OCD,
The CBS log file is a bit out of my knowledge range.
Definitely out mine range. I was looking at it going uh :scratch:
I will have that new log shortly.
Hi OCD,
I finally had the chance to run chkdsk for you.
Here is the info.
Log Name: Application
Source: Microsoft-Windows-Wininit
Date: 11/12/2013 3:38:50 PM
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: FrontDesk
Description:
Checking file system on C:
The type of the file system is NTFS.
A disk check has been scheduled.
Windows will now check the disk.
233792 file records processed.
1068 large file records processed.
0 bad file records processed.
0 EA records processed.
76 reparse records processed.
286710 index entries processed.
0 unindexed files processed.
233792 security descriptors processed.
Cleaning up 17 unused index entries from index $SII of file 0x9.
Cleaning up 17 unused index entries from index $SDH of file 0x9.
Cleaning up 17 unused security descriptors.
26460 data files processed.
CHKDSK is verifying Usn Journal...
33828560 USN bytes processed.
Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.
145984182 KB total disk space.
46944756 KB in 156508 files.
86608 KB in 26461 indexes.
0 KB in bad sectors.
348726 KB in use by the system.
65536 KB occupied by the log file.
98604092 KB available on disk.
4096 bytes in each allocation unit.
36496045 total allocation units on disk.
24651023 allocation units available on disk.
Internal Info:
40 91 03 00 c3 ca 02 00 98 c5 04 00 00 00 00 00 @...............
73 05 00 00 4c 00 00 00 00 00 00 00 00 00 00 00 s...L...........
42 00 00 00 e2 73 26 77 80 e7 07 00 80 df 07 00 B....s&w........
Windows has finished checking your disk.
Please wait while your computer restarts.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-11-12T21:38:50.000Z" />
<EventRecordID>205283</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>FrontDesk</Computer>
<Security />
</System>
<EventData>
<Data>
Checking file system on C:
The type of the file system is NTFS.
A disk check has been scheduled.
Windows will now check the disk.
233792 file records processed.
1068 large file records processed.
0 bad file records processed.
0 EA records processed.
76 reparse records processed.
286710 index entries processed.
0 unindexed files processed.
233792 security descriptors processed.
Cleaning up 17 unused index entries from index $SII of file 0x9.
Cleaning up 17 unused index entries from index $SDH of file 0x9.
Cleaning up 17 unused security descriptors.
26460 data files processed.
CHKDSK is verifying Usn Journal...
33828560 USN bytes processed.
Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.
145984182 KB total disk space.
46944756 KB in 156508 files.
86608 KB in 26461 indexes.
0 KB in bad sectors.
348726 KB in use by the system.
65536 KB occupied by the log file.
98604092 KB available on disk.
4096 bytes in each allocation unit.
36496045 total allocation units on disk.
24651023 allocation units available on disk.
Internal Info:
40 91 03 00 c3 ca 02 00 98 c5 04 00 00 00 00 00 @...............
73 05 00 00 4c 00 00 00 00 00 00 00 00 00 00 00 s...L...........
42 00 00 00 e2 73 26 77 80 e7 07 00 80 df 07 00 B....s&w........
Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
</EventData>
</Event>
No noticable diffrences in porformace.
Hi Frosty,
I'm still waiting to see if any of my colleagues have any recommendations about the CBS file. Let's run this tool while we wait.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) TFC
Download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop
Close any open windows.
Double click the TFC icon to run the program
Vista, Windows 7 & 8 Right click and select "Run as Administrator"
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean
=========================
Any change in performance?
Hi OCD,
I ran the TFC, and it cleaned a lot out. I was surprised as I have cleaned a lot out myself.
Performance wise - It was painfully slow when I first logged in. It took about 45 min. from the time I logged in open IE, downloaded TFC, ran it. another five to ten to reboot. I then shut it completely down and logged back in seems to be a bit faster. I have lost the white screen that was coming up during the initial loading of the desk top. (did this three times) The desk top icons seemed to load faster. So we have made some improvement here. :bigthumb:
IE is slow at launching it takes a few minutes to completely load the home page.
Hi Frosty,
Glad she is running a bit faster. :bigthumb: I haven't had any luck getting any insight into the CBS file yet. Unfortunately, it may not happen very quickly if at all, since most of my colleagues deal with malware removal. The CBS file is more of a Windows System issue, but we'll see. :red:
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) Clear Browser Cache in Internet Explorer
Close all Internet Explorer and Windows Explorer windows that are currently open.
