Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Requesting Help with Suspected Browser Redirect Infection

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Requesting Help with Suspected Browser Redirect Infection

Unread postby tony5oh » August 29th, 2012, 1:54 pm

Greetings!

Under my wife's profile on our home PC, when clicking links in Google search results, both Chrome and FF will frequently attempt to redirect to URLs identified by avast as malicious. The URLs are usually something similar to click.get-amazing-results.com or gethotresults.com. avast always seems to block the redirect. I don't see this behavior under my profile, only my wife's. I don't know how long she has had this problem, but I noticed it myself a couple of days ago. I ran Malwarebytes (full scan) which found and quarantined an infection in a registry key, which I subsequently told MB to remove.
HKCU\Software\Cr_Installer\1600 (Adware.GamePlayLab) -> Quarantined and deleted successfully.

After the removal, the issue still persists and after further research, I found this forum and decided against further action on my own.

Avast shows seven files in the virus chest. I can post more info from these if requested.

Quick scan from avast shows zero infections

DDS and Attach logs pasted below. Thanks in advance for any assistance.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 10.6.2
Run by JMT at 12:46:20 on 2012-08-29
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2026 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Documents and Settings\JMT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\JMT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\JMT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\JMT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\JMT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\JMT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\JMT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\JMT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\JMT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk- ... channel=us
uDefault_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... bd=6071210
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk- ... channel=us
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk- ... channel=us
uURLSearchHooks: H - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DropinSavings: {6f921b43-de40-415f-8c21-b0dbd3abc5df} - c:\program files\dropinsavings\DropinSavings.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\jmt\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [ImgTask] c:\windows\Imgtask.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [<NO NAME>]
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [HTC Sync Loader] "c:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\docume~1\jmt\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scan ... ProExe.cab
DPF: {43E3F87D-DE7F-4087-BD4F-0DC854981158} - hxxp://download.microsoft.com/download/ ... earadj.CAB
DPF: {7E0FDFBB-87D4-43A1-9AD4-41F0EA8AFF7B} - hxxps://216.85.228.130:1009/net6helper.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/200 ... ader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/ ... ontrol.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://medspheremeetings.webex.com/cli ... eatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112 192.168.1.1
TCP: Interfaces\{B27B511E-3224-4157-8C06-9B214956C328} : DhcpNameServer = 65.32.5.111 65.32.5.112 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jmt\application data\mozilla\firefox\profiles\ea3wzgla.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\MozillaDownload.dll
FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\TrustCheckerMozillaPlugin.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\jmt\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-13 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-13 355632]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-13 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-6-13 44808]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2012-3-30 12184]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2011-9-15 88576]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2009-6-17 42648]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2009-6-17 12184]
R3 Net6IM;Net6;c:\windows\system32\drivers\net6im51.sys [2009-3-31 44672]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-8-9 250568]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2011-2-3 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-22 21248]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-11 14336]
S3 qcserxp;HTC Diagnostic Port;c:\windows\system32\drivers\qcserxp.sys --> c:\windows\system32\drivers\qcserxp.sys [?]
S3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcmdmxp.sys --> c:\windows\system32\drivers\qcmdmxp.sys [?]
