Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rootkit.0access


  • This topic is locked This topic is locked
131 replies to this topic

#1 Derek101

Derek101

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 13 August 2012 - 08:57 AM

Having trouble removing rootkit.0access. Malwarebytes finds it and then says its removed but then it comes right back. Also downloaded ANVISOFT and it found several issues and said it removed them. I did a second full scan and the rootkit.0access has reappeared. Any help would be greatly appreciated. My system isnt running horrible yet. I did notice on booting Im asked for my windows product key and it wont take the number I put in. It is the original number I have that came with my HP Pavillion dv5 1235x laptop.I can then bypass the issue until later but I have no wallpaper. The issue doesnt seem to be affecting operations. I do notice a small note in the lower right corner stating my version of windows isnt genuine. Im running vista home premium..............I have now reposted the requested DDS and Attach txt files. I did not run the GGMER as I believe Im running a 64 bit OS.............

DDS.TXT LOG FILE
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by OWNER at 9:44:05 on 2012-08-13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4026.1594 [GMT -4:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus Free *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
C:\Windows\SysWOW64\atashost.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\PrintCtrl.exe
C:\Windows\system32\ptumlcmsvc64.exe
C:\Program Files (x86)\SMINST\BLService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\PrintDisp.exe
C:\Program Files\Smart PDF Converter Pro\SmartSoft PDF Printer Agent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe
C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wermgr.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://msn.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://www.startsearcher.com
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Web Assistant: {336d0c35-8a85-403a-b9d2-65c292c39087} - C:\Program Files\Web Assistant\Extension32.dll
BHO: Incredibar.com Helper Object: {6e13dde1-2b6e-46ce-8b66-dc8bf36f6b99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: {82EA3E77-7BD2-4744-A8F2-670770767EC5} - No File
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Incredibar Toolbar: {f9639e4a-801b-4843-aee3-03d9da199e77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [SpeedUpMyPC] "C:\Program Files (x86)\Uniblue\SpeedUpMyPC\launcher.exe" -d 20000
mRun: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [Conime] %windir%\system32\conime.exe
mRun: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Anvi Smart Defender] "C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: mswsock.dll
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} - hxxp://zone.msn.com/bingame/zpagames/zpa_wof.cab55579.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D64CF6D4-45DF-4D8F-9F14-E65FADF2777C} - hxxp://www.dvrstation.com/pdvratl.php?vendor=7
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://intuitcorp.webex.com/client/T27L10NSP21/support/ieatgpc1.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=928
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{9446B414-E145-4E1C-BEE8-EB68E22ADFB5} : DhcpNameServer = 198.224.145.135 198.224.144.135
TCP: Interfaces\{C708B5E0-F123-4A3B-A843-A4B01EB31561} : DhcpNameServer = 198.224.145.135 198.224.144.135
TCP: Interfaces\{DB8B424A-682F-49AF-9F09-3C6A191E688C} : DhcpNameServer = 192.168.1.254
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll
BHO-X64: Web Assistant Helper - No File
BHO-X64: Incredibar.com Helper Object: {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
BHO-X64: Incredibar.com Helper Object - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: {82EA3E77-7BD2-4744-A8F2-670770767EC5} - No File
BHO-X64: BHO_PROJECT - No File
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Incredibar Toolbar: {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun-x64: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun-x64: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun-x64: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun-x64: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [Conime] %windir%\system32\conime.exe
mRun-x64: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [(Default)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [Anvi Smart Defender] "C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe"
.
============= SERVICES / DRIVERS ===============
.
R1 asdrm;asdrm;C:\Windows\system32\DRIVERS\asdrm.sys --> C:\Windows\system32\DRIVERS\asdrm.sys [?]
R1 asdws;asdws;C:\Windows\system32\DRIVERS\asdws.sys --> C:\Windows\system32\DRIVERS\asdws.sys [?]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-9-26 27632]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe [?]
R2 asdrs;AntiMalware Host-based Intrusion Prevention System;\??\C:\Windows\system32\DRIVERS\asdrs.sys --> C:\Windows\system32\DRIVERS\asdrs.sys [?]
R2 asdsrv;Anvi Smart Defender Realtime Guard Service;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-7-20 686408]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2011-4-18 116536]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe [2009-10-28 296304]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-9 655944]
R2 Printer Control;Printer Control;C:\Windows\system32\PrintCtrl.exe --> C:\Windows\system32\PrintCtrl.exe [?]
R2 ptumlcmsvc;PTUML290 Connection Manager Service;C:\Windows\system32\ptumlcmsvc64.exe --> C:\Windows\system32\ptumlcmsvc64.exe [?]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2008-10-18 365904]
R2 Web Assistant Updater;Web Assistant Updater;C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [2012-6-18 185856]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-10-18 193840]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw3v64.sys --> C:\Windows\system32\DRIVERS\NETw3v64.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 PTUMLBUS;PTUML USB Composite Device Driver;C:\Windows\system32\DRIVERS\PTUMLBUS.sys --> C:\Windows\system32\DRIVERS\PTUMLBUS.sys [?]
S3 PTUMLCVsp;PANTECH UML290 Connection Manager Port;C:\Windows\system32\DRIVERS\PTUMLCVsp.sys --> C:\Windows\system32\DRIVERS\PTUMLCVsp.sys [?]
S3 PTUMLMdm;PANTECH UML290;C:\Windows\system32\DRIVERS\PTUMLMdm.sys --> C:\Windows\system32\DRIVERS\PTUMLMdm.sys [?]
S3 PTUMLNET;PANTECH UML290 WWAN;C:\Windows\system32\DRIVERS\PTUMLNET.sys --> C:\Windows\system32\DRIVERS\PTUMLNET.sys [?]
S3 PTUMLNVsp;PANTECH UML290 NMEA Port;C:\Windows\system32\DRIVERS\PTUMLNVsp.sys --> C:\Windows\system32\DRIVERS\PTUMLNVsp.sys [?]
S3 PTUMLRMNET;PANTECH UML290 RMNET Service;C:\Windows\system32\DRIVERS\PTUMLRMNET.sys --> C:\Windows\system32\DRIVERS\PTUMLRMNET.sys [?]
S3 PTUMLVsp;PANTECH UML290 Diagnostic Port;C:\Windows\system32\DRIVERS\PTUMLVsp.sys --> C:\Windows\system32\DRIVERS\PTUMLVsp.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-08-13 00:29:28 -------- d-----w- C:\Users\OWNER\AppData\Roaming\GetRightToGo
2012-08-12 21:53:54 -------- d-----w- C:\Program Files (x86)\Magical Jelly Bean
2012-08-12 21:52:48 -------- d-----w- C:\Users\OWNER\AppData\Roaming\Uniblue
2012-08-12 21:52:21 -------- d-----w- C:\Program Files (x86)\Uniblue
2012-08-12 19:08:09 23376 ----a-w- C:\Windows\System32\drivers\asdrs.sys
2012-08-12 19:08:09 18768 ----a-w- C:\Windows\System32\drivers\asdrm.sys
2012-08-12 19:08:09 17232 ----a-w- C:\Windows\System32\drivers\asdws.sys
2012-08-12 18:57:55 -------- d-----w- C:\ProgramData\Anvisoft
2012-08-12 18:57:14 -------- d-----w- C:\Users\OWNER\AppData\Roaming\Anvisoft
2012-08-12 18:57:11 -------- d-----w- C:\Program Files (x86)\Anvisoft
2012-08-09 15:59:33 -------- d-----w- C:\Users\OWNER\AppData\Roaming\Malwarebytes
2012-08-09 15:59:27 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-09 15:59:26 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-09 15:59:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-08 11:56:05 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-08-08 11:56:05 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-13 13:58:27 2769408 ----a-w- C:\Windows\System32\win32k.sys
2012-06-05 16:47:28 1401856 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-05 16:47:27 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-05 16:22:47 1797120 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-05 16:22:46 1869824 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-04 15:29:59 516480 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 22:12:13 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:19:42 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 19:12:20 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 00:22:56 347136 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 00:22:10 254464 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 00:05:11 77312 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 00:04:25 278528 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 00:03:42 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-05-23 02:40:10 184320 ----a-w- C:\Windows\System32\ptumlcmsvc64.exe
2012-05-23 02:39:48 425984 ----a-w- C:\Windows\SysWow64\ptumlmcp64.dll
2012-05-23 02:39:48 425984 ----a-w- C:\Windows\System32\ptumlmcp64.dll
2012-05-23 02:39:38 270336 ----a-w- C:\Windows\SysWow64\ptumlmcp.dll
2012-05-23 02:39:38 270336 ----a-w- C:\Windows\System32\ptumlmcp.dll
2012-05-23 02:39:28 112128 ----a-w- C:\Windows\SysWow64\ptumlqmi64.dll
2012-05-23 02:39:28 112128 ----a-w- C:\Windows\System32\ptumlqmi64.dll
2012-05-23 02:38:30 110592 ----a-w- C:\Windows\SysWow64\ptumlqmi.dll
2012-05-23 02:38:30 110592 ----a-w- C:\Windows\System32\ptumlqmi.dll
2012-05-23 02:33:42 183456 ----a-w- C:\Windows\System32\drivers\PTUMLVsp.sys
2012-05-23 02:33:40 63776 ----a-w- C:\Windows\System32\drivers\PTUMLRMNET.sys
2012-05-23 02:33:40 184480 ----a-w- C:\Windows\System32\drivers\PTUMLNVsp.sys
2012-05-23 02:33:40 183456 ----a-w- C:\Windows\System32\drivers\PTUMLMdm.sys
2012-05-23 02:33:40 103200 ----a-w- C:\Windows\System32\drivers\PTUMLNET.sys
2012-05-23 02:33:38 183456 ----a-w- C:\Windows\System32\drivers\PTUMLCVsp.sys
2012-05-23 02:33:38 105632 ----a-w- C:\Windows\System32\drivers\PTUMLBUS.sys
.
============= FINISH: 9:45:40.07 ===============
Attach.txt LOG FILE
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by OWNER at 9:44:05 on 2012-08-13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4026.1594 [GMT -4:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus Free *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
C:\Windows\SysWOW64\atashost.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\PrintCtrl.exe
C:\Windows\system32\ptumlcmsvc64.exe
C:\Program Files (x86)\SMINST\BLService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\PrintDisp.exe
C:\Program Files\Smart PDF Converter Pro\SmartSoft PDF Printer Agent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe
C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wermgr.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://msn.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://www.startsearcher.com
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Web Assistant: {336d0c35-8a85-403a-b9d2-65c292c39087} - C:\Program Files\Web Assistant\Extension32.dll
BHO: Incredibar.com Helper Object: {6e13dde1-2b6e-46ce-8b66-dc8bf36f6b99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: {82EA3E77-7BD2-4744-A8F2-670770767EC5} - No File
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Incredibar Toolbar: {f9639e4a-801b-4843-aee3-03d9da199e77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [SpeedUpMyPC] "C:\Program Files (x86)\Uniblue\SpeedUpMyPC\launcher.exe" -d 20000
mRun: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [Conime] %windir%\system32\conime.exe
mRun: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Anvi Smart Defender] "C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: mswsock.dll
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} - hxxp://zone.msn.com/bingame/zpagames/zpa_wof.cab55579.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D64CF6D4-45DF-4D8F-9F14-E65FADF2777C} - hxxp://www.dvrstation.com/pdvratl.php?vendor=7
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://intuitcorp.webex.com/client/T27L10NSP21/support/ieatgpc1.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=928
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{9446B414-E145-4E1C-BEE8-EB68E22ADFB5} : DhcpNameServer = 198.224.145.135 198.224.144.135
TCP: Interfaces\{C708B5E0-F123-4A3B-A843-A4B01EB31561} : DhcpNameServer = 198.224.145.135 198.224.144.135
TCP: Interfaces\{DB8B424A-682F-49AF-9F09-3C6A191E688C} : DhcpNameServer = 192.168.1.254
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll
BHO-X64: Web Assistant Helper - No File
BHO-X64: Incredibar.com Helper Object: {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
BHO-X64: Incredibar.com Helper Object - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: {82EA3E77-7BD2-4744-A8F2-670770767EC5} - No File
BHO-X64: BHO_PROJECT - No File
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Incredibar Toolbar: {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun-x64: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun-x64: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun-x64: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun-x64: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [Conime] %windir%\system32\conime.exe
mRun-x64: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [(Default)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [Anvi Smart Defender] "C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe"
.
============= SERVICES / DRIVERS ===============
.
R1 asdrm;asdrm;C:\Windows\system32\DRIVERS\asdrm.sys --> C:\Windows\system32\DRIVERS\asdrm.sys [?]
R1 asdws;asdws;C:\Windows\system32\DRIVERS\asdws.sys --> C:\Windows\system32\DRIVERS\asdws.sys [?]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-9-26 27632]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe [?]
R2 asdrs;AntiMalware Host-based Intrusion Prevention System;\??\C:\Windows\system32\DRIVERS\asdrs.sys --> C:\Windows\system32\DRIVERS\asdrs.sys [?]
R2 asdsrv;Anvi Smart Defender Realtime Guard Service;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-7-20 686408]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2011-4-18 116536]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe [2009-10-28 296304]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-9 655944]
R2 Printer Control;Printer Control;C:\Windows\system32\PrintCtrl.exe --> C:\Windows\system32\PrintCtrl.exe [?]
R2 ptumlcmsvc;PTUML290 Connection Manager Service;C:\Windows\system32\ptumlcmsvc64.exe --> C:\Windows\system32\ptumlcmsvc64.exe [?]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2008-10-18 365904]
R2 Web Assistant Updater;Web Assistant Updater;C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [2012-6-18 185856]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-10-18 193840]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw3v64.sys --> C:\Windows\system32\DRIVERS\NETw3v64.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 PTUMLBUS;PTUML USB Composite Device Driver;C:\Windows\system32\DRIVERS\PTUMLBUS.sys --> C:\Windows\system32\DRIVERS\PTUMLBUS.sys [?]
S3 PTUMLCVsp;PANTECH UML290 Connection Manager Port;C:\Windows\system32\DRIVERS\PTUMLCVsp.sys --> C:\Windows\system32\DRIVERS\PTUMLCVsp.sys [?]
S3 PTUMLMdm;PANTECH UML290;C:\Windows\system32\DRIVERS\PTUMLMdm.sys --> C:\Windows\system32\DRIVERS\PTUMLMdm.sys [?]
S3 PTUMLNET;PANTECH UML290 WWAN;C:\Windows\system32\DRIVERS\PTUMLNET.sys --> C:\Windows\system32\DRIVERS\PTUMLNET.sys [?]
S3 PTUMLNVsp;PANTECH UML290 NMEA Port;C:\Windows\system32\DRIVERS\PTUMLNVsp.sys --> C:\Windows\system32\DRIVERS\PTUMLNVsp.sys [?]
S3 PTUMLRMNET;PANTECH UML290 RMNET Service;C:\Windows\system32\DRIVERS\PTUMLRMNET.sys --> C:\Windows\system32\DRIVERS\PTUMLRMNET.sys [?]
S3 PTUMLVsp;PANTECH UML290 Diagnostic Port;C:\Windows\system32\DRIVERS\PTUMLVsp.sys --> C:\Windows\system32\DRIVERS\PTUMLVsp.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-08-13 00:29:28 -------- d-----w- C:\Users\OWNER\AppData\Roaming\GetRightToGo
2012-08-12 21:53:54 -------- d-----w- C:\Program Files (x86)\Magical Jelly Bean
2012-08-12 21:52:48 -------- d-----w- C:\Users\OWNER\AppData\Roaming\Uniblue
2012-08-12 21:52:21 -------- d-----w- C:\Program Files (x86)\Uniblue
2012-08-12 19:08:09 23376 ----a-w- C:\Windows\System32\drivers\asdrs.sys
2012-08-12 19:08:09 18768 ----a-w- C:\Windows\System32\drivers\asdrm.sys
2012-08-12 19:08:09 17232 ----a-w- C:\Windows\System32\drivers\asdws.sys
2012-08-12 18:57:55 -------- d-----w- C:\ProgramData\Anvisoft
2012-08-12 18:57:14 -------- d-----w- C:\Users\OWNER\AppData\Roaming\Anvisoft
2012-08-12 18:57:11 -------- d-----w- C:\Program Files (x86)\Anvisoft
2012-08-09 15:59:33 -------- d-----w- C:\Users\OWNER\AppData\Roaming\Malwarebytes
2012-08-09 15:59:27 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-09 15:59:26 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-09 15:59:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-08 11:56:05 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-08-08 11:56:05 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-13 13:58:27 2769408 ----a-w- C:\Windows\System32\win32k.sys
2012-06-05 16:47:28 1401856 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-05 16:47:27 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-05 16:22:47 1797120 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-05 16:22:46 1869824 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-04 15:29:59 516480 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 22:12:13 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:19:42 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 19:12:20 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 00:22:56 347136 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 00:22:10 254464 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 00:05:11 77312 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 00:04:25 278528 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 00:03:42 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-05-23 02:40:10 184320 ----a-w- C:\Windows\System32\ptumlcmsvc64.exe
2012-05-23 02:39:48 425984 ----a-w- C:\Windows\SysWow64\ptumlmcp64.dll
2012-05-23 02:39:48 425984 ----a-w- C:\Windows\System32\ptumlmcp64.dll
2012-05-23 02:39:38 270336 ----a-w- C:\Windows\SysWow64\ptumlmcp.dll
2012-05-23 02:39:38 270336 ----a-w- C:\Windows\System32\ptumlmcp.dll
2012-05-23 02:39:28 112128 ----a-w- C:\Windows\SysWow64\ptumlqmi64.dll
2012-05-23 02:39:28 112128 ----a-w- C:\Windows\System32\ptumlqmi64.dll
2012-05-23 02:38:30 110592 ----a-w- C:\Windows\SysWow64\ptumlqmi.dll
2012-05-23 02:38:30 110592 ----a-w- C:\Windows\System32\ptumlqmi.dll
2012-05-23 02:33:42 183456 ----a-w- C:\Windows\System32\drivers\PTUMLVsp.sys
2012-05-23 02:33:40 63776 ----a-w- C:\Windows\System32\drivers\PTUMLRMNET.sys
2012-05-23 02:33:40 184480 ----a-w- C:\Windows\System32\drivers\PTUMLNVsp.sys
2012-05-23 02:33:40 183456 ----a-w- C:\Windows\System32\drivers\PTUMLMdm.sys
2012-05-23 02:33:40 103200 ----a-w- C:\Windows\System32\drivers\PTUMLNET.sys
2012-05-23 02:33:38 183456 ----a-w- C:\Windows\System32\drivers\PTUMLCVsp.sys
2012-05-23 02:33:38 105632 ----a-w- C:\Windows\System32\drivers\PTUMLBUS.sys
.
============= FINISH: 9:45:40.07 ===============

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:10 PM

Posted 13 August 2012 - 10:56 AM

Please run the following

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 Derek101

Derek101
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 13 August 2012 - 01:11 PM

In running Combofix as directed it seems to begin to run and then hangs up for a while when loading files to review. The program then just stops and no log is created or is there any appearance that it is still running...............

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:10 PM

Posted 13 August 2012 - 01:29 PM

OK, then we are going to have to attack it from a different angle as the infection is shutting it down.

Please do the following:

download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]now press the search button
[*]when the search is complete, search.txt will also be written to your USB
[*]type exit and reboot the computer normally
[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 Derek101

Derek101
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 13 August 2012 - 01:50 PM

Just to be sure I had stated that Im operating 64 bit system. Im using Vista home premium. Could I be mistaken. Is it a 32 bit OS. Could this be the issue with combofix. I have downloaded the Farbar tool for 64 bit system. Before I run that one I will await your reply.

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:10 PM

Posted 13 August 2012 - 02:04 PM

Yes, you have a 64bit operating system

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 Derek101

Derek101
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 13 August 2012 - 03:07 PM

I haven't been able to validate my operating system on boot up. I have the product key but it keeps saying invalid. Im able to operate the computer but Im wondering if this is an issue using the command prompt? Just a thought. Through notepad the flash drive isnt running the program frst64.exe. It is on the drive as verified by both computers. When I select notepad and then the flash drive the frst64 isnt there. But in checking the flash drive contents on both computers the program is there. Im at a loss as to why I cant run the frst64 from the flash drive. Im selecting the correct drive letter...............perplexed

Edited by Derek101, 13 August 2012 - 03:16 PM.