Open Internet Explorer.
Click the Tools button http://i1269.photobucket.com/albums/jj590/OCD-WTT/ietoolsbutton.jpg, and then expand theSafety menu, then select Delete browsing history.
Select the check box next to each of the following categories.
Temporary Internet files and website files
History
Click Delete
=========================
"Test drive" it for a few days and see how it responds.
Hi OCD,
I cleared the cache but it did not make any changes.
However - I had windows updates available to install and I told it to install. nothing happened. Went and looked at windows update and it failed to update. Looked at history and since 16th of October Microsoft SQL server 2005 express edition service pack (KB2463332) keeps failing.
I have 10 updates that need to be installed. I also have a code B0240016 stating Window update is currently installing other updates. Please try again in a few minutes. I have waited but still the same.
Also when logging off I am getting a message that explorer.exe is still running-playing logoff sound. ask to force log off.
I was thinking of uninstalling IE 9 and reinstalling. What are your thoughts on that.
Umm. The system all of sudden decided it wanted to update 9 of the 10. I will get back with you on this later.
Hi OCD,
Getting back with. The 9 updates where all successful. Some new developments. When the system rebooted I received an error message before the log in screen came up. Window could not connect to the system event notification service service.:slap: Please consult your system admin. I clicked OK and was able to log in. The control panel was reset back to default settings.
Hi Frosty,
How is the system running with IE10? How is it running in general?
HI OCD,
I have not installed IE10.
The system is running, we can move around in it. Slow on a few programs when it opens. I get Not Responding on a few programs when it first loads up.
Hi Frosty,
Let's run a new scan to check and make sure we didn't miss anything.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re-run OTL (it should be located on your desktop).
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Uncheck the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.
=========================
In your next post please provide the following:
OTL.txt
HI OCD,
Here is the new log on OTL:
OTL logfile created on: 11/16/2013 11:05:45 AM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\EMachUser\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
893.76 Mb Total Physical Memory | 270.22 Mb Available Physical Memory | 30.23% Memory free
2.00 Gb Paging File | 1.02 Gb Available in Paging File | 50.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.22 Gb Total Space | 91.68 Gb Free Space | 65.85% Space Free | Partition Type: NTFS
Drive D: | 9.83 Gb Total Space | 4.41 Gb Free Space | 44.88% Space Free | Partition Type: NTFS
Computer Name: FRONTDESK | User Name: EMachUser | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\EMachUser\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll ()
========== Services (SafeList) ==========
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (GameConsoleService) -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (rpcapd) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (MSSQL$UPSWSDBSERVER) -- c:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
========== Driver Services (SafeList) ==========
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (USB_RNDIS) -- C:\Windows\System32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (txtidwow) -- C:\Windows\System32\drivers\txtidwow.sys ()
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (NETw2v32) -- C:\Windows\System32\drivers\NETw2v32.sys (Intel® Corporation)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (Cdralw2k) -- C:\Windows\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\Windows\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (DeviceGuys, Inc.)
