I running a windows vista home edition and recently I think I uninstalled microsoft essential after which I started seein the "Windows has encountered a critical problem and will restart in one min" message and system restarts automatically in a min.I tried to restore from previous points but no luck it doesnt let complete the work.Upon BIOS startup with F8 advanced options safe mode/safemode with command prompt occuring same issues over there as well. .I ran the repair your computer option through additional boot options and it takes sometime and lands me on login page with "other user" and I do not know the username or password for this account to further login and proceed with repair your computer option.None of the solved forums here seem to be working out for my situation.Please help.
Solved Windows has encountered a critical problem and will restart in one min
- Thread starter windows90
- Start date
Broni
Posts: 56,041 +516
Welcome aboard
Please, observe following rules:
==========================================
For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.
Plug the flashdrive into the infected PC.
Enter System Recovery Options.
To enter System Recovery Options from the Advanced Boot Options:
To enter System Recovery Options by using Windows installation disc:
On the System Recovery Options menu you will get the following options:
Next...
Re-run FRST again.
Type the following in the edit box after "Search:".
services.exe
Click Search button and post the log (Search.txt) it makes in your reply.
I'll expect two logs:
- FRST.txt
- Search.txt
Please, observe following rules:
- Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
- If you're stuck, or you're not sure about certain step, always ask before doing anything else.
- Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
- Never run more than one scan at a time.
- Keep updating me regarding your computer behavior, good, or bad.
- The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
- If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
- I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
==========================================
For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.
Plug the flashdrive into the infected PC.
Enter System Recovery Options.
To enter System Recovery Options from the Advanced Boot Options:
- Restart the computer.
- As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
- Use the arrow keys to select the Repair your computer menu item.
- Select US as the keyboard language settings, and then click Next.
- Select the operating system you want to repair, and then click Next.
- Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:
- Insert the installation disc.
- Restart your computer.
- If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
- Click Repair your computer.
- Select US as the keyboard language settings, and then click Next.
- Select the operating system you want to repair, and then click Next.
- Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
- Select Command Prompt
- In the command window type in notepad and press Enter.
- The notepad opens. Under File menu select Open.
- Select "Computer" and find your flash drive letter and close the notepad.
- In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive. - The tool will start to run.
- When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
Next...
Re-run FRST again.
Type the following in the edit box after "Search:".
services.exe
Click Search button and post the log (Search.txt) it makes in your reply.
I'll expect two logs:
- FRST.txt
- Search.txt
Firstly thanks for your quick response.I have looked up the posted procedure here on one of your solved issues.I downloaded the Farbar recovery scan tool to a flash drive and connected the flash drive to the infected computer and followed the below 3 steps:
- Restart the computer.
- As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
- Use the arrow keys to select the Repair your computer menu item.
Scan result of Farbar Recovery Scan Tool Version: 09-08-2012
Ran by SYSTEM at 11-08-2012 21:49:52
Running from F:\
Windows Vista (TM) Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet003
========================== Registry (Whitelisted) =============
HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [272896 2008-08-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe [3863040 2008-11-20] (Dell Inc.)
HKLM\...\Run: [fssui] "C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe" -autorun [647528 2010-04-28] (Microsoft Corporation)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-08-25] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-08-25] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2010-08-25] (Intel Corporation)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-29] (IDT, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [PCMService] "C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe" [132392 2008-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FAStartup] [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [248040 2010-02-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [CarboniteSetupLite] "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800 [283792 2010-03-09] (Carbonite, Inc.)
HKLM-x32\...\Run: [FATrayAlert] "C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [95488 2008-09-05] (Sensible Vision )
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2008-01-20] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2008-01-20] (Microsoft Corporation)
HKU\Guest\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2008-12-18] (Google Inc.)
HKU\Guest\...\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h [1004544 2009-02-03] (Ares Development Group)
HKU\Owner\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2008-12-18] (Google Inc.)
HKU\Owner\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3872080 2010-04-16] (Microsoft Corporation)
HKU\Owner\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Lsa: [Notification Packages] scecli
FAPassSync
Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\QuickSet.lnk
ShortcutTarget: QuickSet.lnk -> C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Guest\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Owner\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
==================== Services (Whitelisted) ======
4 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_310debf0\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_310debf0\STacSV64.exe [240128 2009-06-29] (IDT, Inc.)
3 stllssvr; "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe" [74384 2008-03-24] (MicroVision Development, Inc.)
2 wltrysvc; C:\Windows\System32\WLTRYSVC.EXE C:\Windows\System32\bcmwltry.exe [2930688 2008-11-20] (Dell Inc.)
========================== Drivers (Whitelisted) =============
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-08-11 21:49 - 2012-08-11 21:49 - 00000000 ____D C:\FRST
2012-08-11 19:40 - 2012-08-11 19:40 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bhojqesn.sys
2012-08-11 19:37 - 2012-08-11 19:37 - 00000000 ____D C:\$WINDOWS.~BT
2012-08-11 19:34 - 2012-08-11 19:34 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ckjmbumk.sys
2012-08-11 19:33 - 2012-08-11 19:36 - 00001887 ____A C:\Windows\diagwrn.xml
2012-08-11 19:33 - 2012-08-11 19:36 - 00001887 ____A C:\Windows\diagerr.xml
2012-08-10 19:00 - 2012-08-10 19:00 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fqvvgwqa.sys
2012-08-10 16:13 - 2012-08-10 16:13 - 00000000 ____D C:\Program Files\AVAST Software
2012-08-10 15:22 - 2012-08-10 15:22 - 00000000 ____D C:\Windows\pss
2012-08-10 14:43 - 2012-08-10 14:43 - 00273024 ____A C:\Windows\Minidump\Mini081012-01.dmp
2012-08-10 14:35 - 2012-08-10 14:06 - 89340632 ____A C:\Users\Owner\Desktop\avast_free_antivirus_setup.exe
2012-08-10 14:32 - 2012-08-10 14:32 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mojhwpjq.sys
2012-08-09 22:32 - 2012-08-09 22:32 - 00000000 ____D C:\Users\Owner\.limewire
2012-08-09 22:20 - 2012-08-09 22:20 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\igsslueu.sys
2012-08-08 20:01 - 2012-08-08 20:01 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\snjfldjk.sys
2012-08-08 19:52 - 2012-08-08 19:52 - 00273024 ____A C:\Windows\Minidump\Mini080812-01.dmp
2012-08-08 19:08 - 2012-08-08 19:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-08-08 19:07 - 2012-08-08 19:08 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-08-08 19:06 - 2012-08-08 19:06 - 12633472 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\mseinstall(3).exe
2012-08-08 19:03 - 2012-08-08 19:03 - 12633472 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\mseinstall(2).exe
2012-08-08 19:02 - 2012-08-08 19:02 - 10300288 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\mseinstall(1).exe
2012-08-08 18:59 - 2012-08-08 18:59 - 10288512 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\mseinstall.exe
2012-08-06 21:26 - 2009-10-09 13:56 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-08-02 21:23 - 2012-08-02 21:23 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-31 20:32 - 2012-07-31 20:39 - 00000000 ____D C:\Users\Owner\AppData\Local\IM Providers
2012-07-29 21:09 - 2012-07-29 21:10 - 00273024 ____A C:\Windows\Minidump\Mini072912-01.dmp
2012-07-18 18:24 - 2012-07-18 18:46 - 00000000 ____D C:\Users\All Users\SpeedyPC Software
2012-07-18 18:24 - 2012-07-18 18:24 - 00000000 ____D C:\Users\Owner\AppData\Roaming\SpeedyPC Software
2012-07-18 18:24 - 2012-07-18 18:24 - 00000000 ____D C:\Users\Owner\AppData\Roaming\DriverCure
2012-07-16 20:51 - 2012-07-18 18:22 - 00004870 ____A C:\Windows\IE9_main.log
2012-07-16 20:50 - 2012-07-03 02:13 - 57442464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
============ 3 Months Modified Files ========================
2012-08-11 19:40 - 2012-08-11 19:40 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bhojqesn.sys
2012-08-11 19:39 - 2010-01-28 18:55 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-11 19:39 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-11 19:39 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-11 19:39 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-11 19:36 - 2012-08-11 19:33 - 00001887 ____A C:\Windows\diagwrn.xml
2012-08-11 19:36 - 2012-08-11 19:33 - 00001887 ____A C:\Windows\diagerr.xml
2012-08-11 19:36 - 2012-06-17 16:45 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-11 19:36 - 2006-11-02 07:27 - 00002689 ____A C:\Windows\setupact.log
2012-08-11 19:36 - 2006-11-02 07:27 - 00000000 ____A C:\Windows\setuperr.log
2012-08-11 19:34 - 2012-08-11 19:34 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ckjmbumk.sys
2012-08-11 12:50 - 2006-11-02 07:42 - 00032646 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-10 19:00 - 2012-08-10 19:00 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fqvvgwqa.sys
2012-08-10 18:08 - 2011-08-17 08:58 - 00000928 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2902662569-1094894158-3628613558-1000UA.job
2012-08-10 17:47 - 2010-01-28 18:55 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-10 14:53 - 2009-01-14 14:27 - 00000418 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{E6CF3ADF-9CEF-4597-BAD8-2EDBC1D256F1}.job
2012-08-10 14:43 - 2012-08-10 14:43 - 00273024 ____A C:\Windows\Minidump\Mini081012-01.dmp
2012-08-10 14:43 - 2011-08-13 12:19 - 389837850 ____A C:\Windows\MEMORY.DMP
2012-08-10 14:32 - 2012-08-10 14:32 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mojhwpjq.sys
2012-08-10 14:06 - 2012-08-10 14:35 - 89340632 ____A C:\Users\Owner\Desktop\avast_free_antivirus_setup.exe
2012-08-09 22:20 - 2012-08-09 22:20 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\igsslueu.sys
2012-08-09 22:00 - 2009-02-11 11:07 - 00000680 ____A C:\Users\Owner\AppData\Local\d3d9caps.dat
2012-08-09 19:11 - 2008-12-18 15:56 - 01702141 ____A C:\Windows\WindowsUpdate.log
2012-08-09 19:09 - 2008-01-20 19:26 - 00057394 ____A C:\Windows\PFRO.log
2012-08-08 20:01 - 2012-08-08 20:01 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\snjfldjk.sys
2012-08-08 19:52 - 2012-08-08 19:52 - 00273024 ____A C:\Windows\Minidump\Mini080812-01.dmp
2012-08-08 19:09 - 2011-01-25 20:04 - 00001945 ____A C:\Windows\epplauncher.mif
2012-08-08 19:08 - 2011-01-25 20:03 - 00739784 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-08-08 19:06 - 2012-08-08 19:06 - 12633472 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\mseinstall(3).exe
2012-08-08 19:03 - 2012-08-08 19:03 - 12633472 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\mseinstall(2).exe
2012-08-08 19:02 - 2012-08-08 19:02 - 10300288 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\mseinstall(1).exe
2012-08-08 18:59 - 2012-08-08 18:59 - 10288512 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\mseinstall.exe
2012-08-08 18:53 - 2006-11-02 04:46 - 00724780 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-03 14:36 - 2012-06-17 16:45 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-03 14:36 - 2011-07-07 17:21 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-02 21:14 - 2009-02-26 13:53 - 00000436 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2012-07-29 21:10 - 2012-07-29 21:09 - 00273024 ____A C:\Windows\Minidump\Mini072912-01.dmp
2012-07-18 18:22 - 2012-07-16 20:51 - 00004870 ____A C:\Windows\IE9_main.log
2012-07-12 03:08 - 2011-08-17 08:58 - 00000906 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2902662569-1094894158-3628613558-1000Core.job
2012-07-12 02:01 - 2006-11-02 04:35 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-07-03 02:13 - 2012-07-16 20:50 - 57442464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2012-06-29 22:12 - 2012-06-29 22:12 - 00000950 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-29 22:11 - 2012-06-29 22:11 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-1.61.0.1400.exe
2012-06-25 18:48 - 2009-02-17 13:06 - 00001758 ____A C:\Users\Owner\AppData\Roaming\wklnhst.dat
2012-06-25 18:47 - 2012-06-25 18:47 - 00011776 ____A C:\Users\Owner\Documents\Vick'ys Schedule for Fall.xlr
2012-06-18 20:47 - 2012-06-18 20:47 - 00273024 ____A C:\Windows\Minidump\Mini061812-01.dmp
2012-06-16 01:56 - 2012-06-16 01:56 - 00273024 ____A C:\Windows\Minidump\Mini061612-01.dmp
2012-06-15 20:01 - 2012-06-15 20:01 - 00001890 ____A C:\Users\Public\Desktop\Skype.lnk
2012-06-07 17:37 - 2012-06-07 17:37 - 00000013 ____A C:\Users\Owner\Documents\router trouble.txt
2012-06-03 15:20 - 2012-05-04 12:07 - 00000680 ____A C:\Users\Guest\AppData\Local\d3d9caps.dat
2012-06-02 20:46 - 2012-06-02 20:46 - 00090192 ____A C:\Users\Owner\Downloads\install_flashplayer10x32_mssd_aih.exe
2012-06-02 20:41 - 2012-06-02 20:38 - 03092128 ____A (Adobe Systems, Inc.) C:\Users\Owner\Downloads\install_flash_player(2).exe
2012-06-02 20:31 - 2012-06-02 20:30 - 00463080 ____A (CNET Download.com) C:\Users\Owner\Downloads\cnet2_BatteryBar_exe.exe
2012-05-24 10:46 - 2012-05-24 10:46 - 00001696 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-05-21 11:38 - 2010-08-12 16:49 - 00014848 ____A C:\Users\Owner\Documents\Nanny_Agree..wps
2012-05-21 10:58 - 2012-05-21 10:58 - 00023552 ____A C:\Users\Owner\Documents\schedule for vicky - fall 2012.xls
2012-05-14 19:30 - 2012-05-14 19:30 - 00273024 ____A C:\Windows\Minidump\Mini051412-01.dmp
ZeroAccess:
C:\Windows\Installer\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24}
C:\Windows\Installer\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24}\@
C:\Windows\Installer\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24}\L
C:\Windows\Installer\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24}\n
C:\Windows\Installer\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24}\U
C:\Windows\Installer\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24}\L\00000004.@
C:\Windows\Installer\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24}\L\201d3dde
C:\Windows\Installer\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24}\U\00000004.@
C:\Windows\Installer\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24}\U\00000008.@
C:\Windows\Installer\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24}\U\000000cb.@
C:\Windows\Installer\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24}\U\80000000.@
C:\Windows\Installer\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24}\U\80000032.@
C:\Windows\Installer\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24}\U\80000064.@
ZeroAccess:
C:\Users\Owner\AppData\Local\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24}
C:\Users\Owner\AppData\Local\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24}\@
C:\Users\Owner\AppData\Local\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24}\L
C:\Users\Owner\AppData\Local\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24}\U
ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini
ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini
Type 00 partition infection:
C:\Windows\svchost.exe
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe BA539D2CE99C05A180EC518EA2040D6A ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 17%
Total physical RAM: 4053.98 MB
Available physical RAM: 3331.03 MB
Total Pagefile: 3748.56 MB
Available Pagefile: 3312.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB
======================= Partitions =========================
1 Drive c: (OS) (Fixed) (Total:288.01 GB) (Free:190.34 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:3.35 GB) NTFS
3 Drive e: (VISTA_SP1_HOMEPREMIUM) (CDROM) (Total:4.2 GB) (Free:0 GB) UDF
4 Drive f: () (Removable) (Total:1.87 GB) (Free:1.2 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 1920 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 78 MB 32 KB
Partition 2 Primary 10 GB 79 MB
Partition 3 Primary 288 GB 10 GB
==================================================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 78 MB Healthy Hidden
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D RECOVERY NTFS Partition 10 GB Healthy
==================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 288 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1919 MB 1276 KB
==================================================================================
Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT Removable 1919 MB Healthy
==================================================================================
Last Boot: 2012-08-08 18:57
======================= End Of Log ==========================
Ran by SYSTEM at 11-08-2012 21:49:52
Running from F:\
Windows Vista (TM) Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet003
========================== Registry (Whitelisted) =============
HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [272896 2008-08-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe [3863040 2008-11-20] (Dell Inc.)
HKLM\...\Run: [fssui] "C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe" -autorun [647528 2010-04-28] (Microsoft Corporation)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-08-25] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-08-25] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2010-08-25] (Intel Corporation)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-29] (IDT, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [PCMService] "C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe" [132392 2008-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FAStartup] [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [248040 2010-02-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [CarboniteSetupLite] "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800 [283792 2010-03-09] (Carbonite, Inc.)
HKLM-x32\...\Run: [FATrayAlert] "C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [95488 2008-09-05] (Sensible Vision )
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2008-01-20] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2008-01-20] (Microsoft Corporation)
HKU\Guest\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2008-12-18] (Google Inc.)
HKU\Guest\...\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h [1004544 2009-02-03] (Ares Development Group)
HKU\Owner\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2008-12-18] (Google Inc.)
HKU\Owner\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3872080 2010-04-16] (Microsoft Corporation)
HKU\Owner\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Lsa: [Notification Packages] scecli
FAPassSync
Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\QuickSet.lnk
ShortcutTarget: QuickSet.lnk -> C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Guest\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Owner\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
==================== Services (Whitelisted) ======
4 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_310debf0\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_310debf0\STacSV64.exe [240128 2009-06-29] (IDT, Inc.)
3 stllssvr; "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe" [74384 2008-03-24] (MicroVision Development, Inc.)
2 wltrysvc; C:\Windows\System32\WLTRYSVC.EXE C:\Windows\System32\bcmwltry.exe [2930688 2008-11-20] (Dell Inc.)