#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:10 PM

Posted 13 August 2012 - 03:31 PM

did you verify the drive letter for the flash drive when you first booted to the Recovery Environment as it does change from the drive letter in normal mode

you just need to type the correct drive letter plus Frst64.exe for the program to run, but it must be the correct drive letter

print off the FRST instructions and that may help you once you are in the recovery environment

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 Derek101

Derek101
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 13 August 2012 - 03:58 PM

I verified the drive on the infected computer by removing the drive and typing at the command prompt notepad, file:open; computer. The drive is there and its respective drive path. I recheck by removing and checking again through notepad. The drive is then gone. The drive name ; MY GS DRIVE (G:) is how it is listed in removable storage section of computer when going through note pad. At the command prompt the entire pathway is as follows............x:\windows\system32>g:\frst64.exe The result is not recognized as an internal or external command, operable program or batch file.

Believe it or not Im not a complete idiot. I've went through the process many, many times. I have a secondary computer that I'm working on and following the directions. I just can't find the problem in running this program. I down loaded it twice to the computer and sent it to the flash drive. I verified its presence on the flash drive and then went to the infected computer and followed the directions carefully to extract it through the cmd prompt. I will await your direction...........Please don't say drive off the cliff....... lol

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:10 PM

Posted 13 August 2012 - 04:04 PM

Believe it or not Im not a complete idiot.

of course not, sometimes infections play havok with regular tasks, so lets try something else (there are lots of ways to attack this, we just keep trying till we find something that works)


please run the following:


Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /rp /s
    DRIVES
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs


NEXT

Please see if you can get TDSSKiller to run

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT


Please try running ComboFix in safe mode:

To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode
  • Then press the Enter Key on your Keyboard
  • go into your usual account

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 Derek101

Derek101
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 13 August 2012 - 04:55 PM

I seem to be getting a great deal of redirects on the infected computer. For some reason I believe Combofix may have partially run. I wasnt getting the redirects as Iam now. Maybe it found and wasnt able to complete the repais. Who knows. Im posting the requested logs from OTL. Im at the firehouse tomorrow in Cleveland. Hope I get this repaired by then. lmao In my line of work I would have taken an ax to the problem and it would be eliminated. May not work again but just call it permanent problem resolution. lol Going to attempt TDSSKILLER now.....thx for your patient help.... You can drink free for a night at one of my bars in this area.......lol

OTL LOGS

OTL Extras logfile created on: 8/13/2012 5:28:00 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\OWNER\Searches\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 58.33% Memory free
8.04 Gb Paging File | 6.13 Gb Available in Paging File | 76.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.62 Gb Total Space | 181.13 Gb Free Space | 63.42% Space Free | Partition Type: NTFS
Drive D: | 12.47 Gb Total Space | 1.98 Gb Free Space | 15.84% Space Free | Partition Type: NTFS
Drive F: | 1.86 Gb Total Space | 1.80 Gb Free Space | 96.43% Space Free | Partition Type: FAT

Computer Name: OWNER-PC | User Name: OWNER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = A2 65 EF AA 1C 3F CB 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.455
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}" = HP MediaSmart SmartMenu
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F95AC24D-E515-4057-BEB0-FDDFA55F74BB}" = PANTECH UML290
"07B260955637F1FF7587ED2AA87459040DD09BF7" = Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"EPSON Printer and Utilities" = EPSON Printer Software
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Smart PDF Converter Pro_is1" = Smart PDF Converter Pro 6.1.0.442
"Virtual Printer SDK Patch_is1" = 3.3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{07A5026D-5F9F-43D1-9073-C2F882D417E7}" = HP User Guides 0128
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1A1A198F-405C-4254-A15E-9C44FEB1F6E1}" = Verizon Wireless UML290 Firmware Updates
"{1CA2E5E4-F4FE-44B4-95E9-77523FB95838}" = EPSON Stylus CX9400Fax Series Scanner Driver Update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30D3B7BC-5798-45D9-822D-05CA18F39E99}" = HPTCSSetup
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{3BAC6780-EAA2-012B-AE74-000000000000}" = TurboTax 2009 wohiper
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3D316CFB-1825-4030-A13A-29D18DC6B177}" = OfficeSharedAddInSetup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44C034BC-85E5-44C1-A94E-BB7BA671CA56}" = VZAccess Manager
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB98D7E-610D-4CBF-A093-E8FD632185F5}" = Printer/Scanner Driver for MFX-2030/1430 F-560/520
"{4EB7E778-1E95-433F-8919-C323D5483363}" = HP Smart Web Printing
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B798B31-2F33-4DC8-BDA4-D36488E86636}" = Slingbox - Watch Your TV Anywhere
"{8013AED3-7B49-4CBF-A99A-FF228A29C3EA}" = MA_2008 Demo
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF32FB61-AB9C-423B-A3E0-724A167953D9}" = TurboTax 2008 wohiper
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}" = aiofw
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Home Center
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{FE24086F-3B0C-4C47-A874-97A7B8E2FBBE}" = aioscnnr
"1ClickDownload" = 1ClickDownloader
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Anvi Smart Defender" = Anvi Smart Defender 1.5
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"D42C36B3-E36B-43EC-A8B4-B613D7B92782_is1" = Infix 5.05
"EPSON Scanner" = EPSON Scan
"FinalMediaPlayer_is1" = Final Media Player 2010
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Smart Web Printing" = HP Smart Web Printing
"incredibar" = Incredibar Toolbar on IE and Chrome
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"KeyFinder_is1" = Magical Jelly Bean KeyFinder
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Silent Package Run-Time Sample" = EPSON CX9400 User's Guide
"SMS" = SMS (remove only)
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"WildTangent hp Master Uninstall" = My HP Games
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3015171253-4104502506-702787635-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"03dadc24a51b3d9d" = TestimCalculator
"ActiveTouchMeetingClient" = WebEx
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/13/2012 11:58:01 AM | Computer Name = OWNER-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module 80000032.@_unloaded, version 0.0.0.0, time stamp 0x4fe23011,
exception code 0xc0000005, fault offset 0x0137b2a1, process id 0xb94, application
start time 0x01cd796c69596d1b.

Error - 8/13/2012 11:59:08 AM | Computer Name = OWNER-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module 80000032.@_unloaded, version 0.0.0.0, time stamp 0x4fe23011,
exception code 0xc0000005, fault offset 0x0137b2a1, process id 0x15a8, application
start time 0x01cd796c923a839b.

Error - 8/13/2012 12:00:16 PM | Computer Name = OWNER-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module 80000032.@_unloaded, version 0.0.0.0, time stamp 0x4fe23011,
exception code 0xc0000005, fault offset 0x0137b2a1, process id 0x12c0, application
start time 0x01cd796cba215b9b.

Error - 8/13/2012 12:01:23 PM | Computer Name = OWNER-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module 80000032.@_unloaded, version 0.0.0.0, time stamp 0x4fe23011,
exception code 0xc0000005, fault offset 0x0137b2a1, process id 0x8e8, application
start time 0x01cd796ce2fad0fb.

Error - 8/13/2012 12:02:32 PM | Computer Name = OWNER-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module 80000032.@_unloaded, version 0.0.0.0, time stamp 0x4fe23011,
exception code 0xc0000005, fault offset 0x0137b2a1, process id 0x1750, application
start time 0x01cd796d0b033abb.

Error - 8/13/2012 12:03:40 PM | Computer Name = OWNER-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module 80000032.@_unloaded, version 0.0.0.0, time stamp 0x4fe23011,
exception code 0xc0000005, fault offset 0x0137b2a1, process id 0x15dc, application
start time 0x01cd796d3449549b.

Error - 8/13/2012 2:43:25 PM | Computer Name = OWNER-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/13/2012 3:15:40 PM | Computer Name = OWNER-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/13/2012 3:16:54 PM | Computer Name = OWNER-PC | Source = Application Error | ID = 1000
Description = Faulting application STacSV64.exe, version 1.0.6087.0, time stamp
0x48c944a9, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8d118,
exception code 0xc0000005, fault offset 0x0000000000001a5b, process id 0x134, application
start time 0x01cd7987e39bcf41.

Error - 8/13/2012 5:19:28 PM | Computer Name = OWNER-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/13/2012 5:24:36 PM | Computer Name = OWNER-PC | Source = LoadPerf | ID = 3012
Description =

Error - 8/13/2012 5:24:36 PM | Computer Name = OWNER-PC | Source = LoadPerf | ID = 3011
Description =

[ Media Center Events ]
Error - 3/31/2009 3:41:02 AM | Computer Name = OWNER-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/11/2009 10:19:45 PM | Computer Name = OWNER-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/26/2009 5:45:43 AM | Computer Name = OWNER-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/31/2009 1:34:05 PM | Computer Name = OWNER-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/5/2009 4:54:37 AM | Computer Name = OWNER-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 2/16/2010 8:31:59 PM | Computer Name = OWNER-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 8/13/2012 3:14:55 PM | Computer Name = OWNER-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer EPSON Stylus CX9400Fax Series
with shared resource name EPSON Stylus CX9400Fax Series. Error 1753. The printer
cannot be used by others on the network.

Error - 8/13/2012 3:15:40 PM | Computer Name = OWNER-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 8/13/2012 3:17:06 PM | Computer Name = OWNER-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 8/13/2012 5:19:09 PM | Computer Name = OWNER-PC | Source = netbt | ID = 4321
Description = The name "OWNER-PC :0" could not be registered on the interface
with IP address 192.168.1.64. The computer with the IP address 192.168.1.66 did
not allow the name to be claimed by this computer.

Error - 8/13/2012 5:19:09 PM | Computer Name = OWNER-PC | Source = netbt | ID = 4321
Description = The name "OWNER-PC :0" could not be registered on the interface
with IP address 192.168.1.64. The computer with the IP address 192.168.1.66 did
not allow the name to be claimed by this computer.

Error - 8/13/2012 5:19:11 PM | Computer Name = OWNER-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer Quicken PDF Printer with
shared resource name Quicken PDF Printer. Error 1753. The printer cannot be used
by others on the network.

Error - 8/13/2012 5:19:11 PM | Computer Name = OWNER-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer HP psc 2400 Series with
shared resource name HP psc 2400 Series. Error 1753. The printer cannot be used
by others on the network.

Error - 8/13/2012 5:19:11 PM | Computer Name = OWNER-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer HP Officejet 7200 series
with shared resource name HP Officejet 7200 series. Error 1753. The printer cannot
be used by others on the network.

Error - 8/13/2012 5:19:11 PM | Computer Name = OWNER-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer EPSON Stylus CX9400Fax Series
with shared resource name EPSON Stylus CX9400Fax Series. Error 1753. The printer
cannot be used by others on the network.

Error - 8/13/2012 5:19:28 PM | Computer Name = OWNER-PC | Source = Service Control Manager | ID = 7023
Description =


< End of report >

OTL Extras logfile created on: 8/13/2012 5:28:00 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\OWNER\Searches\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 58.33% Memory free
8.04 Gb Paging File | 6.13 Gb Available in Paging File | 76.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.62 Gb Total Space | 181.13 Gb Free Space | 63.42% Space Free | Partition Type: NTFS
Drive D: | 12.47 Gb Total Space | 1.98 Gb Free Space | 15.84% Space Free | Partition Type: NTFS
Drive F: | 1.86 Gb Total Space | 1.80 Gb Free Space | 96.43% Space Free | Partition Type: FAT

Computer Name: OWNER-PC | User Name: OWNER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = A2 65 EF AA 1C 3F CB 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.455
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}" = HP MediaSmart SmartMenu
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F95AC24D-E515-4057-BEB0-FDDFA55F74BB}" = PANTECH UML290
"07B260955637F1FF7587ED2AA87459040DD09BF7" = Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"EPSON Printer and Utilities" = EPSON Printer Software
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Smart PDF Converter Pro_is1" = Smart PDF Converter Pro 6.1.0.442
"Virtual Printer SDK Patch_is1" = 3.3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{07A5026D-5F9F-43D1-9073-C2F882D417E7}" = HP User Guides 0128
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1A1A198F-405C-4254-A15E-9C44FEB1F6E1}" = Verizon Wireless UML290 Firmware Updates
"{1CA2E5E4-F4FE-44B4-95E9-77523FB95838}" = EPSON Stylus CX9400Fax Series Scanner Driver Update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30D3B7BC-5798-45D9-822D-05CA18F39E99}" = HPTCSSetup
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{3BAC6780-EAA2-012B-AE74-000000000000}" = TurboTax 2009 wohiper
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3D316CFB-1825-4030-A13A-29D18DC6B177}" = OfficeSharedAddInSetup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44C034BC-85E5-44C1-A94E-BB7BA671CA56}" = VZAccess Manager
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB98D7E-610D-4CBF-A093-E8FD632185F5}" = Printer/Scanner Driver for MFX-2030/1430 F-560/520
"{4EB7E778-1E95-433F-8919-C323D5483363}" = HP Smart Web Printing
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B798B31-2F33-4DC8-BDA4-D36488E86636}" = Slingbox - Watch Your TV Anywhere
"{8013AED3-7B49-4CBF-A99A-FF228A29C3EA}" = MA_2008 Demo
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF32FB61-AB9C-423B-A3E0-724A167953D9}" = TurboTax 2008 wohiper
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}" = aiofw
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Home Center
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{FE24086F-3B0C-4C47-A874-97A7B8E2FBBE}" = aioscnnr
"1ClickDownload" = 1ClickDownloader
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Anvi Smart Defender" = Anvi Smart Defender 1.5
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"D42C36B3-E36B-43EC-A8B4-B613D7B92782_is1" = Infix 5.05
"EPSON Scanner" = EPSON Scan
"FinalMediaPlayer_is1" = Final Media Player 2010
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Smart Web Printing" = HP Smart Web Printing
"incredibar" = Incredibar Toolbar on IE and Chrome
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"KeyFinder_is1" = Magical Jelly Bean KeyFinder
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Silent Package Run-Time Sample" = EPSON CX9400 User's Guide
"SMS" = SMS (remove only)
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"WildTangent hp Master Uninstall" = My HP Games
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3015171253-4104502506-702787635-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"03dadc24a51b3d9d" = TestimCalculator
"ActiveTouchMeetingClient" = WebEx
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/13/2012 11:58:01 AM | Computer Name = OWNER-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module 80000032.@_unloaded, version 0.0.0.0, time stamp 0x4fe23011,
exception code 0xc0000005, fault offset 0x0137b2a1, process id 0xb94, application
start time 0x01cd796c69596d1b.

Error - 8/13/2012 11:59:08 AM | Computer Name = OWNER-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module 80000032.@_unloaded, version 0.0.0.0, time stamp 0x4fe23011,
exception code 0xc0000005, fault offset 0x0137b2a1, process id 0x15a8, application
start time 0x01cd796c923a839b.

Error - 8/13/2012 12:00:16 PM | Computer Name = OWNER-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module 80000032.@_unloaded, version 0.0.0.0, time stamp 0x4fe23011,
exception code 0xc0000005, fault offset 0x0137b2a1, process id 0x12c0, application
start time 0x01cd796cba215b9b.

Error - 8/13/2012 12:01:23 PM | Computer Name = OWNER-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module 80000032.@_unloaded, version 0.0.0.0, time stamp 0x4fe23011,
exception code 0xc0000005, fault offset 0x0137b2a1, process id 0x8e8, application
start time 0x01cd796ce2fad0fb.

Error - 8/13/2012 12:02:32 PM | Computer Name = OWNER-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module 80000032.@_unloaded, version 0.0.0.0, time stamp 0x4fe23011,
exception code 0xc0000005, fault offset 0x0137b2a1, process id 0x1750, application
start time 0x01cd796d0b033abb.

Error - 8/13/2012 12:03:40 PM | Computer Name = OWNER-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module 80000032.@_unloaded, version 0.0.0.0, time stamp 0x4fe23011,
exception code 0xc0000005, fault offset 0x0137b2a1, process id 0x15dc, application
start time 0x01cd796d3449549b.

Error - 8/13/2012 2:43:25 PM | Computer Name = OWNER-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/13/2012 3:15:40 PM | Computer Name = OWNER-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/13/2012 3:16:54 PM | Computer Name = OWNER-PC | Source = Application Error | ID = 1000
Description = Faulting application STacSV64.exe, version 1.0.6087.0, time stamp
0x48c944a9, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8d118,
exception code 0xc0000005, fault offset 0x0000000000001a5b, process id 0x134, application
start time 0x01cd7987e39bcf41.

Error - 8/13/2012 5:19:28 PM | Computer Name = OWNER-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/13/2012 5:24:36 PM | Computer Name = OWNER-PC | Source = LoadPerf | ID = 3012
Description =

Error - 8/13/2012 5:24:36 PM | Computer Name = OWNER-PC | Source = LoadPerf | ID = 3011
Description =

[ Media Center Events ]
Error - 3/31/2009 3:41:02 AM | Computer Name = OWNER-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/11/2009 10:19:45 PM | Computer Name = OWNER-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/26/2009 5:45:43 AM | Computer Name = OWNER-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/31/2009 1:34:05 PM | Computer Name = OWNER-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/5/2009 4:54:37 AM | Computer Name = OWNER-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 2/16/2010 8:31:59 PM | Computer Name = OWNER-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 8/13/2012 3:14:55 PM | Computer Name = OWNER-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer EPSON Stylus CX9400Fax Series
with shared resource name EPSON Stylus CX9400Fax Series. Error 1753. The printer
cannot be used by others on the network.

Error - 8/13/2012 3:15:40 PM | Computer Name = OWNER-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 8/13/2012 3:17:06 PM | Computer Name = OWNER-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 8/13/2012 5:19:09 PM | Computer Name = OWNER-PC | Source = netbt | ID = 4321
Description = The name "OWNER-PC :0" could not be registered on the interface
with IP address 192.168.1.64. The computer with the IP address 192.168.1.66 did
not allow the name to be claimed by this computer.

Error - 8/13/2012 5:19:09 PM | Computer Name = OWNER-PC | Source = netbt | ID = 4321
Description = The name "OWNER-PC :0" could not be registered on the interface
with IP address 192.168.1.64. The computer with the IP address 192.168.1.66 did
not allow the name to be claimed by this computer.

Error - 8/13/2012 5:19:11 PM | Computer Name = OWNER-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer Quicken PDF Printer with
shared resource name Quicken PDF Printer. Error 1753. The printer cannot be used
by others on the network.

Error - 8/13/2012 5:19:11 PM | Computer Name = OWNER-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer HP psc 2400 Series with
shared resource name HP psc 2400 Series. Error 1753. The printer cannot be used
by others on the network.

Error - 8/13/2012 5:19:11 PM | Computer Name = OWNER-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer HP Officejet 7200 series
with shared resource name HP Officejet 7200 series. Error 1753. The printer cannot
be used by others on the network.

Error - 8/13/2012 5:19:11 PM | Computer Name = OWNER-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer EPSON Stylus CX9400Fax Series
with shared resource name EPSON Stylus CX9400Fax Series. Error 1753. The printer
cannot be used by others on the network.