S3 yeddef;YEDDEF driver;c:\windows\system32\drivers\yeddef.sys --> c:\windows\system32\drivers\yeddef.sys [?]
.
=============== Created Last 30 ================
.
2012-08-29 15:21:55 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll
2012-08-29 15:21:33 -------- d-----w- c:\program files\common files\xing shared
2012-08-29 15:21:19 150736 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2012-08-29 15:21:09 129176 ----a-w- c:\program files\mozilla firefox\plugins\nprpplugin.dll
2012-08-29 15:15:32 -------- d-----r- c:\program files\Skype
2012-08-29 14:37:44 -------- d-----w- c:\documents and settings\jmt\local settings\application data\Sun
2012-08-29 14:35:03 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-29 14:35:02 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-29 14:34:55 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-09 23:08:25 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-07 21:48:27 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-07 21:37:01 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-08-07 21:37:01 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-08-07 21:37:01 157608 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-08-07 21:37:01 113120 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
.
==================== Find3M ====================
.
2012-08-29 15:21:02 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-08-29 15:21:01 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-08-29 14:34:36 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-21 09:13:15 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:12:33 41224 ----a-w- c:\windows\avastSS.scr
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 15:07:44 832512 ----a-w- c:\windows\system32\wininet.dll
2012-07-03 15:07:43 1830912 ------w- c:\windows\system32\inetcpl.cpl
2012-07-03 15:07:42 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-07-03 15:07:42 17408 ----a-w- c:\windows\system32\corpol.dll
2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-25 20:04:24 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-07 00:59:42 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
.
============= FINISH: 12:47:23.57 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 12/12/2007 7:31:47 PM
System Uptime: 8/29/2012 12:03:24 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0RY007
Processor: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz | Socket 775 | 2194/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 295 GiB total, 45.312 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1547: 6/1/2012 9:23:58 AM - System Checkpoint
RP1548: 6/2/2012 5:03:32 PM - System Checkpoint
RP1549: 6/3/2012 10:52:52 PM - System Checkpoint
RP1550: 6/5/2012 7:46:53 AM - Software Distribution Service 3.0
RP1551: 6/6/2012 1:04:16 PM - System Checkpoint
RP1552: 6/7/2012 5:13:23 PM - System Checkpoint
RP1553: 6/8/2012 6:39:14 PM - System Checkpoint
RP1554: 6/10/2012 9:07:59 AM - System Checkpoint
RP1555: 6/11/2012 1:38:54 PM - System Checkpoint
RP1556: 6/12/2012 1:42:16 PM - System Checkpoint
RP1557: 6/13/2012 6:42:35 AM - Software Distribution Service 3.0
RP1558: 6/14/2012 9:01:50 AM - System Checkpoint
RP1559: 6/15/2012 12:41:04 PM - System Checkpoint
RP1560: 6/16/2012 6:49:52 PM - System Checkpoint
RP1561: 6/17/2012 7:16:33 PM - System Checkpoint
RP1562: 6/18/2012 7:20:37 PM - System Checkpoint
RP1563: 6/19/2012 8:43:29 PM - System Checkpoint
RP1564: 6/20/2012 10:56:21 PM - System Checkpoint
RP1565: 6/22/2012 3:48:38 AM - System Checkpoint
RP1566: 6/24/2012 9:07:56 PM - System Checkpoint
RP1567: 6/25/2012 11:00:42 PM - System Checkpoint
RP1568: 6/26/2012 11:10:46 PM - System Checkpoint
RP1569: 6/28/2012 1:09:45 AM - System Checkpoint
RP1570: 6/29/2012 2:38:56 PM - System Checkpoint
RP1571: 6/30/2012 3:36:00 PM - System Checkpoint
RP1572: 7/1/2012 5:46:55 PM - System Checkpoint
RP1573: 7/2/2012 7:53:53 PM - System Checkpoint
RP1574: 7/3/2012 9:07:01 PM - System Checkpoint
RP1575: 7/4/2012 9:32:45 PM - System Checkpoint
RP1576: 7/6/2012 9:52:26 AM - System Checkpoint
RP1577: 7/7/2012 10:36:17 AM - System Checkpoint
RP1578: 7/8/2012 11:22:19 AM - System Checkpoint
RP1579: 7/9/2012 1:22:20 PM - System Checkpoint
RP1580: 7/10/2012 3:45:06 PM - System Checkpoint
RP1581: 7/11/2012 3:49:13 PM - Software Distribution Service 3.0
RP1582: 7/12/2012 5:02:48 PM - System Checkpoint
RP1583: 7/13/2012 9:28:46 PM - System Checkpoint
RP1584: 7/14/2012 9:29:51 PM - System Checkpoint
RP1585: 7/16/2012 7:29:43 AM - System Checkpoint
RP1586: 7/17/2012 8:30:59 AM - System Checkpoint
RP1587: 7/18/2012 8:34:09 AM - System Checkpoint
RP1588: 7/19/2012 1:22:11 PM - System Checkpoint
RP1589: 7/20/2012 1:25:40 PM - System Checkpoint
RP1590: 7/21/2012 2:44:35 PM - System Checkpoint
RP1591: 7/22/2012 3:54:11 PM - System Checkpoint
RP1592: 7/23/2012 7:11:01 PM - System Checkpoint
RP1593: 7/24/2012 7:12:45 PM - System Checkpoint
RP1594: 7/25/2012 8:23:29 PM - System Checkpoint