========================== Drivers (Whitelisted) =============
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-08-11 21:49 - 2012-08-11 21:49 - 00000000 ____D C:\FRST
2012-08-11 19:40 - 2012-08-11 19:40 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bhojqesn.sys
2012-08-11 19:37 - 2012-08-11 19:37 - 00000000 ____D C:\$WINDOWS.~BT
2012-08-11 19:34 - 2012-08-11 19:34 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ckjmbumk.sys
2012-08-11 19:33 - 2012-08-11 19:36 - 00001887 ____A C:\Windows\diagwrn.xml
2012-08-11 19:33 - 2012-08-11 19:36 - 00001887 ____A C:\Windows\diagerr.xml
2012-08-10 19:00 - 2012-08-10 19:00 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fqvvgwqa.sys
2012-08-10 16:13 - 2012-08-10 16:13 - 00000000 ____D C:\Program Files\AVAST Software
2012-08-10 15:22 - 2012-08-10 15:22 - 00000000 ____D C:\Windows\pss
2012-08-10 14:43 - 2012-08-10 14:43 - 00273024 ____A C:\Windows\Minidump\Mini081012-01.dmp
2012-08-10 14:35 - 2012-08-10 14:06 - 89340632 ____A C:\Users\Owner\Desktop\avast_free_antivirus_setup.exe
2012-08-10 14:32 - 2012-08-10 14:32 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mojhwpjq.sys
2012-08-09 22:32 - 2012-08-09 22:32 - 00000000 ____D C:\Users\Owner\.limewire
2012-08-09 22:20 - 2012-08-09 22:20 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\igsslueu.sys
2012-08-08 20:01 - 2012-08-08 20:01 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\snjfldjk.sys
2012-08-08 19:52 - 2012-08-08 19:52 - 00273024 ____A C:\Windows\Minidump\Mini080812-01.dmp
2012-08-08 19:08 - 2012-08-08 19:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-08-08 19:07 - 2012-08-08 19:08 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-08-08 19:06 - 2012-08-08 19:06 - 12633472 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\mseinstall(3).exe
2012-08-08 19:03 - 2012-08-08 19:03 - 12633472 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\mseinstall(2).exe
2012-08-08 19:02 - 2012-08-08 19:02 - 10300288 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\mseinstall(1).exe
2012-08-08 18:59 - 2012-08-08 18:59 - 10288512 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\mseinstall.exe
2012-08-06 21:26 - 2009-10-09 13:56 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-08-02 21:23 - 2012-08-02 21:23 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-31 20:32 - 2012-07-31 20:39 - 00000000 ____D C:\Users\Owner\AppData\Local\IM Providers
2012-07-29 21:09 - 2012-07-29 21:10 - 00273024 ____A C:\Windows\Minidump\Mini072912-01.dmp
2012-07-18 18:24 - 2012-07-18 18:46 - 00000000 ____D C:\Users\All Users\SpeedyPC Software
2012-07-18 18:24 - 2012-07-18 18:24 - 00000000 ____D C:\Users\Owner\AppData\Roaming\SpeedyPC Software
2012-07-18 18:24 - 2012-07-18 18:24 - 00000000 ____D C:\Users\Owner\AppData\Roaming\DriverCure
2012-07-16 20:51 - 2012-07-18 18:22 - 00004870 ____A C:\Windows\IE9_main.log
2012-07-16 20:50 - 2012-07-03 02:13 - 57442464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
============ 3 Months Modified Files ========================
2012-08-11 19:40 - 2012-08-11 19:40 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bhojqesn.sys
2012-08-11 19:39 - 2010-01-28 18:55 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-11 19:39 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-11 19:39 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-11 19:39 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-11 19:36 - 2012-08-11 19:33 - 00001887 ____A C:\Windows\diagwrn.xml
2012-08-11 19:36 - 2012-08-11 19:33 - 00001887 ____A C:\Windows\diagerr.xml
2012-08-11 19:36 - 2012-06-17 16:45 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-11 19:36 - 2006-11-02 07:27 - 00002689 ____A C:\Windows\setupact.log
2012-08-11 19:36 - 2006-11-02 07:27 - 00000000 ____A C:\Windows\setuperr.log
2012-08-11 19:34 - 2012-08-11 19:34 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ckjmbumk.sys
2012-08-11 12:50 - 2006-11-02 07:42 - 00032646 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-10 19:00 - 2012-08-10 19:00 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fqvvgwqa.sys
2012-08-10 18:08 - 2011-08-17 08:58 - 00000928 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2902662569-1094894158-3628613558-1000UA.job
2012-08-10 17:47 - 2010-01-28 18:55 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-10 14:53 - 2009-01-14 14:27 - 00000418 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{E6CF3ADF-9CEF-4597-BAD8-2EDBC1D256F1}.job
2012-08-10 14:43 - 2012-08-10 14:43 - 00273024 ____A C:\Windows\Minidump\Mini081012-01.dmp
2012-08-10 14:43 - 2011-08-13 12:19 - 389837850 ____A C:\Windows\MEMORY.DMP
2012-08-10 14:32 - 2012-08-10 14:32 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mojhwpjq.sys
2012-08-10 14:06 - 2012-08-10 14:35 - 89340632 ____A C:\Users\Owner\Desktop\avast_free_antivirus_setup.exe
2012-08-09 22:20 - 2012-08-09 22:20 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\igsslueu.sys
2012-08-09 22:00 - 2009-02-11 11:07 - 00000680 ____A C:\Users\Owner\AppData\Local\d3d9caps.dat
2012-08-09 19:11 - 2008-12-18 15:56 - 01702141 ____A C:\Windows\WindowsUpdate.log
2012-08-09 19:09 - 2008-01-20 19:26 - 00057394 ____A C:\Windows\PFRO.log
2012-08-08 20:01 - 2012-08-08 20:01 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\snjfldjk.sys
2012-08-08 19:52 - 2012-08-08 19:52 - 00273024 ____A C:\Windows\Minidump\Mini080812-01.dmp
2012-08-08 19:09 - 2011-01-25 20:04 - 00001945 ____A C:\Windows\epplauncher.mif
2012-08-08 19:08 - 2011-01-25 20:03 - 00739784 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-08-08 19:06 - 2012-08-08 19:06 - 12633472 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\mseinstall(3).exe
2012-08-08 19:03 - 2012-08-08 19:03 - 12633472 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\mseinstall(2).exe
2012-08-08 19:02 - 2012-08-08 19:02 - 10300288 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\mseinstall(1).exe
2012-08-08 18:59 - 2012-08-08 18:59 - 10288512 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\mseinstall.exe
2012-08-08 18:53 - 2006-11-02 04:46 - 00724780 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-03 14:36 - 2012-06-17 16:45 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-03 14:36 - 2011-07-07 17:21 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-02 21:14 - 2009-02-26 13:53 - 00000436 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2012-07-29 21:10 - 2012-07-29 21:09 - 00273024 ____A C:\Windows\Minidump\Mini072912-01.dmp
2012-07-18 18:22 - 2012-07-16 20:51 - 00004870 ____A C:\Windows\IE9_main.log
2012-07-12 03:08 - 2011-08-17 08:58 - 00000906 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2902662569-1094894158-3628613558-1000Core.job
2012-07-12 02:01 - 2006-11-02 04:35 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-07-03 02:13 - 2012-07-16 20:50 - 57442464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2012-06-29 22:12 - 2012-06-29 22:12 - 00000950 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-29 22:11 - 2012-06-29 22:11 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-1.61.0.1400.exe
2012-06-25 18:48 - 2009-02-17 13:06 - 00001758 ____A C:\Users\Owner\AppData\Roaming\wklnhst.dat
2012-06-25 18:47 - 2012-06-25 18:47 - 00011776 ____A C:\Users\Owner\Documents\Vick'ys Schedule for Fall.xlr
2012-06-18 20:47 - 2012-06-18 20:47 - 00273024 ____A C:\Windows\Minidump\Mini061812-01.dmp
2012-06-16 01:56 - 2012-06-16 01:56 - 00273024 ____A C:\Windows\Minidump\Mini061612-01.dmp
2012-06-15 20:01 - 2012-06-15 20:01 - 00001890 ____A C:\Users\Public\Desktop\Skype.lnk
2012-06-07 17:37 - 2012-06-07 17:37 - 00000013 ____A C:\Users\Owner\Documents\router trouble.txt
2012-06-03 15:20 - 2012-05-04 12:07 - 00000680 ____A C:\Users\Guest\AppData\Local\d3d9caps.dat
2012-06-02 20:46 - 2012-06-02 20:46 - 00090192 ____A C:\Users\Owner\Downloads\install_flashplayer10x32_mssd_aih.exe
2012-06-02 20:41 - 2012-06-02 20:38 - 03092128 ____A (Adobe Systems, Inc.) C:\Users\Owner\Downloads\install_flash_player(2).exe
2012-06-02 20:31 - 2012-06-02 20:30 - 00463080 ____A (CNET Download.com) C:\Users\Owner\Downloads\cnet2_BatteryBar_exe.exe
2012-05-24 10:46 - 2012-05-24 10:46 - 00001696 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-05-21 11:38 - 2010-08-12 16:49 - 00014848 ____A C:\Users\Owner\Documents\Nanny_Agree..wps
2012-05-21 10:58 - 2012-05-21 10:58 - 00023552 ____A C:\Users\Owner\Documents\schedule for vicky - fall 2012.xls
2012-05-14 19:30 - 2012-05-14 19:30 - 00273024 ____A C:\Windows\Minidump\Mini051412-01.dmp
ZeroAccess:
C:\Windows\Installer\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24}
C:\Windows\Installer\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24}\@
C:\Windows\Installer\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24}\L
C:\Windows\Installer\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24}\n
C:\Windows\Installer\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24}\U
C:\Windows\Installer\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24}\L\00000004.@
C:\Windows\Installer\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24}\L\201d3dde
C:\Windows\Installer\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24}\U\00000004.@
C:\Windows\Installer\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24}\U\00000008.@
C:\Windows\Installer\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24}\U\000000cb.@
C:\Windows\Installer\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24}\U\80000000.@
C:\Windows\Installer\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24}\U\80000032.@
C:\Windows\Installer\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24}\U\80000064.@
ZeroAccess:
C:\Users\Owner\AppData\Local\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24}
C:\Users\Owner\AppData\Local\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24}\@
C:\Users\Owner\AppData\Local\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24}\L
C:\Users\Owner\AppData\Local\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24}\U
ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini
ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini
Type 00 partition infection:
C:\Windows\svchost.exe
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe BA539D2CE99C05A180EC518EA2040D6A ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 17%
Total physical RAM: 4053.98 MB
Available physical RAM: 3331.03 MB
Total Pagefile: 3748.56 MB
Available Pagefile: 3312.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB
======================= Partitions =========================
1 Drive c: (OS) (Fixed) (Total:288.01 GB) (Free:190.34 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:3.35 GB) NTFS
3 Drive e: (VISTA_SP1_HOMEPREMIUM) (CDROM) (Total:4.2 GB) (Free:0 GB) UDF
4 Drive f: () (Removable) (Total:1.87 GB) (Free:1.2 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 1920 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 78 MB 32 KB
Partition 2 Primary 10 GB 79 MB
Partition 3 Primary 288 GB 10 GB
==================================================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 78 MB Healthy Hidden
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D RECOVERY NTFS Partition 10 GB Healthy
==================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 288 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1919 MB 1276 KB
==================================================================================
Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT Removable 1919 MB Healthy
==================================================================================
Last Boot: 2012-08-08 18:57
======================= End Of Log ==========================
SEARCH.txt
Farbar Recovery Scan Tool Version: 09-08-2012
Ran by SYSTEM at 2012-08-11 21:53:14
Running from F:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2008-01-20 18:50] - [2008-01-20 18:50] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe
[2008-01-20 18:49] - [2008-01-20 18:49] - 0384512 ____A (Microsoft Corporation) DFAC660F0F139276CC9299812DE42719
C:\Windows\SysWOW64\services.exe
[2008-01-20 18:50] - [2008-01-20 18:50] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C
C:\Windows\System32\services.exe
[2008-01-20 18:49] - [2008-01-20 18:49] - 0384512 ____A (Microsoft Corporation) BA539D2CE99C05A180EC518EA2040D6A
C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2009-12-15 20:06] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B
C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[2009-12-15 20:07] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3
====== End Of Search ======
Farbar Recovery Scan Tool Version: 09-08-2012
Ran by SYSTEM at 2012-08-11 21:53:14
Running from F:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2008-01-20 18:50] - [2008-01-20 18:50] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe
[2008-01-20 18:49] - [2008-01-20 18:49] - 0384512 ____A (Microsoft Corporation) DFAC660F0F139276CC9299812DE42719
C:\Windows\SysWOW64\services.exe
[2008-01-20 18:50] - [2008-01-20 18:50] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C
C:\Windows\System32\services.exe
[2008-01-20 18:49] - [2008-01-20 18:49] - 0384512 ____A (Microsoft Corporation) BA539D2CE99C05A180EC518EA2040D6A
C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2009-12-15 20:06] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B
C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[2009-12-15 20:07] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3
====== End Of Search ======
Broni
Posts: 56,041 +516
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
Next...
Restart normally.
Download TDSSKiller and save it to your desktop.
=========================
Bed time here so I'll check on you tomorrow morning...
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
Next...
Restart normally.
Download TDSSKiller and save it to your desktop.
- Extract (unzip) its contents to your desktop.
- Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
- If an infected file is detected, the default action will be Cure, click on Continue.
- If a suspicious file is detected, the default action will be Skip, click on Continue.
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
- If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
- If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
=========================
Bed time here so I'll check on you tomorrow morning...
FixLog Content:
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 09-08-2012
Ran by SYSTEM at 2012-08-11 22:24:05 Run:1
Running from F:\
==============================================
HKEY_LOCAL_MACHINE\System\ControlSet003\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\System32\consrv.dll not found.
C:\Windows\svchost.exe moved successfully.
C:\Windows\System32\Drivers\bhojqesn.sys moved successfully.
C:\Windows\System32\Drivers\ckjmbumk.sys moved successfully.
C:\Windows\System32\Drivers\fqvvgwqa.sys moved successfully.
C:\Windows\System32\Drivers\mojhwpjq.sys moved successfully.
C:\Windows\System32\Drivers\igsslueu.sys moved successfully.
C:\Windows\System32\Drivers\snjfldjk.sys moved successfully.
C:\Windows\Installer\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24} moved successfully.
C:\Users\Owner\AppData\Local\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe copied successfully to C:\Windows\System32\services.exe
==== End of Fixlog ====
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 09-08-2012
Ran by SYSTEM at 2012-08-11 22:24:05 Run:1
Running from F:\
==============================================
HKEY_LOCAL_MACHINE\System\ControlSet003\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\System32\consrv.dll not found.
C:\Windows\svchost.exe moved successfully.
C:\Windows\System32\Drivers\bhojqesn.sys moved successfully.
C:\Windows\System32\Drivers\ckjmbumk.sys moved successfully.
C:\Windows\System32\Drivers\fqvvgwqa.sys moved successfully.
C:\Windows\System32\Drivers\mojhwpjq.sys moved successfully.
C:\Windows\System32\Drivers\igsslueu.sys moved successfully.
C:\Windows\System32\Drivers\snjfldjk.sys moved successfully.
C:\Windows\Installer\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24} moved successfully.
C:\Users\Owner\AppData\Local\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe copied successfully to C:\Windows\System32\services.exe
==== End of Fixlog ====
22:30:20.0663 1064 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
22:30:21.0069 1064 ============================================================
22:30:21.0069 1064 Current date / time: 2012/08/11 22:30:21.0069
22:30:21.0069 1064 SystemInfo:
22:30:21.0069 1064
22:30:21.0069 1064 OS Version: 6.0.6001 ServicePack: 1.0
22:30:21.0069 1064 Product type: Workstation
22:30:21.0069 1064 ComputerName: OWNER-PC
22:30:21.0069 1064 UserName: Owner
22:30:21.0069 1064 Windows directory: C:\Windows
22:30:21.0069 1064 System windows directory: C:\Windows
22:30:21.0069 1064 Running under WOW64
22:30:21.0069 1064 Processor architecture: Intel x64
22:30:21.0069 1064 Number of processors: 2
22:30:21.0069 1064 Page size: 0x1000
22:30:21.0069 1064 Boot type: Normal boot
22:30:21.0084 1064 ============================================================
22:30:41.0774 1064 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:30:41.0790 1064 Drive \Device\Harddisk1\DR1 - Size: 0x78000000 (1.88 Gb), SectorSize: 0x200, Cylinders: 0xF4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:30:41.0790 1064 ============================================================
22:30:41.0790 1064 \Device\Harddisk0\DR0:
22:30:41.0790 1064 MBR partitions:
22:30:41.0790 1064 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x27800, BlocksNum 0x1400000
22:30:41.0790 1064 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1427800, BlocksNum 0x24006800
22:30:41.0790 1064 \Device\Harddisk1\DR1:
22:30:41.0790 1064 MBR partitions:
22:30:41.0790 1064 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x9F8, BlocksNum 0x3BF608
22:30:41.0790 1064 ============================================================
22:30:41.0915 1064 C: <-> \Device\Harddisk0\DR0\Partition1
22:30:42.0040 1064 D: <-> \Device\Harddisk0\DR0\Partition0
22:30:42.0040 1064 ============================================================
22:30:42.0040 1064 Initialize success
22:30:42.0040 1064 ============================================================
22:30:44.0707 1592 ============================================================
22:30:44.0707 1592 Scan started
22:30:44.0707 1592 Mode: Manual;
22:30:44.0707 1592 ============================================================
22:30:47.0593 1592 ACPI (8c99ed256a889d647935a97c543b7b85) C:\Windows\system32\drivers\acpi.sys
22:30:47.0593 1592 ACPI - ok
22:30:48.0794 1592 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:30:48.0919 1592 AdobeFlashPlayerUpdateSvc - ok
22:30:49.0543 1592 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
22:30:49.0574 1592 adp94xx - ok
22:30:49.0793 1592 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
22:30:49.0808 1592 adpahci - ok
22:30:50.0526 1592 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
22:30:50.0573 1592 adpu160m - ok
22:30:50.0604 1592 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
22:30:50.0620 1592 adpu320 - ok
22:30:50.0635 1592 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
22:30:50.0635 1592 AeLookupSvc - ok
22:30:51.0587 1592 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_310debf0\AESTSr64.exe
22:30:51.0727 1592 AESTFilters - ok
22:30:52.0148 1592 AFD (9bb97042fa331a0fb4bdd98b9280a50a) C:\Windows\system32\drivers\afd.sys
22:30:52.0180 1592 AFD - ok
22:30:52.0226 1592 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
22:30:52.0242 1592 agp440 - ok
22:30:52.0351 1592 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
22:30:52.0367 1592 aic78xx - ok
22:30:52.0398 1592 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
22:30:52.0429 1592 ALG - ok
22:30:52.0648 1592 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
22:30:52.0694 1592 aliide - ok
22:30:52.0726 1592 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
22:30:52.0741 1592 amdide - ok
22:30:52.0850 1592 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
22:30:52.0882 1592 AmdK8 - ok
22:30:53.0755 1592 ApfiltrService (8c85c812569df851e7a2159147323dfa) C:\Windows\system32\DRIVERS\Apfiltr.sys
22:30:53.0771 1592 ApfiltrService - ok
22:30:54.0052 1592 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
22:30:54.0052 1592 Appinfo - ok
22:30:54.0676 1592 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:30:54.0676 1592 Apple Mobile Device - ok
22:30:55.0097 1592 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
22:30:55.0128 1592 arc - ok
22:30:55.0300 1592 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
22:30:55.0315 1592 arcsas - ok
22:30:55.0378 1592 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
22:30:55.0378 1592 AsyncMac - ok
22:30:55.0518 1592 atapi (f988bb0690cd660318037908e9b8dbf7) C:\Windows\system32\drivers\atapi.sys
22:30:55.0518 1592 atapi - ok
22:30:56.0126 1592 AudioEndpointBuilder (2a54b6a48ab6d2166271b05e9469326e) C:\Windows\System32\Audiosrv.dll
22:30:56.0142 1592 AudioEndpointBuilder - ok
22:30:56.0142 1592 AudioSrv (2a54b6a48ab6d2166271b05e9469326e) C:\Windows\System32\Audiosrv.dll
22:30:56.0142 1592 AudioSrv - ok
22:30:56.0298 1592 BBSvc (47480f4260dae9aa589bcaf924b3767a) C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe
22:30:56.0298 1592 BBSvc - ok
22:30:56.0360 1592 BBUpdate (6bf743cbf3bcd09dab79245e60e1ae62) C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe
22:30:56.0454 1592 BBUpdate - ok
22:30:56.0516 1592 BCM42RLY (70a746dca80368a4155ba9014dc103d9) C:\Windows\system32\drivers\BCM42RLY.sys
22:30:56.0516 1592 BCM42RLY - ok
22:30:57.0468 1592 BCM43XX (b76505d76984d935214e118753bdb2cb) C:\Windows\system32\DRIVERS\bcmwl664.sys
22:30:57.0468 1592 BCM43XX - ok
22:30:57.0562 1592 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
22:30:57.0577 1592 blbdrive - ok
22:30:57.0842 1592 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
22:30:57.0842 1592 Bonjour Service - ok
22:30:58.0342 1592 bowser (f0f035fcec3554cc1b70c5611bd87951) C:\Windows\system32\DRIVERS\bowser.sys
22:30:58.0342 1592 bowser - ok
22:30:58.0435 1592 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
22:30:58.0451 1592 BrFiltLo - ok
22:30:58.0498 1592 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
22:30:58.0529 1592 BrFiltUp - ok
22:30:58.0763 1592 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
22:30:58.0763 1592 Browser - ok
22:30:58.0888 1592 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
22:30:58.0903 1592 Brserid - ok