Error - 8/13/2012 5:19:28 PM | Computer Name = OWNER-PC | Source = Service Control Manager | ID = 7023
Description =


< End of report >
OTL Extras logfile created on: 8/13/2012 5:28:00 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\OWNER\Searches\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 58.33% Memory free
8.04 Gb Paging File | 6.13 Gb Available in Paging File | 76.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.62 Gb Total Space | 181.13 Gb Free Space | 63.42% Space Free | Partition Type: NTFS
Drive D: | 12.47 Gb Total Space | 1.98 Gb Free Space | 15.84% Space Free | Partition Type: NTFS
Drive F: | 1.86 Gb Total Space | 1.80 Gb Free Space | 96.43% Space Free | Partition Type: FAT

Computer Name: OWNER-PC | User Name: OWNER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = A2 65 EF AA 1C 3F CB 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.455
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}" = HP MediaSmart SmartMenu
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F95AC24D-E515-4057-BEB0-FDDFA55F74BB}" = PANTECH UML290
"07B260955637F1FF7587ED2AA87459040DD09BF7" = Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"EPSON Printer and Utilities" = EPSON Printer Software
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Smart PDF Converter Pro_is1" = Smart PDF Converter Pro 6.1.0.442
"Virtual Printer SDK Patch_is1" = 3.3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{07A5026D-5F9F-43D1-9073-C2F882D417E7}" = HP User Guides 0128
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1A1A198F-405C-4254-A15E-9C44FEB1F6E1}" = Verizon Wireless UML290 Firmware Updates
"{1CA2E5E4-F4FE-44B4-95E9-77523FB95838}" = EPSON Stylus CX9400Fax Series Scanner Driver Update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30D3B7BC-5798-45D9-822D-05CA18F39E99}" = HPTCSSetup
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{3BAC6780-EAA2-012B-AE74-000000000000}" = TurboTax 2009 wohiper
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3D316CFB-1825-4030-A13A-29D18DC6B177}" = OfficeSharedAddInSetup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44C034BC-85E5-44C1-A94E-BB7BA671CA56}" = VZAccess Manager
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB98D7E-610D-4CBF-A093-E8FD632185F5}" = Printer/Scanner Driver for MFX-2030/1430 F-560/520
"{4EB7E778-1E95-433F-8919-C323D5483363}" = HP Smart Web Printing
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B798B31-2F33-4DC8-BDA4-D36488E86636}" = Slingbox - Watch Your TV Anywhere
"{8013AED3-7B49-4CBF-A99A-FF228A29C3EA}" = MA_2008 Demo
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF32FB61-AB9C-423B-A3E0-724A167953D9}" = TurboTax 2008 wohiper
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}" = aiofw
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Home Center
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{FE24086F-3B0C-4C47-A874-97A7B8E2FBBE}" = aioscnnr
"1ClickDownload" = 1ClickDownloader
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Anvi Smart Defender" = Anvi Smart Defender 1.5
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"D42C36B3-E36B-43EC-A8B4-B613D7B92782_is1" = Infix 5.05
"EPSON Scanner" = EPSON Scan
"FinalMediaPlayer_is1" = Final Media Player 2010
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Smart Web Printing" = HP Smart Web Printing
"incredibar" = Incredibar Toolbar on IE and Chrome
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"KeyFinder_is1" = Magical Jelly Bean KeyFinder
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Silent Package Run-Time Sample" = EPSON CX9400 User's Guide
"SMS" = SMS (remove only)
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"WildTangent hp Master Uninstall" = My HP Games
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3015171253-4104502506-702787635-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"03dadc24a51b3d9d" = TestimCalculator
"ActiveTouchMeetingClient" = WebEx
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/13/2012 11:58:01 AM | Computer Name = OWNER-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module 80000032.@_unloaded, version 0.0.0.0, time stamp 0x4fe23011,
exception code 0xc0000005, fault offset 0x0137b2a1, process id 0xb94, application
start time 0x01cd796c69596d1b.

Error - 8/13/2012 11:59:08 AM | Computer Name = OWNER-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module 80000032.@_unloaded, version 0.0.0.0, time stamp 0x4fe23011,
exception code 0xc0000005, fault offset 0x0137b2a1, process id 0x15a8, application
start time 0x01cd796c923a839b.

Error - 8/13/2012 12:00:16 PM | Computer Name = OWNER-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module 80000032.@_unloaded, version 0.0.0.0, time stamp 0x4fe23011,
exception code 0xc0000005, fault offset 0x0137b2a1, process id 0x12c0, application
start time 0x01cd796cba215b9b.

Error - 8/13/2012 12:01:23 PM | Computer Name = OWNER-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module 80000032.@_unloaded, version 0.0.0.0, time stamp 0x4fe23011,
exception code 0xc0000005, fault offset 0x0137b2a1, process id 0x8e8, application
start time 0x01cd796ce2fad0fb.

Error - 8/13/2012 12:02:32 PM | Computer Name = OWNER-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module 80000032.@_unloaded, version 0.0.0.0, time stamp 0x4fe23011,
exception code 0xc0000005, fault offset 0x0137b2a1, process id 0x1750, application
start time 0x01cd796d0b033abb.

Error - 8/13/2012 12:03:40 PM | Computer Name = OWNER-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module 80000032.@_unloaded, version 0.0.0.0, time stamp 0x4fe23011,
exception code 0xc0000005, fault offset 0x0137b2a1, process id 0x15dc, application
start time 0x01cd796d3449549b.

Error - 8/13/2012 2:43:25 PM | Computer Name = OWNER-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/13/2012 3:15:40 PM | Computer Name = OWNER-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/13/2012 3:16:54 PM | Computer Name = OWNER-PC | Source = Application Error | ID = 1000
Description = Faulting application STacSV64.exe, version 1.0.6087.0, time stamp
0x48c944a9, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8d118,
exception code 0xc0000005, fault offset 0x0000000000001a5b, process id 0x134, application
start time 0x01cd7987e39bcf41.

Error - 8/13/2012 5:19:28 PM | Computer Name = OWNER-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/13/2012 5:24:36 PM | Computer Name = OWNER-PC | Source = LoadPerf | ID = 3012
Description =

Error - 8/13/2012 5:24:36 PM | Computer Name = OWNER-PC | Source = LoadPerf | ID = 3011
Description =

[ Media Center Events ]
Error - 3/31/2009 3:41:02 AM | Computer Name = OWNER-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/11/2009 10:19:45 PM | Computer Name = OWNER-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/26/2009 5:45:43 AM | Computer Name = OWNER-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/31/2009 1:34:05 PM | Computer Name = OWNER-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/5/2009 4:54:37 AM | Computer Name = OWNER-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 2/16/2010 8:31:59 PM | Computer Name = OWNER-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 8/13/2012 3:14:55 PM | Computer Name = OWNER-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer EPSON Stylus CX9400Fax Series
with shared resource name EPSON Stylus CX9400Fax Series. Error 1753. The printer
cannot be used by others on the network.

Error - 8/13/2012 3:15:40 PM | Computer Name = OWNER-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 8/13/2012 3:17:06 PM | Computer Name = OWNER-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 8/13/2012 5:19:09 PM | Computer Name = OWNER-PC | Source = netbt | ID = 4321
Description = The name "OWNER-PC :0" could not be registered on the interface
with IP address 192.168.1.64. The computer with the IP address 192.168.1.66 did
not allow the name to be claimed by this computer.

Error - 8/13/2012 5:19:09 PM | Computer Name = OWNER-PC | Source = netbt | ID = 4321
Description = The name "OWNER-PC :0" could not be registered on the interface
with IP address 192.168.1.64. The computer with the IP address 192.168.1.66 did
not allow the name to be claimed by this computer.

Error - 8/13/2012 5:19:11 PM | Computer Name = OWNER-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer Quicken PDF Printer with
shared resource name Quicken PDF Printer. Error 1753. The printer cannot be used
by others on the network.

Error - 8/13/2012 5:19:11 PM | Computer Name = OWNER-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer HP psc 2400 Series with
shared resource name HP psc 2400 Series. Error 1753. The printer cannot be used
by others on the network.

Error - 8/13/2012 5:19:11 PM | Computer Name = OWNER-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer HP Officejet 7200 series
with shared resource name HP Officejet 7200 series. Error 1753. The printer cannot
be used by others on the network.

Error - 8/13/2012 5:19:11 PM | Computer Name = OWNER-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer EPSON Stylus CX9400Fax Series
with shared resource name EPSON Stylus CX9400Fax Series. Error 1753. The printer
cannot be used by others on the network.

Error - 8/13/2012 5:19:28 PM | Computer Name = OWNER-PC | Source = Service Control Manager | ID = 7023
Description =


< End of report >
OTL Extras logfile created on: 8/13/2012 5:28:00 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\OWNER\Searches\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 58.33% Memory free
8.04 Gb Paging File | 6.13 Gb Available in Paging File | 76.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.62 Gb Total Space | 181.13 Gb Free Space | 63.42% Space Free | Partition Type: NTFS
Drive D: | 12.47 Gb Total Space | 1.98 Gb Free Space | 15.84% Space Free | Partition Type: NTFS
Drive F: | 1.86 Gb Total Space | 1.80 Gb Free Space | 96.43% Space Free | Partition Type: FAT

Computer Name: OWNER-PC | User Name: OWNER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = A2 65 EF AA 1C 3F CB 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.455
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}" = HP MediaSmart SmartMenu
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F95AC24D-E515-4057-BEB0-FDDFA55F74BB}" = PANTECH UML290
"07B260955637F1FF7587ED2AA87459040DD09BF7" = Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"EPSON Printer and Utilities" = EPSON Printer Software
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Smart PDF Converter Pro_is1" = Smart PDF Converter Pro 6.1.0.442
"Virtual Printer SDK Patch_is1" = 3.3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{07A5026D-5F9F-43D1-9073-C2F882D417E7}" = HP User Guides 0128
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1A1A198F-405C-4254-A15E-9C44FEB1F6E1}" = Verizon Wireless UML290 Firmware Updates
"{1CA2E5E4-F4FE-44B4-95E9-77523FB95838}" = EPSON Stylus CX9400Fax Series Scanner Driver Update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30D3B7BC-5798-45D9-822D-05CA18F39E99}" = HPTCSSetup
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{3BAC6780-EAA2-012B-AE74-000000000000}" = TurboTax 2009 wohiper
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3D316CFB-1825-4030-A13A-29D18DC6B177}" = OfficeSharedAddInSetup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44C034BC-85E5-44C1-A94E-BB7BA671CA56}" = VZAccess Manager
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB98D7E-610D-4CBF-A093-E8FD632185F5}" = Printer/Scanner Driver for MFX-2030/1430 F-560/520
"{4EB7E778-1E95-433F-8919-C323D5483363}" = HP Smart Web Printing
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B798B31-2F33-4DC8-BDA4-D36488E86636}" = Slingbox - Watch Your TV Anywhere
"{8013AED3-7B49-4CBF-A99A-FF228A29C3EA}" = MA_2008 Demo
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF32FB61-AB9C-423B-A3E0-724A167953D9}" = TurboTax 2008 wohiper
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}" = aiofw
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Home Center
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{FE24086F-3B0C-4C47-A874-97A7B8E2FBBE}" = aioscnnr
"1ClickDownload" = 1ClickDownloader
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Anvi Smart Defender" = Anvi Smart Defender 1.5
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"D42C36B3-E36B-43EC-A8B4-B613D7B92782_is1" = Infix 5.05
"EPSON Scanner" = EPSON Scan
"FinalMediaPlayer_is1" = Final Media Player 2010
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Smart Web Printing" = HP Smart Web Printing
"incredibar" = Incredibar Toolbar on IE and Chrome
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"KeyFinder_is1" = Magical Jelly Bean KeyFinder
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Silent Package Run-Time Sample" = EPSON CX9400 User's Guide
"SMS" = SMS (remove only)
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"WildTangent hp Master Uninstall" = My HP Games
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3015171253-4104502506-702787635-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"03dadc24a51b3d9d" = TestimCalculator
"ActiveTouchMeetingClient" = WebEx
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/13/2012 11:58:01 AM | Computer Name = OWNER-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module 80000032.@_unloaded, version 0.0.0.0, time stamp 0x4fe23011,
exception code 0xc0000005, fault offset 0x0137b2a1, process id 0xb94, application
start time 0x01cd796c69596d1b.

Error - 8/13/2012 11:59:08 AM | Computer Name = OWNER-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module 80000032.@_unloaded, version 0.0.0.0, time stamp 0x4fe23011,
exception code 0xc0000005, fault offset 0x0137b2a1, process id 0x15a8, application
start time 0x01cd796c923a839b.

Error - 8/13/2012 12:00:16 PM | Computer Name = OWNER-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module 80000032.@_unloaded, version 0.0.0.0, time stamp 0x4fe23011,
exception code 0xc0000005, fault offset 0x0137b2a1, process id 0x12c0, application
start time 0x01cd796cba215b9b.

Error - 8/13/2012 12:01:23 PM | Computer Name = OWNER-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module 80000032.@_unloaded, version 0.0.0.0, time stamp 0x4fe23011,
exception code 0xc0000005, fault offset 0x0137b2a1, process id 0x8e8, application
start time 0x01cd796ce2fad0fb.

Error - 8/13/2012 12:02:32 PM | Computer Name = OWNER-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module 80000032.@_unloaded, version 0.0.0.0, time stamp 0x4fe23011,
exception code 0xc0000005, fault offset 0x0137b2a1, process id 0x1750, application
start time 0x01cd796d0b033abb.

Error - 8/13/2012 12:03:40 PM | Computer Name = OWNER-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module 80000032.@_unloaded, version 0.0.0.0, time stamp 0x4fe23011,
exception code 0xc0000005, fault offset 0x0137b2a1, process id 0x15dc, application
start time 0x01cd796d3449549b.

Error - 8/13/2012 2:43:25 PM | Computer Name = OWNER-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/13/2012 3:15:40 PM | Computer Name = OWNER-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/13/2012 3:16:54 PM | Computer Name = OWNER-PC | Source = Application Error | ID = 1000
Description = Faulting application STacSV64.exe, version 1.0.6087.0, time stamp
0x48c944a9, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8d118,
exception code 0xc0000005, fault offset 0x0000000000001a5b, process id 0x134, application
start time 0x01cd7987e39bcf41.

Error - 8/13/2012 5:19:28 PM | Computer Name = OWNER-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/13/2012 5:24:36 PM | Computer Name = OWNER-PC | Source = LoadPerf | ID = 3012
Description =

Error - 8/13/2012 5:24:36 PM | Computer Name = OWNER-PC | Source = LoadPerf | ID = 3011
Description =

[ Media Center Events ]
Error - 3/31/2009 3:41:02 AM | Computer Name = OWNER-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/11/2009 10:19:45 PM | Computer Name = OWNER-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/26/2009 5:45:43 AM | Computer Name = OWNER-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/31/2009 1:34:05 PM | Computer Name = OWNER-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/5/2009 4:54:37 AM | Computer Name = OWNER-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 2/16/2010 8:31:59 PM | Computer Name = OWNER-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 8/13/2012 3:14:55 PM | Computer Name = OWNER-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer EPSON Stylus CX9400Fax Series
with shared resource name EPSON Stylus CX9400Fax Series. Error 1753. The printer
cannot be used by others on the network.

Error - 8/13/2012 3:15:40 PM | Computer Name = OWNER-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 8/13/2012 3:17:06 PM | Computer Name = OWNER-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 8/13/2012 5:19:09 PM | Computer Name = OWNER-PC | Source = netbt | ID = 4321
Description = The name "OWNER-PC :0" could not be registered on the interface
with IP address 192.168.1.64. The computer with the IP address 192.168.1.66 did
not allow the name to be claimed by this computer.

Error - 8/13/2012 5:19:09 PM | Computer Name = OWNER-PC | Source = netbt | ID = 4321
Description = The name "OWNER-PC :0" could not be registered on the interface
with IP address 192.168.1.64. The computer with the IP address 192.168.1.66 did
not allow the name to be claimed by this computer.

Error - 8/13/2012 5:19:11 PM | Computer Name = OWNER-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer Quicken PDF Printer with
shared resource name Quicken PDF Printer. Error 1753. The printer cannot be used
by others on the network.

Error - 8/13/2012 5:19:11 PM | Computer Name = OWNER-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer HP psc 2400 Series with
shared resource name HP psc 2400 Series. Error 1753. The printer cannot be used
by others on the network.

Error - 8/13/2012 5:19:11 PM | Computer Name = OWNER-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer HP Officejet 7200 series
with shared resource name HP Officejet 7200 series. Error 1753. The printer cannot
be used by others on the network.

Error - 8/13/2012 5:19:11 PM | Computer Name = OWNER-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer EPSON Stylus CX9400Fax Series
with shared resource name EPSON Stylus CX9400Fax Series. Error 1753. The printer
cannot be used by others on the network.

Error - 8/13/2012 5:19:28 PM | Computer Name = OWNER-PC | Source = Service Control Manager | ID = 7023
Description =


< End of report >

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:10 PM

Posted 13 August 2012 - 05:07 PM

this infection is really playing havok as the Extras.txt pasted 3 times but there is no OTL log

perhaps attaching it may be better if you could please give it another try thanks

(and hold off on the axe for a little while yet :whistle:)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 Derek101

Derek101
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 13 August 2012 - 05:09 PM

TDSSKILLER LOGS------Note: no malicious items found Going to try to run Combofix in safe mode.......