RP1595: 7/27/2012 8:51:17 PM - System Checkpoint
RP1596: 7/28/2012 11:50:05 PM - System Checkpoint
RP1597: 7/30/2012 5:50:05 AM - System Checkpoint
RP1598: 7/31/2012 11:36:56 AM - System Checkpoint
RP1599: 8/1/2012 11:57:22 AM - System Checkpoint
RP1600: 8/2/2012 6:12:51 PM - System Checkpoint
RP1601: 8/3/2012 11:46:14 PM - System Checkpoint
RP1602: 8/5/2012 1:21:13 AM - System Checkpoint
RP1603: 8/6/2012 7:30:17 AM - System Checkpoint
RP1604: 8/7/2012 7:51:47 AM - System Checkpoint
RP1605: 8/8/2012 9:22:04 AM - System Checkpoint
RP1606: 8/9/2012 10:41:50 AM - System Checkpoint
RP1607: 8/10/2012 3:25:30 PM - System Checkpoint
RP1608: 8/11/2012 3:49:32 PM - System Checkpoint
RP1609: 8/12/2012 9:26:34 PM - System Checkpoint
RP1610: 8/14/2012 9:21:43 AM - System Checkpoint
RP1611: 8/15/2012 2:42:57 PM - System Checkpoint
RP1612: 8/16/2012 7:52:35 PM - System Checkpoint
RP1613: 8/18/2012 2:04:36 AM - System Checkpoint
RP1614: 8/19/2012 9:44:15 AM - System Checkpoint
RP1615: 8/20/2012 8:10:39 AM - Software Distribution Service 3.0
RP1616: 8/21/2012 8:46:22 AM - System Checkpoint
RP1617: 8/22/2012 1:40:55 PM - System Checkpoint
RP1618: 8/23/2012 1:45:31 PM - System Checkpoint
RP1619: 8/24/2012 3:57:16 PM - System Checkpoint
RP1620: 8/25/2012 9:34:30 PM - System Checkpoint
RP1621: 8/27/2012 7:27:42 AM - System Checkpoint
RP1622: 8/28/2012 7:42:08 AM - System Checkpoint
RP1623: 8/29/2012 8:21:23 AM - System Checkpoint
RP1624: 8/29/2012 10:33:17 AM - Removed Java(TM) 6 Update 31
RP1625: 8/29/2012 10:34:30 AM - Installed Java 7 Update 6
RP1626: 8/29/2012 10:57:29 AM - Installed QuickTime
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
ABBYY FineReader 9.0 Sprint
Adobe AIR
Adobe Download Manager
Adobe Flash Player 11 Plugin
Adobe Photoshop 6.0
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.6
Adobe SVG Viewer 6.0
Any Flv Converter 1.8.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft MediaImpression 2
ArcSoft Scan-n-Stitch Deluxe
ATI Catalyst Install Manager
Audacity 1.2.6
Audacity 1.3.12 (Unicode)
avast! Free Antivirus
Barbie(R) idesign(TM) Ultimate Stylist(TM)
BitPim 1.0.6
Bonjour
Browser Address Error Redirector
BufferChm
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center InstallProxy
ccc-core-preinstall
ccc-utility
Cisco Connect
Conexant D850 56K V.9x DFVc Modem
Critical Update for Windows Media Player 11 (KB959772)
D7500
Dell DataSafe Online
Dell Driver Reset Tool
Dell Support Center (Support Software)
Dell System Restore
Destination Component
DeviceDiscovery
Documentation & Support Launcher
Driver Sweeper 1.0
DropinSavings
DVD Catalyst 4.0.2.4
DVD Flick 1.3.0.7
DVD Shrink 3.2
Epson Copy Utility 3.5
Epson Event Manager
EPSON Perfection V33/V330 Photo Scanner Driver Update
EPSON Scan
eReg
erLT
Fences
FFmpeg for Audacity on Windows
File Shredder 2.0
Firebox SSL Secure Access
Free Games Offer, Desktop Shortcut
Games, Music, & Photos Launcher
Google Chrome
Google Earth
GPBaseService2
Greeting Card Creator 32
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Imaging Device Functions 12.0
HP Photosmart D7500 Printer Driver Software 12.0 Rel .4
HP Photosmart Essential 3.5
HP Smart Web Printing
HP Solution Center 12.0
HP Update
HPDiagnosticAlert
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotosmartEssential
HPProductAssistant
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
iConcepts Music Express
Intel(R) PRO Network Connections Drivers
Internet Service Offers Launcher
iTunes
J2SE Runtime Environment 5.0 Update 6
Java 7 Update 6
Java Auto Updater
LAME v3.98.2 for Audacity
LG USB Modem driver
Logitech MouseWare 9.79
Logitech SetPoint 6.32
Malwarebytes Anti-Malware version 1.62.0.1300
mBackup
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MobileMe Control Panel
Modem Diagnostic Tool
Mozilla Firefox 14.0.1 (x86 en-US)
mSecure
MSVCSetup
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
MSXML 6 Service Pack 2 (KB954459)
NetWaiting
OGA Notifier 2.0.0048.0
Picasa 3
PowerDVD
PS_SF_04_D7500_Software_Min
PuTTY version 0.60
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
SDFormatter
SearchAssist
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB2675157)
Security Update for Windows Internet Explorer 7 (KB2699988)
Security Update for Windows Internet Explorer 7 (KB2722913)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
ShareIns
Skins
Skype™ 5.10
SmartWebPrinting
SolutionCenter
Sonic Activation Module
SpeedFan (remove only)
Spelling Dictionaries Support For Adobe Reader 8
Status
swMSM
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
User Profile Hive Cleanup Service
VC 9.0 Runtime
WebEx
WebFldrs XP
WebReg
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WModem Driver Installer
Yahoo! Messenger
YNAB 3
Your Image Emily Tippetts
.
==== Event Viewer Messages From Past Week ========
.
8/26/2012 11:18:50 AM, error: Dhcp [1002] - The IP address lease 192.168.1.125 for the Network Card with network