22:30:58.0981 1592 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
22:30:58.0997 1592 BrSerWdm - ok
22:30:59.0012 1592 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
22:30:59.0028 1592 BrUsbMdm - ok
22:30:59.0059 1592 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
22:30:59.0059 1592 BrUsbSer - ok
22:30:59.0090 1592 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
22:30:59.0106 1592 BTHMODEM - ok
22:30:59.0137 1592 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
22:30:59.0184 1592 cdfs - ok
22:30:59.0215 1592 cdrom (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys
22:30:59.0231 1592 cdrom - ok
22:30:59.0590 1592 CertPropSvc (edfffc8b6afb609bf33dbe0a900426b6) C:\Windows\System32\certprop.dll
22:30:59.0652 1592 CertPropSvc - ok
22:30:59.0917 1592 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
22:30:59.0917 1592 circlass - ok
22:31:00.0058 1592 CLFS (c12c4ee07843b595036da0baa6317936) C:\Windows\system32\CLFS.sys
22:31:00.0058 1592 CLFS - ok
22:31:00.0385 1592 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:31:00.0432 1592 clr_optimization_v2.0.50727_32 - ok
22:31:00.0760 1592 clr_optimization_v2.0.50727_64 (fa58b51ed71c9133e141164eaa7c54eb) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:31:00.0822 1592 clr_optimization_v2.0.50727_64 - ok
22:30:21.0069 1064 ============================================================
22:30:21.0069 1064 Current date / time: 2012/08/11 22:30:21.0069
22:30:21.0069 1064 SystemInfo:
22:30:21.0069 1064
22:30:21.0069 1064 OS Version: 6.0.6001 ServicePack: 1.0
22:30:21.0069 1064 Product type: Workstation
22:30:21.0069 1064 ComputerName: OWNER-PC
22:30:21.0069 1064 UserName: Owner
22:30:21.0069 1064 Windows directory: C:\Windows
22:30:21.0069 1064 System windows directory: C:\Windows
22:30:21.0069 1064 Running under WOW64
22:30:21.0069 1064 Processor architecture: Intel x64
22:30:21.0069 1064 Number of processors: 2
22:30:21.0069 1064 Page size: 0x1000
22:30:21.0069 1064 Boot type: Normal boot
22:30:21.0084 1064 ============================================================
22:30:41.0774 1064 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:30:41.0790 1064 Drive \Device\Harddisk1\DR1 - Size: 0x78000000 (1.88 Gb), SectorSize: 0x200, Cylinders: 0xF4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:30:41.0790 1064 ============================================================
22:30:41.0790 1064 \Device\Harddisk0\DR0:
22:30:41.0790 1064 MBR partitions:
22:30:41.0790 1064 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x27800, BlocksNum 0x1400000
22:30:41.0790 1064 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1427800, BlocksNum 0x24006800
22:30:41.0790 1064 \Device\Harddisk1\DR1:
22:30:41.0790 1064 MBR partitions:
22:30:41.0790 1064 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x9F8, BlocksNum 0x3BF608
22:30:41.0790 1064 ============================================================
22:30:41.0915 1064 C: <-> \Device\Harddisk0\DR0\Partition1
22:30:42.0040 1064 D: <-> \Device\Harddisk0\DR0\Partition0
22:30:42.0040 1064 ============================================================
22:30:42.0040 1064 Initialize success
22:30:42.0040 1064 ============================================================
22:30:44.0707 1592 ============================================================
22:30:44.0707 1592 Scan started
22:30:44.0707 1592 Mode: Manual;
22:30:44.0707 1592 ============================================================
22:30:47.0593 1592 ACPI (8c99ed256a889d647935a97c543b7b85) C:\Windows\system32\drivers\acpi.sys
22:30:47.0593 1592 ACPI - ok
22:30:48.0794 1592 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:30:48.0919 1592 AdobeFlashPlayerUpdateSvc - ok
22:30:49.0543 1592 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
22:30:49.0574 1592 adp94xx - ok
22:30:49.0793 1592 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
22:30:49.0808 1592 adpahci - ok
22:30:50.0526 1592 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
22:30:50.0573 1592 adpu160m - ok
22:30:50.0604 1592 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
22:30:50.0620 1592 adpu320 - ok
22:30:50.0635 1592 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
22:30:50.0635 1592 AeLookupSvc - ok
22:30:51.0587 1592 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_310debf0\AESTSr64.exe
22:30:51.0727 1592 AESTFilters - ok
22:30:52.0148 1592 AFD (9bb97042fa331a0fb4bdd98b9280a50a) C:\Windows\system32\drivers\afd.sys
22:30:52.0180 1592 AFD - ok
22:30:52.0226 1592 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
22:30:52.0242 1592 agp440 - ok
22:30:52.0351 1592 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
22:30:52.0367 1592 aic78xx - ok
22:30:52.0398 1592 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
22:30:52.0429 1592 ALG - ok
22:30:52.0648 1592 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
22:30:52.0694 1592 aliide - ok
22:30:52.0726 1592 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
22:30:52.0741 1592 amdide - ok
22:30:52.0850 1592 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
22:30:52.0882 1592 AmdK8 - ok
22:30:53.0755 1592 ApfiltrService (8c85c812569df851e7a2159147323dfa) C:\Windows\system32\DRIVERS\Apfiltr.sys
22:30:53.0771 1592 ApfiltrService - ok
22:30:54.0052 1592 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
22:30:54.0052 1592 Appinfo - ok
22:30:54.0676 1592 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:30:54.0676 1592 Apple Mobile Device - ok
22:30:55.0097 1592 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
22:30:55.0128 1592 arc - ok
22:30:55.0300 1592 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
22:30:55.0315 1592 arcsas - ok
22:30:55.0378 1592 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
22:30:55.0378 1592 AsyncMac - ok
22:30:55.0518 1592 atapi (f988bb0690cd660318037908e9b8dbf7) C:\Windows\system32\drivers\atapi.sys
22:30:55.0518 1592 atapi - ok
22:30:56.0126 1592 AudioEndpointBuilder (2a54b6a48ab6d2166271b05e9469326e) C:\Windows\System32\Audiosrv.dll
22:30:56.0142 1592 AudioEndpointBuilder - ok
22:30:56.0142 1592 AudioSrv (2a54b6a48ab6d2166271b05e9469326e) C:\Windows\System32\Audiosrv.dll
22:30:56.0142 1592 AudioSrv - ok
22:30:56.0298 1592 BBSvc (47480f4260dae9aa589bcaf924b3767a) C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe
22:30:56.0298 1592 BBSvc - ok
22:30:56.0360 1592 BBUpdate (6bf743cbf3bcd09dab79245e60e1ae62) C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe
22:30:56.0454 1592 BBUpdate - ok
22:30:56.0516 1592 BCM42RLY (70a746dca80368a4155ba9014dc103d9) C:\Windows\system32\drivers\BCM42RLY.sys
22:30:56.0516 1592 BCM42RLY - ok
22:30:57.0468 1592 BCM43XX (b76505d76984d935214e118753bdb2cb) C:\Windows\system32\DRIVERS\bcmwl664.sys
22:30:57.0468 1592 BCM43XX - ok
22:30:57.0562 1592 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
22:30:57.0577 1592 blbdrive - ok
22:30:57.0842 1592 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
22:30:57.0842 1592 Bonjour Service - ok
22:30:58.0342 1592 bowser (f0f035fcec3554cc1b70c5611bd87951) C:\Windows\system32\DRIVERS\bowser.sys
22:30:58.0342 1592 bowser - ok
22:30:58.0435 1592 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
22:30:58.0451 1592 BrFiltLo - ok
22:30:58.0498 1592 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
22:30:58.0529 1592 BrFiltUp - ok
22:30:58.0763 1592 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
22:30:58.0763 1592 Browser - ok
22:30:58.0888 1592 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
22:30:58.0903 1592 Brserid - ok
22:30:58.0981 1592 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
22:30:58.0997 1592 BrSerWdm - ok
22:30:59.0012 1592 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
22:30:59.0028 1592 BrUsbMdm - ok
22:30:59.0059 1592 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
22:30:59.0059 1592 BrUsbSer - ok
22:30:59.0090 1592 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
22:30:59.0106 1592 BTHMODEM - ok
22:30:59.0137 1592 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
22:30:59.0184 1592 cdfs - ok
22:30:59.0215 1592 cdrom (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys
22:30:59.0231 1592 cdrom - ok
22:30:59.0590 1592 CertPropSvc (edfffc8b6afb609bf33dbe0a900426b6) C:\Windows\System32\certprop.dll
22:30:59.0652 1592 CertPropSvc - ok
22:30:59.0917 1592 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
22:30:59.0917 1592 circlass - ok
22:31:00.0058 1592 CLFS (c12c4ee07843b595036da0baa6317936) C:\Windows\system32\CLFS.sys
22:31:00.0058 1592 CLFS - ok
22:31:00.0385 1592 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:31:00.0432 1592 clr_optimization_v2.0.50727_32 - ok
22:31:00.0760 1592 clr_optimization_v2.0.50727_64 (fa58b51ed71c9133e141164eaa7c54eb) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:31:00.0822 1592 clr_optimization_v2.0.50727_64 - ok
22:31:01.0384 1592 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:31:01.0633 1592 clr_optimization_v4.0.30319_32 - ok
22:31:01.0867 1592 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:31:01.0867 1592 clr_optimization_v4.0.30319_64 - ok
22:31:02.0008 1592 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
22:31:02.0023 1592 CmBatt - ok
22:31:02.0039 1592 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
22:31:02.0054 1592 cmdide - ok
22:31:02.0070 1592 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
22:31:02.0070 1592 Compbatt - ok
22:31:02.0070 1592 COMSysApp - ok
22:31:02.0086 1592 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
22:31:02.0086 1592 crcdisk - ok
22:31:02.0132 1592 CryptSvc (4374f784121d8b3bb466b03f5e5ebd33) C:\Windows\system32\cryptsvc.dll
22:31:02.0148 1592 CryptSvc - ok
22:31:02.0663 1592 DcomLaunch (52cdade8289ff21f1f2215ff51a5f36c) C:\Windows\system32\rpcss.dll
22:31:02.0912 1592 DcomLaunch - ok
22:31:03.0053 1592 DfsC (3725c43c9e90731eca651d506cc599a3) C:\Windows\system32\Drivers\dfsc.sys
22:31:03.0068 1592 DfsC - ok
22:31:07.0577 1592 DFSR (1781f99840979ee7b126c9073c377fd0) C:\Windows\system32\DFSR.exe
22:31:07.0826 1592 DFSR - ok
22:31:08.0622 1592 Dhcp (fdaa0edfcfb70cd529589ad654651b40) C:\Windows\System32\dhcpcsvc.dll
22:31:08.0669 1592 Dhcp - ok
22:31:08.0872 1592 disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys
22:31:08.0872 1592 disk - ok
22:31:08.0918 1592 Dnscache (daf05293c1264e251d3a25e7e24b2ddf) C:\Windows\System32\dnsrslvr.dll
22:31:08.0950 1592 Dnscache - ok
22:31:09.0620 1592 DockLoginService (db29915209770d8b59654345ec2d943a) C:\Program Files\Dell\DellDock\DockLogin.exe
22:31:09.0683 1592 DockLoginService - ok
22:31:09.0745 1592 dot3svc (cc661867677627f2911c2a4970dee0f1) C:\Windows\System32\dot3svc.dll
22:31:09.0761 1592 dot3svc - ok
22:31:09.0808 1592 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
22:31:09.0823 1592 DPS - ok
22:31:09.0854 1592 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
22:31:09.0854 1592 drmkaud - ok
22:31:10.0182 1592 DXGKrnl (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys
22:31:10.0229 1592 DXGKrnl - ok
22:31:10.0385 1592 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
22:31:10.0400 1592 e1express - ok
22:31:10.0822 1592 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
22:31:10.0868 1592 E1G60 - ok
22:31:11.0180 1592 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
22:31:11.0212 1592 EapHost - ok
22:31:11.0290 1592 Ecache (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys
22:31:11.0305 1592 Ecache - ok
22:31:12.0038 1592 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
22:31:12.0116 1592 ehRecvr - ok
22:31:12.0148 1592 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
22:31:12.0194 1592 ehSched - ok
22:31:12.0210 1592 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
22:31:12.0210 1592 ehstart - ok
22:31:12.0272 1592 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
22:31:12.0288 1592 elxstor - ok
22:31:12.0460 1592 EMDMgmt (e4eb76d0a8fc43db7f36302e1f33791f) C:\Windows\system32\emdmgmt.dll
22:31:12.0475 1592 EMDMgmt - ok
22:31:12.0506 1592 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
22:31:12.0522 1592 ErrDev - ok
22:31:12.0678 1592 EventSystem (6b1a97bf9fefbdc83f3c7c7d0f826c66) C:\Windows\system32\es.dll
22:31:12.0740 1592 EventSystem - ok
22:31:12.0787 1592 exfat (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys
22:31:12.0803 1592 exfat - ok
22:31:12.0850 1592 FACAP (e7f412035b832013fa32f412246c5bff) C:\Windows\system32\DRIVERS\facap.sys
22:31:12.0865 1592 FACAP - ok
22:31:16.0063 1592 FAService (4cd1d92dbf3bf28d43cfb98dfb91b7ab) C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
22:31:16.0079 1592 FAService - ok
22:31:18.0325 1592 fastfat (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys
22:31:18.0341 1592 fastfat - ok
22:31:18.0434 1592 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
22:31:18.0450 1592 fdc - ok
22:31:18.0528 1592 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
22:31:18.0528 1592 fdPHost - ok
22:31:18.0575 1592 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
22:31:18.0575 1592 FDResPub - ok
22:31:18.0606 1592 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
22:31:18.0606 1592 FileInfo - ok
22:31:18.0715 1592 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
22:31:18.0840 1592 Filetrace - ok
22:31:18.0965 1592 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
22:31:19.0043 1592 flpydisk - ok
22:31:19.0308 1592 FltMgr (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys
22:31:19.0308 1592 FltMgr - ok
22:31:19.0511 1592 FontCache3.0.0.0 (73d0f1d32edae3dcc4e84468bf910add) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:31:19.0526 1592 FontCache3.0.0.0 - ok
22:31:19.0636 1592 fssfltr (53dab1791917a72738539ad25c4eed7f) C:\Windows\system32\DRIVERS\fssfltr.sys
22:31:19.0651 1592 fssfltr - ok
22:31:20.0119 1592 fsssvc (45b52394f9624237f33a8a3d73c0b221) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
22:31:20.0244 1592 fsssvc - ok
22:31:20.0275 1592 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
22:31:20.0291 1592 Fs_Rec - ok
22:31:20.0494 1592 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
22:31:20.0494 1592 gagp30kx - ok
22:31:20.0525 1592 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:31:20.0540 1592 GEARAspiWDM - ok
22:31:20.0899 1592 gpsvc (9e5b254d58232ec8921ec3c5a94c81ed) C:\Windows\System32\gpsvc.dll
22:31:20.0946 1592 gpsvc - ok
22:31:21.0149 1592 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:31:21.0149 1592 gupdate - ok
22:31:21.0149 1592 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:31:21.0149 1592 gupdatem - ok
22:31:22.0132 1592 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:31:22.0178 1592 gusvc - ok
22:31:22.0943 1592 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
22:31:23.0068 1592 HdAudAddService - ok
22:31:23.0146 1592 HDAudBus (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:31:23.0146 1592 HDAudBus - ok
22:31:23.0161 1592 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
22:31:23.0177 1592 HidBth - ok
22:31:23.0380 1592 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
22:31:23.0426 1592 HidIr - ok
22:31:23.0504 1592 hidserv (77e34697087cfdbcfd9e0009704fb5af) C:\Windows\system32\hidserv.dll
22:31:23.0504 1592 hidserv - ok
22:31:23.0520 1592 HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys
22:31:23.0536 1592 HidUsb - ok
22:31:24.0191 1592 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
22:31:24.0222 1592 hkmsvc - ok
22:31:24.0721 1592 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
22:31:24.0799 1592 HpCISSs - ok
22:31:26.0562 1592 HTTP (e690736da6c543f5d99c8fa27bea31db) C:\Windows\system32\drivers\HTTP.sys
22:31:26.0562 1592 HTTP - ok
22:31:26.0843 1592 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
22:31:26.0921 1592 i2omp - ok
22:31:27.0061 1592 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
22:31:27.0139 1592 i8042prt - ok
22:31:27.0233 1592 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
22:31:27.0280 1592 iaStorV - ok
22:31:28.0387 1592 idsvc (76ea63cdb2d88dae7209691d089bef1d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:31:28.0481 1592 idsvc - ok
22:31:44.0564 1592 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
22:31:44.0970 1592 igfx - ok
22:31:46.0374 1592 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
22:31:46.0374 1592 iirsp - ok
22:31:46.0499 1592 IKEEXT (f6b541b5b8ffc17e91c2697a39c80fe4) C:\Windows\System32\ikeext.dll
22:31:46.0530 1592 IKEEXT - ok
22:31:46.0561 1592 IntcHdmiAddService (dea2ab452b4fa773187369c4b6517320) C:\Windows\system32\drivers\IntcHdmi.sys
22:31:46.0577 1592 IntcHdmiAddService - ok
22:31:46.0624 1592 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
22:31:46.0639 1592 intelide - ok
22:31:46.0670 1592 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
22:31:46.0670 1592 intelppm - ok
22:31:46.0717 1592 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
22:31:46.0748 1592 IPBusEnum - ok
22:31:46.0764 1592 IpFilterDriver (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:31:46.0780 1592 IpFilterDriver - ok
22:31:46.0780 1592 IpInIp - ok
22:31:47.0450 1592 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
22:31:47.0591 1592 IPMIDRV - ok
22:31:47.0856 1592 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
22:31:47.0903 1592 IPNAT - ok
22:31:50.0508 1592 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
22:31:50.0617 1592 iPod Service - ok
22:31:50.0680 1592 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
22:31:50.0680 1592 IRENUM - ok
22:31:50.0726 1592 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
22:31:50.0726 1592 isapnp - ok
22:31:50.0773 1592 iScsiPrt (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys
22:31:50.0773 1592 iScsiPrt - ok
22:31:50.0945 1592 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
22:31:50.0960 1592 iteatapi - ok
22:31:51.0397 1592 itecir (5fef11c18ec25cdcb27e6c8680690b69) C:\Windows\system32\DRIVERS\itecir.sys
22:31:51.0413 1592 itecir - ok
22:31:51.0709 1592 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
22:31:51.0709 1592 iteraid - ok
22:31:52.0598 1592 k57nd60a (2798447996feb5a58b584c8443acad02) C:\Windows\system32\DRIVERS\k57nd60a.sys
22:31:52.0645 1592 k57nd60a - ok
22:31:52.0676 1592 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
22:31:52.0708 1592 kbdclass - ok
22:31:52.0754 1592 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
22:31:52.0754 1592 kbdhid - ok
22:31:52.0832 1592 KeyIso (80f4593e92ff960e4763380d3168e498) C:\Windows\system32\lsass.exe
22:31:52.0848 1592 KeyIso - ok
22:31:52.0988 1592 KSecDD (ccdcce6224e1e207e953af826b98a9d9) C:\Windows\system32\Drivers\ksecdd.sys
22:31:53.0004 1592 KSecDD - ok
22:31:53.0035 1592 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
22:31:53.0035 1592 ksthunk - ok
22:31:53.0628 1592 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
22:31:53.0628 1592 KtmRm - ok
22:31:53.0690 1592 LanmanServer (3f27c9cdae606d74431e3ab39571a7f3) C:\Windows\system32\srvsvc.dll
22:31:53.0690 1592 LanmanServer - ok
22:31:54.0236 1592 LanmanWorkstation (6e25ffc6fead6544c6e9f1d23329570c) C:\Windows\System32\wkssvc.dll
22:31:54.0252 1592 LanmanWorkstation - ok
22:31:54.0470 1592 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
22:31:54.0486 1592 lltdio - ok
22:31:55.0282 1592 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
22:31:55.0500 1592 lltdsvc - ok
22:31:55.0562 1592 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
22:31:55.0594 1592 lmhosts - ok
22:31:55.0640 1592 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
22:31:55.0656 1592 LSI_FC - ok
22:31:56.0046 1592 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
22:31:56.0046 1592 LSI_SAS - ok
22:31:56.0093 1592 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
22:31:56.0093 1592 LSI_SCSI - ok
22:31:56.0218 1592 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
22:31:56.0249 1592 luafv - ok
22:31:56.0639 1592 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
22:31:56.0764 1592 McComponentHostService - ok
22:31:57.0200 1592 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
22:31:57.0294 1592 Mcx2Svc - ok
22:31:57.0325 1592 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
22:31:57.0341 1592 megasas - ok
22:31:57.0653 1592 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
22:31:57.0731 1592 MegaSR - ok
22:31:57.0762 1592 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
22:31:57.0793 1592 MMCSS - ok
22:31:58.0012 1592 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
22:31:58.0043 1592 Modem - ok
22:31:58.0074 1592 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
22:31:58.0074 1592 monitor - ok
22:31:58.0105 1592 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
22:31:58.0121 1592 mouclass - ok
22:31:58.0308 1592 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
22:31:58.0339 1592 mouhid - ok
22:31:58.0573 1592 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
22:31:58.0573 1592 MountMgr - ok
22:31:58.0698 1592 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:31:58.0760 1592 MozillaMaintenance - ok
22:31:59.0338 1592 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
22:31:59.0338 1592 MpFilter - ok
22:31:59.0712 1592 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
22:31:59.0728 1592 mpio - ok
22:31:59.0759 1592 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
22:31:59.0774 1592 mpsdrv - ok
22:31:59.0790 1592 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
22:31:59.0806 1592 Mraid35x - ok
22:31:59.0837 1592 MRxDAV (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys
22:31:59.0837 1592 MRxDAV - ok
22:32:00.0024 1592 mrxsmb (b698eb9acc7ecd4927d99d268918f912) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:32:00.0024 1592 mrxsmb - ok
22:32:00.0305 1592 mrxsmb10 (9a797e27fd28500ee13d43000c931435) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:32:00.0305 1592 mrxsmb10 - ok
22:32:00.0352 1592 mrxsmb20 (f9425d610712533107a264e2d5b2154b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:32:00.0352 1592 mrxsmb20 - ok
22:32:00.0539 1592 msahci (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys
22:32:00.0539 1592 msahci - ok
22:32:00.0726 1592 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
22:32:00.0742 1592 msdsm - ok
22:32:00.0991 1592 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
22:32:01.0069 1592 MSDTC - ok
22:32:01.0085 1592 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
22:32:01.0100 1592 Msfs - ok
22:32:01.0319 1592 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
22:32:01.0319 1592 msisadrv - ok
22:32:01.0366 1592 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
22:32:01.0397 1592 MSiSCSI - ok
22:32:01.0397 1592 msiserver - ok