DRV - (BrPar) -- C:\Windows\System32\drivers\BRPAR.SYS (Brother Industries Ltd.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5062
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5062
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{D98FBCDE-CE80-40BC-A775-1E7901C4A600}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {676FC0DB-138B-4F55-9F2F-2BE262E72B4E}
IE - HKCU\..\SearchScopes\{676FC0DB-138B-4F55-9F2F-2BE262E72B4E}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{D98FBCDE-CE80-40BC-A775-1E7901C4A600}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/09/04 11:35:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012/09/04 11:35:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012/09/04 11:35:33 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll (Gateway Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D122C78F-1EB5-4E6F-B163-D2F3CBC3B553}: DhcpNameServer = 68.94.156.1 68.94.157.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/23 18:02:49 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 03:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{5e094961-2908-11dc-ab3e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5e094961-2908-11dc-ab3e-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SPSETUP.EXE
O33 - MountPoints2\{88f79cf2-40f8-11df-8291-001bb95f5c4b}\Shell - "" = AutoRun
O33 - MountPoints2\{88f79cf2-40f8-11df-8291-001bb95f5c4b}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/11/14 10:14:28 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/11/14 10:14:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/11/14 10:14:27 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/11/14 10:14:27 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/11/14 10:14:26 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/11/14 10:14:25 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/11/14 10:14:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/11/14 10:14:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/11/13 09:53:48 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2013/11/13 08:54:11 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\EMachUser\Desktop\TFC.exe
[2013/11/05 07:41:01 | 000,000,000 | ---D | C] -- C:\b7f0181b655e8a652b2d630988d50828
[2013/11/05 07:38:06 | 000,000,000 | ---D | C] -- C:\b546cb6c3722d3eae57e29963246
[2013/11/02 08:43:27 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/11/01 15:32:59 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013/11/01 15:30:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/11/01 15:30:38 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2013/11/01 15:30:01 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\EMachUser\Desktop\erunt-setup.exe
[2013/11/01 14:31:01 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\EMachUser\Desktop\dds.scr
[2013/11/01 14:09:17 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013/11/01 14:09:17 | 000,000,000 | ---D | C] -- C:\Users\EMachUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/11/01 12:23:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\EMachUser\Desktop\OTL.exe
[2013/11/01 12:22:51 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\EMachUser\Desktop\aswMBR.exe
[2013/11/01 08:22:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/11/01 08:22:21 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/11/01 08:19:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/01 08:19:18 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\EMachUser\Desktop\mbam-setup-1.75.0.1300.exe
[2013/11/01 08:09:09 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/01 08:06:06 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\EMachUser\Desktop\JRT.exe
[2013/11/01 07:55:37 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/31 09:34:34 | 000,000,000 | ---D | C] -- C:\564c0b1906d847d402cfc34485e17a
[2013/10/31 09:27:38 | 000,000,000 | ---D | C] -- C:\72018930be9e0dffa9df21
[2013/10/30 22:11:26 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/10/30 21:48:56 | 000,000,000 | ---D | C] -- C:\Users\EMachUser\Desktop\RK_Quarantine
[2013/10/30 08:02:07 | 000,000,000 | ---D | C] -- C:\Users\EMachUser\AppData\Roaming\Malwarebytes
[2013/10/30 08:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/10/30 08:00:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2007/12/16 16:49:08 | 000,147,456 | ---- | C] (Info-ZIP) -- C:\Users\EMachUser\vbzip10.dll
========== Files - Modified Within 30 Days ==========
[2013/11/16 11:00:56 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/16 11:00:56 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/16 11:00:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/16 11:00:40 | 937,943,040 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/15 17:46:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/13 08:54:24 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\EMachUser\Desktop\TFC.exe
[2013/11/12 09:51:37 | 000,175,382 | ---- | M] () -- C:\Users\EMachUser\Desktop\CBS.zip
[2013/11/03 11:16:27 | 000,654,114 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/11/03 11:16:27 | 000,122,868 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/11/02 11:27:44 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/11/01 15:30:38 | 000,000,714 | ---- | M] () -- C:\Users\EMachUser\Desktop\ERUNT.lnk