address 001D097768A6 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
8/26/2012 11:04:16 AM, error: Service Control Manager [7031] - The avast! Antivirus service terminated

unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds:

Restart the service.
.
==== End Of File ===========================
tony5oh
Active Member
 
Posts: 14
Joined: August 29th, 2012, 1:05 pm
Location: Florida, US
Advertisement
Register to Remove

Re: Requesting Help with Suspected Browser Redirect Infectio

Unread postby maxi » August 31st, 2012, 4:50 am

Hi and welcome to Malware Removal Forum.
My name is maxi, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start

Could you tell me how Microsoft Office Enterprise 2007 came to be on this computer ?

Please download MGA Diagnostic Tool and save it to your Desktop.

  • Double click on MGADiag.exe to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.

In your next reply please include:
The MGAdiag log.
The answer to my question.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Requesting Help with Suspected Browser Redirect Infectio

Unread postby tony5oh » August 31st, 2012, 7:43 am

Hi maxi. Thank you for the welcome and the assistance with this issue. The Office suite was obtained from my employer through the MS Home Use Program.

Below is the MGAdiag log; it ran quite quickly so please let me know if something is amiss as your message indicated some patience would be required.

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-T6DFB-Y934T-YD4YT
Windows Product Key Hash: 3g4CZGFEDgbKmn/oB4pa2FZsssU=
Windows Product ID: 76487-OEM-2211906-00102
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {9C06482C-AD59-4B1F-A674-6910A82DA87D}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.40.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.9.40.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details:

<GenuineResults><MachineData><UGUID>{9C06482C-AD59-4B1F-A674-6910A82DA87D}</UGUID><Version>1.9.0027.0</Versio

n><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-YD4YT</PK

ey><PID>76487-OEM-2211906-00102</PID><PIDType>2</PIDType><SID>S-1-5-21-1083122780-658728187-3054398155</SID><

SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Inspiron 530</Model></SYSTEM><BIOS><Manufacturer>Dell

Inc.</Manufacturer><Version>1.0.18</Version><SMBIOSVersion major="2"

minor="5"/><Date>20090224000000.000000+000</Date><SLPBIOS>Dell System,Dell Computer,Dell System,Dell

System</SLPBIOS></BIOS><HWID>B0FC39F70184C07B</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><Ti

meZone>Eastern Standard

Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>Dell Inspiron

530</name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.9.40.0"/><File

Name="WgaLogon.dll" Version="1.9.40.0"/><File Name="OGAAddin.dll"

Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product

GUID="{91120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise

2007</Name><Ver>12</Ver><Val>2851A919D146ED0</Val><Hash>/o9P0cSXF+R6d5yKS4wVOrXT2YE=</Hash><Pid>81599-872-308

6004-65759</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="12"

Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19"

Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12"

Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA"

Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1D88B:Dell Inc|1D88B:Microsoft Corporation
Marker string from OEMBIOS.DAT: Dell System,Dell Computer,Dell System,Dell System

OEM Activation 2.0 Data-->
N/A
tony5oh
Active Member
 
Posts: 14
Joined: August 29th, 2012, 1:05 pm
Location: Florida, US

Re: Requesting Help with Suspected Browser Redirect Infectio

Unread postby maxi » August 31st, 2012, 9:24 am

Hi :) Thanks for letting me know about the Office program.

Step 1
Back Up registry with ERUNT
  • Please download ERUNT and save it to your desktop.
  • Alternate Download
  • Double-click on erunt_setup.exe to install the program
  • Untick the NTREGOPT desktop shortcut option
  • Click No when you get the option to run Erunt at Windows startup.
  • During the installation, tick Launch Erunt.
  • Accept the default options for running a backup.
  • Erunt will then backup your registry.
  • Click OK to finish.
  • If you are unable to back up your Registry with ERUNT ....
    • Let me know.
    • Do not follow any further instructions until I tell you to.

Step 2
Add/Remove programs
  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the following if present.
SearchAssist
J2SE Runtime Environment 5.0 Update 6
Java 7 Update 6
Java Auto Updater


You can download the latest version of java from here

New Java Infection Threat
This just came to my attention today.
You may want to shut off Java in your browsers until Oracle gets the problem fixed.
Lots of PC infections expected.
http://www.pcworld.com/article/261615/j ... #tk.hp_new

How to Disable Java in your Browser:
http://www.geekstogo.com/2600/how-to-di ... b-browser/
(This may cause failure of some websites to display or interact correctly).


Step 3
Please download OTL by Old Timer and save it to your Desktop.

  • Double click on OTL.exe to run it.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Step 4
Please download aswMBR and save it to your Desktop.
  • Double click aswMBR.exe to run it.
  • Click Yes to the prompt to download Avast! virus definitions.
    (Please be patient whilst the virus definitions download)
  • With the AVscan set to Quick Scan, click the Scan button.
    (Please be patient whilst your computer is scanned.)
  • After a while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK > Exit.
  • Note: Do not attempt to fix anything at this stage!
  • Two files will be created, aswMBR.txt & a file named MBR.dat.
  • MBR.dat is a backup of the MBR(master boot record), do not delete it..
  • I strongly suggest you keep a copy of this backup stored on an external device.
  • Copy & Paste the contents of aswMBR.txt into your next reply.

In your next reply please include:
Any problems you had with my instructions.
The OTL logfile.
The aswMBR log
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Requesting Help with Suspected Browser Redirect Infectio

Unread postby tony5oh » August 31st, 2012, 9:51 am

Quick question regarding Step #2 before proceeding.

Apologies if I'm being obtuse, but after the add/remove step, are you instructing me to *install* the latest version of Java or just advising me from where I can obtain the latest version?
tony5oh
Active Member
 
Posts: 14
Joined: August 29th, 2012, 1:05 pm
Location: Florida, US

Re: Requesting Help with Suspected Browser Redirect Infectio

Unread postby maxi » August 31st, 2012, 10:30 am

Hi :)

Apologies if I'm being obtuse, but after the add/remove step, are you instructing me to *install* the latest version of Java or just advising me from where I can obtain the latest version?


I'm doing abit of both :) You don't have to install it at all if you don't want to. If I were you I would install it but also disable the plugin as well until oracle come up with a patch.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Requesting Help with Suspected Browser Redirect Infectio

Unread postby tony5oh » August 31st, 2012, 2:51 pm

Step 1: complete w/no issues
Step 2: complete; latest Java installed and disabled in IE, FF, and Chrome
Step 3 and 4: complete w/logs attached.