22:32:01.0428 1592 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
22:32:01.0444 1592 MSKSSRV - ok
22:32:01.0818 1592 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
22:32:01.0818 1592 MsMpSvc - ok
22:32:01.0880 1592 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
22:32:01.0927 1592 MSPCLOCK - ok
22:32:01.0974 1592 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
22:32:01.0990 1592 MSPQM - ok
22:32:02.0348 1592 MsRPC (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys
22:32:02.0442 1592 MsRPC - ok
22:32:02.0473 1592 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
22:32:02.0473 1592 mssmbios - ok
22:32:02.0504 1592 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
22:32:02.0520 1592 MSTEE - ok
22:32:02.0551 1592 Mup (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys
22:32:02.0551 1592 Mup - ok
22:32:03.0050 1592 napagent (c25022cdd18980846973b598900915f8) C:\Windows\system32\qagentRT.dll
22:32:03.0050 1592 napagent - ok
22:32:03.0752 1592 NativeWifiP (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys
22:32:03.0768 1592 NativeWifiP - ok
22:32:05.0000 1592 NDIS (f9a3ae5c9f047d71a36a99f9abca7d02) C:\Windows\system32\drivers\ndis.sys
22:32:05.0016 1592 NDIS - ok
22:32:05.0234 1592 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
22:32:05.0281 1592 NdisTapi - ok
22:32:05.0281 1592 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
22:32:05.0297 1592 Ndisuio - ok
22:32:05.0437 1592 NdisWan (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys
22:32:05.0453 1592 NdisWan - ok
22:32:05.0484 1592 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
22:32:05.0500 1592 NDProxy - ok
22:32:05.0812 1592 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
22:32:05.0874 1592 NetBIOS - ok
22:32:06.0779 1592 netbt (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys
22:32:06.0826 1592 netbt - ok
22:32:06.0904 1592 Netlogon (80f4593e92ff960e4763380d3168e498) C:\Windows\system32\lsass.exe
22:32:06.0904 1592 Netlogon - ok
22:32:07.0200 1592 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
22:32:07.0200 1592 Netman - ok
22:32:07.0715 1592 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
22:32:07.0762 1592 netprofm - ok
22:32:08.0089 1592 NetTcpPortSharing (b84613b469b98e09f50a748c1d02e132) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:32:08.0120 1592 NetTcpPortSharing - ok
22:32:08.0276 1592 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
22:32:08.0292 1592 nfrd960 - ok
22:32:08.0354 1592 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
22:32:08.0370 1592 NisDrv - ok
22:32:08.0620 1592 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
22:32:08.0651 1592 NisSrv - ok
22:32:08.0698 1592 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
22:32:08.0698 1592 NlaSvc - ok
22:32:08.0791 1592 Npfs (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys
22:32:08.0838 1592 Npfs - ok
22:32:08.0885 1592 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
22:32:08.0900 1592 nsi - ok
22:32:09.0103 1592 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
22:32:09.0134 1592 nsiproxy - ok
22:32:09.0962 1592 Ntfs (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys
22:32:09.0962 1592 Ntfs - ok
22:32:10.0446 1592 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
22:32:10.0461 1592 Null - ok
22:32:10.0493 1592 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
22:32:10.0508 1592 nvraid - ok
22:32:10.0602 1592 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
22:32:10.0617 1592 nvstor - ok
22:32:10.0727 1592 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
22:32:10.0773 1592 nv_agp - ok
22:32:10.0773 1592 NwlnkFlt - ok
22:32:10.0805 1592 NwlnkFwd - ok
22:32:10.0851 1592 OA001Ufd (d09cc91e92fd1ff81af3a14be2cbb20d) C:\Windows\system32\DRIVERS\OA001Ufd.sys
22:32:10.0898 1592 OA001Ufd - ok
22:32:11.0163 1592 OA001Vid (a42cb6914ad67e1584e807ce53f1e62c) C:\Windows\system32\DRIVERS\OA001Vid.sys
22:32:11.0195 1592 OA001Vid - ok
22:32:11.0226 1592 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys
22:32:11.0226 1592 ohci1394 - ok
22:32:12.0864 1592 p2pimsvc (430f35c5592d253f43a26b4f5a523dbf) C:\Windows\system32\p2psvc.dll
22:32:13.0004 1592 p2pimsvc - ok
22:32:13.0004 1592 p2psvc (430f35c5592d253f43a26b4f5a523dbf) C:\Windows\system32\p2psvc.dll
22:32:13.0020 1592 p2psvc - ok
22:32:13.0098 1592 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
22:32:13.0113 1592 Parport - ok
22:32:13.0347 1592 partmgr (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys
22:32:13.0347 1592 partmgr - ok
22:32:13.0987 1592 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
22:32:14.0003 1592 PcaSvc - ok
22:32:14.0892 1592 pci (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys
22:32:14.0907 1592 pci - ok
22:32:14.0923 1592 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
22:32:14.0939 1592 pciide - ok
22:32:15.0890 1592 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
22:32:15.0953 1592 pcmcia - ok
22:32:17.0419 1592 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
22:32:17.0419 1592 PEAUTH - ok
22:32:17.0887 1592 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
22:32:17.0903 1592 PerfHost - ok
22:32:18.0963 1592 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
22:32:19.0057 1592 pla - ok
22:32:19.0275 1592 PlugPlay (5aaa0c5534b05ed49919fcd9dbd11a5b) C:\Windows\system32\umpnpmgr.dll
22:32:19.0369 1592 PlugPlay - ok
22:32:19.0899 1592 PNRPAutoReg (430f35c5592d253f43a26b4f5a523dbf) C:\Windows\system32\p2psvc.dll
22:32:19.0962 1592 PNRPAutoReg - ok
22:32:19.0977 1592 PNRPsvc (430f35c5592d253f43a26b4f5a523dbf) C:\Windows\system32\p2psvc.dll
22:32:19.0977 1592 PNRPsvc - ok
22:32:21.0007 1592 PolicyAgent (eef3688d5e9592cbbbed00de71dda1ef) C:\Windows\System32\ipsecsvc.dll
22:32:21.0101 1592 PolicyAgent - ok
22:32:21.0615 1592 PptpMiniport (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys
22:32:21.0631 1592 PptpMiniport - ok
22:31:01.0633 1592 clr_optimization_v4.0.30319_32 - ok
22:31:01.0867 1592 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:31:01.0867 1592 clr_optimization_v4.0.30319_64 - ok
22:31:02.0008 1592 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
22:31:02.0023 1592 CmBatt - ok
22:31:02.0039 1592 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
22:31:02.0054 1592 cmdide - ok
22:31:02.0070 1592 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
22:31:02.0070 1592 Compbatt - ok
22:31:02.0070 1592 COMSysApp - ok
22:31:02.0086 1592 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
22:31:02.0086 1592 crcdisk - ok
22:31:02.0132 1592 CryptSvc (4374f784121d8b3bb466b03f5e5ebd33) C:\Windows\system32\cryptsvc.dll
22:31:02.0148 1592 CryptSvc - ok
22:31:02.0663 1592 DcomLaunch (52cdade8289ff21f1f2215ff51a5f36c) C:\Windows\system32\rpcss.dll
22:31:02.0912 1592 DcomLaunch - ok
22:31:03.0053 1592 DfsC (3725c43c9e90731eca651d506cc599a3) C:\Windows\system32\Drivers\dfsc.sys
22:31:03.0068 1592 DfsC - ok
22:31:07.0577 1592 DFSR (1781f99840979ee7b126c9073c377fd0) C:\Windows\system32\DFSR.exe
22:31:07.0826 1592 DFSR - ok
22:31:08.0622 1592 Dhcp (fdaa0edfcfb70cd529589ad654651b40) C:\Windows\System32\dhcpcsvc.dll
22:31:08.0669 1592 Dhcp - ok
22:31:08.0872 1592 disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys
22:31:08.0872 1592 disk - ok
22:31:08.0918 1592 Dnscache (daf05293c1264e251d3a25e7e24b2ddf) C:\Windows\System32\dnsrslvr.dll
22:31:08.0950 1592 Dnscache - ok
22:31:09.0620 1592 DockLoginService (db29915209770d8b59654345ec2d943a) C:\Program Files\Dell\DellDock\DockLogin.exe
22:31:09.0683 1592 DockLoginService - ok
22:31:09.0745 1592 dot3svc (cc661867677627f2911c2a4970dee0f1) C:\Windows\System32\dot3svc.dll
22:31:09.0761 1592 dot3svc - ok
22:31:09.0808 1592 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
22:31:09.0823 1592 DPS - ok
22:31:09.0854 1592 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
22:31:09.0854 1592 drmkaud - ok
22:31:10.0182 1592 DXGKrnl (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys
22:31:10.0229 1592 DXGKrnl - ok
22:31:10.0385 1592 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
22:31:10.0400 1592 e1express - ok
22:31:10.0822 1592 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
22:31:10.0868 1592 E1G60 - ok
22:31:11.0180 1592 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
22:31:11.0212 1592 EapHost - ok
22:31:11.0290 1592 Ecache (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys
22:31:11.0305 1592 Ecache - ok
22:31:12.0038 1592 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
22:31:12.0116 1592 ehRecvr - ok
22:31:12.0148 1592 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
22:31:12.0194 1592 ehSched - ok
22:31:12.0210 1592 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
22:31:12.0210 1592 ehstart - ok
22:31:12.0272 1592 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
22:31:12.0288 1592 elxstor - ok
22:31:12.0460 1592 EMDMgmt (e4eb76d0a8fc43db7f36302e1f33791f) C:\Windows\system32\emdmgmt.dll
22:31:12.0475 1592 EMDMgmt - ok
22:31:12.0506 1592 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
22:31:12.0522 1592 ErrDev - ok
22:31:12.0678 1592 EventSystem (6b1a97bf9fefbdc83f3c7c7d0f826c66) C:\Windows\system32\es.dll
22:31:12.0740 1592 EventSystem - ok
22:31:12.0787 1592 exfat (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys
22:31:12.0803 1592 exfat - ok
22:31:12.0850 1592 FACAP (e7f412035b832013fa32f412246c5bff) C:\Windows\system32\DRIVERS\facap.sys
22:31:12.0865 1592 FACAP - ok
22:31:16.0063 1592 FAService (4cd1d92dbf3bf28d43cfb98dfb91b7ab) C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
22:31:16.0079 1592 FAService - ok
22:31:18.0325 1592 fastfat (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys
22:31:18.0341 1592 fastfat - ok
22:31:18.0434 1592 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
22:31:18.0450 1592 fdc - ok
22:31:18.0528 1592 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
22:31:18.0528 1592 fdPHost - ok
22:31:18.0575 1592 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
22:31:18.0575 1592 FDResPub - ok
22:31:18.0606 1592 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
22:31:18.0606 1592 FileInfo - ok
22:31:18.0715 1592 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
22:31:18.0840 1592 Filetrace - ok
22:31:18.0965 1592 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
22:31:19.0043 1592 flpydisk - ok
22:31:19.0308 1592 FltMgr (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys
22:31:19.0308 1592 FltMgr - ok
22:31:19.0511 1592 FontCache3.0.0.0 (73d0f1d32edae3dcc4e84468bf910add) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:31:19.0526 1592 FontCache3.0.0.0 - ok
22:31:19.0636 1592 fssfltr (53dab1791917a72738539ad25c4eed7f) C:\Windows\system32\DRIVERS\fssfltr.sys
22:31:19.0651 1592 fssfltr - ok
22:31:20.0119 1592 fsssvc (45b52394f9624237f33a8a3d73c0b221) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
22:31:20.0244 1592 fsssvc - ok
22:31:20.0275 1592 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
22:31:20.0291 1592 Fs_Rec - ok
22:31:20.0494 1592 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
22:31:20.0494 1592 gagp30kx - ok
22:31:20.0525 1592 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:31:20.0540 1592 GEARAspiWDM - ok
22:31:20.0899 1592 gpsvc (9e5b254d58232ec8921ec3c5a94c81ed) C:\Windows\System32\gpsvc.dll
22:31:20.0946 1592 gpsvc - ok
22:31:21.0149 1592 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:31:21.0149 1592 gupdate - ok
22:31:21.0149 1592 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:31:21.0149 1592 gupdatem - ok
22:31:22.0132 1592 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:31:22.0178 1592 gusvc - ok
22:31:22.0943 1592 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
22:31:23.0068 1592 HdAudAddService - ok
22:31:23.0146 1592 HDAudBus (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:31:23.0146 1592 HDAudBus - ok
22:31:23.0161 1592 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
22:31:23.0177 1592 HidBth - ok
22:31:23.0380 1592 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
22:31:23.0426 1592 HidIr - ok
22:31:23.0504 1592 hidserv (77e34697087cfdbcfd9e0009704fb5af) C:\Windows\system32\hidserv.dll
22:31:23.0504 1592 hidserv - ok
22:31:23.0520 1592 HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys
22:31:23.0536 1592 HidUsb - ok
22:31:24.0191 1592 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
22:31:24.0222 1592 hkmsvc - ok
22:31:24.0721 1592 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
22:31:24.0799 1592 HpCISSs - ok
22:31:26.0562 1592 HTTP (e690736da6c543f5d99c8fa27bea31db) C:\Windows\system32\drivers\HTTP.sys
22:31:26.0562 1592 HTTP - ok
22:31:26.0843 1592 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
22:31:26.0921 1592 i2omp - ok
22:31:27.0061 1592 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
22:31:27.0139 1592 i8042prt - ok
22:31:27.0233 1592 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
22:31:27.0280 1592 iaStorV - ok
22:31:28.0387 1592 idsvc (76ea63cdb2d88dae7209691d089bef1d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:31:28.0481 1592 idsvc - ok
22:31:44.0564 1592 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
22:31:44.0970 1592 igfx - ok
22:31:46.0374 1592 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
22:31:46.0374 1592 iirsp - ok
22:31:46.0499 1592 IKEEXT (f6b541b5b8ffc17e91c2697a39c80fe4) C:\Windows\System32\ikeext.dll
22:31:46.0530 1592 IKEEXT - ok
22:31:46.0561 1592 IntcHdmiAddService (dea2ab452b4fa773187369c4b6517320) C:\Windows\system32\drivers\IntcHdmi.sys
22:31:46.0577 1592 IntcHdmiAddService - ok
22:31:46.0624 1592 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
22:31:46.0639 1592 intelide - ok
22:31:46.0670 1592 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
22:31:46.0670 1592 intelppm - ok
22:31:46.0717 1592 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
22:31:46.0748 1592 IPBusEnum - ok
22:31:46.0764 1592 IpFilterDriver (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:31:46.0780 1592 IpFilterDriver - ok
22:31:46.0780 1592 IpInIp - ok
22:31:47.0450 1592 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
22:31:47.0591 1592 IPMIDRV - ok
22:31:47.0856 1592 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
22:31:47.0903 1592 IPNAT - ok
22:31:50.0508 1592 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
22:31:50.0617 1592 iPod Service - ok
22:31:50.0680 1592 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
22:31:50.0680 1592 IRENUM - ok
22:31:50.0726 1592 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
22:31:50.0726 1592 isapnp - ok
22:31:50.0773 1592 iScsiPrt (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys
22:31:50.0773 1592 iScsiPrt - ok
22:31:50.0945 1592 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
22:31:50.0960 1592 iteatapi - ok
22:31:51.0397 1592 itecir (5fef11c18ec25cdcb27e6c8680690b69) C:\Windows\system32\DRIVERS\itecir.sys
22:31:51.0413 1592 itecir - ok
22:31:51.0709 1592 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
22:31:51.0709 1592 iteraid - ok
22:31:52.0598 1592 k57nd60a (2798447996feb5a58b584c8443acad02) C:\Windows\system32\DRIVERS\k57nd60a.sys
22:31:52.0645 1592 k57nd60a - ok
22:31:52.0676 1592 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
22:31:52.0708 1592 kbdclass - ok
22:31:52.0754 1592 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
22:31:52.0754 1592 kbdhid - ok
22:31:52.0832 1592 KeyIso (80f4593e92ff960e4763380d3168e498) C:\Windows\system32\lsass.exe
22:31:52.0848 1592 KeyIso - ok
22:31:52.0988 1592 KSecDD (ccdcce6224e1e207e953af826b98a9d9) C:\Windows\system32\Drivers\ksecdd.sys
22:31:53.0004 1592 KSecDD - ok
22:31:53.0035 1592 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
22:31:53.0035 1592 ksthunk - ok
22:31:53.0628 1592 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
22:31:53.0628 1592 KtmRm - ok
22:31:53.0690 1592 LanmanServer (3f27c9cdae606d74431e3ab39571a7f3) C:\Windows\system32\srvsvc.dll
22:31:53.0690 1592 LanmanServer - ok
22:31:54.0236 1592 LanmanWorkstation (6e25ffc6fead6544c6e9f1d23329570c) C:\Windows\System32\wkssvc.dll
22:31:54.0252 1592 LanmanWorkstation - ok
22:31:54.0470 1592 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
22:31:54.0486 1592 lltdio - ok
22:31:55.0282 1592 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
22:31:55.0500 1592 lltdsvc - ok
22:31:55.0562 1592 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
22:31:55.0594 1592 lmhosts - ok
22:31:55.0640 1592 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
22:31:55.0656 1592 LSI_FC - ok
22:31:56.0046 1592 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
22:31:56.0046 1592 LSI_SAS - ok
22:31:56.0093 1592 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
22:31:56.0093 1592 LSI_SCSI - ok
22:31:56.0218 1592 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
22:31:56.0249 1592 luafv - ok
22:31:56.0639 1592 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
22:31:56.0764 1592 McComponentHostService - ok
22:31:57.0200 1592 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
22:31:57.0294 1592 Mcx2Svc - ok
22:31:57.0325 1592 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
22:31:57.0341 1592 megasas - ok
22:31:57.0653 1592 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
22:31:57.0731 1592 MegaSR - ok
22:31:57.0762 1592 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
22:31:57.0793 1592 MMCSS - ok
22:31:58.0012 1592 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
22:31:58.0043 1592 Modem - ok
22:31:58.0074 1592 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
22:31:58.0074 1592 monitor - ok
22:31:58.0105 1592 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
22:31:58.0121 1592 mouclass - ok
22:31:58.0308 1592 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
22:31:58.0339 1592 mouhid - ok
22:31:58.0573 1592 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
22:31:58.0573 1592 MountMgr - ok
22:31:58.0698 1592 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:31:58.0760 1592 MozillaMaintenance - ok
22:31:59.0338 1592 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
22:31:59.0338 1592 MpFilter - ok
22:31:59.0712 1592 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
22:31:59.0728 1592 mpio - ok
22:31:59.0759 1592 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
22:31:59.0774 1592 mpsdrv - ok
22:31:59.0790 1592 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
22:31:59.0806 1592 Mraid35x - ok
22:31:59.0837 1592 MRxDAV (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys
22:31:59.0837 1592 MRxDAV - ok
22:32:00.0024 1592 mrxsmb (b698eb9acc7ecd4927d99d268918f912) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:32:00.0024 1592 mrxsmb - ok
22:32:00.0305 1592 mrxsmb10 (9a797e27fd28500ee13d43000c931435) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:32:00.0305 1592 mrxsmb10 - ok
22:32:00.0352 1592 mrxsmb20 (f9425d610712533107a264e2d5b2154b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:32:00.0352 1592 mrxsmb20 - ok
22:32:00.0539 1592 msahci (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys
22:32:00.0539 1592 msahci - ok
22:32:00.0726 1592 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
22:32:00.0742 1592 msdsm - ok
22:32:00.0991 1592 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
22:32:01.0069 1592 MSDTC - ok
22:32:01.0085 1592 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
22:32:01.0100 1592 Msfs - ok
22:32:01.0319 1592 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
22:32:01.0319 1592 msisadrv - ok
22:32:01.0366 1592 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
22:32:01.0397 1592 MSiSCSI - ok
22:32:01.0397 1592 msiserver - ok
22:32:01.0428 1592 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
22:32:01.0444 1592 MSKSSRV - ok
22:32:01.0818 1592 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
22:32:01.0818 1592 MsMpSvc - ok
22:32:01.0880 1592 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
22:32:01.0927 1592 MSPCLOCK - ok
22:32:01.0974 1592 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
22:32:01.0990 1592 MSPQM - ok
22:32:02.0348 1592 MsRPC (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys
22:32:02.0442 1592 MsRPC - ok
22:32:02.0473 1592 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
22:32:02.0473 1592 mssmbios - ok
22:32:02.0504 1592 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
22:32:02.0520 1592 MSTEE - ok
22:32:02.0551 1592 Mup (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys
22:32:02.0551 1592 Mup - ok
22:32:03.0050 1592 napagent (c25022cdd18980846973b598900915f8) C:\Windows\system32\qagentRT.dll
22:32:03.0050 1592 napagent - ok
22:32:03.0752 1592 NativeWifiP (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys
22:32:03.0768 1592 NativeWifiP - ok
22:32:05.0000 1592 NDIS (f9a3ae5c9f047d71a36a99f9abca7d02) C:\Windows\system32\drivers\ndis.sys
22:32:05.0016 1592 NDIS - ok
22:32:05.0234 1592 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
22:32:05.0281 1592 NdisTapi - ok
22:32:05.0281 1592 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
22:32:05.0297 1592 Ndisuio - ok
22:32:05.0437 1592 NdisWan (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys
22:32:05.0453 1592 NdisWan - ok
22:32:05.0484 1592 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
22:32:05.0500 1592 NDProxy - ok
22:32:05.0812 1592 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
22:32:05.0874 1592 NetBIOS - ok
22:32:06.0779 1592 netbt (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys
22:32:06.0826 1592 netbt - ok
22:32:06.0904 1592 Netlogon (80f4593e92ff960e4763380d3168e498) C:\Windows\system32\lsass.exe
22:32:06.0904 1592 Netlogon - ok
22:32:07.0200 1592 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
22:32:07.0200 1592 Netman - ok
22:32:07.0715 1592 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
22:32:07.0762 1592 netprofm - ok
22:32:08.0089 1592 NetTcpPortSharing (b84613b469b98e09f50a748c1d02e132) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:32:08.0120 1592 NetTcpPortSharing - ok
22:32:08.0276 1592 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
22:32:08.0292 1592 nfrd960 - ok
22:32:08.0354 1592 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
22:32:08.0370 1592 NisDrv - ok
22:32:08.0620 1592 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
22:32:08.0651 1592 NisSrv - ok
22:32:08.0698 1592 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
22:32:08.0698 1592 NlaSvc - ok
22:32:08.0791 1592 Npfs (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys
22:32:08.0838 1592 Npfs - ok
22:32:08.0885 1592 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
22:32:08.0900 1592 nsi - ok