18:01:37.0078 2512 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
18:01:38.0371 2512 ============================================================
18:01:38.0371 2512 Current date / time: 2012/08/13 18:01:38.0371
18:01:38.0371 2512 SystemInfo:
18:01:38.0372 2512
18:01:38.0372 2512 OS Version: 6.0.6002 ServicePack: 2.0
18:01:38.0372 2512 Product type: Workstation
18:01:38.0372 2512 ComputerName: OWNER-PC
18:01:38.0372 2512 UserName: OWNER
18:01:38.0372 2512 Windows directory: C:\Windows
18:01:38.0372 2512 System windows directory: C:\Windows
18:01:38.0372 2512 Running under WOW64
18:01:38.0372 2512 Processor architecture: Intel x64
18:01:38.0372 2512 Number of processors: 2
18:01:38.0372 2512 Page size: 0x1000
18:01:38.0372 2512 Boot type: Normal boot
18:01:38.0372 2512 ============================================================
18:01:39.0696 2512 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:01:39.0704 2512 ============================================================
18:01:39.0704 2512 \Device\Harddisk0\DR0:
18:01:39.0704 2512 MBR partitions:
18:01:39.0704 2512 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x23B3BFC1
18:01:39.0704 2512 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x23B3C000, BlocksNum 0x18F1000
18:01:39.0704 2512 ============================================================
18:01:39.0716 2512 C: <-> \Device\Harddisk0\DR0\Partition0
18:01:39.0789 2512 D: <-> \Device\Harddisk0\DR0\Partition1
18:01:39.0789 2512 ============================================================
18:01:39.0789 2512 Initialize success
18:01:39.0789 2512 ============================================================
18:02:02.0354 4396 ============================================================
18:02:02.0354 4396 Scan started
18:02:02.0354 4396 Mode: Manual; TDLFS;
18:02:02.0354 4396 ============================================================
18:02:03.0914 4396 Accelerometer (60fbb29ccce48b4c3a6517caf42c3496) C:\Windows\system32\DRIVERS\Accelerometer.sys
18:02:03.0915 4396 Accelerometer - ok
18:02:03.0983 4396 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
18:02:03.0988 4396 ACPI - ok
18:02:04.0075 4396 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
18:02:04.0143 4396 adp94xx - ok
18:02:04.0185 4396 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
18:02:04.0195 4396 adpahci - ok
18:02:04.0220 4396 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
18:02:04.0223 4396 adpu160m - ok
18:02:04.0249 4396 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
18:02:04.0258 4396 adpu320 - ok
18:02:04.0302 4396 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
18:02:04.0304 4396 AeLookupSvc - ok
18:02:04.0415 4396 AESTFilters (7f66523a27754afcfecae2f5eb643a4a) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe
18:02:04.0416 4396 AESTFilters - ok
18:02:04.0515 4396 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
18:02:04.0578 4396 AFD - ok
18:02:04.0649 4396 AgereModemAudio (8b0d8b5bafd4c9d57b41426bc68b32f9) C:\Windows\system32\agr64svc.exe
18:02:04.0650 4396 AgereModemAudio - ok
18:02:04.0798 4396 AgereSoftModem (3627a62b10284ffbf862bfd49928edf4) C:\Windows\system32\DRIVERS\agrsm64.sys
18:02:04.0888 4396 AgereSoftModem - ok
18:02:05.0027 4396 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
18:02:05.0050 4396 agp440 - ok
18:02:05.0084 4396 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
18:02:05.0086 4396 aic78xx - ok
18:02:05.0113 4396 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
18:02:05.0115 4396 ALG - ok
18:02:05.0144 4396 aliide (e0ca5bb8e6c79533dc6b1da7361a201e) C:\Windows\system32\drivers\aliide.sys
18:02:05.0145 4396 aliide - ok
18:02:05.0152 4396 amdide (7034f8d1b9703d711d3f92c95deb377d) C:\Windows\system32\drivers\amdide.sys
18:02:05.0153 4396 amdide - ok
18:02:05.0176 4396 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
18:02:05.0178 4396 AmdK8 - ok
18:02:05.0222 4396 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
18:02:05.0224 4396 Appinfo - ok
18:02:05.0269 4396 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
18:02:05.0272 4396 arc - ok
18:02:05.0298 4396 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
18:02:05.0300 4396 arcsas - ok
18:02:05.0337 4396 asdrm (0bd8fe611928363a6840de25fb936ef4) C:\Windows\system32\DRIVERS\asdrm.sys
18:02:05.0338 4396 asdrm - ok
18:02:05.0349 4396 asdrs (35acf6e4bc66c7cb43b16624f9a986eb) C:\Windows\system32\DRIVERS\asdrs.sys
18:02:05.0350 4396 asdrs - ok
18:02:05.0574 4396 asdsrv (197eb3cde17b18c78e1b5324d2e0a451) C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
18:02:05.0583 4396 asdsrv - ok
18:02:05.0632 4396 asdws (0bb90b97b7e952ffe876db76ce213487) C:\Windows\system32\DRIVERS\asdws.sys
18:02:05.0633 4396 asdws - ok
18:02:05.0659 4396 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
18:02:05.0660 4396 AsyncMac - ok
18:02:05.0713 4396 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
18:02:05.0713 4396 atapi - ok
18:02:05.0898 4396 atashost (ad0635ef51f000c3ccbfd35f3d378998) C:\Windows\SysWOW64\atashost.exe
18:02:05.0900 4396 atashost - ok
18:02:06.0039 4396 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
18:02:06.0046 4396 AudioEndpointBuilder - ok
18:02:06.0053 4396 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
18:02:06.0057 4396 AudioSrv - ok
18:02:06.0219 4396 BCM43XX (a4815907b039121d8d9221695cdc35f7) C:\Windows\system32\DRIVERS\bcmwl664.sys
18:02:06.0265 4396 BCM43XX - ok
18:02:06.0426 4396 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
18:02:06.0477 4396 BFE - ok
18:02:06.0549 4396 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
18:02:06.0551 4396 blbdrive - ok
18:02:06.0705 4396 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
18:02:06.0707 4396 Bonjour Service - ok
18:02:06.0788 4396 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
18:02:06.0790 4396 bowser - ok
18:02:06.0818 4396 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
18:02:06.0819 4396 BrFiltLo - ok
18:02:06.0837 4396 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
18:02:06.0838 4396 BrFiltUp - ok
18:02:06.0871 4396 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
18:02:06.0884 4396 Browser - ok
18:02:06.0922 4396 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
18:02:06.0924 4396 Brserid - ok
18:02:06.0944 4396 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
18:02:06.0945 4396 BrSerWdm - ok
18:02:06.0963 4396 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
18:02:06.0964 4396 BrUsbMdm - ok
18:02:06.0980 4396 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
18:02:06.0980 4396 BrUsbSer - ok
18:02:06.0994 4396 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
18:02:06.0995 4396 BTHMODEM - ok
18:02:07.0032 4396 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
18:02:07.0034 4396 cdfs - ok
18:02:07.0086 4396 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
18:02:07.0088 4396 cdrom - ok
18:02:07.0148 4396 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
18:02:07.0150 4396 CertPropSvc - ok
18:02:07.0159 4396 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
18:02:07.0160 4396 circlass - ok
18:02:07.0236 4396 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
18:02:07.0281 4396 CLFS - ok
18:02:07.0399 4396 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:02:07.0401 4396 clr_optimization_v2.0.50727_32 - ok
18:02:07.0464 4396 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:02:07.0466 4396 clr_optimization_v2.0.50727_64 - ok
18:02:07.0592 4396 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:02:07.0594 4396 clr_optimization_v4.0.30319_32 - ok
18:02:07.0640 4396 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:02:07.0642 4396 clr_optimization_v4.0.30319_64 - ok
18:02:07.0688 4396 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
18:02:07.0688 4396 CmBatt - ok
18:02:07.0703 4396 cmdide (8c6aa24c1d7273a02284588426ab8ce3) C:\Windows\system32\drivers\cmdide.sys
18:02:07.0705 4396 cmdide - ok
18:02:07.0809 4396 Com4QLBEx (7795f8cebc284a426b53f541e538695f) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
18:02:07.0811 4396 Com4QLBEx - ok
18:02:07.0819 4396 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
18:02:07.0820 4396 Compbatt - ok
18:02:07.0835 4396 COMSysApp - ok
18:02:07.0847 4396 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
18:02:07.0849 4396 crcdisk - ok
18:02:07.0908 4396 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll
18:02:07.0920 4396 CryptSvc - ok
18:02:08.0097 4396 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
18:02:08.0117 4396 DcomLaunch - ok
18:02:08.0229 4396 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
18:02:08.0232 4396 DfsC - ok
18:02:08.0652 4396 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
18:02:08.0689 4396 DFSR - ok
18:02:08.0856 4396 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
18:02:08.0865 4396 Dhcp - ok
18:02:08.0989 4396 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
18:02:08.0991 4396 disk - ok
18:02:09.0049 4396 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
18:02:09.0063 4396 Dnscache - ok
18:02:09.0126 4396 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
18:02:09.0137 4396 dot3svc - ok
18:02:09.0174 4396 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
18:02:09.0187 4396 DPS - ok
18:02:09.0220 4396 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
18:02:09.0221 4396 drmkaud - ok
18:02:09.0385 4396 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
18:02:09.0425 4396 DXGKrnl - ok
18:02:09.0451 4396 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
18:02:09.0453 4396 E1G60 - ok
18:02:09.0541 4396 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
18:02:09.0544 4396 EapHost - ok
18:02:09.0601 4396 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
18:02:09.0624 4396 Ecache - ok
18:02:09.0695 4396 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
18:02:09.0699 4396 ehRecvr - ok
18:02:09.0765 4396 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
18:02:09.0767 4396 ehSched - ok
18:02:09.0834 4396 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
18:02:09.0835 4396 ehstart - ok
18:02:09.0898 4396 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
18:02:09.0918 4396 elxstor - ok
18:02:10.0004 4396 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
18:02:10.0011 4396 EMDMgmt - ok
18:02:10.0174 4396 enecir (f218a3a27ed6592c0e22ec3595554447) C:\Windows\system32\DRIVERS\enecir.sys
18:02:10.0210 4396 enecir - ok
18:02:10.0317 4396 EPSON_PM_RPCV4_01 (1e345f2a2d95da3190596e691cde9342) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
18:02:10.0318 4396 EPSON_PM_RPCV4_01 - ok
18:02:10.0345 4396 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
18:02:10.0348 4396 ErrDev - ok
18:02:10.0459 4396 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
18:02:10.0468 4396 EventSystem - ok
18:02:10.0552 4396 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
18:02:10.0564 4396 exfat - ok
18:02:10.0648 4396 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
18:02:10.0663 4396 fastfat - ok
18:02:10.0701 4396 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
18:02:10.0702 4396 fdc - ok
18:02:10.0724 4396 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
18:02:10.0726 4396 fdPHost - ok
18:02:10.0738 4396 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
18:02:10.0740 4396 FDResPub - ok
18:02:10.0759 4396 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
18:02:10.0764 4396 FileInfo - ok
18:02:10.0796 4396 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
18:02:10.0797 4396 Filetrace - ok
18:02:10.0819 4396 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
18:02:10.0820 4396 flpydisk - ok
18:02:10.0881 4396 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
18:02:10.0890 4396 FltMgr - ok
18:02:11.0149 4396 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
18:02:11.0195 4396 FontCache - ok
18:02:11.0255 4396 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:02:11.0255 4396 FontCache3.0.0.0 - ok
18:02:11.0323 4396 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
18:02:11.0324 4396 Fs_Rec - ok
18:02:11.0347 4396 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
18:02:11.0349 4396 gagp30kx - ok
18:02:11.0447 4396 GameConsoleService (617dc2877015270914ca3c03873560d5) C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
18:02:11.0448 4396 GameConsoleService - ok
18:02:11.0598 4396 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
18:02:11.0618 4396 gpsvc - ok
18:02:11.0695 4396 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
18:02:11.0700 4396 HdAudAddService - ok
18:02:11.0843 4396 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:02:11.0896 4396 HDAudBus - ok
18:02:11.0920 4396 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
18:02:11.0921 4396 HidBth - ok
18:02:11.0965 4396 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
18:02:11.0966 4396 HidIr - ok
18:02:12.0024 4396 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll
18:02:12.0026 4396 hidserv - ok
18:02:12.0056 4396 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
18:02:12.0058 4396 HidUsb - ok
18:02:12.0099 4396 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
18:02:12.0115 4396 hkmsvc - ok
18:02:12.0186 4396 HP Health Check Service (89f9e1984c1cd9e5f4fe39642d886e11) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
18:02:12.0188 4396 HP Health Check Service - ok
18:02:12.0245 4396 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
18:02:12.0247 4396 HpCISSs - ok
18:02:12.0271 4396 hpdskflt (4a435ca815a54639ca09ddf75d751ebc) C:\Windows\system32\DRIVERS\hpdskflt.sys
18:02:12.0273 4396 hpdskflt - ok
18:02:12.0302 4396 HpqKbFiltr (0ecc54fd34d6a089c300846b011e81d6) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
18:02:12.0303 4396 HpqKbFiltr - ok
18:02:12.0330 4396 hpqwmiex (1665c7121a026df10c903db9bc5e9d43) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
18:02:12.0331 4396 hpqwmiex - ok
18:02:12.0383 4396 hpsrv (6bf024ea61d7894bf4af0b10a90b546e) C:\Windows\system32\Hpservice.exe
18:02:12.0385 4396 hpsrv - ok
18:02:12.0496 4396 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
18:02:12.0529 4396 HTTP - ok
18:02:12.0536 4396 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
18:02:12.0538 4396 i2omp - ok
18:02:12.0609 4396 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
18:02:12.0612 4396 i8042prt - ok
18:02:12.0682 4396 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
18:02:12.0695 4396 iaStorV - ok
18:02:12.0764 4396 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
18:02:12.0765 4396 IDriverT - ok
18:02:12.0950 4396 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:02:12.0960 4396 idsvc - ok
18:02:14.0184 4396 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
18:02:14.0338 4396 igfx - ok
18:02:14.0479 4396 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
18:02:14.0480 4396 iirsp - ok
18:02:14.0574 4396 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
18:02:14.0613 4396 IKEEXT - ok
18:02:14.0687 4396 IntcHdmiAddService (dea2ab452b4fa773187369c4b6517320) C:\Windows\system32\drivers\IntcHdmi.sys
18:02:14.0700 4396 IntcHdmiAddService - ok
18:02:14.0728 4396 intelide (475490caf376e55e6e8b37bbdfeb2e81) C:\Windows\system32\drivers\intelide.sys
18:02:14.0730 4396 intelide - ok
18:02:14.0740 4396 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
18:02:14.0741 4396 intelppm - ok
18:02:14.0877 4396 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
18:02:14.0878 4396 IntuitUpdateService - ok
18:02:14.0913 4396 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
18:02:14.0927 4396 IPBusEnum - ok
18:02:14.0996 4396 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:02:14.0998 4396 IpFilterDriver - ok
18:02:15.0080 4396 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
18:02:15.0120 4396 iphlpsvc - ok
18:02:15.0124 4396 IpInIp - ok
18:02:15.0191 4396 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
18:02:15.0193 4396 IPMIDRV - ok
18:02:15.0311 4396 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
18:02:15.0314 4396 IPNAT - ok
18:02:15.0365 4396 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
18:02:15.0366 4396 IRENUM - ok
18:02:15.0390 4396 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
18:02:15.0391 4396 isapnp - ok
18:02:15.0473 4396 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
18:02:15.0476 4396 iScsiPrt - ok
18:02:15.0504 4396 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
18:02:15.0506 4396 iteatapi - ok
18:02:15.0527 4396 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
18:02:15.0528 4396 iteraid - ok
18:02:15.0576 4396 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
18:02:15.0578 4396 kbdclass - ok
18:02:15.0624 4396 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
18:02:15.0625 4396 kbdhid - ok
18:02:15.0665 4396 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
18:02:15.0666 4396 KeyIso - ok
18:02:15.0786 4396 Kodak AiO Network Discovery Service (9499d896eaf220b203fe4c2e25e0984e) C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe
18:02:15.0789 4396 Kodak AiO Network Discovery Service - ok
18:02:15.0897 4396 KSecDD (88956ad9fa510848ad176777a6c6c1f5) C:\Windows\system32\Drivers\ksecdd.sys
18:02:15.0927 4396 KSecDD - ok
18:02:15.0979 4396 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
18:02:15.0981 4396 ksthunk - ok
18:02:16.0058 4396 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
18:02:16.0067 4396 KtmRm - ok
18:02:16.0147 4396 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll
18:02:16.0158 4396 LanmanServer - ok
18:02:16.0211 4396 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
18:02:16.0268 4396 LanmanWorkstation - ok
18:02:16.0347 4396 LightScribeService (abf90fc5a127f481219b873c1b8dfc1c) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
18:02:16.0348 4396 LightScribeService - ok
18:02:16.0363 4396 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
18:02:16.0365 4396 lltdio - ok
18:02:16.0409 4396 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
18:02:16.0473 4396 lltdsvc - ok
18:02:16.0480 4396 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
18:02:16.0482 4396 lmhosts - ok
18:02:16.0486 4396 lmimirr - ok
18:02:16.0532 4396 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
18:02:16.0534 4396 LSI_FC - ok
18:02:16.0570 4396 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
18:02:16.0572 4396 LSI_SAS - ok
18:02:16.0584 4396 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
18:02:16.0586 4396 LSI_SCSI - ok
18:02:16.0602 4396 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
18:02:16.0604 4396 luafv - ok
18:02:16.0661 4396 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
18:02:16.0663 4396 MBAMProtector - ok
18:02:16.0786 4396 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:02:16.0791 4396 MBAMService - ok
18:02:16.0832 4396 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
18:02:16.0835 4396 Mcx2Svc - ok
18:02:16.0868 4396 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
18:02:16.0869 4396 megasas - ok
18:02:16.0955 4396 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
18:02:16.0963 4396 MegaSR - ok
18:02:17.0025 4396 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
18:02:17.0028 4396 MMCSS - ok
18:02:17.0048 4396 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
18:02:17.0049 4396 Modem - ok
18:02:17.0072 4396 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
18:02:17.0073 4396 monitor - ok
18:02:17.0087 4396 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
18:02:17.0089 4396 mouclass - ok
18:02:17.0115 4396 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
18:02:17.0116 4396 mouhid - ok
18:02:17.0133 4396 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
18:02:17.0136 4396 MountMgr - ok
18:02:17.0176 4396 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
18:02:17.0189 4396 mpio - ok
18:02:17.0258 4396 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
18:02:17.0261 4396 mpsdrv - ok
18:02:17.0303 4396 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
18:02:17.0304 4396 Mraid35x - ok
18:02:17.0364 4396 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
18:02:17.0377 4396 MRxDAV - ok
18:02:17.0463 4396 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:02:17.0477 4396 mrxsmb - ok
18:02:17.0560 4396 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:02:17.0578 4396 mrxsmb10 - ok
18:02:17.0592 4396 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:02:17.0596 4396 mrxsmb20 - ok
18:02:17.0665 4396 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
18:02:17.0666 4396 msahci - ok
18:02:17.0700 4396 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
18:02:17.0714 4396 msdsm - ok
18:02:17.0740 4396 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
18:02:17.0743 4396 MSDTC - ok
18:02:17.0772 4396 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
18:02:17.0774 4396 Msfs - ok
18:02:17.0803 4396 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
18:02:17.0804 4396 msisadrv - ok
18:02:17.0838 4396 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
18:02:17.0852 4396 MSiSCSI - ok
18:02:17.0856 4396 msiserver - ok
18:02:17.0927 4396 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
18:02:17.0928 4396 MSKSSRV - ok
18:02:17.0941 4396 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
18:02:17.0942 4396 MSPCLOCK - ok
18:02:17.0976 4396 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
18:02:17.0976 4396 MSPQM - ok
18:02:18.0058 4396 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
18:02:18.0129 4396 MsRPC - ok
18:02:18.0141 4396 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
18:02:18.0143 4396 mssmbios - ok
18:02:18.0159 4396 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
18:02:18.0160 4396 MSTEE - ok
18:02:18.0213 4396 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
18:02:18.0215 4396 Mup - ok
18:02:18.0296 4396 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
18:02:18.0323 4396 napagent - ok
18:02:18.0435 4396 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
18:02:18.0446 4396 NativeWifiP - ok
18:02:18.0579 4396 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
18:02:18.0597 4396 NDIS - ok
18:02:18.0628 4396 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
18:02:18.0630 4396 NdisTapi - ok
18:02:18.0643 4396 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
18:02:18.0645 4396 Ndisuio - ok
18:02:18.0705 4396 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
18:02:18.0738 4396 NdisWan - ok
18:02:18.0802 4396 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
18:02:18.0804 4396 NDProxy - ok
18:02:18.0838 4396 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
18:02:18.0840 4396 NetBIOS - ok
18:02:18.0905 4396 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
18:02:18.0914 4396 netbt - ok
18:02:18.0966 4396 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
18:02:18.0969 4396 Netlogon - ok
18:02:19.0034 4396 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
18:02:19.0089 4396 Netman - ok
18:02:19.0127 4396 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
18:02:19.0141 4396 netprofm - ok
18:02:19.0215 4396 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:02:19.0216 4396 NetTcpPortSharing - ok
18:02:19.0570 4396 NETw3v64 (c86984aee87900c1eeb6942ede3bf4b6) C:\Windows\system32\DRIVERS\NETw3v64.sys
18:02:19.0665 4396 NETw3v64 - ok
18:02:19.0801 4396 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
18:02:19.0802 4396 nfrd960 - ok
18:02:19.0843 4396 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
18:02:19.0852 4396 NlaSvc - ok
18:02:19.0911 4396 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
18:02:19.0913 4396 Npfs - ok
18:02:19.0922 4396 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
18:02:19.0924 4396 nsi - ok
18:02:19.0938 4396 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
18:02:19.0939 4396 nsiproxy - ok
18:02:20.0128 4396 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
18:02:20.0169 4396 Ntfs - ok
18:02:20.0602 4396 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
18:02:20.0603 4396 Null - ok
18:02:20.0866 4396 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
18:02:20.0869 4396 nvraid - ok
18:02:20.0887 4396 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
18:02:20.0889 4396 nvstor - ok
18:02:20.0920 4396 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
18:02:20.0930 4396 nv_agp - ok
18:02:20.0935 4396 NwlnkFlt - ok
18:02:20.0945 4396 NwlnkFwd - ok
18:02:21.0195 4396 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:02:21.0200 4396 odserv - ok
18:02:21.0243 4396 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys
18:02:21.0244 4396 ohci1394 - ok
18:02:21.0284 4396 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:02:21.0285 4396 ose - ok
18:02:21.0415 4396 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
18:02:21.0435 4396 p2pimsvc - ok
18:02:21.0446 4396 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
18:02:21.0454 4396 p2psvc - ok
18:02:21.0489 4396 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
18:02:21.0491 4396 Parport - ok
18:02:21.0539 4396 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
18:02:21.0542 4396 partmgr - ok
18:02:21.0569 4396 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
18:02:21.0576 4396 PcaSvc - ok
18:02:21.0640 4396 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
18:02:21.0651 4396 pci - ok
18:02:21.0663 4396 pciide (15e5c3f89a3452efbda3b39816dbc4ee) C:\Windows\system32\drivers\pciide.sys
18:02:21.0664 4396 pciide - ok
18:02:21.0696 4396 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
18:02:21.0706 4396 pcmcia - ok
18:02:21.0797 4396 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
18:02:21.0825 4396 PEAUTH - ok
18:02:21.0937 4396 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
18:02:21.0939 4396 PerfHost - ok
18:02:22.0162 4396 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
18:02:22.0212 4396 pla - ok
18:02:22.0296 4396 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
18:02:22.0316 4396 PlugPlay - ok
18:02:22.0424 4396 Pml Driver HPZ12 (5c42fa1fcea58c6f7d6614504bf88f4f) C:\Windows\system32\HPZipm12.dll
18:02:22.0426 4396 Pml Driver HPZ12 - ok
18:02:22.0575 4396 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
18:02:22.0586 4396 PNRPAutoReg - ok
18:02:22.0600 4396 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
18:02:22.0610 4396 PNRPsvc - ok
18:02:22.0701 4396 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
18:02:22.0739 4396 PolicyAgent - ok
18:02:22.0875 4396 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
18:02:22.0878 4396 PptpMiniport - ok
18:02:22.0943 4396 Printer Control (eb19fb454bf9b0f2cb7c9410424a590d) C:\Windows\system32\PrintCtrl.exe
18:02:22.0945 4396 Printer Control - ok
18:02:22.0968 4396 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
18:02:22.0970 4396 Processor - ok
18:02:23.0041 4396 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
18:02:23.0045 4396 ProfSvc - ok
18:02:23.0091 4396 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
18:02:23.0093 4396 ProtectedStorage - ok
18:02:23.0147 4396 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
18:02:23.0150 4396 PSched - ok
18:02:23.0170 4396 PTDUBus - ok
18:02:23.0178 4396 PTDUMdm - ok
18:02:23.0189 4396 PTDUVsp - ok
18:02:23.0233 4396 PTDUWFLT - ok
18:02:23.0249 4396 PTDUWWAN - ok
18:02:23.0288 4396 PTUMLBUS (54194574f2408dbe85c57b89f07c5930) C:\Windows\system32\DRIVERS\PTUMLBUS.sys
18:02:23.0290 4396 PTUMLBUS - ok
18:02:23.0339 4396 ptumlcmsvc (5efeeb3fe07d2e7a22e0b73fc6082df7) C:\Windows\system32\ptumlcmsvc64.exe
18:02:23.0342 4396 ptumlcmsvc - ok
18:02:23.0419 4396 PTUMLCVsp (6750863695f90461047bf982a1ba337d) C:\Windows\system32\DRIVERS\PTUMLCVsp.sys
18:02:23.0421 4396 PTUMLCVsp - ok
18:02:23.0484 4396 PTUMLMdm (aa57e2c81fe206c7afe8aa44d8f3e69c) C:\Windows\system32\DRIVERS\PTUMLMdm.sys
18:02:23.0486 4396 PTUMLMdm - ok
18:02:23.0560 4396 PTUMLNET (b8deb80db061b1fd587ebe1195b87a80) C:\Windows\system32\DRIVERS\PTUMLNET.sys
18:02:23.0564 4396 PTUMLNET - ok
18:02:23.0644 4396 PTUMLNVsp (a683af8c78fe866de9949225873de864) C:\Windows\system32\DRIVERS\PTUMLNVsp.sys
18:02:23.0647 4396 PTUMLNVsp - ok
18:02:23.0697 4396 PTUMLRMNET (29eef6f0f9a6a21312dccf5795897287) C:\Windows\system32\DRIVERS\PTUMLRMNET.sys
18:02:23.0699 4396 PTUMLRMNET - ok
18:02:23.0748 4396 PTUMLVsp (158f51e32558693e2357c3bb5f6e7648) C:\Windows\system32\DRIVERS\PTUMLVsp.sys
18:02:23.0750 4396 PTUMLVsp - ok
18:02:23.0899 4396 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
18:02:23.0950 4396 ql2300 - ok
18:02:23.0997 4396 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
18:02:24.0000 4396 ql40xx - ok
18:02:24.0071 4396 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
18:02:24.0108 4396 QWAVE - ok
18:02:24.0117 4396 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
18:02:24.0119 4396 QWAVEdrv - ok
18:02:24.0154 4396 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
18:02:24.0156 4396 RasAcd - ok
18:02:24.0183 4396 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
18:02:24.0199 4396 RasAuto - ok
18:02:24.0273 4396 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:02:24.0287 4396 Rasl2tp - ok
18:02:24.0359 4396 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
18:02:24.0422 4396 RasMan - ok
18:02:24.0489 4396 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
18:02:24.0490 4396 RasPppoe - ok