OTL logfile created on: 8/31/2012 12:15:17 PM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\JMT\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.24 Gb Available Physical Memory | 74.58% Memory free
7.24 Gb Paging File | 6.49 Gb Available in Paging File | 89.70% Paging File free
Paging file location(s): C:\pagefile.sys 4500 9000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 295.03 Gb Total Space | 45.11 Gb Free Space | 15.29% Space Free | Partition Type: NTFS

Computer Name: JET-MAIN | User Name: JMT | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/31 12:02:03 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/08/31 09:34:56 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JMT\Desktop\OTL.exe
PRC - [2012/08/21 05:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/07/13 20:17:11 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/20 13:32:00 | 000,634,880 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2011/10/07 05:40:42 | 001,387,288 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2011/09/27 15:05:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2011/09/15 12:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 12:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/12/03 11:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/05/14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/08 18:40:58 | 000,128,560 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2005/04/27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2003/11/07 05:50:00 | 000,019,968 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\LOGI_MWX.EXE


========== Modules (No Company Name) ==========

MOD - [2012/08/31 04:29:19 | 001,805,824 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12083100\algo.dll
MOD - [2012/07/13 20:17:14 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/06/13 06:52:27 | 003,186,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/06/13 06:52:25 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/06/13 06:52:25 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2012/06/13 06:52:16 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2012/05/14 07:11:10 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/14 07:09:27 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/14 07:09:16 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2011/12/20 13:32:00 | 001,515,520 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\Maps\R66Api.dll
MOD - [2011/12/20 13:32:00 | 000,634,880 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2011/12/20 13:32:00 | 000,559,244 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\sqlite3.7.dll
MOD - [2011/12/20 13:32:00 | 000,516,599 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2011/12/20 13:32:00 | 000,389,120 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2011/12/20 13:32:00 | 000,172,032 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2011/12/20 13:32:00 | 000,143,360 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2011/12/20 13:32:00 | 000,103,936 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\OutputLog.dll
MOD - [2011/12/20 13:32:00 | 000,094,208 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2011/10/07 05:41:16 | 000,879,896 | ---- | M] () -- C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/15 12:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe


========== Services (SafeList) ==========

SRV - [2012/08/31 12:02:03 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/08/29 11:03:23 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/09/27 15:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011/09/15 12:06:04 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011/03/01 09:56:36 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/05/14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)
SRV - [2005/04/27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\yeddef.sys -- (yeddef)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\qcmdmxp.sys -- (qcusbser)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\qcserxp.sys -- (qcserxp)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\JMT\LOCALS~1\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/08/21 05:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/08/21 05:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/08/21 05:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/08/21 05:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/08/21 05:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/08/21 05:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/08/21 05:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/09/02 02:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/02 02:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/09/02 02:31:10 | 000,042,648 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2011/09/02 02:31:10 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2011/09/02 02:30:58 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2010/08/25 23:33:38 | 005,386,752 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/06/22 19:01:52 | 000,021,248 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2009/06/10 17:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2008/01/15 19:17:58 | 004,652,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/07/23 10:23:46 | 000,021,632 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/07/23 10:23:46 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/07/23 10:23:44 | 000,012,416 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2005/07/13 12:32:16 | 000,044,672 | ---- | M] (Net6, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\net6im51.sys -- (Net6IM)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/11/07 05:50:00 | 000,070,798 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lmouflt2.sys -- (LMouFlt2)
DRV - [2003/11/07 05:50:00 | 000,037,884 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHIDUSB.SYS -- (LHidUsb)
DRV - [2003/11/07 05:50:00 | 000,025,502 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS -- (LHidFlt2)
DRV - [2003/11/07 05:50:00 | 000,014,092 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LCCFLTR.SYS -- (LCcfltr)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... bd=6071210
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&cli ... bd=6071210
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... bd=6071210
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {C9DB3E52-7E89-4062-BB58-E8EA37FE2181}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{C9DB3E52-7E89-4062-BB58-E8EA37FE2181}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.152.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.100: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\JMT\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\JMT\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011/11/20 15:22:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp1600@crossrider.com: C:\Documents and Settings\JMT\Local Settings\Application Data\DropinSavings\1600\Firefox [2011/12/10 17:57:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/28 07:18:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/29 11:20:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/29 11:21:55 | 000,000,000 | ---D | M]