22:32:09.0103 1592 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
22:32:09.0134 1592 nsiproxy - ok
22:32:09.0962 1592 Ntfs (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys
22:32:09.0962 1592 Ntfs - ok
22:32:10.0446 1592 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
22:32:10.0461 1592 Null - ok
22:32:10.0493 1592 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
22:32:10.0508 1592 nvraid - ok
22:32:10.0602 1592 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
22:32:10.0617 1592 nvstor - ok
22:32:10.0727 1592 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
22:32:10.0773 1592 nv_agp - ok
22:32:10.0773 1592 NwlnkFlt - ok
22:32:10.0805 1592 NwlnkFwd - ok
22:32:10.0851 1592 OA001Ufd (d09cc91e92fd1ff81af3a14be2cbb20d) C:\Windows\system32\DRIVERS\OA001Ufd.sys
22:32:10.0898 1592 OA001Ufd - ok
22:32:11.0163 1592 OA001Vid (a42cb6914ad67e1584e807ce53f1e62c) C:\Windows\system32\DRIVERS\OA001Vid.sys
22:32:11.0195 1592 OA001Vid - ok
22:32:11.0226 1592 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys
22:32:11.0226 1592 ohci1394 - ok
22:32:12.0864 1592 p2pimsvc (430f35c5592d253f43a26b4f5a523dbf) C:\Windows\system32\p2psvc.dll
22:32:13.0004 1592 p2pimsvc - ok
22:32:13.0004 1592 p2psvc (430f35c5592d253f43a26b4f5a523dbf) C:\Windows\system32\p2psvc.dll
22:32:13.0020 1592 p2psvc - ok
22:32:13.0098 1592 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
22:32:13.0113 1592 Parport - ok
22:32:13.0347 1592 partmgr (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys
22:32:13.0347 1592 partmgr - ok
22:32:13.0987 1592 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
22:32:14.0003 1592 PcaSvc - ok
22:32:14.0892 1592 pci (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys
22:32:14.0907 1592 pci - ok
22:32:14.0923 1592 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
22:32:14.0939 1592 pciide - ok
22:32:15.0890 1592 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
22:32:15.0953 1592 pcmcia - ok
22:32:17.0419 1592 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
22:32:17.0419 1592 PEAUTH - ok
22:32:17.0887 1592 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
22:32:17.0903 1592 PerfHost - ok
22:32:18.0963 1592 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
22:32:19.0057 1592 pla - ok
22:32:19.0275 1592 PlugPlay (5aaa0c5534b05ed49919fcd9dbd11a5b) C:\Windows\system32\umpnpmgr.dll
22:32:19.0369 1592 PlugPlay - ok
22:32:19.0899 1592 PNRPAutoReg (430f35c5592d253f43a26b4f5a523dbf) C:\Windows\system32\p2psvc.dll
22:32:19.0962 1592 PNRPAutoReg - ok
22:32:19.0977 1592 PNRPsvc (430f35c5592d253f43a26b4f5a523dbf) C:\Windows\system32\p2psvc.dll
22:32:19.0977 1592 PNRPsvc - ok
22:32:21.0007 1592 PolicyAgent (eef3688d5e9592cbbbed00de71dda1ef) C:\Windows\System32\ipsecsvc.dll
22:32:21.0101 1592 PolicyAgent - ok
22:32:21.0615 1592 PptpMiniport (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys
22:32:21.0631 1592 PptpMiniport - ok
22:32:21.0990 1592 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
22:32:22.0005 1592 Processor - ok
22:32:22.0785 1592 ProfSvc (b21fe10dad3ab59e78df7aa3fbf41e70) C:\Windows\system32\profsvc.dll
22:32:22.0832 1592 ProfSvc - ok
22:32:22.0926 1592 ProtectedStorage (80f4593e92ff960e4763380d3168e498) C:\Windows\system32\lsass.exe
22:32:22.0926 1592 ProtectedStorage - ok
22:32:23.0051 1592 PSched (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys
22:32:23.0066 1592 PSched - ok
22:32:23.0238 1592 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
22:32:23.0238 1592 PxHlpa64 - ok
22:32:25.0016 1592 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
22:32:25.0079 1592 ql2300 - ok
22:32:25.0110 1592 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
22:32:25.0141 1592 ql40xx - ok
22:32:25.0188 1592 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
22:32:25.0250 1592 QWAVE - ok
22:32:25.0625 1592 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
22:32:25.0671 1592 QWAVEdrv - ok
22:32:28.0713 1592 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys
22:32:29.0415 1592 R300 - ok
22:32:29.0883 1592 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
22:32:29.0899 1592 RasAcd - ok
22:32:30.0039 1592 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
22:32:30.0071 1592 RasAuto - ok
22:32:30.0164 1592 Rasl2tp (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:32:30.0180 1592 Rasl2tp - ok
22:32:30.0320 1592 RasMan (d0c346d7df0df9b4899631796f177d56) C:\Windows\System32\rasmans.dll
22:32:30.0492 1592 RasMan - ok
22:32:30.0507 1592 RasPppoe (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys
22:32:30.0523 1592 RasPppoe - ok
22:32:30.0523 1592 RasSstp (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys
22:32:30.0539 1592 RasSstp - ok
22:32:30.0679 1592 rdbss (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys
22:32:30.0695 1592 rdbss - ok
22:32:30.0710 1592 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:32:30.0710 1592 RDPCDD - ok
22:32:30.0757 1592 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
22:32:30.0788 1592 rdpdr - ok
22:32:30.0788 1592 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
22:32:30.0804 1592 RDPENCDD - ok
22:32:31.0007 1592 RDPWD (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys
22:32:31.0022 1592 RDPWD - ok
22:32:31.0116 1592 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
22:32:31.0147 1592 RemoteAccess - ok
22:32:31.0287 1592 RemoteRegistry (416c611369cbe49074b89cee2f83abef) C:\Windows\system32\regsvc.dll
22:32:31.0319 1592 RemoteRegistry - ok
22:32:31.0755 1592 rimmptsk (d13d70fac45fc1df69f88559b1f72f0a) C:\Windows\system32\DRIVERS\rimmpx64.sys
22:32:31.0755 1592 rimmptsk - ok
22:32:32.0099 1592 rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
22:32:32.0130 1592 rimsptsk - ok
22:32:32.0177 1592 rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
22:32:32.0192 1592 rismxdp - ok
22:32:32.0270 1592 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
22:32:32.0364 1592 RpcLocator - ok
22:32:34.0158 1592 RpcSs (52cdade8289ff21f1f2215ff51a5f36c) C:\Windows\system32\rpcss.dll
22:32:34.0173 1592 RpcSs - ok
22:32:34.0407 1592 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
22:32:34.0423 1592 rspndr - ok
22:32:34.0485 1592 SamSs (80f4593e92ff960e4763380d3168e498) C:\Windows\system32\lsass.exe
22:32:34.0485 1592 SamSs - ok
22:32:34.0673 1592 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
22:32:34.0751 1592 sbp2port - ok
22:32:34.0860 1592 SCardSvr (f024d560fea06f8b56d673849eb89ae6) C:\Windows\System32\SCardSvr.dll
22:32:34.0891 1592 SCardSvr - ok
22:32:35.0390 1592 Schedule (ce75d26e0a1106129f4d156851e298ed) C:\Windows\system32\schedsvc.dll
22:32:35.0390 1592 Schedule - ok
22:32:35.0421 1592 SCPolicySvc (edfffc8b6afb609bf33dbe0a900426b6) C:\Windows\System32\certprop.dll
22:32:35.0421 1592 SCPolicySvc - ok
22:32:35.0687 1592 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
22:32:35.0702 1592 sdbus - ok
22:32:35.0733 1592 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
22:32:35.0765 1592 SDRSVC - ok
22:32:35.0796 1592 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:32:35.0796 1592 secdrv - ok
22:32:35.0811 1592 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
22:32:35.0811 1592 seclogon - ok
22:32:35.0858 1592 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
22:32:35.0858 1592 SENS - ok
22:32:35.0889 1592 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
22:32:35.0905 1592 Serenum - ok
22:32:35.0967 1592 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
22:32:35.0983 1592 Serial - ok
22:32:35.0983 1592 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
22:32:35.0999 1592 sermouse - ok
22:32:36.0045 1592 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
22:32:36.0045 1592 SessionEnv - ok
22:32:36.0077 1592 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\DRIVERS\sffdisk.sys
22:32:36.0077 1592 sffdisk - ok
22:32:36.0123 1592 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
22:32:36.0139 1592 sffp_mmc - ok
22:32:36.0685 1592 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\DRIVERS\sffp_sd.sys
22:32:36.0732 1592 sffp_sd - ok
22:32:36.0810 1592 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
22:32:36.0857 1592 sfloppy - ok
22:32:36.0981 1592 ShellHWDetection (9235ec680d3db17464b39c7c7decb4dd) C:\Windows\System32\shsvcs.dll
22:32:37.0059 1592 ShellHWDetection - ok
22:32:37.0091 1592 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
22:32:37.0106 1592 SiSRaid2 - ok
22:32:37.0137 1592 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
22:32:37.0153 1592 SiSRaid4 - ok
22:32:37.0512 1592 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files (x86)\Skype\Updater\Updater.exe
22:32:37.0512 1592 SkypeUpdate - ok
22:32:40.0148 1592 slsvc (a301d2cefb4747dfe0c24425dcbe0b78) C:\Windows\system32\SLsvc.exe
22:32:40.0398 1592 slsvc - ok
22:32:40.0819 1592 SLUINotify (f5ddf7c0af85eb72cb295171f8c3cb35) C:\Windows\system32\SLUINotify.dll
22:32:40.0850 1592 SLUINotify - ok
22:32:41.0630 1592 Smb (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys
22:32:41.0646 1592 Smb - ok
22:32:41.0739 1592 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
22:32:41.0771 1592 SNMPTRAP - ok
22:32:42.0020 1592 spldr (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys
22:32:42.0020 1592 spldr - ok
22:32:42.0348 1592 Spooler (92e6738d25c2123be9515c0eac0776cd) C:\Windows\System32\spoolsv.exe
22:32:42.0348 1592 Spooler - ok
22:32:43.0050 1592 srv (a8abd7d0d907b45cf3831f4dd8644349) C:\Windows\system32\DRIVERS\srv.sys
22:32:43.0065 1592 srv - ok
22:32:43.0596 1592 srv2 (6c72eea39e1c37b436a6d1532999f9ec) C:\Windows\system32\DRIVERS\srv2.sys
22:32:43.0596 1592 srv2 - ok
22:32:44.0267 1592 srvnet (7f69bcf9e6fa3d93c82ee6b87812666d) C:\Windows\system32\DRIVERS\srvnet.sys
22:32:44.0267 1592 srvnet - ok
22:32:44.0360 1592 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
22:32:44.0376 1592 SSDPSRV - ok
22:32:44.0438 1592 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
22:32:44.0469 1592 SstpSvc - ok
22:32:44.0984 1592 STacSV (444109453a2b87e6c16bcda5953e81a9) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_310debf0\STacSV64.exe
22:32:45.0015 1592 STacSV - ok
22:32:45.0437 1592 STHDA (02e784fa49032f84964db90a3ed81890) C:\Windows\system32\DRIVERS\stwrt64.sys
22:32:45.0468 1592 STHDA - ok
22:32:46.0326 1592 stisvc (f14f7d7d68a66777fb999d5d0f21138d) C:\Windows\System32\wiaservc.dll
22:32:46.0326 1592 stisvc - ok
22:32:46.0529 1592 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
22:32:46.0669 1592 stllssvr - ok
22:32:46.0747 1592 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
22:32:46.0763 1592 swenum - ok
22:32:47.0293 1592 swprv (da34d6eb4a3154c0bebaeb0a2483ef3e) C:\Windows\System32\swprv.dll
22:32:47.0387 1592 swprv - ok
22:32:47.0402 1592 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
22:32:47.0418 1592 Symc8xx - ok
22:32:47.0574 1592 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
22:32:47.0652 1592 Sym_hi - ok
22:32:47.0761 1592 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
22:32:47.0823 1592 Sym_u3 - ok
22:32:48.0291 1592 SysMain (bea0d5521ed21df8f6ffeed86daede7b) C:\Windows\system32\sysmain.dll
22:32:48.0338 1592 SysMain - ok
22:32:48.0385 1592 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
22:32:48.0401 1592 TabletInputService - ok
22:32:49.0352 1592 TapiSrv (52091001caf20ae84cf47023ee21b4bb) C:\Windows\System32\tapisrv.dll
22:32:49.0352 1592 TapiSrv - ok
22:32:49.0415 1592 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
22:32:49.0415 1592 TBS - ok
22:32:51.0021 1592 Tcpip (d43d5336be9dd93e02ee124297295713) C:\Windows\system32\drivers\tcpip.sys
22:32:51.0146 1592 Tcpip - ok
22:32:51.0162 1592 Tcpip6 (d43d5336be9dd93e02ee124297295713) C:\Windows\system32\DRIVERS\tcpip.sys
22:32:51.0162 1592 Tcpip6 - ok
22:32:51.0396 1592 tcpipreg (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys
22:32:51.0396 1592 tcpipreg - ok
22:32:51.0411 1592 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
22:32:51.0427 1592 TDPIPE - ok
22:32:51.0599 1592 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
22:32:51.0645 1592 TDTCP - ok
22:32:51.0817 1592 tdx (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys
22:32:51.0833 1592 tdx - ok
22:32:52.0020 1592 TermDD (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys
22:32:52.0035 1592 TermDD - ok
22:32:52.0441 1592 TermService (f870a5589d6a94b426efb13689023946) C:\Windows\System32\termsrv.dll
22:32:52.0441 1592 TermService - ok
22:32:52.0722 1592 Themes (9235ec680d3db17464b39c7c7decb4dd) C:\Windows\system32\shsvcs.dll
22:32:52.0737 1592 Themes - ok
22:32:52.0862 1592 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
22:32:52.0862 1592 THREADORDER - ok
22:32:52.0940 1592 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
22:32:52.0956 1592 TrkWks - ok
22:32:53.0299 1592 TrustedInstaller (ac6ff1df22ed90bad6417ee5a4c6e2f0) C:\Windows\servicing\TrustedInstaller.exe
22:32:53.0330 1592 TrustedInstaller - ok
22:32:53.0361 1592 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:32:53.0377 1592 tssecsrv - ok
22:32:53.0861 1592 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
22:32:53.0876 1592 tunmp - ok
22:32:54.0251 1592 tunnel (2dc2c423572946e9a3131425bda73cb6) C:\Windows\system32\DRIVERS\tunnel.sys
22:32:54.0329 1592 tunnel - ok
22:32:54.0734 1592 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
22:32:54.0828 1592 uagp35 - ok
22:32:54.0953 1592 udfs (eca6629e33f122afff18a2ab7c3eb033) C:\Windows\system32\DRIVERS\udfs.sys
22:32:54.0984 1592 udfs - ok
22:32:55.0031 1592 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
22:32:55.0062 1592 UI0Detect - ok
22:32:55.0327 1592 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
22:32:55.0389 1592 uliagpkx - ok
22:32:55.0889 1592 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
22:32:55.0935 1592 uliahci - ok
22:32:55.0967 1592 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
22:32:55.0982 1592 UlSata - ok
22:32:56.0029 1592 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
22:32:56.0045 1592 ulsata2 - ok
22:32:56.0061 1592 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
22:32:56.0077 1592 umbus - ok
22:32:56.0170 1592 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
22:32:56.0233 1592 upnphost - ok
22:32:56.0264 1592 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys
22:32:56.0280 1592 USBAAPL64 - ok
22:32:56.0311 1592 usbccgp (89842ce16285b73405284224cc386dcf) C:\Windows\system32\DRIVERS\usbccgp.sys
22:32:56.0326 1592 usbccgp - ok
22:32:56.0514 1592 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
22:32:56.0529 1592 usbcir - ok
22:32:56.0638 1592 usbehci (07b738a1f57e4ec870406e74da5754af) C:\Windows\system32\DRIVERS\usbehci.sys
22:32:56.0654 1592 usbehci - ok
22:32:56.0935 1592 usbhub (b668e8e0ef2910f28baf550b04de57f2) C:\Windows\system32\DRIVERS\usbhub.sys
22:32:56.0982 1592 usbhub - ok
22:32:57.0075 1592 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
22:32:57.0076 1592 usbohci - ok
22:32:57.0139 1592 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
22:32:57.0139 1592 usbprint - ok
22:32:57.0466 1592 USBSTOR (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:32:57.0497 1592 USBSTOR - ok
22:32:57.0529 1592 usbuhci (e76f2b26a5917f555844c128954bb52b) C:\Windows\system32\DRIVERS\usbuhci.sys
22:32:57.0544 1592 usbuhci - ok
22:32:57.0591 1592 UxSms (9190f03c82547afa87367f1ceca88f3b) C:\Windows\System32\uxsms.dll
22:32:57.0622 1592 UxSms - ok
22:32:57.0872 1592 vds (c15a4a550cba7b9f1f68b72528e04ce1) C:\Windows\System32\vds.exe
22:32:57.0965 1592 vds - ok
22:32:57.0997 1592 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
22:32:58.0012 1592 vga - ok
22:32:58.0028 1592 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
22:32:58.0043 1592 VgaSave - ok
22:32:58.0059 1592 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
22:32:58.0075 1592 viaide - ok
22:32:58.0122 1592 volmgr (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys
22:32:58.0122 1592 volmgr - ok
22:32:58.0294 1592 volmgrx (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys
22:32:58.0310 1592 volmgrx - ok
22:32:58.0481 1592 volsnap (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys
22:32:58.0481 1592 volsnap - ok
22:32:58.0528 1592 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
22:32:58.0544 1592 vsmraid - ok
22:32:59.0558 1592 VSS (186bd53f8a408ad20f5a056c05678629) C:\Windows\system32\vssvc.exe
22:32:59.0729 1592 VSS - ok
22:33:00.0213 1592 W32Time (ba29f34a61cb55c0dee29e787542edf4) C:\Windows\system32\w32time.dll
22:33:00.0228 1592 W32Time - ok
22:33:00.0275 1592 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
22:33:00.0275 1592 WacomPen - ok
22:33:00.0306 1592 Wanarp (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
22:33:00.0338 1592 Wanarp - ok
22:33:00.0338 1592 Wanarpv6 (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
22:33:00.0353 1592 Wanarpv6 - ok
22:33:00.0525 1592 wcncsvc (055449247c490e24b968b44fe8a969eb) C:\Windows\System32\wcncsvc.dll
22:33:00.0618 1592 wcncsvc - ok
22:33:00.0650 1592 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
22:33:00.0681 1592 WcsPlugInService - ok
22:33:00.0821 1592 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
22:33:00.0821 1592 Wd - ok
22:33:01.0820 1592 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
22:33:01.0820 1592 Wdf01000 - ok
22:33:02.0272 1592 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
22:33:02.0303 1592 WdiServiceHost - ok
22:33:02.0303 1592 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
22:33:02.0303 1592 WdiSystemHost - ok
22:33:02.0350 1592 WebClient (3d4ab55f8178fd0cd3ca45cd0ec9cf5b) C:\Windows\System32\webclnt.dll
22:33:02.0350 1592 WebClient - ok
22:33:02.0584 1592 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
22:33:02.0615 1592 Wecsvc - ok
22:33:03.0114 1592 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
22:33:03.0177 1592 wercplsupport - ok
22:33:03.0333 1592 WerSvc (fc25242b3bcaf7e84d9184082274ae08) C:\Windows\System32\WerSvc.dll
22:33:03.0333 1592 WerSvc - ok
22:33:03.0364 1592 WinHttpAutoProxySvc - ok
22:33:03.0832 1592 Winmgmt (ac98f38feab066a8f983d54ff3f4fd4c) C:\Windows\system32\wbem\WMIsvc.dll
22:33:03.0879 1592 Winmgmt - ok
22:33:06.0250 1592 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
22:33:06.0422 1592 WinRM - ok
22:33:08.0091 1592 Wlansvc (0a69955261c1b54206adc9beb89517de) C:\Windows\System32\wlansvc.dll
22:33:08.0169 1592 Wlansvc - ok
22:33:08.0169 1592 wltrysvc - ok
22:33:08.0247 1592 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:33:08.0247 1592 WmiAcpi - ok
22:33:08.0403 1592 wmiApSrv (d303322dd577c3deda1251ed2e7a496c) C:\Windows\system32\wbem\WmiApSrv.exe
22:33:08.0418 1592 wmiApSrv - ok
22:33:08.0528 1592 WMPNetworkSvc - ok
22:33:08.0574 1592 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
22:33:08.0606 1592 WPCSvc - ok
22:33:08.0637 1592 WPDBusEnum (a27c8f92d84e2ddc151978e4692c978e) C:\Windows\system32\wpdbusenum.dll
22:33:08.0637 1592 WPDBusEnum - ok
22:33:08.0730 1592 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys
22:33:08.0746 1592 WpdUsb - ok
22:33:09.0698 1592 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:33:09.0807 1592 WPFFontCache_v0400 - ok
22:33:10.0119 1592 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
22:33:10.0150 1592 ws2ifsl - ok
22:33:10.0150 1592 WSearch - ok
22:33:10.0337 1592 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:33:10.0337 1592 WUDFRd - ok
22:33:10.0415 1592 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
22:33:10.0431 1592 wudfsvc - ok
22:33:10.0478 1592 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
22:33:10.0618 1592 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
22:33:10.0618 1592 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
22:33:10.0618 1592 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR1
22:33:10.0618 1592 \Device\Harddisk1\DR1 - ok
22:33:10.0790 1592 Boot (0x1200) (2f9770032e6bff69f928543361bf5c48) \Device\Harddisk0\DR0\Partition0
22:33:10.0914 1592 \Device\Harddisk0\DR0\Partition0 - ok
22:33:10.0992 1592 Boot (0x1200) (d8059160b186040b9dc4999e89106e6d) \Device\Harddisk0\DR0\Partition1
22:33:10.0992 1592 \Device\Harddisk0\DR0\Partition1 - ok
22:33:10.0992 1592 Boot (0x1200) (ea5f023d4dbcf254671ea60c4c5317e3) \Device\Harddisk1\DR1\Partition0
22:33:10.0992 1592 \Device\Harddisk1\DR1\Partition0 - ok
22:33:10.0992 1592 ============================================================
22:33:10.0992 1592 Scan finished
22:33:10.0992 1592 ============================================================
22:33:10.0992 3900 Detected object count: 1
22:33:10.0992 3900 Actual detected object count: 1
22:33:36.0156 3900 \Device\Harddisk0\DR0\# - copied to quarantine
22:33:36.0156 3900 \Device\Harddisk0\DR0 - copied to quarantine
22:33:36.0983 3900 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
22:33:37.0077 3900 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
22:33:37.0092 3900 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
22:33:37.0123 3900 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
22:33:37.0607 3900 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
22:33:39.0073 3900 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
22:33:39.0120 3900 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
22:33:39.0120 3900 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
22:33:39.0120 3900 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
22:33:39.0323 3900 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
22:33:39.0432 3900 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
22:33:39.0432 3900 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
22:33:39.0448 3900 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
22:33:39.0604 3900 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
22:33:39.0697 3900 \Device\Harddisk0\DR0 - ok
22:33:43.0956 3900 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
22:41:21.0179 1140 Deinitialize success
22:32:22.0005 1592 Processor - ok
22:32:22.0785 1592 ProfSvc (b21fe10dad3ab59e78df7aa3fbf41e70) C:\Windows\system32\profsvc.dll
22:32:22.0832 1592 ProfSvc - ok
22:32:22.0926 1592 ProtectedStorage (80f4593e92ff960e4763380d3168e498) C:\Windows\system32\lsass.exe
22:32:22.0926 1592 ProtectedStorage - ok
22:32:23.0051 1592 PSched (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys
22:32:23.0066 1592 PSched - ok
22:32:23.0238 1592 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
22:32:23.0238 1592 PxHlpa64 - ok
22:32:25.0016 1592 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
22:32:25.0079 1592 ql2300 - ok
22:32:25.0110 1592 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
22:32:25.0141 1592 ql40xx - ok