18:02:24.0548 4396 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
18:02:24.0551 4396 RasSstp - ok
18:02:24.0628 4396 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
18:02:24.0644 4396 rdbss - ok
18:02:24.0683 4396 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:02:24.0684 4396 RDPCDD - ok
18:02:24.0735 4396 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
18:02:24.0772 4396 rdpdr - ok
18:02:24.0777 4396 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
18:02:24.0778 4396 RDPENCDD - ok
18:02:24.0859 4396 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys
18:02:24.0883 4396 RDPWD - ok
18:02:24.0994 4396 Recovery Service for Windows (d5f08cc3d19b1c7f49619b9dad43c0ce) C:\Program Files (x86)\SMINST\BLService.exe
18:02:24.0997 4396 Recovery Service for Windows - ok
18:02:25.0053 4396 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
18:02:25.0057 4396 RemoteAccess - ok
18:02:25.0123 4396 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
18:02:25.0174 4396 RemoteRegistry - ok
18:02:25.0269 4396 RichVideo (805ae1f90c64758d19aaa001cf8cba12) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
18:02:25.0272 4396 RichVideo - ok
18:02:25.0319 4396 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
18:02:25.0321 4396 RpcLocator - ok
18:02:25.0450 4396 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
18:02:25.0457 4396 RpcSs - ok
18:02:25.0517 4396 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
18:02:25.0519 4396 rspndr - ok
18:02:25.0587 4396 RTL8169 (af7074e1d6a8a66204067ee8b2a8327a) C:\Windows\system32\DRIVERS\Rtlh64.sys
18:02:25.0620 4396 RTL8169 - ok
18:02:25.0654 4396 RTSTOR (aa3987386cf7d9005c42bc974634bd56) C:\Windows\system32\drivers\RTSTOR64.SYS
18:02:25.0656 4396 RTSTOR - ok
18:02:25.0693 4396 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
18:02:25.0694 4396 SamSs - ok
18:02:25.0714 4396 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
18:02:25.0716 4396 sbp2port - ok
18:02:25.0779 4396 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
18:02:25.0792 4396 SCardSvr - ok
18:02:26.0153 4396 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
18:02:26.0179 4396 Schedule - ok
18:02:26.0226 4396 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
18:02:26.0227 4396 SCPolicySvc - ok
18:02:26.0270 4396 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
18:02:26.0272 4396 sdbus - ok
18:02:26.0335 4396 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
18:02:26.0348 4396 SDRSVC - ok
18:02:26.0406 4396 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:02:26.0407 4396 secdrv - ok
18:02:26.0429 4396 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
18:02:26.0431 4396 seclogon - ok
18:02:26.0455 4396 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
18:02:26.0458 4396 SENS - ok
18:02:26.0488 4396 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
18:02:26.0489 4396 Serenum - ok
18:02:26.0524 4396 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
18:02:26.0526 4396 Serial - ok
18:02:26.0546 4396 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
18:02:26.0548 4396 sermouse - ok
18:02:26.0596 4396 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
18:02:26.0599 4396 SessionEnv - ok
18:02:26.0621 4396 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
18:02:26.0622 4396 sffdisk - ok
18:02:26.0636 4396 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
18:02:26.0637 4396 sffp_mmc - ok
18:02:26.0654 4396 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
18:02:26.0655 4396 sffp_sd - ok
18:02:26.0670 4396 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
18:02:26.0671 4396 sfloppy - ok
18:02:26.0757 4396 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
18:02:26.0771 4396 ShellHWDetection - ok
18:02:26.0802 4396 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
18:02:26.0803 4396 SiSRaid2 - ok
18:02:26.0825 4396 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
18:02:26.0828 4396 SiSRaid4 - ok
18:02:27.0080 4396 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
18:02:27.0099 4396 slsvc - ok
18:02:27.0254 4396 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
18:02:27.0258 4396 SLUINotify - ok
18:02:27.0342 4396 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
18:02:27.0347 4396 Smb - ok
18:02:27.0416 4396 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
18:02:27.0418 4396 SNMPTRAP - ok
18:02:27.0471 4396 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
18:02:27.0472 4396 spldr - ok
18:02:27.0530 4396 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
18:02:27.0535 4396 Spooler - ok
18:02:27.0624 4396 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
18:02:27.0634 4396 srv - ok
18:02:27.0691 4396 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
18:02:27.0701 4396 srv2 - ok
18:02:27.0774 4396 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
18:02:27.0786 4396 srvnet - ok
18:02:27.0846 4396 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
18:02:27.0855 4396 SSDPSRV - ok
18:02:27.0911 4396 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
18:02:27.0926 4396 SstpSvc - ok
18:02:28.0106 4396 STacSV (3fb66e86ba667d627a613e1d677469b0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe
18:02:28.0109 4396 STacSV - ok
18:02:28.0260 4396 STHDA (e01797a54f8a61512b7e590fde6d1988) C:\Windows\system32\DRIVERS\stwrt64.sys
18:02:28.0287 4396 STHDA - ok
18:02:28.0395 4396 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
18:02:28.0460 4396 stisvc - ok
18:02:28.0497 4396 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
18:02:28.0498 4396 swenum - ok
18:02:28.0616 4396 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
18:02:28.0638 4396 swprv - ok
18:02:28.0667 4396 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
18:02:28.0668 4396 Symc8xx - ok
18:02:28.0679 4396 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
18:02:28.0681 4396 Sym_hi - ok
18:02:28.0706 4396 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
18:02:28.0708 4396 Sym_u3 - ok
18:02:28.0856 4396 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
18:02:28.0917 4396 SysMain - ok
18:02:28.0984 4396 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
18:02:28.0988 4396 TabletInputService - ok
18:02:29.0088 4396 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
18:02:29.0150 4396 TapiSrv - ok
18:02:29.0169 4396 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
18:02:29.0173 4396 TBS - ok
18:02:29.0373 4396 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys
18:02:29.0431 4396 Tcpip - ok
18:02:29.0672 4396 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys
18:02:29.0686 4396 Tcpip6 - ok
18:02:29.0824 4396 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
18:02:29.0826 4396 tcpipreg - ok
18:02:29.0859 4396 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
18:02:29.0860 4396 TDPIPE - ok
18:02:29.0926 4396 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
18:02:29.0928 4396 TDTCP - ok
18:02:29.0991 4396 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
18:02:29.0994 4396 tdx - ok
18:02:30.0063 4396 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
18:02:30.0065 4396 TermDD - ok
18:02:30.0154 4396 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
18:02:30.0206 4396 TermService - ok
18:02:30.0327 4396 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
18:02:30.0334 4396 Themes - ok
18:02:30.0378 4396 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
18:02:30.0381 4396 THREADORDER - ok
18:02:30.0414 4396 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
18:02:30.0429 4396 TrkWks - ok
18:02:30.0509 4396 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
18:02:30.0509 4396 TrustedInstaller - ok
18:02:30.0562 4396 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:02:30.0563 4396 tssecsrv - ok
18:02:30.0590 4396 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
18:02:30.0591 4396 tunmp - ok
18:02:30.0627 4396 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
18:02:30.0629 4396 tunnel - ok
18:02:30.0664 4396 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
18:02:30.0679 4396 uagp35 - ok
18:02:30.0761 4396 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
18:02:30.0785 4396 udfs - ok
18:02:30.0822 4396 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
18:02:30.0826 4396 UI0Detect - ok
18:02:30.0892 4396 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
18:02:30.0895 4396 uliagpkx - ok
18:02:30.0936 4396 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
18:02:30.0964 4396 uliahci - ok
18:02:30.0995 4396 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
18:02:31.0007 4396 UlSata - ok
18:02:31.0051 4396 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
18:02:31.0063 4396 ulsata2 - ok
18:02:31.0838 4396 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
18:02:31.0839 4396 umbus - ok
18:02:31.0994 4396 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
18:02:32.0030 4396 upnphost - ok
18:02:32.0097 4396 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
18:02:32.0099 4396 usbccgp - ok
18:02:32.0123 4396 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
18:02:32.0126 4396 usbcir - ok
18:02:32.0180 4396 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
18:02:32.0181 4396 usbehci - ok
18:02:32.0211 4396 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
18:02:32.0226 4396 usbhub - ok
18:02:32.0285 4396 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
18:02:32.0286 4396 usbohci - ok
18:02:32.0312 4396 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
18:02:32.0314 4396 usbprint - ok
18:02:32.0330 4396 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
18:02:32.0332 4396 usbscan - ok
18:02:32.0351 4396 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:02:32.0353 4396 USBSTOR - ok
18:02:32.0366 4396 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
18:02:32.0367 4396 usbuhci - ok
18:02:32.0412 4396 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
18:02:32.0425 4396 usbvideo - ok
18:02:32.0471 4396 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
18:02:32.0474 4396 UxSms - ok
18:02:32.0552 4396 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
18:02:32.0559 4396 vds - ok
18:02:32.0612 4396 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
18:02:32.0613 4396 vga - ok
18:02:32.0634 4396 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
18:02:32.0636 4396 VgaSave - ok
18:02:32.0660 4396 viaide (4f964e6828156f0ef3fa8d3a9a7895de) C:\Windows\system32\drivers\viaide.sys
18:02:32.0661 4396 viaide - ok
18:02:32.0711 4396 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
18:02:32.0713 4396 volmgr - ok
18:02:32.0794 4396 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
18:02:32.0815 4396 volmgrx - ok
18:02:32.0894 4396 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
18:02:32.0946 4396 volsnap - ok
18:02:33.0016 4396 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
18:02:33.0030 4396 vsmraid - ok
18:02:33.0177 4396 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
18:02:33.0193 4396 VSS - ok
18:02:33.0360 4396 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
18:02:33.0421 4396 W32Time - ok
18:02:33.0471 4396 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
18:02:33.0472 4396 WacomPen - ok
18:02:33.0541 4396 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
18:02:33.0543 4396 Wanarp - ok
18:02:33.0548 4396 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
18:02:33.0549 4396 Wanarpv6 - ok
18:02:33.0636 4396 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
18:02:33.0705 4396 wcncsvc - ok
18:02:33.0720 4396 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
18:02:33.0725 4396 WcsPlugInService - ok
18:02:33.0743 4396 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
18:02:33.0745 4396 Wd - ok
18:02:33.0849 4396 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:02:33.0889 4396 Wdf01000 - ok
18:02:33.0940 4396 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
18:02:33.0944 4396 WdiServiceHost - ok
18:02:33.0951 4396 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
18:02:33.0955 4396 WdiSystemHost - ok
18:02:34.0067 4396 Web Assistant Updater (f53ca9d2a8e69281af8e6009b14326a3) C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
18:02:34.0069 4396 Web Assistant Updater - ok
18:02:34.0132 4396 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
18:02:34.0144 4396 WebClient - ok
18:02:34.0210 4396 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
18:02:34.0216 4396 Wecsvc - ok
18:02:34.0267 4396 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
18:02:34.0284 4396 wercplsupport - ok
18:02:34.0356 4396 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
18:02:34.0362 4396 WerSvc - ok
18:02:34.0384 4396 WinDefend - ok
18:02:34.0395 4396 WinHttpAutoProxySvc - ok
18:02:34.0521 4396 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
18:02:34.0529 4396 Winmgmt - ok
18:02:34.0803 4396 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
18:02:34.0859 4396 WinRM - ok
18:02:35.0066 4396 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
18:02:35.0103 4396 Wlansvc - ok
18:02:35.0168 4396 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:02:35.0169 4396 WmiAcpi - ok
18:02:35.0254 4396 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
18:02:35.0256 4396 wmiApSrv - ok
18:02:35.0333 4396 WMPNetworkSvc - ok
18:02:35.0421 4396 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
18:02:35.0477 4396 WPCSvc - ok
18:02:35.0548 4396 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
18:02:35.0563 4396 WPDBusEnum - ok
18:02:35.0594 4396 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
18:02:35.0596 4396 WpdUsb - ok
18:02:35.0912 4396 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:02:35.0922 4396 WPFFontCache_v0400 - ok
18:02:35.0982 4396 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
18:02:35.0984 4396 ws2ifsl - ok
18:02:36.0049 4396 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll
18:02:36.0053 4396 wscsvc - ok
18:02:36.0057 4396 WSearch - ok
18:02:36.0145 4396 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:02:36.0147 4396 WUDFRd - ok
18:02:36.0179 4396 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
18:02:36.0184 4396 wudfsvc - ok
18:02:36.0313 4396 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
18:02:36.0319 4396 YahooAUService - ok
18:02:36.0386 4396 yukonx64 (07f7285220307aafb755d890295f0f9a) C:\Windows\system32\DRIVERS\yk60x64.sys
18:02:36.0393 4396 yukonx64 - ok
18:02:36.0481 4396 {55662437-DA8C-40c0-AADA-2C816A897A49} (15cc7077d2dc28776cd430ecabbffd66) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
18:02:36.0482 4396 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
18:02:36.0486 4396 {79007602-0CDB-4405-9DBF-1257BB3226EE} - ok
18:02:36.0576 4396 MBR (0x1B8) (588ae8f0c685c02ba11f30d9cd7e61a0) \Device\Harddisk0\DR0
18:02:36.0779 4396 \Device\Harddisk0\DR0 - ok
18:02:36.0785 4396 Boot (0x1200) (cead4ce2578bee1165dd63076e3b8c55) \Device\Harddisk0\DR0\Partition0
18:02:36.0787 4396 \Device\Harddisk0\DR0\Partition0 - ok
18:02:36.0791 4396 Boot (0x1200) (3417f3b365f18b6c641b20fedfc17d66) \Device\Harddisk0\DR0\Partition1
18:02:36.0792 4396 \Device\Harddisk0\DR0\Partition1 - ok
18:02:36.0793 4396 ============================================================
18:02:36.0793 4396 Scan finished
18:02:36.0793 4396 ============================================================
18:02:36.0806 4152 Detected object count: 0
18:02:36.0806 4152 Actual detected object count: 0
18:02:54.0786 4588 ============================================================
18:02:54.0786 4588 Scan started
18:02:54.0786 4588 Mode: Manual; TDLFS;
18:02:54.0786 4588 ============================================================
18:02:55.0984 4588 Accelerometer (60fbb29ccce48b4c3a6517caf42c3496) C:\Windows\system32\DRIVERS\Accelerometer.sys
18:02:55.0985 4588 Accelerometer - ok
18:02:56.0143 4588 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
18:02:56.0146 4588 ACPI - ok
18:02:56.0341 4588 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
18:02:56.0345 4588 adp94xx - ok
18:02:56.0506 4588 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
18:02:56.0509 4588 adpahci - ok
18:02:56.0539 4588 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
18:02:56.0541 4588 adpu160m - ok
18:02:56.0614 4588 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
18:02:56.0616 4588 adpu320 - ok
18:02:56.0689 4588 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
18:02:56.0690 4588 AeLookupSvc - ok
18:02:56.0855 4588 AESTFilters (7f66523a27754afcfecae2f5eb643a4a) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe
18:02:56.0856 4588 AESTFilters - ok
18:02:56.0934 4588 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
18:02:56.0938 4588 AFD - ok
18:02:56.0970 4588 AgereModemAudio (8b0d8b5bafd4c9d57b41426bc68b32f9) C:\Windows\system32\agr64svc.exe
18:02:56.0970 4588 AgereModemAudio - ok
18:02:57.0144 4588 AgereSoftModem (3627a62b10284ffbf862bfd49928edf4) C:\Windows\system32\DRIVERS\agrsm64.sys
18:02:57.0154 4588 AgereSoftModem - ok
18:02:57.0223 4588 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
18:02:57.0224 4588 agp440 - ok
18:02:57.0246 4588 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
18:02:57.0247 4588 aic78xx - ok
18:02:57.0265 4588 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
18:02:57.0266 4588 ALG - ok
18:02:57.0308 4588 aliide (e0ca5bb8e6c79533dc6b1da7361a201e) C:\Windows\system32\drivers\aliide.sys
18:02:57.0309 4588 aliide - ok
18:02:57.0319 4588 amdide (7034f8d1b9703d711d3f92c95deb377d) C:\Windows\system32\drivers\amdide.sys
18:02:57.0319 4588 amdide - ok
18:02:57.0416 4588 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
18:02:57.0417 4588 AmdK8 - ok
18:02:57.0441 4588 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
18:02:57.0441 4588 Appinfo - ok
18:02:57.0466 4588 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
18:02:57.0467 4588 arc - ok
18:02:57.0479 4588 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
18:02:57.0480 4588 arcsas - ok
18:02:57.0524 4588 asdrm (0bd8fe611928363a6840de25fb936ef4) C:\Windows\system32\DRIVERS\asdrm.sys
18:02:57.0525 4588 asdrm - ok
18:02:57.0547 4588 asdrs (35acf6e4bc66c7cb43b16624f9a986eb) C:\Windows\system32\DRIVERS\asdrs.sys
18:02:57.0547 4588 asdrs - ok
18:02:57.0760 4588 asdsrv (197eb3cde17b18c78e1b5324d2e0a451) C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
18:02:57.0766 4588 asdsrv - ok
18:02:57.0825 4588 asdws (0bb90b97b7e952ffe876db76ce213487) C:\Windows\system32\DRIVERS\asdws.sys
18:02:57.0826 4588 asdws - ok
18:02:57.0949 4588 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
18:02:57.0950 4588 AsyncMac - ok
18:02:58.0078 4588 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
18:02:58.0078 4588 atapi - ok
18:02:58.0266 4588 atashost (ad0635ef51f000c3ccbfd35f3d378998) C:\Windows\SysWOW64\atashost.exe
18:02:58.0267 4588 atashost - ok
18:02:58.0367 4588 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
18:02:58.0371 4588 AudioEndpointBuilder - ok
18:02:58.0379 4588 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
18:02:58.0387 4588 AudioSrv - ok
18:02:58.0585 4588 BCM43XX (a4815907b039121d8d9221695cdc35f7) C:\Windows\system32\DRIVERS\bcmwl664.sys
18:02:58.0599 4588 BCM43XX - ok
18:02:58.0779 4588 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
18:02:58.0784 4588 BFE - ok
18:02:58.0892 4588 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
18:02:58.0893 4588 blbdrive - ok
18:02:59.0061 4588 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
18:02:59.0064 4588 Bonjour Service - ok
18:02:59.0132 4588 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
18:02:59.0134 4588 bowser - ok
18:02:59.0150 4588 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
18:02:59.0151 4588 BrFiltLo - ok
18:02:59.0169 4588 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
18:02:59.0169 4588 BrFiltUp - ok
18:02:59.0215 4588 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
18:02:59.0217 4588 Browser - ok
18:02:59.0276 4588 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
18:02:59.0278 4588 Brserid - ok
18:02:59.0309 4588 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
18:02:59.0310 4588 BrSerWdm - ok
18:02:59.0328 4588 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
18:02:59.0329 4588 BrUsbMdm - ok
18:02:59.0345 4588 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
18:02:59.0345 4588 BrUsbSer - ok
18:02:59.0359 4588 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
18:02:59.0360 4588 BTHMODEM - ok
18:02:59.0386 4588 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
18:02:59.0387 4588 cdfs - ok
18:02:59.0450 4588 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
18:02:59.0451 4588 cdrom - ok
18:02:59.0524 4588 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
18:02:59.0526 4588 CertPropSvc - ok
18:02:59.0546 4588 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
18:02:59.0547 4588 circlass - ok
18:02:59.0627 4588 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
18:02:59.0632 4588 CLFS - ok
18:02:59.0719 4588 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:02:59.0721 4588 clr_optimization_v2.0.50727_32 - ok
18:02:59.0795 4588 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:02:59.0797 4588 clr_optimization_v2.0.50727_64 - ok
18:02:59.0902 4588 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:02:59.0904 4588 clr_optimization_v4.0.30319_32 - ok
18:02:59.0984 4588 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:02:59.0987 4588 clr_optimization_v4.0.30319_64 - ok
18:03:00.0088 4588 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
18:03:00.0089 4588 CmBatt - ok
18:03:00.0158 4588 cmdide (8c6aa24c1d7273a02284588426ab8ce3) C:\Windows\system32\drivers\cmdide.sys
18:03:00.0159 4588 cmdide - ok
18:03:00.0235 4588 Com4QLBEx (7795f8cebc284a426b53f541e538695f) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
18:03:00.0236 4588 Com4QLBEx - ok
18:03:00.0250 4588 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
18:03:00.0251 4588 Compbatt - ok
18:03:00.0260 4588 COMSysApp - ok
18:03:00.0273 4588 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
18:03:00.0274 4588 crcdisk - ok
18:03:00.0371 4588 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll
18:03:00.0373 4588 CryptSvc - ok
18:03:00.0492 4588 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
18:03:00.0499 4588 DcomLaunch - ok
18:03:00.0549 4588 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
18:03:00.0550 4588 DfsC - ok
18:03:00.0960 4588 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
18:03:00.0986 4588 DFSR - ok
18:03:01.0158 4588 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
18:03:01.0160 4588 Dhcp - ok
18:03:01.0276 4588 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
18:03:01.0277 4588 disk - ok
18:03:01.0336 4588 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
18:03:01.0337 4588 Dnscache - ok
18:03:01.0403 4588 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
18:03:01.0406 4588 dot3svc - ok
18:03:01.0472 4588 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
18:03:01.0474 4588 DPS - ok
18:03:01.0507 4588 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
18:03:01.0508 4588 drmkaud - ok
18:03:01.0664 4588 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
18:03:01.0673 4588 DXGKrnl - ok
18:03:01.0703 4588 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
18:03:01.0705 4588 E1G60 - ok
18:03:01.0738 4588 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
18:03:01.0740 4588 EapHost - ok
18:03:01.0799 4588 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
18:03:01.0802 4588 Ecache - ok
18:03:01.0904 4588 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
18:03:01.0909 4588 ehRecvr - ok
18:03:01.0951 4588 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
18:03:01.0953 4588 ehSched - ok
18:03:01.0988 4588 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
18:03:01.0989 4588 ehstart - ok
18:03:02.0055 4588 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
18:03:02.0060 4588 elxstor - ok
18:03:02.0137 4588 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
18:03:02.0143 4588 EMDMgmt - ok
18:03:02.0179 4588 enecir (f218a3a27ed6592c0e22ec3595554447) C:\Windows\system32\DRIVERS\enecir.sys
18:03:02.0180 4588 enecir - ok
18:03:02.0259 4588 EPSON_PM_RPCV4_01 (1e345f2a2d95da3190596e691cde9342) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
18:03:02.0261 4588 EPSON_PM_RPCV4_01 - ok
18:03:02.0310 4588 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
18:03:02.0311 4588 ErrDev - ok
18:03:02.0387 4588 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
18:03:02.0392 4588 EventSystem - ok
18:03:02.0463 4588 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
18:03:02.0465 4588 exfat - ok
18:03:02.0553 4588 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
18:03:02.0555 4588 fastfat - ok
18:03:02.0599 4588 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
18:03:02.0600 4588 fdc - ok
18:03:02.0623 4588 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
18:03:02.0624 4588 fdPHost - ok
18:03:02.0648 4588 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
18:03:02.0650 4588 FDResPub - ok
18:03:02.0670 4588 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
18:03:02.0671 4588 FileInfo - ok
18:03:02.0706 4588 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
18:03:02.0707 4588 Filetrace - ok
18:03:02.0728 4588 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
18:03:02.0729 4588 flpydisk - ok
18:03:02.0809 4588 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
18:03:02.0812 4588 FltMgr - ok
18:03:03.0000 4588 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
18:03:03.0016 4588 FontCache - ok
18:03:03.0109 4588 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:03:03.0110 4588 FontCache3.0.0.0 - ok
18:03:03.0232 4588 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
18:03:03.0233 4588 Fs_Rec - ok
18:03:03.0281 4588 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
18:03:03.0282 4588 gagp30kx - ok
18:03:03.0371 4588 GameConsoleService (617dc2877015270914ca3c03873560d5) C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
18:03:03.0374 4588 GameConsoleService - ok
18:03:03.0521 4588 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
18:03:03.0563 4588 gpsvc - ok
18:03:03.0626 4588 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
18:03:03.0629 4588 HdAudAddService - ok
18:03:03.0779 4588 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:03:03.0786 4588 HDAudBus - ok
18:03:03.0829 4588 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
18:03:03.0829 4588 HidBth - ok
18:03:03.0874 4588 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
18:03:03.0875 4588 HidIr - ok
18:03:03.0933 4588 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll
18:03:03.0935 4588 hidserv - ok
18:03:03.0966 4588 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
18:03:03.0966 4588 HidUsb - ok
18:03:04.0007 4588 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
18:03:04.0009 4588 hkmsvc - ok
18:03:04.0073 4588 HP Health Check Service (89f9e1984c1cd9e5f4fe39642d886e11) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
18:03:04.0074 4588 HP Health Check Service - ok
18:03:04.0099 4588 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
18:03:04.0100 4588 HpCISSs - ok
18:03:04.0125 4588 hpdskflt (4a435ca815a54639ca09ddf75d751ebc) C:\Windows\system32\DRIVERS\hpdskflt.sys
18:03:04.0126 4588 hpdskflt - ok
18:03:04.0155 4588 HpqKbFiltr (0ecc54fd34d6a089c300846b011e81d6) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
18:03:04.0156 4588 HpqKbFiltr - ok
18:03:04.0193 4588 hpqwmiex (1665c7121a026df10c903db9bc5e9d43) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
18:03:04.0195 4588 hpqwmiex - ok
18:03:04.0248 4588 hpsrv (6bf024ea61d7894bf4af0b10a90b546e) C:\Windows\system32\Hpservice.exe
18:03:04.0249 4588 hpsrv - ok
18:03:04.0349 4588 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
18:03:04.0356 4588 HTTP - ok
18:03:04.0362 4588 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
18:03:04.0363 4588 i2omp - ok
18:03:04.0385 4588 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
18:03:04.0386 4588 i8042prt - ok
18:03:04.0463 4588 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
18:03:04.0466 4588 iaStorV - ok
18:03:04.0527 4588 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
18:03:04.0528 4588 IDriverT - ok
18:03:04.0703 4588 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:03:04.0711 4588 idsvc - ok
18:03:05.0920 4588 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
18:03:06.0016 4588 igfx - ok
18:03:06.0165 4588 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
18:03:06.0166 4588 iirsp - ok
18:03:06.0256 4588 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
18:03:06.0261 4588 IKEEXT - ok
18:03:06.0316 4588 IntcHdmiAddService (dea2ab452b4fa773187369c4b6517320) C:\Windows\system32\drivers\IntcHdmi.sys
18:03:06.0318 4588 IntcHdmiAddService - ok
18:03:06.0337 4588 intelide (475490caf376e55e6e8b37bbdfeb2e81) C:\Windows\system32\drivers\intelide.sys
18:03:06.0338 4588 intelide - ok
18:03:06.0348 4588 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
18:03:06.0349 4588 intelppm - ok
18:03:06.0441 4588 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
18:03:06.0442 4588 IntuitUpdateService - ok
18:03:06.0475 4588 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