[2010/11/26 10:09:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JMT\Application Data\Mozilla\Extensions
[2012/08/28 17:55:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JMT\Application Data\Mozilla\Firefox\Profiles\ea3wzgla.default\extensions
[2011/03/14 16:06:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\JMT\Application Data\Mozilla\Firefox\Profiles\ea3wzgla.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/08/28 17:58:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JMT\Application Data\Mozilla\Firefox\Profiles\fq65ehka.default\extensions
[2010/11/26 10:09:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JMT\Application Data\Mozilla\Firefox\Profiles\fq65ehka.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/26 10:09:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JMT\Application Data\Mozilla\Firefox\Profiles\fq65ehka.default\extensions\staged-xpis
[2012/08/07 17:37:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/11 10:39:00 | 000,138,614 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\JMT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EA3WZGLA.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2012/03/28 14:44:03 | 000,004,733 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\JMT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EA3WZGLA.DEFAULT\EXTENSIONS\OVSQDLGIHF@OVSQDLGIHF.ORG.XPI
[2012/08/28 07:18:16 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/07/13 20:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/29 11:21:10 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012/07/13 20:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/13 20:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\JMT\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\JMT\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\JMT\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\JMT\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: getPlusPlus for Adobe 162100 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\JMT\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Disabled) = C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Disabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw_1166636.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\JMT\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Documents and Settings\JMT\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\JMT\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\JMT\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: Gmail = C:\Documents and Settings\JMT\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DropinSavings) - {6F921B43-DE40-415f-8C21-B0DBD3ABC5DF} - C:\Program Files\DropinSavings\DropinSavings.dll (215 Apps)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [ImgTask] C:\WINDOWS\Imgtask.exe File not found
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scan ... ProExe.cab (Scanner.SysScanner)
O16 - DPF: {43E3F87D-DE7F-4087-BD4F-0DC854981158} http://download.microsoft.com/download/ ... earadj.CAB (CTAdjust Class)
O16 - DPF: {7E0FDFBB-87D4-43A1-9AD4-41F0EA8AFF7B} https://216.85.228.130:1009/net6helper.cab (Net6Launcher Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/ ... ontrol.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://medspheremeetings.webex.com/cli ... eatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B27B511E-3224-4157-8C06-9B214956C328}: DhcpNameServer = 65.32.5.111 65.32.5.112 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
O24 - Desktop WallPaper: C:\Documents and Settings\JMT\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\JMT\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/31 12:08:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/08/31 09:38:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/08/31 09:37:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/08/31 09:37:07 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/08/31 09:35:05 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\JMT\Desktop\aswMBR.exe
[2012/08/31 09:34:55 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\JMT\Desktop\OTL.exe
[2012/08/31 09:32:24 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\JMT\Desktop\erunt-setup.exe
[2012/08/29 12:43:41 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\JMT\Desktop\dds.com
[2012/08/29 11:21:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2012/08/29 11:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks
[2012/08/29 11:15:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/08/29 11:15:32 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/08/29 11:15:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/08/29 10:58:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2012/08/29 10:58:24 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/08/29 10:37:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JMT\Local Settings\Application Data\Sun
[2012/08/29 10:32:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/03/31 15:32:18 | 000,816,660 | ---- | C] (Citrix Systems, Inc.) -- C:\Documents and Settings\All Users\Application Data\CitrixSAClient.exe
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[103 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/31 12:22:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1083122780-658728187-3054398155-1009UA.job
[2012/08/31 11:50:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/31 10:22:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1083122780-658728187-3054398155-1009Core.job
[2012/08/31 09:37:08 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\JMT\Desktop\ERUNT.lnk
[2012/08/31 09:35:15 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\JMT\Desktop\aswMBR.exe
[2012/08/31 09:34:56 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JMT\Desktop\OTL.exe
[2012/08/31 09:32:25 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\JMT\Desktop\erunt-setup.exe
[2012/08/31 09:29:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/31 09:27:56 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/08/31 09:27:54 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1083122780-658728187-3054398155-1005.job
[2012/08/30 07:45:11 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1083122780-658728187-3054398155-1005.job
[2012/08/29 12:43:43 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\JMT\Desktop\dds.com
[2012/08/29 12:03:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/29 11:21:05 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2012/08/29 10:43:29 | 000,000,146 | ---- | M] () -- C:\Documents and Settings\JMT\Desktop\New Internet Shortcut.url
[2012/08/28 08:37:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/08/28 07:18:18 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/08/28 04:57:00 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/25 20:24:13 | 000,002,246 | ---- | M] () -- C:\Documents and Settings\JMT\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/21 05:13:15 | 000,729,752 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/08/21 05:13:15 | 000,355,632 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/08/21 05:13:15 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/08/21 05:13:14 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/08/21 05:13:14 | 000,089,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/08/21 05:13:14 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/08/21 05:13:13 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/08/21 05:13:13 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/08/21 05:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/08/21 05:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/08/20 09:02:30 | 000,277,352 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/20 08:18:28 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[103 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/31 09:37:08 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\JMT\Desktop\ERUNT.lnk
[2012/08/29 11:23:45 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1083122780-658728187-3054398155-1005.job
[2012/08/29 11:23:45 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1083122780-658728187-3054398155-1005.job
[2012/08/29 10:43:14 | 000,000,146 | ---- | C] () -- C:\Documents and Settings\JMT\Desktop\New Internet Shortcut.url
[2012/08/09 19:08:26 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/02/15 11:08:29 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/08 14:20:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2012/01/08 13:34:15 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2012/01/08 13:34:15 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2012/01/08 13:34:15 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2012/01/08 13:34:15 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2012/01/08 13:34:14 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2012/01/08 13:34:14 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2012/01/08 13:34:14 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2012/01/08 13:34:14 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2012/01/08 13:34:14 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2012/01/08 13:34:14 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2012/01/08 13:34:14 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2012/01/08 13:34:14 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2012/01/08 13:34:14 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2012/01/08 13:34:14 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2012/01/08 13:34:14 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2012/01/08 13:34:14 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2012/01/08 13:34:02 | 000,065,793 | ---- | C] () -- C:\WINDOWS\System32\esfwad.bin
[2012/01/08 13:33:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\PERFV33_330.ini
[2011/11/20 15:14:40 | 000,148,931 | ---- | C] () -- C:\WINDOWS\hphins31.dat
[2011/11/20 15:14:40 | 000,001,008 | ---- | C] () -- C:\WINDOWS\hphmdl31.dat
[2011/11/20 14:58:21 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\VegaShEx.dll
[2011/11/20 14:58:18 | 000,308,224 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2011/11/20 14:58:18 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2011/11/20 11:34:24 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2011/11/17 18:45:05 | 000,077,425 | ---- | C] () -- C:\WINDOWS\hpqins05.dat.temp
[2011/11/17 18:02:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqemlsz.INI
[2011/05/13 10:05:51 | 000,001,008 | ---- | C] () -- C:\WINDOWS\hphmdl31.dat.temp
[2011/01/29 13:14:34 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\JMT\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/26 21:22:15 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/11/26 10:09:11 | 000,001,208 | RHS- | C] () -- C:\Documents and Settings\JMT\ntuser.pol
[2010/11/26 10:09:05 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\JMT\Local Settings\Application Data\fusioncache.dat
[2010/10/04 21:49:04 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2008/01/02 21:50:26 | 000,000,253 | -H-- | C] () -- C:\Documents and Settings\All Users\hpothb07.tif
[2008/01/02 21:50:26 | 000,000,164 | -H-- | C] () -- C:\Documents and Settings\All Users\hpothb07.dat