22:32:25.0188 1592 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
22:32:25.0250 1592 QWAVE - ok
22:32:25.0625 1592 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
22:32:25.0671 1592 QWAVEdrv - ok
22:32:28.0713 1592 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys
22:32:29.0415 1592 R300 - ok
22:32:29.0883 1592 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
22:32:29.0899 1592 RasAcd - ok
22:32:30.0039 1592 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
22:32:30.0071 1592 RasAuto - ok
22:32:30.0164 1592 Rasl2tp (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:32:30.0180 1592 Rasl2tp - ok
22:32:30.0320 1592 RasMan (d0c346d7df0df9b4899631796f177d56) C:\Windows\System32\rasmans.dll
22:32:30.0492 1592 RasMan - ok
22:32:30.0507 1592 RasPppoe (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys
22:32:30.0523 1592 RasPppoe - ok
22:32:30.0523 1592 RasSstp (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys
22:32:30.0539 1592 RasSstp - ok
22:32:30.0679 1592 rdbss (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys
22:32:30.0695 1592 rdbss - ok
22:32:30.0710 1592 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:32:30.0710 1592 RDPCDD - ok
22:32:30.0757 1592 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
22:32:30.0788 1592 rdpdr - ok
22:32:30.0788 1592 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
22:32:30.0804 1592 RDPENCDD - ok
22:32:31.0007 1592 RDPWD (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys
22:32:31.0022 1592 RDPWD - ok
22:32:31.0116 1592 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
22:32:31.0147 1592 RemoteAccess - ok
22:32:31.0287 1592 RemoteRegistry (416c611369cbe49074b89cee2f83abef) C:\Windows\system32\regsvc.dll
22:32:31.0319 1592 RemoteRegistry - ok
22:32:31.0755 1592 rimmptsk (d13d70fac45fc1df69f88559b1f72f0a) C:\Windows\system32\DRIVERS\rimmpx64.sys
22:32:31.0755 1592 rimmptsk - ok
22:32:32.0099 1592 rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
22:32:32.0130 1592 rimsptsk - ok
22:32:32.0177 1592 rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
22:32:32.0192 1592 rismxdp - ok
22:32:32.0270 1592 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
22:32:32.0364 1592 RpcLocator - ok
22:32:34.0158 1592 RpcSs (52cdade8289ff21f1f2215ff51a5f36c) C:\Windows\system32\rpcss.dll
22:32:34.0173 1592 RpcSs - ok
22:32:34.0407 1592 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
22:32:34.0423 1592 rspndr - ok
22:32:34.0485 1592 SamSs (80f4593e92ff960e4763380d3168e498) C:\Windows\system32\lsass.exe
22:32:34.0485 1592 SamSs - ok
22:32:34.0673 1592 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
22:32:34.0751 1592 sbp2port - ok
22:32:34.0860 1592 SCardSvr (f024d560fea06f8b56d673849eb89ae6) C:\Windows\System32\SCardSvr.dll
22:32:34.0891 1592 SCardSvr - ok
22:32:35.0390 1592 Schedule (ce75d26e0a1106129f4d156851e298ed) C:\Windows\system32\schedsvc.dll
22:32:35.0390 1592 Schedule - ok
22:32:35.0421 1592 SCPolicySvc (edfffc8b6afb609bf33dbe0a900426b6) C:\Windows\System32\certprop.dll
22:32:35.0421 1592 SCPolicySvc - ok
22:32:35.0687 1592 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
22:32:35.0702 1592 sdbus - ok
22:32:35.0733 1592 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
22:32:35.0765 1592 SDRSVC - ok
22:32:35.0796 1592 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:32:35.0796 1592 secdrv - ok
22:32:35.0811 1592 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
22:32:35.0811 1592 seclogon - ok
22:32:35.0858 1592 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
22:32:35.0858 1592 SENS - ok
22:32:35.0889 1592 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
22:32:35.0905 1592 Serenum - ok
22:32:35.0967 1592 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
22:32:35.0983 1592 Serial - ok
22:32:35.0983 1592 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
22:32:35.0999 1592 sermouse - ok
22:32:36.0045 1592 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
22:32:36.0045 1592 SessionEnv - ok
22:32:36.0077 1592 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\DRIVERS\sffdisk.sys
22:32:36.0077 1592 sffdisk - ok
22:32:36.0123 1592 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
22:32:36.0139 1592 sffp_mmc - ok
22:32:36.0685 1592 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\DRIVERS\sffp_sd.sys
22:32:36.0732 1592 sffp_sd - ok
22:32:36.0810 1592 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
22:32:36.0857 1592 sfloppy - ok
22:32:36.0981 1592 ShellHWDetection (9235ec680d3db17464b39c7c7decb4dd) C:\Windows\System32\shsvcs.dll
22:32:37.0059 1592 ShellHWDetection - ok
22:32:37.0091 1592 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
22:32:37.0106 1592 SiSRaid2 - ok
22:32:37.0137 1592 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
22:32:37.0153 1592 SiSRaid4 - ok
22:32:37.0512 1592 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files (x86)\Skype\Updater\Updater.exe
22:32:37.0512 1592 SkypeUpdate - ok
22:32:40.0148 1592 slsvc (a301d2cefb4747dfe0c24425dcbe0b78) C:\Windows\system32\SLsvc.exe
22:32:40.0398 1592 slsvc - ok
22:32:40.0819 1592 SLUINotify (f5ddf7c0af85eb72cb295171f8c3cb35) C:\Windows\system32\SLUINotify.dll
22:32:40.0850 1592 SLUINotify - ok
22:32:41.0630 1592 Smb (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys
22:32:41.0646 1592 Smb - ok
22:32:41.0739 1592 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
22:32:41.0771 1592 SNMPTRAP - ok
22:32:42.0020 1592 spldr (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys
22:32:42.0020 1592 spldr - ok
22:32:42.0348 1592 Spooler (92e6738d25c2123be9515c0eac0776cd) C:\Windows\System32\spoolsv.exe
22:32:42.0348 1592 Spooler - ok
22:32:43.0050 1592 srv (a8abd7d0d907b45cf3831f4dd8644349) C:\Windows\system32\DRIVERS\srv.sys
22:32:43.0065 1592 srv - ok
22:32:43.0596 1592 srv2 (6c72eea39e1c37b436a6d1532999f9ec) C:\Windows\system32\DRIVERS\srv2.sys
22:32:43.0596 1592 srv2 - ok
22:32:44.0267 1592 srvnet (7f69bcf9e6fa3d93c82ee6b87812666d) C:\Windows\system32\DRIVERS\srvnet.sys
22:32:44.0267 1592 srvnet - ok
22:32:44.0360 1592 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
22:32:44.0376 1592 SSDPSRV - ok
22:32:44.0438 1592 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
22:32:44.0469 1592 SstpSvc - ok
22:32:44.0984 1592 STacSV (444109453a2b87e6c16bcda5953e81a9) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_310debf0\STacSV64.exe
22:32:45.0015 1592 STacSV - ok
22:32:45.0437 1592 STHDA (02e784fa49032f84964db90a3ed81890) C:\Windows\system32\DRIVERS\stwrt64.sys
22:32:45.0468 1592 STHDA - ok
22:32:46.0326 1592 stisvc (f14f7d7d68a66777fb999d5d0f21138d) C:\Windows\System32\wiaservc.dll
22:32:46.0326 1592 stisvc - ok
22:32:46.0529 1592 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
22:32:46.0669 1592 stllssvr - ok
22:32:46.0747 1592 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
22:32:46.0763 1592 swenum - ok
22:32:47.0293 1592 swprv (da34d6eb4a3154c0bebaeb0a2483ef3e) C:\Windows\System32\swprv.dll
22:32:47.0387 1592 swprv - ok
22:32:47.0402 1592 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
22:32:47.0418 1592 Symc8xx - ok
22:32:47.0574 1592 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
22:32:47.0652 1592 Sym_hi - ok
22:32:47.0761 1592 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
22:32:47.0823 1592 Sym_u3 - ok
22:32:48.0291 1592 SysMain (bea0d5521ed21df8f6ffeed86daede7b) C:\Windows\system32\sysmain.dll
22:32:48.0338 1592 SysMain - ok
22:32:48.0385 1592 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
22:32:48.0401 1592 TabletInputService - ok
22:32:49.0352 1592 TapiSrv (52091001caf20ae84cf47023ee21b4bb) C:\Windows\System32\tapisrv.dll
22:32:49.0352 1592 TapiSrv - ok
22:32:49.0415 1592 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
22:32:49.0415 1592 TBS - ok
22:32:51.0021 1592 Tcpip (d43d5336be9dd93e02ee124297295713) C:\Windows\system32\drivers\tcpip.sys
22:32:51.0146 1592 Tcpip - ok
22:32:51.0162 1592 Tcpip6 (d43d5336be9dd93e02ee124297295713) C:\Windows\system32\DRIVERS\tcpip.sys
22:32:51.0162 1592 Tcpip6 - ok
22:32:51.0396 1592 tcpipreg (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys
22:32:51.0396 1592 tcpipreg - ok
22:32:51.0411 1592 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
22:32:51.0427 1592 TDPIPE - ok
22:32:51.0599 1592 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
22:32:51.0645 1592 TDTCP - ok
22:32:51.0817 1592 tdx (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys
22:32:51.0833 1592 tdx - ok
22:32:52.0020 1592 TermDD (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys
22:32:52.0035 1592 TermDD - ok
22:32:52.0441 1592 TermService (f870a5589d6a94b426efb13689023946) C:\Windows\System32\termsrv.dll
22:32:52.0441 1592 TermService - ok
22:32:52.0722 1592 Themes (9235ec680d3db17464b39c7c7decb4dd) C:\Windows\system32\shsvcs.dll
22:32:52.0737 1592 Themes - ok
22:32:52.0862 1592 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
22:32:52.0862 1592 THREADORDER - ok
22:32:52.0940 1592 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
22:32:52.0956 1592 TrkWks - ok
22:32:53.0299 1592 TrustedInstaller (ac6ff1df22ed90bad6417ee5a4c6e2f0) C:\Windows\servicing\TrustedInstaller.exe
22:32:53.0330 1592 TrustedInstaller - ok
22:32:53.0361 1592 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:32:53.0377 1592 tssecsrv - ok
22:32:53.0861 1592 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
22:32:53.0876 1592 tunmp - ok
22:32:54.0251 1592 tunnel (2dc2c423572946e9a3131425bda73cb6) C:\Windows\system32\DRIVERS\tunnel.sys
22:32:54.0329 1592 tunnel - ok
22:32:54.0734 1592 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
22:32:54.0828 1592 uagp35 - ok
22:32:54.0953 1592 udfs (eca6629e33f122afff18a2ab7c3eb033) C:\Windows\system32\DRIVERS\udfs.sys
22:32:54.0984 1592 udfs - ok
22:32:55.0031 1592 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
22:32:55.0062 1592 UI0Detect - ok
22:32:55.0327 1592 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
22:32:55.0389 1592 uliagpkx - ok
22:32:55.0889 1592 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
22:32:55.0935 1592 uliahci - ok
22:32:55.0967 1592 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
22:32:55.0982 1592 UlSata - ok
22:32:56.0029 1592 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
22:32:56.0045 1592 ulsata2 - ok
22:32:56.0061 1592 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
22:32:56.0077 1592 umbus - ok
22:32:56.0170 1592 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
22:32:56.0233 1592 upnphost - ok
22:32:56.0264 1592 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys
22:32:56.0280 1592 USBAAPL64 - ok
22:32:56.0311 1592 usbccgp (89842ce16285b73405284224cc386dcf) C:\Windows\system32\DRIVERS\usbccgp.sys
22:32:56.0326 1592 usbccgp - ok
22:32:56.0514 1592 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
22:32:56.0529 1592 usbcir - ok
22:32:56.0638 1592 usbehci (07b738a1f57e4ec870406e74da5754af) C:\Windows\system32\DRIVERS\usbehci.sys
22:32:56.0654 1592 usbehci - ok
22:32:56.0935 1592 usbhub (b668e8e0ef2910f28baf550b04de57f2) C:\Windows\system32\DRIVERS\usbhub.sys
22:32:56.0982 1592 usbhub - ok
22:32:57.0075 1592 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
22:32:57.0076 1592 usbohci - ok
22:32:57.0139 1592 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
22:32:57.0139 1592 usbprint - ok
22:32:57.0466 1592 USBSTOR (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:32:57.0497 1592 USBSTOR - ok
22:32:57.0529 1592 usbuhci (e76f2b26a5917f555844c128954bb52b) C:\Windows\system32\DRIVERS\usbuhci.sys
22:32:57.0544 1592 usbuhci - ok
22:32:57.0591 1592 UxSms (9190f03c82547afa87367f1ceca88f3b) C:\Windows\System32\uxsms.dll
22:32:57.0622 1592 UxSms - ok
22:32:57.0872 1592 vds (c15a4a550cba7b9f1f68b72528e04ce1) C:\Windows\System32\vds.exe
22:32:57.0965 1592 vds - ok
22:32:57.0997 1592 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
22:32:58.0012 1592 vga - ok
22:32:58.0028 1592 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
22:32:58.0043 1592 VgaSave - ok
22:32:58.0059 1592 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
22:32:58.0075 1592 viaide - ok
22:32:58.0122 1592 volmgr (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys
22:32:58.0122 1592 volmgr - ok
22:32:58.0294 1592 volmgrx (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys
22:32:58.0310 1592 volmgrx - ok
22:32:58.0481 1592 volsnap (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys
22:32:58.0481 1592 volsnap - ok
22:32:58.0528 1592 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
22:32:58.0544 1592 vsmraid - ok
22:32:59.0558 1592 VSS (186bd53f8a408ad20f5a056c05678629) C:\Windows\system32\vssvc.exe
22:32:59.0729 1592 VSS - ok
22:33:00.0213 1592 W32Time (ba29f34a61cb55c0dee29e787542edf4) C:\Windows\system32\w32time.dll
22:33:00.0228 1592 W32Time - ok
22:33:00.0275 1592 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
22:33:00.0275 1592 WacomPen - ok
22:33:00.0306 1592 Wanarp (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
22:33:00.0338 1592 Wanarp - ok
22:33:00.0338 1592 Wanarpv6 (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
22:33:00.0353 1592 Wanarpv6 - ok
22:33:00.0525 1592 wcncsvc (055449247c490e24b968b44fe8a969eb) C:\Windows\System32\wcncsvc.dll
22:33:00.0618 1592 wcncsvc - ok
22:33:00.0650 1592 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
22:33:00.0681 1592 WcsPlugInService - ok
22:33:00.0821 1592 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
22:33:00.0821 1592 Wd - ok
22:33:01.0820 1592 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
22:33:01.0820 1592 Wdf01000 - ok
22:33:02.0272 1592 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
22:33:02.0303 1592 WdiServiceHost - ok
22:33:02.0303 1592 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
22:33:02.0303 1592 WdiSystemHost - ok
22:33:02.0350 1592 WebClient (3d4ab55f8178fd0cd3ca45cd0ec9cf5b) C:\Windows\System32\webclnt.dll
22:33:02.0350 1592 WebClient - ok
22:33:02.0584 1592 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
22:33:02.0615 1592 Wecsvc - ok
22:33:03.0114 1592 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
22:33:03.0177 1592 wercplsupport - ok
22:33:03.0333 1592 WerSvc (fc25242b3bcaf7e84d9184082274ae08) C:\Windows\System32\WerSvc.dll
22:33:03.0333 1592 WerSvc - ok
22:33:03.0364 1592 WinHttpAutoProxySvc - ok
22:33:03.0832 1592 Winmgmt (ac98f38feab066a8f983d54ff3f4fd4c) C:\Windows\system32\wbem\WMIsvc.dll
22:33:03.0879 1592 Winmgmt - ok
22:33:06.0250 1592 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
22:33:06.0422 1592 WinRM - ok
22:33:08.0091 1592 Wlansvc (0a69955261c1b54206adc9beb89517de) C:\Windows\System32\wlansvc.dll
22:33:08.0169 1592 Wlansvc - ok
22:33:08.0169 1592 wltrysvc - ok
22:33:08.0247 1592 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:33:08.0247 1592 WmiAcpi - ok
22:33:08.0403 1592 wmiApSrv (d303322dd577c3deda1251ed2e7a496c) C:\Windows\system32\wbem\WmiApSrv.exe
22:33:08.0418 1592 wmiApSrv - ok
22:33:08.0528 1592 WMPNetworkSvc - ok
22:33:08.0574 1592 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
22:33:08.0606 1592 WPCSvc - ok
22:33:08.0637 1592 WPDBusEnum (a27c8f92d84e2ddc151978e4692c978e) C:\Windows\system32\wpdbusenum.dll
22:33:08.0637 1592 WPDBusEnum - ok
22:33:08.0730 1592 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys
22:33:08.0746 1592 WpdUsb - ok
22:33:09.0698 1592 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:33:09.0807 1592 WPFFontCache_v0400 - ok
22:33:10.0119 1592 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
22:33:10.0150 1592 ws2ifsl - ok
22:33:10.0150 1592 WSearch - ok
22:33:10.0337 1592 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:33:10.0337 1592 WUDFRd - ok
22:33:10.0415 1592 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
22:33:10.0431 1592 wudfsvc - ok
22:33:10.0478 1592 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
22:33:10.0618 1592 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
22:33:10.0618 1592 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
22:33:10.0618 1592 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR1
22:33:10.0618 1592 \Device\Harddisk1\DR1 - ok
22:33:10.0790 1592 Boot (0x1200) (2f9770032e6bff69f928543361bf5c48) \Device\Harddisk0\DR0\Partition0
22:33:10.0914 1592 \Device\Harddisk0\DR0\Partition0 - ok
22:33:10.0992 1592 Boot (0x1200) (d8059160b186040b9dc4999e89106e6d) \Device\Harddisk0\DR0\Partition1
22:33:10.0992 1592 \Device\Harddisk0\DR0\Partition1 - ok
22:33:10.0992 1592 Boot (0x1200) (ea5f023d4dbcf254671ea60c4c5317e3) \Device\Harddisk1\DR1\Partition0
22:33:10.0992 1592 \Device\Harddisk1\DR1\Partition0 - ok
22:33:10.0992 1592 ============================================================
22:33:10.0992 1592 Scan finished
22:33:10.0992 1592 ============================================================
22:33:10.0992 3900 Detected object count: 1
22:33:10.0992 3900 Actual detected object count: 1
22:33:36.0156 3900 \Device\Harddisk0\DR0\# - copied to quarantine
22:33:36.0156 3900 \Device\Harddisk0\DR0 - copied to quarantine
22:33:36.0983 3900 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
22:33:37.0077 3900 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
22:33:37.0092 3900 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
22:33:37.0123 3900 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
22:33:37.0607 3900 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
22:33:39.0073 3900 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
22:33:39.0120 3900 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
22:33:39.0120 3900 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
22:33:39.0120 3900 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
22:33:39.0323 3900 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
22:33:39.0432 3900 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
22:33:39.0432 3900 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
22:33:39.0448 3900 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
22:33:39.0604 3900 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
22:33:39.0697 3900 \Device\Harddisk0\DR0 - ok
22:33:43.0956 3900 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
22:41:21.0179 1140 Deinitialize success
Broni
Posts: 56,041 +516
Good 
Please download ComboFix from Here, Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.
Make sure, you re-enable your security programs, when you're done with Combofix.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NOTE.
If, for some reason, Combofix refuses to run, try the following...
Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
http://download.bleepingcomputer.com/grinler/beta/rkill.exe
http://download.bleepingcomputer.com/grinler/beta/iExplore.exe
Restart computer in safe mode
When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.
Please post BOTH logs, rKillt.xt and Combofix.txt.
Please download ComboFix from Here, Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
- Double click on combofix.exe & follow the prompts.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.
Make sure, you re-enable your security programs, when you're done with Combofix.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NOTE.
If, for some reason, Combofix refuses to run, try the following...
Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
http://download.bleepingcomputer.com/grinler/beta/rkill.exe
http://download.bleepingcomputer.com/grinler/beta/iExplore.exe
Restart computer in safe mode
- Double-click on the Rkill desktop icon to run the tool.
- If using Vista or Windows 7 right-click on it and choose Run As Administrator.
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use the one provided in Link 2.
- Do not reboot until instructed.
- If the tool does not run from any of the links provided, please let me know.
When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.
Please post BOTH logs, rKillt.xt and Combofix.txt.
ComboFix 12-08-10.02 - Owner 08/12/2012 12:49:11.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4054.2740 [GMT -7:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\blekkotb_soc\blEKkotb_019x.dll
c:\users\Owner\AppData\Roaming\download2
c:\windows\svchost.exe
c:\windows\system32\FAPassSync.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-07-12 to 2012-08-12 )))))))))))))))))))))))))))))))
.
.
2012-08-12 20:01 . 2012-08-12 20:01 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F1B082BD-BC02-4257-9DBF-7B380F37F518}\offreg.dll
2012-08-12 19:57 . 2012-08-12 20:01 -------- d-----w- c:\users\Owner\AppData\Local\temp
2012-08-12 19:57 . 2012-08-12 19:57 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-08-12 19:57 . 2012-08-12 19:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-12 05:49 . 2012-08-12 05:49 -------- d-----w- C:\FRST
2012-08-12 05:33 . 2012-08-12 05:33 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-12 03:37 . 2012-08-12 03:37 -------- d-----w- C:\$WINDOWS.~BT
2012-08-11 00:13 . 2012-08-11 00:13 -------- d-----w- c:\program files\AVAST Software
2012-08-10 06:32 . 2012-08-10 06:32 -------- d-----w- c:\users\Owner\.limewire
2012-08-09 03:11 . 2012-02-09 21:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-08-09 03:11 . 2012-02-09 21:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A0062EAD-3E43-4FAD-A98B-6D21165896C3}\gapaengine.dll
2012-08-09 03:10 . 2012-07-16 09:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F1B082BD-BC02-4257-9DBF-7B380F37F518}\mpengine.dll
2012-08-09 03:08 . 2012-08-09 03:08 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-08-09 03:07 . 2012-08-09 03:08 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-03 05:23 . 2012-08-03 05:23 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-08-01 04:32 . 2012-08-01 04:39 -------- d-----w- c:\users\Owner\AppData\Local\IM Providers
2012-07-19 02:24 . 2012-07-19 02:24 -------- d-----w- c:\users\Owner\AppData\Roaming\SpeedyPC Software
2012-07-19 02:24 . 2012-07-19 02:24 -------- d-----w- c:\users\Owner\AppData\Roaming\DriverCure
2012-07-19 02:24 . 2012-07-19 02:46 -------- d-----w- c:\programdata\SpeedyPC Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 22:36 . 2012-06-18 00:45 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 22:36 . 2011-07-08 01:21 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 10:01 . 2006-11-02 12:35 59701280 ----a-w- c:\windows\system32\mrt.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files (x86)\ToggleEN\tbTogg.dll" [2008-11-24 1784856]
.
[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
2008-11-24 07:03 1784856 ----a-w- c:\program files (x86)\ToggleEN\tbTogg.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files (x86)\ToggleEN\tbTogg.dll" [2008-11-24 1784856]
.