18:03:06.0477 4588 IPBusEnum - ok
18:03:06.0572 4588 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:03:06.0573 4588 IpFilterDriver - ok
18:03:06.0732 4588 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
18:03:06.0735 4588 iphlpsvc - ok
18:03:06.0740 4588 IpInIp - ok
18:03:06.0801 4588 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
18:03:06.0803 4588 IPMIDRV - ok
18:03:06.0866 4588 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
18:03:06.0868 4588 IPNAT - ok
18:03:06.0918 4588 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
18:03:06.0919 4588 IRENUM - ok
18:03:06.0943 4588 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
18:03:06.0944 4588 isapnp - ok
18:03:07.0012 4588 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
18:03:07.0014 4588 iScsiPrt - ok
18:03:07.0059 4588 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
18:03:07.0059 4588 iteatapi - ok
18:03:07.0069 4588 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
18:03:07.0070 4588 iteraid - ok
18:03:07.0119 4588 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
18:03:07.0119 4588 kbdclass - ok
18:03:07.0166 4588 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
18:03:07.0167 4588 kbdhid - ok
18:03:07.0207 4588 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
18:03:07.0209 4588 KeyIso - ok
18:03:07.0340 4588 Kodak AiO Network Discovery Service (9499d896eaf220b203fe4c2e25e0984e) C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe
18:03:07.0344 4588 Kodak AiO Network Discovery Service - ok
18:03:07.0427 4588 KSecDD (88956ad9fa510848ad176777a6c6c1f5) C:\Windows\system32\Drivers\ksecdd.sys
18:03:07.0432 4588 KSecDD - ok
18:03:07.0465 4588 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
18:03:07.0466 4588 ksthunk - ok
18:03:07.0519 4588 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
18:03:07.0524 4588 KtmRm - ok
18:03:07.0598 4588 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll
18:03:07.0603 4588 LanmanServer - ok
18:03:07.0661 4588 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
18:03:07.0667 4588 LanmanWorkstation - ok
18:03:07.0735 4588 LightScribeService (abf90fc5a127f481219b873c1b8dfc1c) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
18:03:07.0736 4588 LightScribeService - ok
18:03:07.0752 4588 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
18:03:07.0754 4588 lltdio - ok
18:03:07.0857 4588 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
18:03:07.0862 4588 lltdsvc - ok
18:03:07.0869 4588 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
18:03:07.0873 4588 lmhosts - ok
18:03:07.0883 4588 lmimirr - ok
18:03:07.0930 4588 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
18:03:07.0932 4588 LSI_FC - ok
18:03:07.0992 4588 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
18:03:07.0994 4588 LSI_SAS - ok
18:03:08.0012 4588 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
18:03:08.0014 4588 LSI_SCSI - ok
18:03:08.0036 4588 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
18:03:08.0038 4588 luafv - ok
18:03:08.0081 4588 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
18:03:08.0082 4588 MBAMProtector - ok
18:03:08.0179 4588 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:03:08.0188 4588 MBAMService - ok
18:03:08.0345 4588 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
18:03:08.0348 4588 Mcx2Svc - ok
18:03:08.0424 4588 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
18:03:08.0425 4588 megasas - ok
18:03:08.0517 4588 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
18:03:08.0524 4588 MegaSR - ok
18:03:08.0559 4588 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
18:03:08.0562 4588 MMCSS - ok
18:03:08.0590 4588 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
18:03:08.0591 4588 Modem - ok
18:03:08.0636 4588 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
18:03:08.0637 4588 monitor - ok
18:03:08.0662 4588 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
18:03:08.0663 4588 mouclass - ok
18:03:08.0679 4588 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
18:03:08.0680 4588 mouhid - ok
18:03:08.0708 4588 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
18:03:08.0709 4588 MountMgr - ok
18:03:08.0729 4588 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
18:03:08.0734 4588 mpio - ok
18:03:08.0755 4588 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
18:03:08.0756 4588 mpsdrv - ok
18:03:08.0777 4588 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
18:03:08.0778 4588 Mraid35x - ok
18:03:08.0860 4588 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
18:03:08.0861 4588 MRxDAV - ok
18:03:08.0914 4588 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:03:08.0915 4588 mrxsmb - ok
18:03:09.0004 4588 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:03:09.0007 4588 mrxsmb10 - ok
18:03:09.0027 4588 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:03:09.0028 4588 mrxsmb20 - ok
18:03:09.0063 4588 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
18:03:09.0063 4588 msahci - ok
18:03:09.0098 4588 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
18:03:09.0099 4588 msdsm - ok
18:03:09.0149 4588 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
18:03:09.0151 4588 MSDTC - ok
18:03:09.0203 4588 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
18:03:09.0204 4588 Msfs - ok
18:03:09.0213 4588 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
18:03:09.0213 4588 msisadrv - ok
18:03:09.0248 4588 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
18:03:09.0250 4588 MSiSCSI - ok
18:03:09.0254 4588 msiserver - ok
18:03:09.0303 4588 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
18:03:09.0303 4588 MSKSSRV - ok
18:03:09.0317 4588 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
18:03:09.0317 4588 MSPCLOCK - ok
18:03:09.0329 4588 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
18:03:09.0329 4588 MSPQM - ok
18:03:09.0414 4588 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
18:03:09.0417 4588 MsRPC - ok
18:03:09.0462 4588 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
18:03:09.0462 4588 mssmbios - ok
18:03:09.0479 4588 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
18:03:09.0479 4588 MSTEE - ok
18:03:09.0533 4588 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
18:03:09.0534 4588 Mup - ok
18:03:09.0613 4588 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
18:03:09.0618 4588 napagent - ok
18:03:09.0678 4588 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
18:03:09.0679 4588 NativeWifiP - ok
18:03:09.0810 4588 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
18:03:09.0817 4588 NDIS - ok
18:03:09.0848 4588 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
18:03:09.0849 4588 NdisTapi - ok
18:03:09.0863 4588 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
18:03:09.0864 4588 Ndisuio - ok
18:03:09.0947 4588 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
18:03:09.0949 4588 NdisWan - ok
18:03:10.0010 4588 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
18:03:10.0011 4588 NDProxy - ok
18:03:10.0024 4588 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
18:03:10.0025 4588 NetBIOS - ok
18:03:10.0097 4588 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
18:03:10.0099 4588 netbt - ok
18:03:10.0153 4588 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
18:03:10.0154 4588 Netlogon - ok
18:03:10.0204 4588 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
18:03:10.0208 4588 Netman - ok
18:03:10.0264 4588 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
18:03:10.0267 4588 netprofm - ok
18:03:10.0379 4588 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:03:10.0380 4588 NetTcpPortSharing - ok
18:03:10.0711 4588 NETw3v64 (c86984aee87900c1eeb6942ede3bf4b6) C:\Windows\system32\DRIVERS\NETw3v64.sys
18:03:10.0738 4588 NETw3v64 - ok
18:03:10.0898 4588 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
18:03:10.0899 4588 nfrd960 - ok
18:03:10.0942 4588 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
18:03:10.0945 4588 NlaSvc - ok
18:03:11.0010 4588 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
18:03:11.0011 4588 Npfs - ok
18:03:11.0031 4588 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
18:03:11.0033 4588 nsi - ok
18:03:11.0047 4588 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
18:03:11.0048 4588 nsiproxy - ok
18:03:11.0267 4588 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
18:03:11.0283 4588 Ntfs - ok
18:03:11.0455 4588 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
18:03:11.0456 4588 Null - ok
18:03:11.0486 4588 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
18:03:11.0488 4588 nvraid - ok
18:03:11.0506 4588 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
18:03:11.0507 4588 nvstor - ok
18:03:11.0534 4588 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
18:03:11.0536 4588 nv_agp - ok
18:03:11.0542 4588 NwlnkFlt - ok
18:03:11.0551 4588 NwlnkFwd - ok
18:03:11.0710 4588 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:03:11.0714 4588 odserv - ok
18:03:11.0741 4588 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys
18:03:11.0742 4588 ohci1394 - ok
18:03:11.0788 4588 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:03:11.0790 4588 ose - ok
18:03:11.0936 4588 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
18:03:11.0947 4588 p2pimsvc - ok
18:03:11.0963 4588 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
18:03:11.0976 4588 p2psvc - ok
18:03:12.0010 4588 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
18:03:12.0011 4588 Parport - ok
18:03:12.0061 4588 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
18:03:12.0062 4588 partmgr - ok
18:03:12.0123 4588 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
18:03:12.0126 4588 PcaSvc - ok
18:03:12.0222 4588 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
18:03:12.0224 4588 pci - ok
18:03:12.0293 4588 pciide (15e5c3f89a3452efbda3b39816dbc4ee) C:\Windows\system32\drivers\pciide.sys
18:03:12.0294 4588 pciide - ok
18:03:12.0331 4588 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
18:03:12.0333 4588 pcmcia - ok
18:03:12.0501 4588 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
18:03:12.0529 4588 PEAUTH - ok
18:03:12.0646 4588 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
18:03:12.0648 4588 PerfHost - ok
18:03:12.0828 4588 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
18:03:12.0847 4588 pla - ok
18:03:12.0938 4588 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
18:03:12.0944 4588 PlugPlay - ok
18:03:13.0014 4588 Pml Driver HPZ12 (5c42fa1fcea58c6f7d6614504bf88f4f) C:\Windows\system32\HPZipm12.dll
18:03:13.0016 4588 Pml Driver HPZ12 - ok
18:03:13.0179 4588 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
18:03:13.0186 4588 PNRPAutoReg - ok
18:03:13.0197 4588 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
18:03:13.0208 4588 PNRPsvc - ok
18:03:13.0298 4588 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
18:03:13.0303 4588 PolicyAgent - ok
18:03:13.0626 4588 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
18:03:13.0627 4588 PptpMiniport - ok
18:03:13.0850 4588 Printer Control (eb19fb454bf9b0f2cb7c9410424a590d) C:\Windows\system32\PrintCtrl.exe
18:03:13.0852 4588 Printer Control - ok
18:03:13.0889 4588 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
18:03:13.0890 4588 Processor - ok
18:03:13.0950 4588 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
18:03:13.0953 4588 ProfSvc - ok
18:03:14.0066 4588 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
18:03:14.0068 4588 ProtectedStorage - ok
18:03:14.0137 4588 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
18:03:14.0138 4588 PSched - ok
18:03:14.0143 4588 PTDUBus - ok
18:03:14.0151 4588 PTDUMdm - ok
18:03:14.0164 4588 PTDUVsp - ok
18:03:14.0174 4588 PTDUWFLT - ok
18:03:14.0181 4588 PTDUWWAN - ok
18:03:14.0243 4588 PTUMLBUS (54194574f2408dbe85c57b89f07c5930) C:\Windows\system32\DRIVERS\PTUMLBUS.sys
18:03:14.0244 4588 PTUMLBUS - ok
18:03:14.0311 4588 ptumlcmsvc (5efeeb3fe07d2e7a22e0b73fc6082df7) C:\Windows\system32\ptumlcmsvc64.exe
18:03:14.0316 4588 ptumlcmsvc - ok
18:03:14.0372 4588 PTUMLCVsp (6750863695f90461047bf982a1ba337d) C:\Windows\system32\DRIVERS\PTUMLCVsp.sys
18:03:14.0374 4588 PTUMLCVsp - ok
18:03:14.0437 4588 PTUMLMdm (aa57e2c81fe206c7afe8aa44d8f3e69c) C:\Windows\system32\DRIVERS\PTUMLMdm.sys
18:03:14.0439 4588 PTUMLMdm - ok
18:03:14.0503 4588 PTUMLNET (b8deb80db061b1fd587ebe1195b87a80) C:\Windows\system32\DRIVERS\PTUMLNET.sys
18:03:14.0504 4588 PTUMLNET - ok
18:03:14.0599 4588 PTUMLNVsp (a683af8c78fe866de9949225873de864) C:\Windows\system32\DRIVERS\PTUMLNVsp.sys
18:03:14.0602 4588 PTUMLNVsp - ok
18:03:14.0662 4588 PTUMLRMNET (29eef6f0f9a6a21312dccf5795897287) C:\Windows\system32\DRIVERS\PTUMLRMNET.sys
18:03:14.0663 4588 PTUMLRMNET - ok
18:03:14.0727 4588 PTUMLVsp (158f51e32558693e2357c3bb5f6e7648) C:\Windows\system32\DRIVERS\PTUMLVsp.sys
18:03:14.0729 4588 PTUMLVsp - ok
18:03:14.0926 4588 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
18:03:14.0939 4588 ql2300 - ok
18:03:14.0997 4588 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
18:03:14.0999 4588 ql40xx - ok
18:03:15.0099 4588 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
18:03:15.0103 4588 QWAVE - ok
18:03:15.0119 4588 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
18:03:15.0120 4588 QWAVEdrv - ok
18:03:15.0151 4588 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
18:03:15.0152 4588 RasAcd - ok
18:03:15.0168 4588 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
18:03:15.0170 4588 RasAuto - ok
18:03:15.0236 4588 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:03:15.0237 4588 Rasl2tp - ok
18:03:15.0315 4588 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
18:03:15.0320 4588 RasMan - ok
18:03:15.0387 4588 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
18:03:15.0388 4588 RasPppoe - ok
18:03:15.0446 4588 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
18:03:15.0447 4588 RasSstp - ok
18:03:15.0514 4588 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
18:03:15.0516 4588 rdbss - ok
18:03:15.0536 4588 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:03:15.0536 4588 RDPCDD - ok
18:03:15.0579 4588 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
18:03:15.0582 4588 rdpdr - ok
18:03:15.0593 4588 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
18:03:15.0593 4588 RDPENCDD - ok
18:03:15.0668 4588 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys
18:03:15.0671 4588 RDPWD - ok
18:03:15.0747 4588 Recovery Service for Windows (d5f08cc3d19b1c7f49619b9dad43c0ce) C:\Program Files (x86)\SMINST\BLService.exe
18:03:15.0751 4588 Recovery Service for Windows - ok
18:03:15.0797 4588 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
18:03:15.0800 4588 RemoteAccess - ok
18:03:15.0864 4588 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
18:03:15.0868 4588 RemoteRegistry - ok
18:03:15.0968 4588 RichVideo (805ae1f90c64758d19aaa001cf8cba12) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
18:03:15.0971 4588 RichVideo - ok
18:03:16.0039 4588 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
18:03:16.0041 4588 RpcLocator - ok
18:03:16.0200 4588 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
18:03:16.0212 4588 RpcSs - ok
18:03:16.0293 4588 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
18:03:16.0295 4588 rspndr - ok
18:03:16.0378 4588 RTL8169 (af7074e1d6a8a66204067ee8b2a8327a) C:\Windows\system32\DRIVERS\Rtlh64.sys
18:03:16.0380 4588 RTL8169 - ok
18:03:16.0431 4588 RTSTOR (aa3987386cf7d9005c42bc974634bd56) C:\Windows\system32\drivers\RTSTOR64.SYS
18:03:16.0433 4588 RTSTOR - ok
18:03:16.0490 4588 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
18:03:16.0492 4588 SamSs - ok
18:03:16.0545 4588 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
18:03:16.0546 4588 sbp2port - ok
18:03:16.0621 4588 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
18:03:16.0624 4588 SCardSvr - ok
18:03:16.0768 4588 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
18:03:16.0777 4588 Schedule - ok
18:03:16.0846 4588 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
18:03:16.0846 4588 SCPolicySvc - ok
18:03:16.0867 4588 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
18:03:16.0868 4588 sdbus - ok
18:03:16.0909 4588 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
18:03:16.0912 4588 SDRSVC - ok
18:03:16.0981 4588 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:03:16.0982 4588 secdrv - ok
18:03:17.0004 4588 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
18:03:17.0006 4588 seclogon - ok
18:03:17.0026 4588 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
18:03:17.0028 4588 SENS - ok
18:03:17.0041 4588 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
18:03:17.0042 4588 Serenum - ok
18:03:17.0067 4588 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
18:03:17.0069 4588 Serial - ok
18:03:17.0121 4588 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
18:03:17.0122 4588 sermouse - ok
18:03:17.0183 4588 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
18:03:17.0185 4588 SessionEnv - ok
18:03:17.0207 4588 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
18:03:17.0208 4588 sffdisk - ok
18:03:17.0223 4588 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
18:03:17.0223 4588 sffp_mmc - ok
18:03:17.0240 4588 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
18:03:17.0241 4588 sffp_sd - ok
18:03:17.0256 4588 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
18:03:17.0257 4588 sfloppy - ok
18:03:17.0352 4588 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
18:03:17.0356 4588 ShellHWDetection - ok
18:03:17.0411 4588 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
18:03:17.0412 4588 SiSRaid2 - ok
18:03:17.0446 4588 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
18:03:17.0447 4588 SiSRaid4 - ok
18:03:17.0763 4588 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
18:03:17.0794 4588 slsvc - ok
18:03:17.0962 4588 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
18:03:17.0965 4588 SLUINotify - ok
18:03:18.0038 4588 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
18:03:18.0039 4588 Smb - ok
18:03:18.0079 4588 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
18:03:18.0083 4588 SNMPTRAP - ok
18:03:18.0168 4588 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
18:03:18.0169 4588 spldr - ok
18:03:18.0238 4588 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
18:03:18.0244 4588 Spooler - ok
18:03:18.0335 4588 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
18:03:18.0342 4588 srv - ok
18:03:18.0422 4588 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
18:03:18.0425 4588 srv2 - ok
18:03:18.0506 4588 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
18:03:18.0508 4588 srvnet - ok
18:03:18.0566 4588 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
18:03:18.0573 4588 SSDPSRV - ok
18:03:18.0608 4588 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
18:03:18.0612 4588 SstpSvc - ok
18:03:18.0737 4588 STacSV (3fb66e86ba667d627a613e1d677469b0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe
18:03:18.0740 4588 STacSV - ok
18:03:18.0815 4588 STHDA (e01797a54f8a61512b7e590fde6d1988) C:\Windows\system32\DRIVERS\stwrt64.sys
18:03:18.0820 4588 STHDA - ok
18:03:18.0979 4588 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
18:03:18.0989 4588 stisvc - ok
18:03:19.0017 4588 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
18:03:19.0018 4588 swenum - ok
18:03:19.0112 4588 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
18:03:19.0119 4588 swprv - ok
18:03:19.0163 4588 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
18:03:19.0164 4588 Symc8xx - ok
18:03:19.0174 4588 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
18:03:19.0175 4588 Sym_hi - ok
18:03:19.0226 4588 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
18:03:19.0227 4588 Sym_u3 - ok
18:03:19.0399 4588 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
18:03:19.0413 4588 SysMain - ok
18:03:19.0470 4588 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
18:03:19.0474 4588 TabletInputService - ok
18:03:19.0548 4588 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
18:03:19.0555 4588 TapiSrv - ok
18:03:19.0590 4588 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
18:03:19.0593 4588 TBS - ok
18:03:19.0780 4588 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys
18:03:19.0790 4588 Tcpip - ok
18:03:20.0023 4588 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys
18:03:20.0035 4588 Tcpip6 - ok
18:03:20.0176 4588 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
18:03:20.0177 4588 tcpipreg - ok
18:03:20.0197 4588 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
18:03:20.0198 4588 TDPIPE - ok
18:03:20.0212 4588 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
18:03:20.0214 4588 TDTCP - ok
18:03:20.0266 4588 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
18:03:20.0267 4588 tdx - ok
18:03:20.0317 4588 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
18:03:20.0318 4588 TermDD - ok
18:03:20.0418 4588 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
18:03:20.0425 4588 TermService - ok
18:03:20.0525 4588 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
18:03:20.0531 4588 Themes - ok
18:03:20.0564 4588 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
18:03:20.0566 4588 THREADORDER - ok
18:03:20.0612 4588 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
18:03:20.0617 4588 TrkWks - ok
18:03:20.0694 4588 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
18:03:20.0695 4588 TrustedInstaller - ok
18:03:20.0726 4588 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:03:20.0727 4588 tssecsrv - ok
18:03:20.0754 4588 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
18:03:20.0755 4588 tunmp - ok
18:03:20.0780 4588 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
18:03:20.0781 4588 tunnel - ok
18:03:20.0802 4588 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
18:03:20.0804 4588 uagp35 - ok
18:03:20.0874 4588 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
18:03:20.0878 4588 udfs - ok
18:03:20.0919 4588 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
18:03:20.0922 4588 UI0Detect - ok
18:03:20.0968 4588 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
18:03:20.0969 4588 uliagpkx - ok
18:03:21.0070 4588 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
18:03:21.0073 4588 uliahci - ok
18:03:21.0114 4588 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
18:03:21.0116 4588 UlSata - ok
18:03:21.0185 4588 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
18:03:21.0186 4588 ulsata2 - ok
18:03:21.0206 4588 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
18:03:21.0207 4588 umbus - ok
18:03:21.0250 4588 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
18:03:21.0257 4588 upnphost - ok
18:03:21.0316 4588 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
18:03:21.0318 4588 usbccgp - ok
18:03:21.0365 4588 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
18:03:21.0366 4588 usbcir - ok
18:03:21.0432 4588 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
18:03:21.0433 4588 usbehci - ok
18:03:21.0499 4588 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
18:03:21.0502 4588 usbhub - ok
18:03:21.0526 4588 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
18:03:21.0527 4588 usbohci - ok
18:03:21.0554 4588 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
18:03:21.0555 4588 usbprint - ok
18:03:21.0596 4588 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
18:03:21.0597 4588 usbscan - ok
18:03:21.0627 4588 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:03:21.0628 4588 USBSTOR - ok
18:03:21.0651 4588 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
18:03:21.0651 4588 usbuhci - ok
18:03:21.0687 4588 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
18:03:21.0689 4588 usbvideo - ok
18:03:21.0745 4588 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
18:03:21.0747 4588 UxSms - ok
18:03:21.0828 4588 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
18:03:21.0834 4588 vds - ok
18:03:21.0863 4588 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
18:03:21.0864 4588 vga - ok
18:03:21.0887 4588 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
18:03:21.0887 4588 VgaSave - ok
18:03:21.0900 4588 viaide (4f964e6828156f0ef3fa8d3a9a7895de) C:\Windows\system32\drivers\viaide.sys
18:03:21.0901 4588 viaide - ok
18:03:21.0963 4588 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
18:03:21.0964 4588 volmgr - ok
18:03:22.0053 4588 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
18:03:22.0057 4588 volmgrx - ok
18:03:22.0124 4588 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
18:03:22.0126 4588 volsnap - ok
18:03:22.0180 4588 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
18:03:22.0181 4588 vsmraid - ok
18:03:22.0366 4588 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
18:03:22.0382 4588 VSS - ok
18:03:22.0542 4588 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
18:03:22.0550 4588 W32Time - ok
18:03:22.0612 4588 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
18:03:22.0613 4588 WacomPen - ok
18:03:22.0669 4588 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
18:03:22.0671 4588 Wanarp - ok
18:03:22.0685 4588 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
18:03:22.0686 4588 Wanarpv6 - ok
18:03:22.0764 4588 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
18:03:22.0771 4588 wcncsvc - ok
18:03:22.0830 4588 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
18:03:22.0833 4588 WcsPlugInService - ok
18:03:22.0884 4588 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
18:03:22.0885 4588 Wd - ok
18:03:23.0012 4588 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:03:23.0019 4588 Wdf01000 - ok
18:03:23.0068 4588 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
18:03:23.0071 4588 WdiServiceHost - ok
18:03:23.0075 4588 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
18:03:23.0081 4588 WdiSystemHost - ok
18:03:23.0285 4588 Web Assistant Updater (f53ca9d2a8e69281af8e6009b14326a3) C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
18:03:23.0287 4588 Web Assistant Updater - ok
18:03:23.0365 4588 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
18:03:23.0369 4588 WebClient - ok
18:03:23.0421 4588 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
18:03:23.0425 4588 Wecsvc - ok
18:03:23.0495 4588 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
18:03:23.0498 4588 wercplsupport - ok
18:03:23.0529 4588 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
18:03:23.0533 4588 WerSvc - ok
18:03:23.0580 4588 WinDefend - ok
18:03:23.0589 4588 WinHttpAutoProxySvc - ok
18:03:23.0707 4588 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
18:03:23.0709 4588 Winmgmt - ok
18:03:24.0145 4588 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
18:03:24.0165 4588 WinRM - ok
18:03:24.0389 4588 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
18:03:24.0398 4588 Wlansvc - ok
18:03:24.0442 4588 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:03:24.0443 4588 WmiAcpi - ok
18:03:24.0543 4588 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
18:03:24.0545 4588 wmiApSrv - ok
18:03:24.0593 4588 WMPNetworkSvc - ok
18:03:24.0640 4588 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
18:03:24.0644 4588 WPCSvc - ok
18:03:24.0734 4588 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
18:03:24.0738 4588 WPDBusEnum - ok
18:03:24.0812 4588 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
18:03:24.0814 4588 WpdUsb - ok
18:03:25.0076 4588 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:03:25.0089 4588 WPFFontCache_v0400 - ok
18:03:25.0145 4588 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
18:03:25.0146 4588 ws2ifsl - ok
18:03:25.0210 4588 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll
18:03:25.0215 4588 wscsvc - ok
18:03:25.0228 4588 WSearch - ok
18:03:25.0298 4588 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:03:25.0300 4588 WUDFRd - ok
18:03:25.0375 4588 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
18:03:25.0381 4588 wudfsvc - ok
18:03:25.0544 4588 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
18:03:25.0550 4588 YahooAUService - ok
18:03:25.0593 4588 yukonx64 (07f7285220307aafb755d890295f0f9a) C:\Windows\system32\DRIVERS\yk60x64.sys
18:03:25.0597 4588 yukonx64 - ok
18:03:25.0678 4588 {55662437-DA8C-40c0-AADA-2C816A897A49} (15cc7077d2dc28776cd430ecabbffd66) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
18:03:25.0678 4588 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
18:03:25.0691 4588 {79007602-0CDB-4405-9DBF-1257BB3226EE} - ok
18:03:25.0772 4588 MBR (0x1B8) (588ae8f0c685c02ba11f30d9cd7e61a0) \Device\Harddisk0\DR0
18:03:25.0931 4588 \Device\Harddisk0\DR0 - ok
18:03:25.0938 4588 Boot (0x1200) (cead4ce2578bee1165dd63076e3b8c55) \Device\Harddisk0\DR0\Partition0
18:03:25.0940 4588 \Device\Harddisk0\DR0\Partition0 - ok
18:03:25.0949 4588 Boot (0x1200) (3417f3b365f18b6c641b20fedfc17d66) \Device\Harddisk0\DR0\Partition1
18:03:25.0951 4588 \Device\Harddisk0\DR0\Partition1 - ok
18:03:25.0955 4588 ============================================================
18:03:25.0955 4588 Scan finished
18:03:25.0955 4588 ============================================================
18:03:25.0967 0916 Detected object count: 0
18:03:25.0967 0916 Actual detected object count: 0
18:03:46.0843 4620 Deinitialize success