========== LOP Check ==========

[2011/06/13 19:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/04/03 09:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2012/01/08 14:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/04/16 15:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky SDK
[2008/05/25 08:51:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2007/12/10 08:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2012/08/28 17:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2010/07/22 09:33:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/25 06:33:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2011/05/07 16:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/06/17 20:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/12/17 09:29:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}
[2010/11/26 10:19:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JMT\Application Data\Any Flv Converter
[2010/11/26 10:19:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JMT\Application Data\Audacity
[2012/03/12 20:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JMT\Application Data\Azureus
[2010/11/26 10:09:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JMT\Application Data\CheckPoint
[2011/11/11 18:46:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JMT\Application Data\com.youneedabudget.YNAB3.Live.9C763150EFAB05FD2A2B78705C7A54E2FCDDE07D.1
[2012/01/08 15:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JMT\Application Data\Epson
[2012/03/14 19:37:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JMT\Application Data\HTC
[2010/11/26 10:19:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JMT\Application Data\LimeWire
[2010/11/26 10:18:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JMT\Application Data\MailFrontier
[2011/12/17 09:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JMT\Application Data\Stardock
[2011/02/03 19:50:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JMT\Application Data\Teleca
[2010/11/26 10:18:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JMT\Application Data\WindSolutions
[2012/08/31 09:27:56 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\svchost.exe:SummaryInformation
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CB6E0BD

< End of report >






OTL Extras logfile created on: 8/31/2012 12:15:17 PM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\JMT\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.24 Gb Available Physical Memory | 74.58% Memory free
7.24 Gb Paging File | 6.49 Gb Available in Paging File | 89.70% Paging File free
Paging file location(s): C:\pagefile.sys 4500 9000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 295.03 Gb Total Space | 45.11 Gb Free Space | 15.29% Space Free | Partition Type: NTFS

Computer Name: JET-MAIN | User Name: JMT | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcopy.exe:*:Enabled:hpqcopy.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe
"C:\Program Files\Hewlett-Packard\HP Software Update\hpwucli.exe" = C:\Program Files\Hewlett-Packard\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcopy.exe:*:Enabled:hpqcopy.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe
"C:\Program Files\Hewlett-Packard\HP Software Update\hpwucli.exe" = C:\Program Files\Hewlett-Packard\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe
"C:\Program Files\NET6\net6vpn.exe" = C:\Program Files\NET6\net6vpn.exe:*:Enabled:Firebox SSL Secure Access Agent -- (Citrix Systems, Inc.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\mSeven Software\mBackup\mBackup.exe" = C:\Program Files\mSeven Software\mBackup\mBackup.exe:*:Enabled:mBackup -- (mSeven Software LLC)
"C:\Program Files\mSeven Software\mSecure\mSecure.exe" = C:\Program Files\mSeven Software\mSecure\mSecure.exe:LocalSubNet:Enabled:mSecure for Windows -- (mSeven Software)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager.exe -- (SEIKO EPSON CORPORATION)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\YNAB 3\YNAB 3\YNAB 3.exe" = C:\Program Files\YNAB 3\YNAB 3\YNAB 3.exe:*:Enabled:YNAB 3 -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0305052F-141B-FCEC-62B2-FB5668E7933E}" = Catalyst Control Center Graphics Full New
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19754346-BF3D-F1FC-9AF3-B84C216E93D7}" = Catalyst Control Center Graphics Full Existing
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FC1D2D3-8F02-4eaf-A464-327CD010BA13}" = HP Photosmart D7500 Printer Driver Software 12.0 Rel .4
"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{296554E6-A322-EEC8-2185-DF6E624CA990}" = Skins
"{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}" = Dell DataSafe Online
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{31DABA20-10A1-4746-9D9F-57955B8DFF66}" = Free Games Offer, Desktop Shortcut
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{36FED898-68B7-4A00-824F-EB2136E17D6A}" = Barbie(R) idesign(TM) Ultimate Stylist(TM)
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3B03E732-6150-4D0A-849F-C6F4141EA78C}" = EPSON Perfection V33/V330 Photo Scanner Driver Update
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{555BA71C-ED49-4F8C-BD33-1662220B5E79}" = PS_SF_04_D7500_Software_Min
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{771221C5-FD0B-1197-355C-B2AFAA860483}" = ccc-core-preinstall
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A3FFA58-876F-489C-B6CF-0503916224DF}" = HTC Sync
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{810AD6B3-C830-A74C-300E-D14820CE1850}" = Catalyst Control Center InstallProxy
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{89D2879E-F327-3B5F-F7C6-6E107C816671}" = ccc-utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A132B77E-7262-4663-A7CC-552895213CB4}" = mSecure
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5355F15-F98B-4704-9BAE-E53B9FE48F48}" = SDFormatter
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}" = Epson Copy Utility 3.5
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
"{B59D7E45-401F-9542-965A-5B76915B6E6A}" = YNAB 3
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B9060398-FB64-2A4C-C4E6-D1236447E026}" = ATI Catalyst Install Manager
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C252EB7B-7AE0-46DE-9BEE-DF681B885F13}" = Modem Diagnostic Tool
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C849D4D8-A2C1-4823-BB20-94C5CB091E76}" = mBackup
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDD007AB-2D05-4C7F-B4AD-6321389D6860}" = D7500
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40F05BE-47BB-72E2-4064-078B69F39BDA}" = Catalyst Control Center Graphics Light
"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.6
"{FB46F473-333E-4A06-A777-31C54188593E}" = ArcSoft MediaImpression 2
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"{FF8455A9-21E8-457D-AC64-510A705D53B3}" = ArcSoft Scan-n-Stitch Deluxe
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe SVG Viewer" = Adobe SVG Viewer 6.0
"Any Flv Converter_is1" = Any Flv Converter 1.8.5
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"avast" = avast! Free Antivirus
"Cisco Connect" = Cisco Connect
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"com.youneedabudget.YNAB3.Live.9C763150EFAB05FD2A2B78705C7A54E2FCDDE07D.1" = YNAB 3
"Driver Sweeper_is1" = Driver Sweeper 1.0
"DVD Catalyst" = DVD Catalyst 4.0.2.4
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD Shrink_is1" = DVD Shrink 3.2
"ENTERPRISER" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"Fences" = Fences
"FFmpeg for Audacity on Windows_is1" = FFmpeg for Audacity on Windows
"File Shredder_is1" = File Shredder 2.0
"Greeting Card Creator 32" = Greeting Card Creator 32
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0
"HTC_WModemDriver" = WModem Driver Installer
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2005b" = Microsoft Money 2005
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Net6 Vpn" = Firebox SSL Secure Access
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Photags Music Express" = iConcepts Music Express
"Picasa 3" = Picasa 3
"PROSet" = Intel(R) PRO Network Connections Drivers
"PuTTY_is1" = PuTTY version 0.60
"RealPlayer 15.0" = RealPlayer
"sp6" = Logitech SetPoint 6.32
"SpeedFan" = SpeedFan (remove only)
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Your Image Emily Tippetts 1.0.5" = Your Image Emily Tippetts