[2013/11/01 15:30:06 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\EMachUser\Desktop\erunt-setup.exe
[2013/11/01 14:31:11 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\EMachUser\Desktop\dds.scr
[2013/11/01 14:17:44 | 000,000,553 | ---- | M] () -- C:\Users\EMachUser\Desktop\MBR.zip
[2013/11/01 14:10:37 | 000,002,531 | ---- | M] () -- C:\Users\EMachUser\Desktop\HiJackThis.lnk
[2013/11/01 14:07:28 | 001,402,880 | ---- | M] () -- C:\Users\EMachUser\Desktop\HijackThis.msi
[2013/11/01 13:23:25 | 000,000,512 | ---- | M] () -- C:\Users\EMachUser\Desktop\MBR.dat
[2013/11/01 12:23:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\EMachUser\Desktop\OTL.exe
[2013/11/01 12:23:14 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\EMachUser\Desktop\aswMBR.exe
[2013/11/01 12:22:33 | 000,891,184 | ---- | M] () -- C:\Users\EMachUser\Desktop\SecurityCheck.exe
[2013/11/01 08:20:10 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\EMachUser\Desktop\mbam-setup-1.75.0.1300.exe
[2013/11/01 08:06:07 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\EMachUser\Desktop\JRT.exe
[2013/11/01 07:53:44 | 001,073,262 | ---- | M] () -- C:\Users\EMachUser\Desktop\AdwCleaner.exe
========== Files Created - No Company Name ==========
[2013/11/13 09:53:48 | 000,218,228 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2013/11/12 09:51:37 | 000,175,382 | ---- | C] () -- C:\Users\EMachUser\Desktop\CBS.zip
[2013/11/01 15:30:38 | 000,000,714 | ---- | C] () -- C:\Users\EMachUser\Desktop\ERUNT.lnk
[2013/11/01 14:17:44 | 000,000,553 | ---- | C] () -- C:\Users\EMachUser\Desktop\MBR.zip
[2013/11/01 14:09:17 | 000,002,531 | ---- | C] () -- C:\Users\EMachUser\Desktop\HiJackThis.lnk
[2013/11/01 14:06:59 | 001,402,880 | ---- | C] () -- C:\Users\EMachUser\Desktop\HijackThis.msi
[2013/11/01 13:23:25 | 000,000,512 | ---- | C] () -- C:\Users\EMachUser\Desktop\MBR.dat
[2013/11/01 12:22:28 | 000,891,184 | ---- | C] () -- C:\Users\EMachUser\Desktop\SecurityCheck.exe
[2013/11/01 07:53:43 | 001,073,262 | ---- | C] () -- C:\Users\EMachUser\Desktop\AdwCleaner.exe
[2013/10/31 10:17:39 | 937,943,040 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/10 19:50:10 | 000,017,388 | ---- | C] () -- C:\Windows\System32\usboktcp.dll
[2011/11/06 17:14:51 | 000,017,408 | ---- | C] () -- C:\Users\EMachUser\AppData\Local\WebpageIcons.db
[2010/03/26 18:42:33 | 000,023,580 | ---- | C] () -- C:\Users\EMachUser\AppData\Roaming\UserTile.png
[2008/12/08 11:04:41 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/08/07 15:09:54 | 000,000,000 | ---- | C] () -- C:\Users\EMachUser\AppData\Roaming\wklnhst.dat
[2008/03/08 11:32:19 | 000,004,096 | -H-- | C] () -- C:\Users\EMachUser\AppData\Local\keyfile3.drm
[2008/03/08 10:46:08 | 000,007,268 | ---- | C] () -- C:\Users\EMachUser\AppData\Local\d3d9caps.dat
[2008/02/01 09:38:53 | 000,000,632 | RHS- | C] () -- C:\Users\EMachUser\ntuser.pol
[2008/01/30 00:23:12 | 000,008,017 | ---- | C] () -- C:\Users\EMachUser\ia_remove.sh
[2007/12/23 18:57:43 | 000,000,363 | ---- | C] () -- C:\ProgramData\lxdc
[2007/09/28 14:49:19 | 000,036,352 | ---- | C] () -- C:\Users\EMachUser\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2006/11/02 06:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Alternate Data Streams ==========
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2615E8F1
< End of report >
Hi Frosty,
OTL log looks good. :bigthumb:
Unfortunately, the bit of lag or slowness you are experiencing is most likely due to the systems resources.
Do you have any other issues or questions?
Hi OCD,
Good deal. We got a lot done.
I have not seen any other problems with system. Did you ever get any answers on the CBS log?
Hi Frosty,
Did you ever get any answers on the CBS log?Unfortunately, I did not get any input. Although I did give a link to the file, if someone had looked at it an noticed a problem I'm confident they would have contacted me.
Do you have any other questions, or symptoms we haven't addressed?
HI OCD,
I can not think of anything thing else and there is no other symptoms.
Thank you for all your help.
Hi Frosty,
Your log appears to be clean.
We have a few items to take care of before we get to the All Clean Speech.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Clean up with OTL:
Right-click OTL.exe select "Run as Administrator" to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Removing/Uninstalling AdwCleaner:
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Click on the Uninstall button.
Click Yes when asked are you sure you want to uninstall.
Both AdwCleaner.exe, its folder and all logs will be removed.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) You can now delete any tools and/or logs remaining on your desktop.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Uninstall via Programs and Features
Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
Adobe Reader 9
Java(TM) 6 Update 7
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Adobe Reader:
Go to http://get.adobe.com/reader/otherversions/
Use the drop down menu's to select your operating system
Select your language > Select The current version of Adobe Reader for your language
Remove the check mark from the box "Free! McAfee Security Scan Plus"
Click the Download button, and follow the onscreen directions to complete the installation.