18:00:42.0854 5012 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
18:00:44.0856 5012 ============================================================
18:00:44.0856 5012 Current date / time: 2012/08/13 18:00:44.0856
18:00:44.0856 5012 SystemInfo:
18:00:44.0856 5012
18:00:44.0856 5012 OS Version: 6.0.6002 ServicePack: 2.0
18:00:44.0856 5012 Product type: Workstation
18:00:44.0856 5012 ComputerName: OWNER-PC
18:00:44.0856 5012 UserName: OWNER
18:00:44.0856 5012 Windows directory: C:\Windows
18:00:44.0856 5012 System windows directory: C:\Windows
18:00:44.0856 5012 Running under WOW64
18:00:44.0856 5012 Processor architecture: Intel x64
18:00:44.0856 5012 Number of processors: 2
18:00:44.0856 5012 Page size: 0x1000
18:00:44.0856 5012 Boot type: Normal boot
18:00:44.0856 5012 ============================================================
18:00:46.0108 5012 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:00:46.0115 5012 ============================================================
18:00:46.0115 5012 \Device\Harddisk0\DR0:
18:00:46.0116 5012 MBR partitions:
18:00:46.0116 5012 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x23B3BFC1
18:00:46.0116 5012 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x23B3C000, BlocksNum 0x18F1000
18:00:46.0116 5012 ============================================================
18:00:46.0128 5012 C: <-> \Device\Harddisk0\DR0\Partition0
18:00:46.0190 5012 D: <-> \Device\Harddisk0\DR0\Partition1
18:00:46.0191 5012 ============================================================
18:00:46.0191 5012 Initialize success
18:00:46.0191 5012 ============================================================
18:01:30.0831 2360 Deinitialize success