[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1555968]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-19 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PCMService"="c:\program files (x86)\Dell\MediaDirect\PCMService.exe" [2008-07-04 132392]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"CarboniteSetupLite"="c:\program files (x86)\Carbonite\CarbonitePreinstaller.exe" [2010-03-09 283792]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2008-09-05 95488]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-7-31 1995344]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2008-09-05 23:16 140544 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_310debf0\AESTSr64.exe [2009-03-02 89600]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-18 22:36]
.
2012-07-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2902662569-1094894158-3628613558-1000Core.job
- c:\users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-17 11:03]
.
2012-08-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2902662569-1094894158-3628613558-1000UA.job
- c:\users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-17 11:03]
.
2012-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 02:53]
.
2012-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 02:53]
.
2012-08-10 c:\windows\Tasks\User_Feed_Synchronization-{E6CF3ADF-9CEF-4597-BAD8-2EDBC1D256F1}.job
- c:\windows\system32\msfeedssync.exe [2011-06-15 04:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-08-25 272896]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-20 3863040]
"fssui"="c:\program files (x86)\Windows Live\Family Safety\fsui.exe" [2010-04-28 647528]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
"combofix"="c:\combofix\CF18754.3XE" [2008-01-21 363008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\7ehulrm1.default\
FF - prefs.js: browser.search.selectedEngine - Blekko
FF - prefs.js: browser.startup.homepage - hxxp://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=9CBED192DC65855AF95A4C4FCAE98330&tbp=homepage
FF - prefs.js: keyword.URL - hxxp://blekko.com/ws/?source={SourceID}&tbp=url&toolbarid=blekkotb_soc&u=USERGUID&q=
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-FAStartup - (no file)
WebBrowser-{038CB5C7-48EA-4AF9-94E0-A1646542E62B} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe
c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe
c:\program files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
.
**************************************************************************
.
Completion time: 2012-08-12 13:09:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-12 20:09
.
Pre-Run: 212,011,761,664 bytes free
Post-Run: 213,026,349,056 bytes free
.
- - End Of File - - 446528D118C2F5D010E1A3FA233E370F
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4054.2740 [GMT -7:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\blekkotb_soc\blEKkotb_019x.dll
c:\users\Owner\AppData\Roaming\download2
c:\windows\svchost.exe
c:\windows\system32\FAPassSync.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-07-12 to 2012-08-12 )))))))))))))))))))))))))))))))
.
.
2012-08-12 20:01 . 2012-08-12 20:01 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F1B082BD-BC02-4257-9DBF-7B380F37F518}\offreg.dll
2012-08-12 19:57 . 2012-08-12 20:01 -------- d-----w- c:\users\Owner\AppData\Local\temp
2012-08-12 19:57 . 2012-08-12 19:57 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-08-12 19:57 . 2012-08-12 19:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-12 05:49 . 2012-08-12 05:49 -------- d-----w- C:\FRST
2012-08-12 05:33 . 2012-08-12 05:33 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-12 03:37 . 2012-08-12 03:37 -------- d-----w- C:\$WINDOWS.~BT
2012-08-11 00:13 . 2012-08-11 00:13 -------- d-----w- c:\program files\AVAST Software
2012-08-10 06:32 . 2012-08-10 06:32 -------- d-----w- c:\users\Owner\.limewire
2012-08-09 03:11 . 2012-02-09 21:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-08-09 03:11 . 2012-02-09 21:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A0062EAD-3E43-4FAD-A98B-6D21165896C3}\gapaengine.dll
2012-08-09 03:10 . 2012-07-16 09:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F1B082BD-BC02-4257-9DBF-7B380F37F518}\mpengine.dll
2012-08-09 03:08 . 2012-08-09 03:08 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-08-09 03:07 . 2012-08-09 03:08 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-03 05:23 . 2012-08-03 05:23 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-08-01 04:32 . 2012-08-01 04:39 -------- d-----w- c:\users\Owner\AppData\Local\IM Providers
2012-07-19 02:24 . 2012-07-19 02:24 -------- d-----w- c:\users\Owner\AppData\Roaming\SpeedyPC Software
2012-07-19 02:24 . 2012-07-19 02:24 -------- d-----w- c:\users\Owner\AppData\Roaming\DriverCure
2012-07-19 02:24 . 2012-07-19 02:46 -------- d-----w- c:\programdata\SpeedyPC Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 22:36 . 2012-06-18 00:45 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 22:36 . 2011-07-08 01:21 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 10:01 . 2006-11-02 12:35 59701280 ----a-w- c:\windows\system32\mrt.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files (x86)\ToggleEN\tbTogg.dll" [2008-11-24 1784856]
.
[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
2008-11-24 07:03 1784856 ----a-w- c:\program files (x86)\ToggleEN\tbTogg.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files (x86)\ToggleEN\tbTogg.dll" [2008-11-24 1784856]
.
[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1555968]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-19 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PCMService"="c:\program files (x86)\Dell\MediaDirect\PCMService.exe" [2008-07-04 132392]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"CarboniteSetupLite"="c:\program files (x86)\Carbonite\CarbonitePreinstaller.exe" [2010-03-09 283792]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2008-09-05 95488]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-7-31 1995344]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2008-09-05 23:16 140544 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_310debf0\AESTSr64.exe [2009-03-02 89600]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-18 22:36]
.
2012-07-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2902662569-1094894158-3628613558-1000Core.job
- c:\users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-17 11:03]
.
2012-08-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2902662569-1094894158-3628613558-1000UA.job
- c:\users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-17 11:03]
.
2012-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 02:53]
.
2012-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 02:53]
.
2012-08-10 c:\windows\Tasks\User_Feed_Synchronization-{E6CF3ADF-9CEF-4597-BAD8-2EDBC1D256F1}.job
- c:\windows\system32\msfeedssync.exe [2011-06-15 04:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-08-25 272896]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-20 3863040]
"fssui"="c:\program files (x86)\Windows Live\Family Safety\fsui.exe" [2010-04-28 647528]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
"combofix"="c:\combofix\CF18754.3XE" [2008-01-21 363008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\7ehulrm1.default\
FF - prefs.js: browser.search.selectedEngine - Blekko
FF - prefs.js: browser.startup.homepage - hxxp://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=9CBED192DC65855AF95A4C4FCAE98330&tbp=homepage
FF - prefs.js: keyword.URL - hxxp://blekko.com/ws/?source={SourceID}&tbp=url&toolbarid=blekkotb_soc&u=USERGUID&q=
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-FAStartup - (no file)
WebBrowser-{038CB5C7-48EA-4AF9-94E0-A1646542E62B} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe
c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe
c:\program files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
.
**************************************************************************
.
Completion time: 2012-08-12 13:09:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-12 20:09
.
Pre-Run: 212,011,761,664 bytes free
Post-Run: 213,026,349,056 bytes free
.
- - End Of File - - 446528D118C2F5D010E1A3FA233E370F
Broni
Posts: 56,041 +516
Looks good
Any current issues?
=====================================
Please paste the content of the following file:
C:\Qoobox\Add-Remove Programs.txt
=====================================
Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
NOTE. If you already have MBAM installed, update it before running the scan.
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
Be sure to restart the computer IF MBAM asks you to do so.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
=================================
Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
Any current issues?
=====================================
Please paste the content of the following file:
C:\Qoobox\Add-Remove Programs.txt
=====================================
Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
NOTE. If you already have MBAM installed, update it before running the scan.
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
Be sure to restart the computer IF MBAM asks you to do so.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
=================================
Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Click the Scan All Users checkbox.
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.12.05
Windows Vista Service Pack 1 x64 NTFS
Internet Explorer 8.0.6001.19088
Owner :: OWNER-PC [administrator]
8/12/2012 1:51:15 PM
mbam-log-2012-08-12 (13-51-15).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219795
Time elapsed: 4 minute(s), 17 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 8
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} (PUP.BlekkoSearchBar) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0003491.BHO (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0003491.FBApi (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0003491.FBApi.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0003491.Sandbox (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0003491.Sandbox.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
Registry Values Detected: 1
HKCU\Software\InstalledBrowserExtensions\215 Apps|3491 (PUP.CrossFire.SA) -> Data: Vid-Saver -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
www.malwarebytes.org
Database version: v2012.08.12.05
Windows Vista Service Pack 1 x64 NTFS
Internet Explorer 8.0.6001.19088
Owner :: OWNER-PC [administrator]
8/12/2012 1:51:15 PM
mbam-log-2012-08-12 (13-51-15).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219795
Time elapsed: 4 minute(s), 17 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 8
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} (PUP.BlekkoSearchBar) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0003491.BHO (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0003491.FBApi (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0003491.FBApi.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0003491.Sandbox (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0003491.Sandbox.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
Registry Values Detected: 1
HKCU\Software\InstalledBrowserExtensions\215 Apps|3491 (PUP.CrossFire.SA) -> Data: Vid-Saver -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9
Advanced Audio FX Engine
Anti-phishing Domain Advisor
Apple Application Support
Apple Software Update
Ares 2.1.1
Ares 3.1.5.3033
Bing Bar
Blekko search bar
Carbonite Online Backup Setup
Compatibility Pack for the 2007 Office system
Cozi
Dell Getting Started Guide
Dell Video Chat (remove only)
Dell Webcam Central
EDocs
Facebook Video Calling 1.2.0.159
Galería fotográfica de Windows Live
Google Toolbar for Internet Explorer
Google Update Helper
Herramienta de carga de Windows Live
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
IDT Audio
ITECIR
Java Auto Updater
Java(TM) 6 Update 19
Java(TM) 6 Update 7
Junk Mail filter update
LimeWire 4.18.8
Live! Cam Avatar Creator
Malwarebytes Anti-Malware version 1.61.0.1400
McAfee Security Scan Plus
MediaDirect
Microsoft Choice Guard
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Works
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Skype Click to Call
Skype™ 5.10
ToggleEN Toolbar
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Vid-Saver
Virtual DJ - Atomix Productions
Windows Live Asistente para el inicio de sesión
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sync
Windows Live Writer
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9
Advanced Audio FX Engine
Anti-phishing Domain Advisor
Apple Application Support
Apple Software Update
Ares 2.1.1
Ares 3.1.5.3033
Bing Bar
Blekko search bar
Carbonite Online Backup Setup
Compatibility Pack for the 2007 Office system
Cozi
Dell Getting Started Guide
Dell Video Chat (remove only)
Dell Webcam Central
EDocs
Facebook Video Calling 1.2.0.159
Galería fotográfica de Windows Live
Google Toolbar for Internet Explorer
Google Update Helper
Herramienta de carga de Windows Live
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
IDT Audio
ITECIR
Java Auto Updater
Java(TM) 6 Update 19
Java(TM) 6 Update 7
Junk Mail filter update
LimeWire 4.18.8
Live! Cam Avatar Creator
Malwarebytes Anti-Malware version 1.61.0.1400
McAfee Security Scan Plus
MediaDirect
Microsoft Choice Guard
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Works
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Skype Click to Call
Skype™ 5.10
ToggleEN Toolbar
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Vid-Saver
Virtual DJ - Atomix Productions
Windows Live Asistente para el inicio de sesión
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sync
Windows Live Writer
OTL logfile created on: 8/12/2012 2:03:35 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.96 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 62.32% Memory free
8.13 Gb Paging File | 6.45 Gb Available in Paging File | 79.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.01 Gb Total Space | 197.78 Gb Free Space | 68.67% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.35 Gb Free Space | 33.49% Space Free | Partition Type: NTFS
Drive E: | 4.20 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 1.87 Gb Total Space | 1.20 Gb Free Space | 63.88% Space Free | Partition Type: FAT
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/08/12 13:42:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2012/02/13 21:19:20 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.EXE
PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2008/09/23 21:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/09/05 16:17:08 | 001,836,288 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
PRC - [2008/09/05 16:17:08 | 000,095,488 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
PRC - [2008/09/05 16:16:54 | 002,340,096 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
PRC - [2008/07/04 13:16:58 | 000,132,392 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe
========== Modules (No Company Name) ==========
MOD - [2008/09/05 16:16:36 | 000,233,216 | ---- | M] () -- C:\Windows\SysWOW64\FACrashRpt.dll
MOD - [2008/09/05 16:16:36 | 000,059,136 | ---- | M] () -- C:\Windows\SysWOW64\FAib.dll
MOD - [2008/09/05 16:16:20 | 000,087,296 | ---- | M] () -- C:\Windows\SysWOW64\FAIEExtension.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/06/29 12:44:38 | 000,240,128 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_310debf0\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/03/02 13:42:58 | 000,089,600 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_310debf0\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/11/20 03:21:12 | 000,031,744 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008/09/23 21:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/08/03 15:36:11 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/31 21:39:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/13 21:19:20 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/13 21:19:20 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.EXE -- (BBSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/09/05 16:16:54 | 002,340,096 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)
SRV - [2008/07/27 11:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/08/06 00:24:16 | 000,061,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/06/29 12:44:38 | 000,487,424 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/12/26 18:05:00 | 000,318,656 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Vid.sys -- (OA001Vid)
DRV:64bit: - [2008/11/26 07:02:18 | 000,158,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Ufd.sys -- (OA001Ufd)
DRV:64bit: - [2008/11/20 03:20:52 | 000,022,520 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV:64bit: - [2008/10/27 04:21:50 | 001,374,712 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/09/03 04:59:18 | 000,126,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2008/08/25 04:26:08 | 000,199,728 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/08/25 03:35:36 | 000,059,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir)
DRV:64bit: - [2008/08/02 15:36:16 | 000,243,840 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\facap.sys -- (FACAP)
DRV:64bit: - [2008/07/17 03:59:12 | 000,057,856 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008/07/17 03:59:10 | 000,062,976 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/07/17 03:59:08 | 000,055,296 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008/07/16 04:50:42 | 000,239,104 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2008/01/20 19:51:07 | 000,016,384 | ---- | M] () [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2008/01/20 19:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 19:46:55 | 000,317,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
DRV:64bit: - [2008/01/20 19:46:55 | 000,111,104 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/11/14 02:00:00 | 000,053,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2006/11/02 00:48:50 | 002,488,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files (x86)\ToggleEN\tbTogg.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2077543
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2902662569-1094894158-3628613558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=skyp&ocid=skydhp
IE - HKU\S-1-5-21-2902662569-1094894158-3628613558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US,es-MX;q=0.5
IE - HKU\S-1-5-21-2902662569-1094894158-3628613558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 3B 4F 20 13 41 CD 01 [binary data]
IE - HKU\S-1-5-21-2902662569-1094894158-3628613558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2902662569-1094894158-3628613558-1000\..\URLSearchHook: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files (x86)\ToggleEN\tbTogg.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2902662569-1094894158-3628613558-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2902662569-1094894158-3628613558-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2902662569-1094894158-3628613558-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws/?source=c3348d...ED192DC65855AF95A4C4FCAE98330&q={searchTerms}
IE - HKU\S-1-5-21-2902662569-1094894158-3628613558-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&sourceid=ie7&rlz=1I7DKUS_enUS310
IE - HKU\S-1-5-21-2902662569-1094894158-3628613558-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2077543
IE - HKU\S-1-5-21-2902662569-1094894158-3628613558-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2902662569-1094894158-3628613558-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Blekko"
FF - prefs.js..browser.search.order.1: "Blekko"
FF - prefs.js..browser.search.selectedEngine: "Blekko"
FF - prefs.js..browser.startup.homepage: "http://blekko.com/ws/?source=c3348d...9CBED192DC65855AF95A4C4FCAE98330&tbp=homepage"
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: crossriderapp3491@crossrider.com:0.81.24
FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.20.00
FF - prefs.js..keyword.URL: "http://blekko.com/ws/?source={SourceID}&tbp=url&toolbarid=blekkotb_soc&u=USERGUID&q="
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/31 21:39:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/25 21:54:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/31 21:39:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/25 21:54:03 | 000,000,000 | ---D | M]
[2010/01/05 23:59:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2012/07/27 23:35:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\7ehulrm1.default\extensions
[2012/06/02 18:22:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\7ehulrm1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/06/25 21:54:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/23 23:02:57 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/07/31 21:39:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/09 20:35:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/02 21:35:25 | 000,002,134 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\search.xml
[2012/07/09 20:35:41 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2012/08/12 13:01:36 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7725.1624\swg64.dll (Google Inc.)
O2 - BHO: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files (x86)\ToggleEN\tbTogg.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7725.1624\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files (x86)\ToggleEN\tbTogg.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-2902662569-1094894158-3628613558-1000\..\Toolbar\WebBrowser: (ToggleEN Toolbar) - {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - C:\Program Files (x86)\ToggleEN\tbTogg.dll (Conduit Ltd.)
O3:64bit: - HKU\S-1-5-21-2902662569-1094894158-3628613558-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [PCMService] C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2902662569-1094894158-3628613558-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2902662569-1094894158-3628613558-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-2902662569-1094894158-3628613558-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4EFB7B2B-34F6-4C74-84CF-0D57020BBC17}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D7CDB1A-BA43-422B-819C-43341EF0DA2B}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll ()
O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
O24 - Desktop WallPaper: C:\Users\Owner\Pictures\2012-05-07 West Coast trip\West Coast trip 050.JPG
O24 - Desktop BackupWallPaper: C:\Users\Owner\Pictures\2012-05-07 West Coast trip\West Coast trip 050.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/21 13:00:00 | 000,000,122 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/08/12 14:01:00 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/08/12 13:09:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
[2012/08/12 13:01:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/12 12:57:37 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/12 12:45:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/12 12:45:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/12 12:45:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/12 12:45:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/12 12:45:13 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/12 12:44:09 | 004,729,547 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/08/11 22:49:31 | 000,000,000 | ---D | C] -- C:\FRST
[2012/08/11 22:33:27 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/08/11 22:30:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\tdsskiller
[2012/08/11 20:37:18 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~BT
[2012/08/10 17:13:09 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/08/10 16:22:30 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/08/09 23:32:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\.limewire
[2012/08/08 20:08:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/08/08 20:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/08/02 22:23:37 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/07/31 21:32:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\IM Providers
[2012/07/18 19:24:59 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\SpeedyPC Software
[2012/07/18 19:24:59 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\DriverCure
[2012/07/18 19:24:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
[2012/07/18 19:24:44 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
========== Files - Modified Within 30 Days ==========
[2012/08/12 13:48:48 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/12 13:48:46 | 000,001,758 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2012/08/12 13:47:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/12 13:42:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/08/12 13:36:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/12 13:08:07 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2902662569-1094894158-3628613558-1000UA.job
[2012/08/12 13:06:07 | 000,724,780 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/12 13:06:07 | 000,619,802 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/12 13:06:07 | 000,109,772 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/12 13:01:36 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/12 13:01:27 | 000,000,434 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012/08/12 13:01:12 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/12 13:00:59 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/12 13:00:59 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/12 13:00:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/12 12:25:42 | 004,729,547 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/08/11 22:18:54 | 002,117,108 | ---- | M] () -- C:\Users\Owner\Desktop\tdsskiller.zip
[2012/08/11 20:36:30 | 000,001,887 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012/08/11 20:36:30 | 000,001,887 | ---- | M] () -- C:\Windows\diagerr.xml
[2012/08/10 15:53:33 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E6CF3ADF-9CEF-4597-BAD8-2EDBC1D256F1}.job
[2012/08/10 15:43:43 | 389,837,850 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/09 23:00:42 | 000,000,680 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2012/08/08 20:09:17 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/08 20:08:12 | 000,739,784 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/18 19:25:00 | 000,001,771 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
========== Files Created - No Company Name ==========
[2012/08/12 12:45:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/12 12:45:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/12 12:45:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/12 12:45:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/12 12:45:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/11 22:29:45 | 002,117,108 | ---- | C] () -- C:\Users\Owner\Desktop\tdsskiller.zip
[2012/08/11 20:33:57 | 000,001,887 | ---- | C] () -- C:\Windows\diagwrn.xml
[2012/08/11 20:33:57 | 000,001,887 | ---- | C] () -- C:\Windows\diagerr.xml
[2012/08/08 20:08:21 | 000,001,828 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/10/25 22:35:51 | 000,023,604 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2011/01/25 21:03:58 | 000,739,784 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/03/31 11:05:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/03/26 10:31:29 | 000,560,911 | ---- | C] () -- C:\Users\Owner\Formulario dmv.pdf
[2009/02/17 14:06:13 | 000,001,758 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2009/02/11 12:07:22 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2009/01/13 15:43:22 | 000,011,776 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== LOP Check ==========
[2012/07/18 19:24:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DriverCure
[2012/08/10 16:22:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LimeWire
[2012/07/18 19:24:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SpeedyPC Software
[2009/02/17 14:06:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template
[2012/07/12 04:08:00 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2902662569-1094894158-3628613558-1000Core.job
[2012/08/12 13:08:07 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2902662569-1094894158-3628613558-1000UA.job
[2012/08/12 12:59:05 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/08/10 15:53:33 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E6CF3ADF-9CEF-4597-BAD8-2EDBC1D256F1}.job
========== Purity Check ==========
< End of report >
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.96 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 62.32% Memory free
8.13 Gb Paging File | 6.45 Gb Available in Paging File | 79.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.01 Gb Total Space | 197.78 Gb Free Space | 68.67% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.35 Gb Free Space | 33.49% Space Free | Partition Type: NTFS
Drive E: | 4.20 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 1.87 Gb Total Space | 1.20 Gb Free Space | 63.88% Space Free | Partition Type: FAT
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/08/12 13:42:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2012/02/13 21:19:20 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.EXE
PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2008/09/23 21:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/09/05 16:17:08 | 001,836,288 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
PRC - [2008/09/05 16:17:08 | 000,095,488 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
PRC - [2008/09/05 16:16:54 | 002,340,096 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
PRC - [2008/07/04 13:16:58 | 000,132,392 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe
========== Modules (No Company Name) ==========
MOD - [2008/09/05 16:16:36 | 000,233,216 | ---- | M] () -- C:\Windows\SysWOW64\FACrashRpt.dll
MOD - [2008/09/05 16:16:36 | 000,059,136 | ---- | M] () -- C:\Windows\SysWOW64\FAib.dll
MOD - [2008/09/05 16:16:20 | 000,087,296 | ---- | M] () -- C:\Windows\SysWOW64\FAIEExtension.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/06/29 12:44:38 | 000,240,128 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_310debf0\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/03/02 13:42:58 | 000,089,600 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_310debf0\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/11/20 03:21:12 | 000,031,744 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008/09/23 21:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/08/03 15:36:11 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/31 21:39:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/13 21:19:20 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/13 21:19:20 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.EXE -- (BBSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/09/05 16:16:54 | 002,340,096 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)
SRV - [2008/07/27 11:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/08/06 00:24:16 | 000,061,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/06/29 12:44:38 | 000,487,424 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/12/26 18:05:00 | 000,318,656 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Vid.sys -- (OA001Vid)
DRV:64bit: - [2008/11/26 07:02:18 | 000,158,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Ufd.sys -- (OA001Ufd)
DRV:64bit: - [2008/11/20 03:20:52 | 000,022,520 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV:64bit: - [2008/10/27 04:21:50 | 001,374,712 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/09/03 04:59:18 | 000,126,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2008/08/25 04:26:08 | 000,199,728 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/08/25 03:35:36 | 000,059,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir)
DRV:64bit: - [2008/08/02 15:36:16 | 000,243,840 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\facap.sys -- (FACAP)
DRV:64bit: - [2008/07/17 03:59:12 | 000,057,856 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008/07/17 03:59:10 | 000,062,976 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/07/17 03:59:08 | 000,055,296 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008/07/16 04:50:42 | 000,239,104 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2008/01/20 19:51:07 | 000,016,384 | ---- | M] () [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2008/01/20 19:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 19:46:55 | 000,317,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
DRV:64bit: - [2008/01/20 19:46:55 | 000,111,104 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/11/14 02:00:00 | 000,053,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2006/11/02 00:48:50 | 002,488,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files (x86)\ToggleEN\tbTogg.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2077543
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2902662569-1094894158-3628613558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=skyp&ocid=skydhp
IE - HKU\S-1-5-21-2902662569-1094894158-3628613558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US,es-MX;q=0.5
IE - HKU\S-1-5-21-2902662569-1094894158-3628613558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 3B 4F 20 13 41 CD 01 [binary data]
IE - HKU\S-1-5-21-2902662569-1094894158-3628613558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2902662569-1094894158-3628613558-1000\..\URLSearchHook: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files (x86)\ToggleEN\tbTogg.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2902662569-1094894158-3628613558-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2902662569-1094894158-3628613558-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2902662569-1094894158-3628613558-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws/?source=c3348d...ED192DC65855AF95A4C4FCAE98330&q={searchTerms}
IE - HKU\S-1-5-21-2902662569-1094894158-3628613558-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&sourceid=ie7&rlz=1I7DKUS_enUS310
IE - HKU\S-1-5-21-2902662569-1094894158-3628613558-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2077543
IE - HKU\S-1-5-21-2902662569-1094894158-3628613558-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2902662569-1094894158-3628613558-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Blekko"
FF - prefs.js..browser.search.order.1: "Blekko"
FF - prefs.js..browser.search.selectedEngine: "Blekko"
FF - prefs.js..browser.startup.homepage: "http://blekko.com/ws/?source=c3348d...9CBED192DC65855AF95A4C4FCAE98330&tbp=homepage"
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: crossriderapp3491@crossrider.com:0.81.24
FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.20.00
FF - prefs.js..keyword.URL: "http://blekko.com/ws/?source={SourceID}&tbp=url&toolbarid=blekkotb_soc&u=USERGUID&q="
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/31 21:39:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/25 21:54:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/31 21:39:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/25 21:54:03 | 000,000,000 | ---D | M]
[2010/01/05 23:59:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2012/07/27 23:35:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\7ehulrm1.default\extensions
[2012/06/02 18:22:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\7ehulrm1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/06/25 21:54:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/23 23:02:57 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/07/31 21:39:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/09 20:35:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/02 21:35:25 | 000,002,134 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\search.xml
[2012/07/09 20:35:41 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2012/08/12 13:01:36 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7725.1624\swg64.dll (Google Inc.)