Please note, depending on your settings, you may have to temporarily disable your antivirus software for the Adobe Reader update.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Update Java
Get the current version of Java (Version 7 Update 45) by going to http://java.com/en/download/installed.jsp
Select the Verify Java Version button and follow the onscreen instructions to update if necessary.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Disable Java in Web Browsers
There is a vulnerability with regards to Java and web browsers. Therefore, we recommend to disable java in web browsers.
More information can be found here: http://www.techsupportforum.com/forums/f50/disable-java-in-browsers-683721.html
Click on the Start button and then click on the Control Panel option.
In the Control Panel Search enter Java Control Panel.
Click on the Java icon to open the Java Control Panel.
Disable Java through the Java Control Panel
In the Java Control Panel, click on the Security tab.
Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser.
Click Apply. When the Windows User Account Control (UAC) dialog appears, allow permissions to make the changes.
Click OK in the Java Plug-in confirmation window.
Restart the browser for changes to take effect.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Delete All But the Most Recent Restore Point
Open Disk Cleanup by clicking the Start button http://i1269.photobucket.com/albums/jj590/OCD-WTT/start.jpg. In the search box, type Disk Cleanup, and then, in the list of results, click Disk Cleanup.
If prompted, select the drive that you want to clean up, and then click OK.
In the Disk Cleanup for (drive letter) dialog box, click Clean up system files. http://i1269.photobucket.com/albums/jj590/OCD-WTT/adminshield.jpg Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
If prompted, select the drive that you want to clean up, and then click OK.
Click the More Options tab, under System Restore and Shadow Copies, click Clean up.
In the Disk Cleanup dialog box, click Delete.
Click Delete Files, and then click OK.
=========================
With the above items taken care of let's move on to the All Clean part of the process.
The following procedures are recommendations for helping to keep your system running smoothly. If you are currently satisfied with how your system is running some or all of these may not pertain to you. Impliment what you need.
This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.
Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.
Here are some tips to reduce the potential for spyware infection in the future:
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Make your Mozilla Firefox more secure - This can be done by adding these add-ons:
NoScript (https://addons.mozilla.org/en-US/firefox/addon/noscript/?src=ss)
AdBlockPlus (https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/)
Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.
Free Anti-Virus
Avast Free Antivirus (http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html)
Avira Free Antivirus 2013 (http://download.cnet.com/Avira-Free-Antivirus-2013/3000-2239_4-10322935.html)
PC Tools AntiVirus Free (http://download.cnet.com/PC-Tools-AntiVirus-Free/3000-2239_4-10625067.html)
Ad-Aware Free Antivirus + (http://download.cnet.com/Ad-Aware-Free-Antivirus/3000-8022_4-10045910.html)
Free Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here (http://www.bleepingcomputer.com/forums/tutorial60.html).
Online Armor Free (http://download.cnet.com/Online-Armor-Free/3000-10435_4-10426782.html)
Agnitum Outpost Firewall Free (http://download.cnet.com/Agnitum-Outpost-Firewall-Free/3000-10435_4-10913746.html)
Comodo Firewall (http://download.cnet.com/Comodo-Firewall/3000-10435_4-75181464.html)
Make sure you keep your Windows OS current. Windows XP users can visit Windows update (http://v4.windowsupdate.microsoft.com/en/default.asp) regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.
Consider a custom hosts file such as MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.htm). This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002 (http://www.mvps.org/winhelp2002/hosts.htm)
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.
WOT (http://www.mywot.com/) (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.
Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place? (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
Hi OCD,
I have not drop the ball. Work has been keeping snowed under. I will finish this up tomorrow and get back with you. Sorry for the delay on my part.
Hi OCD,
OK, I ran the OTL and the awd, removed all other programs.
I uninstalled java but did not down load the newer version. If it is needed I will do it then.
I have the newer version of adobe reader installed.
I also removed other programs.
did the disk cleaner.
The only thing I have left to do is update my a/v and that will be next.
I have am satisfied with the help you have given me on my pc.
Hi Frosty,
I will leave the thread open for a day or so. If you have any additional questions let me know, otherwise I will mark the thread as solved and close it.
Hi Frosty,
Since I haven't heard back from you in a few days I'll take that to mean your computer is still running fine, and will close the thread.
Glad I was able to help. :bigthumb: Have a great day.
Since this issue appears to be resolved ... this Topic will be closed.