#14 Derek101

Derek101
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 13 August 2012 - 05:20 PM

I will try to attach...............I will wait to run combo fix until I hear from you. Do I just run whats on my system still or do I re download the file. Run it or save then run? Axe is on simmer but as a good fireman knows.....never have your axe to far and never below simmer you just never know when it will be needed.... Couldnt figure out how to attach it so Im sorry you get it all again.......

OTL logfile created on: 8/13/2012 5:28:00 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\OWNER\Searches\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 58.33% Memory free
8.04 Gb Paging File | 6.13 Gb Available in Paging File | 76.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.62 Gb Total Space | 181.13 Gb Free Space | 63.42% Space Free | Partition Type: NTFS
Drive D: | 12.47 Gb Total Space | 1.98 Gb Free Space | 15.84% Space Free | Partition Type: NTFS
Drive F: | 1.86 Gb Total Space | 1.80 Gb Free Space | 96.43% Space Free | Partition Type: FAT

Computer Name: OWNER-PC | User Name: OWNER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2012/08/13 17:23:01 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\OWNER\Searches\Downloads\OTL.exe
PRC - [2012/08/08 07:56:03 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
PRC - [2012/07/20 04:11:38 | 000,686,408 | ---- | M] (Anvisoft) -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/06/06 09:14:32 | 000,185,856 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
PRC - [2012/01/03 16:31:34 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011/08/12 18:37:00 | 000,050,576 | ---- | M] () -- C:\Program Files\Smart PDF Converter Pro\SmartSoft PDF Printer Agent.exe
PRC - [2011/04/18 19:09:29 | 000,116,536 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\SysWOW64\atashost.exe
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/10/28 20:28:46 | 000,296,304 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/26 06:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/09/25 22:42:24 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/09/25 22:41:44 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/09/23 15:18:52 | 000,365,904 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/12 18:37:00 | 000,050,576 | ---- | M] () -- C:\Program Files\Smart PDF Converter Pro\SmartSoft PDF Printer Agent.exe
MOD - [2009/05/26 21:06:28 | 000,913,408 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2008/09/25 22:42:26 | 000,881,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2008/06/29 19:10:18 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared files\richvideops.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/06/06 09:14:32 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV:64bit: - [2012/05/22 22:40:10 | 000,184,320 | ---- | M] (DEVGURU Co., LTD) [Auto | Running] -- C:\Windows\SysNative\ptumlcmsvc64.exe -- (ptumlcmsvc)
SRV:64bit: - [2011/01/03 05:30:38 | 000,077,824 | ---- | M] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) [Auto | Running] -- C:\Windows\SysNative\PrintCtrl.exe -- (Printer Control)
SRV:64bit: - [2008/09/11 07:53:00 | 000,279,040 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/06/27 11:53:06 | 000,089,088 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/03/18 20:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/11 16:11:30 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV - [2012/07/20 04:11:38 | 000,686,408 | ---- | M] (Anvisoft) [Auto | Running] -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe -- (asdsrv)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/18 19:09:29 | 000,116,536 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/28 20:28:46 | 000,296,304 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/23 15:18:52 | 000,365,904 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2007/01/11 05:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/13 01:49:48 | 000,023,376 | ---- | M] (Anvisoft) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\asdrs.sys -- (asdrs)
DRV:64bit: - [2012/07/13 01:49:48 | 000,017,232 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\asdws.sys -- (asdws)
DRV:64bit: - [2012/07/13 01:49:46 | 000,018,768 | ---- | M] (Anvisoft) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\asdrm.sys -- (asdrm)
DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/05/22 22:33:42 | 000,183,456 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\PTUMLVsp.sys -- (PTUMLVsp)
DRV:64bit: - [2012/05/22 22:33:40 | 000,184,480 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\PTUMLNVsp.sys -- (PTUMLNVsp)
DRV:64bit: - [2012/05/22 22:33:40 | 000,183,456 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\PTUMLMdm.sys -- (PTUMLMdm)
DRV:64bit: - [2012/05/22 22:33:40 | 000,103,200 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\PTUMLNET.sys -- (PTUMLNET)
DRV:64bit: - [2012/05/22 22:33:40 | 000,063,776 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\PTUMLRMNET.sys -- (PTUMLRMNET)
DRV:64bit: - [2012/05/22 22:33:38 | 000,183,456 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\PTUMLCVsp.sys -- (PTUMLCVsp)
DRV:64bit: - [2012/05/22 22:33:38 | 000,105,632 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\PTUMLBUS.sys -- (PTUMLBUS)
DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/03/06 09:06:18 | 000,197,120 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/01/11 04:18:45 | 001,522,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/09/19 21:43:58 | 000,068,096 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/09/11 07:54:44 | 000,465,408 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/09/04 13:48:00 | 000,064,000 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/07/15 04:20:42 | 000,126,464 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2008/03/27 16:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 16:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/02/29 19:59:32 | 001,252,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/20 22:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64)
DRV:64bit: - [2008/01/20 22:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/06/18 20:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2006/10/03 21:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV - [2008/09/26 06:36:34 | 000,027,632 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {66F68601-0E0C-42D4-82B7-190449980FA2}
IE:64bit: - HKLM\..\SearchScopes\{0A2EA0A6-500B-43AC-83DB-176C72C2E6EF}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE:64bit: - HKLM\..\SearchScopes\{66F68601-0E0C-42D4-82B7-190449980FA2}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startsearcher.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com
IE - HKLM\..\SearchScopes,DefaultScope = {a17cc547-016c-4a35-a95b-de64acafa170}
IE - HKLM\..\SearchScopes\{0A2EA0A6-500B-43AC-83DB-176C72C2E6EF}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{66F68601-0E0C-42D4-82B7-190449980FA2}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
IE - HKLM\..\SearchScopes\{a17cc547-016c-4a35-a95b-de64acafa170}: "URL" = http://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true& user_id=%userid&tool_id=60231&qkw={searchTerms}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKLM\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://www.startsearcher.com/?q={searchTerms}&src=IETB


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3015171253-4104502506-702787635-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-3015171253-4104502506-702787635-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
IE - HKU\S-1-5-21-3015171253-4104502506-702787635-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com
IE - HKU\S-1-5-21-3015171253-4104502506-702787635-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3015171253-4104502506-702787635-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-3015171253-4104502506-702787635-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-3015171253-4104502506-702787635-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-3015171253-4104502506-702787635-1000\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKU\S-1-5-21-3015171253-4104502506-702787635-1000\..\SearchScopes\{0A2EA0A6-500B-43AC-83DB-176C72C2E6EF}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKU\S-1-5-21-3015171253-4104502506-702787635-1000\..\SearchScopes\{66F68601-0E0C-42D4-82B7-190449980FA2}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3015171253-4104502506-702787635-1000\..\SearchScopes\{73ccfd25-abe2-4bdf-ac5d-28a470a4d234}: "URL" = http://mystart.incredibar.com/mb128/?search={searchTerms}&loc=IB_DS&a=6PQAU3oEBH&i=26
IE - HKU\S-1-5-21-3015171253-4104502506-702787635-1000\..\SearchScopes\{8F7B8DCE-A9C2-46E7-B102-7C0CE0198C0C}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=A86BC928-7A3E-4D22-80F9-EC3A915D67C6&apn_sauid=7ECD246E-EB4E-48DF-A6BA-593BFDC8322A
IE - HKU\S-1-5-21-3015171253-4104502506-702787635-1000\..\SearchScopes\{a17cc547-016c-4a35-a95b-de64acafa170}: "URL" = http://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true& user_id=%userid&tool_id=60231&qkw={searchTerms}
IE - HKU\S-1-5-21-3015171253-4104502506-702787635-1000\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=us&nt=1
IE - HKU\S-1-5-21-3015171253-4104502506-702787635-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://www.startsearcher.com/?q={searchTerms}&src=IE
IE - HKU\S-1-5-21-3015171253-4104502506-702787635-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3015171253-4104502506-702787635-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2011/12/07 07:26:03 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2011/12/07 07:26:03 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012/06/18 22:03:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/10/18 19:46:21 | 000,000,000 | ---D | M]

[2011/10/08 18:59:39 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\OWNER\AppData\Roaming\Mozilla\Extensions
[2012/06/18 22:02:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions
[2012/06/18 22:03:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {82EA3E77-7BD2-4744-A8F2-670770767EC5} - No CLSID value found.
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKU\S-1-5-21-3015171253-4104502506-702787635-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-3015171253-4104502506-702787635-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\DRIVERS\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PrintDisp] C:\Windows\SysNative\PrintDisp.exe (ActMask Co.,Ltd - http://www.all2pdf.com)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SmartSoft PDF Printer Agent] C:\Program Files\Smart PDF Converter Pro\SmartSoft PDF Printer Agent.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe (Anvisoft)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Conime] C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe File not found
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-3015171253-4104502506-702787635-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9:64bit: - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3015171253-4104502506-702787635-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} http://zone.msn.com/bingame/zpagames/zpa_wof.cab55579.cab (ZPA_WheelOfFortune Object)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D64CF6D4-45DF-4D8F-9F14-E65FADF2777C} http://www.dvrstation.com/pdvratl.php?vendor=7 (PdvrOcx Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://intuitcorp.webex.com/client/T27L10NSP21/support/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=928 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9446B414-E145-4E1C-BEE8-EB68E22ADFB5}: DhcpNameServer = 198.224.145.135 198.224.144.135
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C708B5E0-F123-4A3B-A843-A4B01EB31561}: DhcpNameServer = 198.224.145.135 198.224.144.135
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB8B424A-682F-49AF-9F09-3C6A191E688C}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\OWNER\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\OWNER\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9d9ab32c-d4d1-11de-8ac0-7a8020000200}\Shell - "" = AutoRun
O33 - MountPoints2\{9d9ab32c-d4d1-11de-8ac0-7a8020000200}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{a8c22c4c-0f18-11e0-9075-00238b5faf56}\Shell - "" = AutoRun
O33 - MountPoints2\{a8c22c4c-0f18-11e0-9075-00238b5faf56}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\TL-Bootstrap.exe
O33 - MountPoints2\{f03f0982-ff23-11dd-87a7-00238b5faf56}\Shell - "" = AutoRun
O33 - MountPoints2\{f03f0982-ff23-11dd-87a7-00238b5faf56}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs:64bit: BITS - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/08/13 12:39:02 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/08/13 12:21:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/13 12:21:44 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/13 12:14:25 | 004,733,169 | R--- | C] (Swearware) -- C:\Users\OWNER\Pictures\Desktop\ComboFix.exe
[2012/08/12 20:29:28 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Roaming\GetRightToGo
[2012/08/12 17:53:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyFinder
[2012/08/12 17:53:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Magical Jelly Bean
[2012/08/12 17:51:54 | 000,000,000 | ---D | C] -- C:\Users\OWNER\Downloads
[2012/08/12 15:08:09 | 000,023,376 | ---- | C] (Anvisoft) -- C:\Windows\SysNative\drivers\asdrs.sys
[2012/08/12 15:08:09 | 000,018,768 | ---- | C] (Anvisoft) -- C:\Windows\SysNative\drivers\asdrm.sys
[2012/08/12 14:57:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Anvisoft
[2012/08/12 14:57:14 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Roaming\Anvisoft
[2012/08/12 14:57:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
[2012/08/12 14:57:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anvisoft
[2012/08/09 11:59:33 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Roaming\Malwarebytes
[2012/08/09 11:59:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/09 11:59:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/09 11:59:26 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/09 11:59:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/08 07:55:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed

========== Files - Modified Within 30 Days ==========

[2012/08/13 17:24:54 | 000,000,532 | ---- | M] () -- C:\Users\OWNER\Pictures\Desktop\OTL.exe - Shortcut.lnk
[2012/08/13 17:24:39 | 001,087,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/13 17:24:39 | 000,277,148 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/13 17:24:39 | 000,005,352 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/13 17:19:11 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\Final Media Player Update Checker.job
[2012/08/13 17:19:08 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/13 17:19:08 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/13 17:18:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/13 17:18:56 | 4222,832,640 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/13 12:16:52 | 004,733,169 | R--- | M] (Swearware) -- C:\Users\OWNER\Pictures\Desktop\ComboFix.exe
[2012/08/12 21:40:45 | 000,000,000 | ---- | M] () -- C:\Users\OWNER\defogger_reenable
[2012/08/12 17:53:55 | 000,000,837 | ---- | M] () -- C:\Users\Public\Desktop\KeyFinder.lnk
[2012/08/12 15:08:09 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\Anvi Smart Defender.lnk
[2012/08/09 18:34:21 | 000,000,368 | ---- | M] () -- C:\Users\OWNER\Pictures - Shortcut.lnk
[2012/08/09 11:59:28 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2012/08/13 17:24:54 | 000,000,532 | ---- | C] () -- C:\Users\OWNER\Pictures\Desktop\OTL.exe - Shortcut.lnk
[2012/08/13 11:04:45 | 000,092,160 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\80000032.@
[2012/08/12 21:40:45 | 000,000,000 | ---- | C] () -- C:\Users\OWNER\defogger_reenable
[2012/08/12 20:27:46 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\000000cb.@
[2012/08/12 17:53:55 | 000,000,837 | ---- | C] () -- C:\Users\Public\Desktop\KeyFinder.lnk
[2012/08/12 15:08:09 | 000,017,232 | ---- | C] () -- C:\Windows\SysNative\drivers\asdws.sys
[2012/08/12 14:57:14 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\Anvi Smart Defender.lnk
[2012/08/12 14:34:45 | 4222,832,640 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/12 01:09:09 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000008.@
[2012/08/09 18:34:21 | 000,000,368 | ---- | C] () -- C:\Users\OWNER\Pictures - Shortcut.lnk
[2012/08/09 11:59:28 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/08 07:56:36 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\80000064.@
[2012/08/08 07:56:36 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L\00000004.@
[2012/08/08 07:56:13 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\80000000.@
[2012/08/08 07:56:10 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000004.@
[2012/01/11 00:57:45 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@
[2012/01/11 00:57:45 | 000,002,048 | -HS- | C] () -- C:\Users\OWNER\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@
[2011/12/07 08:05:37 | 000,000,371 | ---- | C] () -- C:\Users\OWNER\Favorites - Shortcut.lnk
[2011/12/06 20:26:00 | 000,000,288 | -H-- | C] () -- C:\ProgramData\~GkhEXSh2w9D0zm
[2011/12/06 20:26:00 | 000,000,200 | -H-- | C] () -- C:\ProgramData\~GkhEXSh2w9D0zmr
[2011/12/06 20:25:54 | 000,000,464 | -H-- | C] () -- C:\ProgramData\GkhEXSh2w9D0zm
[2011/10/13 17:42:39 | 001,391,616 | ---- | C] () -- C:\Windows\SysWow64\ActPDF.dll
[2011/10/13 17:42:31 | 001,218,627 | ---- | C] () -- C:\Windows\unins000.exe
[2011/10/13 17:42:31 | 000,020,718 | ---- | C] () -- C:\Windows\unins000.dat
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009/08/21 18:59:03 | 000,008,704 | ---- | C] () -- C:\Users\OWNER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/02 10:00:23 | 000,000,732 | -H-- | C] () -- C:\Users\OWNER\AppData\Local\d3d9caps64.dat
[2009/02/15 11:37:52 | 000,000,680 | ---- | C] () -- C:\Users\OWNER\AppData\Local\d3d9caps.dat

========== LOP Check ==========

[2012/08/12 15:08:23 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Anvisoft
[2009/02/28 11:52:59 | 000,000,000 | -H-D | M] -- C:\Users\OWNER\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/12/07 07:26:32 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\FinalMediaPlayer
[2011/10/13 18:43:46 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Foxit Software
[2012/08/12 20:29:59 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\GetRightToGo
[2009/02/16 22:56:17 | 000,000,000 | -H-D | M] -- C:\Users\OWNER\AppData\Roaming\Leadertech
[2011/10/14 05:58:41 | 000,000,000 | -H-D | M] -- C:\Users\OWNER\AppData\Roaming\Smart PDF Converter Pro
[2011/10/14 06:02:37 | 000,000,000 | -H-D | M] -- C:\Users\OWNER\AppData\Roaming\SmartSoftOCRHelper
[2010/01/22 21:22:55 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Smith Micro
[2011/05/03 17:09:03 | 000,000,000 | -H-D | M] -- C:\Users\OWNER\AppData\Roaming\TeamViewer
[2010/05/27 18:19:19 | 000,000,000 | -H-D | M] -- C:\Users\OWNER\AppData\Roaming\Temp
[2010/05/29 18:09:56 | 000,000,000 | -H-D | M] -- C:\Users\OWNER\AppData\Roaming\WildTangent
[2012/08/13 17:19:11 | 000,000,410 | ---- | M] () -- C:\Windows\Tasks\Final Media Player Update Checker.job
[2012/08/13 15:17:18 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008/10/29 02:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008/10/27 22:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008/10/29 02:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/10/30 01:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 22:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 22:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: SERVICES.EXE >
[2008/01/20 22:50:34 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 03:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[2009/04/11 03:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=BC81150939BD52DBC7A08C245F1FB229 -- C:\Windows\SysNative\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\SysWOW64\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2008/01/20 22:49:44 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=DFAC660F0F139276CC9299812DE42719 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 03:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009/04/11 03:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/20 22:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/20 22:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /rp /s >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD3200BEVT-60ZCT1 ATA Device
Partitions: 2
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 286.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 12.00GB
Starting Offset: 306679119872
Hidden sectors: 0


< >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\SysWOW64\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\SysWOW64\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\SysWOW64\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

< End of report >

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:10 PM

Posted 13 August 2012 - 06:22 PM

Please run the following:


Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    IE - HKU\S-1-5-21-3015171253-4104502506-702787635-1000\..\URLSearchHook: - No CLSID value found
    IE - HKU\S-1-5-21-3015171253-4104502506-702787635-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {82EA3E77-7BD2-4744-A8F2-670770767EC5} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\S-1-5-21-3015171253-4104502506-702787635-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O3 - HKU\S-1-5-21-3015171253-4104502506-702787635-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O33 - MountPoints2\{9d9ab32c-d4d1-11de-8ac0-7a8020000200}\Shell - "" = AutoRun
    O33 - MountPoints2\{9d9ab32c-d4d1-11de-8ac0-7a8020000200}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
    O33 - MountPoints2\{a8c22c4c-0f18-11e0-9075-00238b5faf56}\Shell - "" = AutoRun
    O33 - MountPoints2\{a8c22c4c-0f18-11e0-9075-00238b5faf56}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\TL-Bootstrap.exe
    O33 - MountPoints2\{f03f0982-ff23-11dd-87a7-00238b5faf56}\Shell - "" = AutoRun
    O33 - MountPoints2\{f03f0982-ff23-11dd-87a7-00238b5faf56}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    [2012/08/13 11:04:45 | 000,092,160 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\80000032.@
    [2012/08/12 20:27:46 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\000000cb.@
    [2012/08/12 01:09:09 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000008.@
    [2012/08/08 07:56:36 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\80000064.@
    [2012/08/08 07:56:36 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L\00000004.@
    [2012/08/08 07:56:13 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\80000000.@
    [2012/08/08 07:56:10 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000004.@
    [2012/01/11 00:57:45 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@
    [2012/01/11 00:57:45 | 000,002,048 | -HS- | C] () -- C:\Users\OWNER\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@
    [2011/12/06 20:26:00 | 000,000,288 | -H-- | C] () -- C:\ProgramData\~GkhEXSh2w9D0zm
    [2011/12/06 20:26:00 | 000,000,200 | -H-- | C] () -- C:\ProgramData\~GkhEXSh2w9D0zmr
    [2011/12/06 20:25:54 | 000,000,464 | -H-- | C] () -- C:\ProgramData\GkhEXSh2w9D0zm
    
    :Files
    C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}
    C:\Users\OWNER\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}
    C:\Windows\System32\services.exe|C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe /replace
    ipconfig /flushdns /c
    
    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL log


NEXT

Please delete the copy of ComboFix that you have on your desktop and download a fresh copy from the link below, disable your security programs and run it, post the resulting log.

If it still wont run, then try running it in safe mode:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users