O2 - BHO: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files (x86)\ToggleEN\tbTogg.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7725.1624\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files (x86)\ToggleEN\tbTogg.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-2902662569-1094894158-3628613558-1000\..\Toolbar\WebBrowser: (ToggleEN Toolbar) - {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - C:\Program Files (x86)\ToggleEN\tbTogg.dll (Conduit Ltd.)
O3:64bit: - HKU\S-1-5-21-2902662569-1094894158-3628613558-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [PCMService] C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2902662569-1094894158-3628613558-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2902662569-1094894158-3628613558-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-2902662569-1094894158-3628613558-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4EFB7B2B-34F6-4C74-84CF-0D57020BBC17}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D7CDB1A-BA43-422B-819C-43341EF0DA2B}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll ()
O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
O24 - Desktop WallPaper: C:\Users\Owner\Pictures\2012-05-07 West Coast trip\West Coast trip 050.JPG
O24 - Desktop BackupWallPaper: C:\Users\Owner\Pictures\2012-05-07 West Coast trip\West Coast trip 050.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/21 13:00:00 | 000,000,122 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/08/12 14:01:00 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/08/12 13:09:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
[2012/08/12 13:01:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/12 12:57:37 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/12 12:45:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/12 12:45:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/12 12:45:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/12 12:45:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/12 12:45:13 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/12 12:44:09 | 004,729,547 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/08/11 22:49:31 | 000,000,000 | ---D | C] -- C:\FRST
[2012/08/11 22:33:27 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/08/11 22:30:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\tdsskiller
[2012/08/11 20:37:18 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~BT
[2012/08/10 17:13:09 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/08/10 16:22:30 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/08/09 23:32:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\.limewire
[2012/08/08 20:08:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/08/08 20:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/08/02 22:23:37 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/07/31 21:32:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\IM Providers
[2012/07/18 19:24:59 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\SpeedyPC Software
[2012/07/18 19:24:59 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\DriverCure
[2012/07/18 19:24:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
[2012/07/18 19:24:44 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
========== Files - Modified Within 30 Days ==========
[2012/08/12 13:48:48 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/12 13:48:46 | 000,001,758 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2012/08/12 13:47:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/12 13:42:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/08/12 13:36:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/12 13:08:07 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2902662569-1094894158-3628613558-1000UA.job
[2012/08/12 13:06:07 | 000,724,780 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/12 13:06:07 | 000,619,802 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/12 13:06:07 | 000,109,772 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/12 13:01:36 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/12 13:01:27 | 000,000,434 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012/08/12 13:01:12 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/12 13:00:59 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/12 13:00:59 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/12 13:00:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/12 12:25:42 | 004,729,547 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/08/11 22:18:54 | 002,117,108 | ---- | M] () -- C:\Users\Owner\Desktop\tdsskiller.zip
[2012/08/11 20:36:30 | 000,001,887 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012/08/11 20:36:30 | 000,001,887 | ---- | M] () -- C:\Windows\diagerr.xml
[2012/08/10 15:53:33 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E6CF3ADF-9CEF-4597-BAD8-2EDBC1D256F1}.job
[2012/08/10 15:43:43 | 389,837,850 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/09 23:00:42 | 000,000,680 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2012/08/08 20:09:17 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/08 20:08:12 | 000,739,784 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/18 19:25:00 | 000,001,771 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
========== Files Created - No Company Name ==========
[2012/08/12 12:45:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/12 12:45:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/12 12:45:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/12 12:45:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/12 12:45:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/11 22:29:45 | 002,117,108 | ---- | C] () -- C:\Users\Owner\Desktop\tdsskiller.zip
[2012/08/11 20:33:57 | 000,001,887 | ---- | C] () -- C:\Windows\diagwrn.xml
[2012/08/11 20:33:57 | 000,001,887 | ---- | C] () -- C:\Windows\diagerr.xml
[2012/08/08 20:08:21 | 000,001,828 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/10/25 22:35:51 | 000,023,604 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2011/01/25 21:03:58 | 000,739,784 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/03/31 11:05:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/03/26 10:31:29 | 000,560,911 | ---- | C] () -- C:\Users\Owner\Formulario dmv.pdf
[2009/02/17 14:06:13 | 000,001,758 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2009/02/11 12:07:22 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2009/01/13 15:43:22 | 000,011,776 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== LOP Check ==========
[2012/07/18 19:24:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DriverCure
[2012/08/10 16:22:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LimeWire
[2012/07/18 19:24:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SpeedyPC Software
[2009/02/17 14:06:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template
[2012/07/12 04:08:00 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2902662569-1094894158-3628613558-1000Core.job
[2012/08/12 13:08:07 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2902662569-1094894158-3628613558-1000UA.job
[2012/08/12 12:59:05 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/08/10 15:53:33 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E6CF3ADF-9CEF-4597-BAD8-2EDBC1D256F1}.job
========== Purity Check ==========
< End of report >
OTL Extras logfile created on: 8/12/2012 2:03:35 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.96 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 62.32% Memory free
8.13 Gb Paging File | 6.45 Gb Available in Paging File | 79.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.01 Gb Total Space | 197.78 Gb Free Space | 68.67% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.35 Gb Free Space | 33.49% Space Free | Partition Type: NTFS
Drive E: | 4.20 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 1.87 Gb Total Space | 1.20 Gb Free Space | 63.88% Space Free | Partition Type: FAT
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe ()
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" ()
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 ()
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l ()
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3968D459-B1A6-4655-8791-9A33D5F2D44A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{49EA332A-05C5-4DED-B26C-5A74043A1696}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{66A86129-4408-42A9-8EC7-87FCC282C0E1}" = rport=2869 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A4E9808E-3DA1-45A1-8C42-DA5192FC7034}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AB83D7E5-8B11-4888-84D8-E94C1CD8C906}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D49A0090-E2B8-45EF-9229-3607DEF0F268}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{DDE82A88-9715-4365-9877-996E4520289E}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F460D76C-D3FF-4C16-A24E-E3B3FD86B597}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{23DDEB24-FC83-489E-9078-F68FB5020744}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{67DD0CAB-D47C-4F8C-B9F9-4A544255CFB5}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AC3EF7C0-2365-4351-B642-D5C48EE6A67E}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{60D7B7D1-16A5-4168-9F46-AE956B0C5046}" = FastAccess
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{E33B102B-7D42-4AEF-B0C8-296567736169}" = Windows Live Protección Infantil
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"Creative OA001" = Integrated Webcam Driver (1.05.02.1227)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{}_is1" = Ares 3.1.5.3033
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{16793295-2366-40F7-A045-A3E42A81365E}" = Bing Bar
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Herramienta de carga de Windows Live
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 19
"{2B83A043-BA8C-4164-98AA-29529D0BE756}" = Windows Live Essentials
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{7456BBA3-642F-4E59-9F89-7639977D7C39}" = Cozi
"{7593234B-2AEB-4FC9-B02D-C9B30D86084C}" = Windows Live Asistente para el inicio de sesión
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{8924FD04-AFF1-4387-B08B-6A979485F2BD}" = Windows Live Call
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{914DD274-9C5D-44CA-9AC7-12B8D2D4DA08}" = Windows Live Sync
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A7BBE3D6-F19A-40E6-96EC-84E1DC88F262}" = Galería fotográfica de Windows Live
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8583CB3-8ABE-407E-8BC6-F9A83EAC9133}" = Windows Live Writer
"{BEC001F9-0451-4396-92D7-E1A4E7854BF3}" = Windows Live Mail
"{C4156B59-DD7E-40DF-AF08-E568A27A6409}" = Windows Live Messenger
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BB6248-C507-46FE-8A35-1B16F35E0441}" = ITECIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"Ares" = Ares 2.1.1
"blekkotb_soc" = Blekko search bar
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Video Chat" = Dell Video Chat (remove only)
"Dell Webcam Central" = Dell Webcam Central
"LimeWire" = LimeWire 4.18.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"ToggleEN Toolbar" = ToggleEN Toolbar
"Vid-Saver" = Vid-Saver
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"WinLiveSuite_Wave3" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 8/3/2011 12:46:22 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 16 64.7.168.192.in-addr.arpa.
PTR Owner-PC.local.
Error - 8/3/2011 1:36:48 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 8/3/2011 1:36:48 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1435
Error - 8/3/2011 1:36:48 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1435
Error - 8/3/2011 11:43:05 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 8/3/2011 11:43:05 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 79578075
Error - 8/3/2011 11:43:05 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 79578075
Error - 8/3/2011 11:43:06 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 8/3/2011 11:43:06 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 79579308
Error - 8/3/2011 11:43:06 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 79579308
[ Broadcom Wireless LAN Events ]
Error - 5/6/2012 1:35:17 PM | Computer Name = Owner-PC | Source = WLAN-Tray | ID = 0
Description = 10:35:16, Sun, May 06, 12 Error - Unable to gain access to user store
Error - 5/14/2012 11:32:35 PM | Computer Name = Owner-PC | Source = WLAN-Tray | ID = 0
Description = 20:32:34, Mon, May 14, 12 Error - Unable to gain access to user store
Error - 7/23/2012 11:09:10 PM | Computer Name = Owner-PC | Source = WLAN-Tray | ID = 0
Description = 20:09:10, Mon, Jul 23, 12 Error - User "" does not have administrative
privileges on this system
Error - 8/10/2012 1:16:42 AM | Computer Name = Owner-PC | Source = WLAN-Tray | ID = 0
Description = 22:16:42, Thu, Aug 09, 12 Error - Unable to gain access to user store
Error - 8/10/2012 2:01:13 AM | Computer Name = Owner-PC | Source = WLAN-Tray | ID = 0
Description = 23:01:13, Thu, Aug 09, 12 Error - Unable to decrypt string
[ Media Center Events ]
Error - 11/1/2010 8:00:40 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 5/21/2012 3:14:17 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 8/3/2012 6:30:46 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 8/3/2012 10:14:50 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 8/4/2012 2:51:10 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 8/4/2012 3:12:38 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 8/5/2012 2:57:03 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 8/5/2012 4:01:36 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 8/7/2012 1:36:27 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 8/8/2012 10:26:38 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
[ System Events ]
Error - 8/12/2012 3:38:12 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 8/12/2012 3:38:12 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 8/12/2012 3:51:50 PM | Computer Name = Owner-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.131.1676.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM
Current
Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.
Error - 8/12/2012 3:53:47 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 8/12/2012 3:56:50 PM | Computer Name = Owner-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.
Error - 8/12/2012 3:58:12 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 8/12/2012 3:58:41 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 8/12/2012 4:00:56 PM | Computer Name = Owner-PC | Source = HTTP | ID = 15016
Description =
Error - 8/12/2012 4:01:53 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 8/12/2012 4:13:42 PM | Computer Name = Owner-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.131.1676.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.
< End of report >
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.96 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 62.32% Memory free
8.13 Gb Paging File | 6.45 Gb Available in Paging File | 79.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.01 Gb Total Space | 197.78 Gb Free Space | 68.67% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.35 Gb Free Space | 33.49% Space Free | Partition Type: NTFS
Drive E: | 4.20 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 1.87 Gb Total Space | 1.20 Gb Free Space | 63.88% Space Free | Partition Type: FAT
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe ()
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" ()
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 ()
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l ()
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3968D459-B1A6-4655-8791-9A33D5F2D44A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{49EA332A-05C5-4DED-B26C-5A74043A1696}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{66A86129-4408-42A9-8EC7-87FCC282C0E1}" = rport=2869 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A4E9808E-3DA1-45A1-8C42-DA5192FC7034}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AB83D7E5-8B11-4888-84D8-E94C1CD8C906}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D49A0090-E2B8-45EF-9229-3607DEF0F268}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{DDE82A88-9715-4365-9877-996E4520289E}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F460D76C-D3FF-4C16-A24E-E3B3FD86B597}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{23DDEB24-FC83-489E-9078-F68FB5020744}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{67DD0CAB-D47C-4F8C-B9F9-4A544255CFB5}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AC3EF7C0-2365-4351-B642-D5C48EE6A67E}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{60D7B7D1-16A5-4168-9F46-AE956B0C5046}" = FastAccess
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{E33B102B-7D42-4AEF-B0C8-296567736169}" = Windows Live Protección Infantil
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"Creative OA001" = Integrated Webcam Driver (1.05.02.1227)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{}_is1" = Ares 3.1.5.3033
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{16793295-2366-40F7-A045-A3E42A81365E}" = Bing Bar
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Herramienta de carga de Windows Live
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 19
"{2B83A043-BA8C-4164-98AA-29529D0BE756}" = Windows Live Essentials
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{7456BBA3-642F-4E59-9F89-7639977D7C39}" = Cozi
"{7593234B-2AEB-4FC9-B02D-C9B30D86084C}" = Windows Live Asistente para el inicio de sesión
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{8924FD04-AFF1-4387-B08B-6A979485F2BD}" = Windows Live Call
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{914DD274-9C5D-44CA-9AC7-12B8D2D4DA08}" = Windows Live Sync
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A7BBE3D6-F19A-40E6-96EC-84E1DC88F262}" = Galería fotográfica de Windows Live
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8583CB3-8ABE-407E-8BC6-F9A83EAC9133}" = Windows Live Writer
"{BEC001F9-0451-4396-92D7-E1A4E7854BF3}" = Windows Live Mail
"{C4156B59-DD7E-40DF-AF08-E568A27A6409}" = Windows Live Messenger
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BB6248-C507-46FE-8A35-1B16F35E0441}" = ITECIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"Ares" = Ares 2.1.1
"blekkotb_soc" = Blekko search bar
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Video Chat" = Dell Video Chat (remove only)
"Dell Webcam Central" = Dell Webcam Central
"LimeWire" = LimeWire 4.18.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"ToggleEN Toolbar" = ToggleEN Toolbar
"Vid-Saver" = Vid-Saver
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"WinLiveSuite_Wave3" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 8/3/2011 12:46:22 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 16 64.7.168.192.in-addr.arpa.
PTR Owner-PC.local.
Error - 8/3/2011 1:36:48 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 8/3/2011 1:36:48 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1435
Error - 8/3/2011 1:36:48 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1435
Error - 8/3/2011 11:43:05 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 8/3/2011 11:43:05 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 79578075
Error - 8/3/2011 11:43:05 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 79578075
Error - 8/3/2011 11:43:06 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 8/3/2011 11:43:06 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 79579308
Error - 8/3/2011 11:43:06 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 79579308
[ Broadcom Wireless LAN Events ]
Error - 5/6/2012 1:35:17 PM | Computer Name = Owner-PC | Source = WLAN-Tray | ID = 0
Description = 10:35:16, Sun, May 06, 12 Error - Unable to gain access to user store
Error - 5/14/2012 11:32:35 PM | Computer Name = Owner-PC | Source = WLAN-Tray | ID = 0
Description = 20:32:34, Mon, May 14, 12 Error - Unable to gain access to user store
Error - 7/23/2012 11:09:10 PM | Computer Name = Owner-PC | Source = WLAN-Tray | ID = 0
Description = 20:09:10, Mon, Jul 23, 12 Error - User "" does not have administrative
privileges on this system
Error - 8/10/2012 1:16:42 AM | Computer Name = Owner-PC | Source = WLAN-Tray | ID = 0
Description = 22:16:42, Thu, Aug 09, 12 Error - Unable to gain access to user store
Error - 8/10/2012 2:01:13 AM | Computer Name = Owner-PC | Source = WLAN-Tray | ID = 0
Description = 23:01:13, Thu, Aug 09, 12 Error - Unable to decrypt string
[ Media Center Events ]
Error - 11/1/2010 8:00:40 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 5/21/2012 3:14:17 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 8/3/2012 6:30:46 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 8/3/2012 10:14:50 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 8/4/2012 2:51:10 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 8/4/2012 3:12:38 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 8/5/2012 2:57:03 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 8/5/2012 4:01:36 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 8/7/2012 1:36:27 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 8/8/2012 10:26:38 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
[ System Events ]
Error - 8/12/2012 3:38:12 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 8/12/2012 3:38:12 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 8/12/2012 3:51:50 PM | Computer Name = Owner-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.131.1676.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM
Current
Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.
Error - 8/12/2012 3:53:47 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 8/12/2012 3:56:50 PM | Computer Name = Owner-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.
Error - 8/12/2012 3:58:12 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 8/12/2012 3:58:41 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 8/12/2012 4:00:56 PM | Computer Name = Owner-PC | Source = HTTP | ID = 15016
Description =
Error - 8/12/2012 4:01:53 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 8/12/2012 4:13:42 PM | Computer Name = Owner-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.131.1676.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.
< End of report >
Broni
Posts: 56,041 +516
Good
Uninstall McAfee Security Scan, typical foistware.
Run OTL
NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.
==================================
Last scans...
1. Download Security Check from HERE, and save it to your Desktop.
2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
4. Please run a free online scan with the ESET Online Scanner
Uninstall McAfee Security Scan, typical foistware.
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
Code::OTL O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) [2012/08/11 22:49:31 | 000,000,000 | ---D | C] -- C:\FRST [2012/07/18 19:24:59 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\SpeedyPC Software [2012/07/18 19:24:59 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\DriverCure :Commands [purity] [emptytemp] [emptyjava] [emptyflash] [Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- You will get a log that shows the results of the fix. Please post it.
NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.
==================================
Last scans...
1. Download Security Check from HERE, and save it to your Desktop.
- Double-click SecurityCheck.exe
- Follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.
2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
- Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
- Press "Scan".
- It will create a log (FSS.txt) in the same directory the tool is run.
- Please copy and paste the log to your reply.
3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
- Double click on TFC.exe to run the program.
- Click on Start button to begin cleaning process.
- TFC will close all running programs, and it may ask you to restart computer.
4. Please run a free online scan with the ESET Online Scanner
- Disable your antivirus program
- Tick the box next to YES, I accept the Terms of Use
- Click Start
- Accept any security warnings from your browser.
- Check Scan archives
- Click Start
- ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
- When the scan completes, click on List of found threats
- Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
- NOTE. If Eset won't find any threats, it won't produce any log.
Similar threads