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DropinSavings" = DropinSavings
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/30/2012 5:25:54 AM | Computer Name = JET-MAIN | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1968

Error - 8/30/2012 7:41:39 AM | Computer Name = JET-MAIN | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/30/2012 7:41:39 AM | Computer Name = JET-MAIN | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8147453

Error - 8/30/2012 7:41:39 AM | Computer Name = JET-MAIN | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8147453

Error - 8/30/2012 7:41:41 AM | Computer Name = JET-MAIN | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/30/2012 7:41:41 AM | Computer Name = JET-MAIN | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8149406

Error - 8/30/2012 7:41:41 AM | Computer Name = JET-MAIN | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8149406

Error - 8/30/2012 7:41:43 AM | Computer Name = JET-MAIN | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/30/2012 7:41:44 AM | Computer Name = JET-MAIN | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8151359

Error - 8/30/2012 7:41:44 AM | Computer Name = JET-MAIN | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8151359

[ OSession Events ]
Error - 9/28/2009 1:25:26 PM | Computer Name = JET-MAIN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 5979 seconds with 3660 seconds of active time. This session ended with a
crash.

Error - 4/6/2010 7:45:43 PM | Computer Name = JET-MAIN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
12.0.6501.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 90054
seconds with 720 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/22/2012 11:55:07 AM | Computer Name = JET-MAIN | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.133 for the Network Card with network
address 001D097768A6 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 7/27/2012 8:35:42 PM | Computer Name = JET-MAIN | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.125 on
the Network Card with network address 001D097768A6.

Error - 7/29/2012 8:01:44 PM | Computer Name = JET-MAIN | Source = DCOM | ID = 10010
Description = The server {2692A9D5-61DF-46D5-A5A1-A6CCA921D578} did not register
with DCOM within the required timeout.

Error - 8/19/2012 3:05:39 PM | Computer Name = JET-MAIN | Source = DCOM | ID = 10010
Description = The server {2692A9D5-61DF-46D5-A5A1-A6CCA921D578} did not register
with DCOM within the required timeout.

Error - 8/26/2012 12:00:36 AM | Computer Name = JET-MAIN | Source = DCOM | ID = 10010
Description = The server {2692A9D5-61DF-46D5-A5A1-A6CCA921D578} did not register
with DCOM within the required timeout.

Error - 8/26/2012 11:04:16 AM | Computer Name = JET-MAIN | Source = Service Control Manager | ID = 7031
Description = The avast! Antivirus service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.

Error - 8/26/2012 11:18:50 AM | Computer Name = JET-MAIN | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.125 for the Network Card with network
address 001D097768A6 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 8/29/2012 10:33:24 AM | Computer Name = JET-MAIN | Source = Service Control Manager | ID = 7031
Description = The avast! Antivirus service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.


< End of report >



aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-31 12:46:09
-----------------------------
12:46:09.718 OS Version: Windows 5.1.2600 Service Pack 3
12:46:09.718 Number of processors: 2 586 0xF0D
12:46:09.718 ComputerName: JET-MAIN UserName: JMT
12:46:10.984 Initialize success
12:46:11.125 AVAST engine defs: 12083100
12:51:20.312 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:51:20.312 Disk 0 Vendor: ST3320620AS 3.ADG Size: 305245MB BusType: 3
12:51:20.343 Disk 0 MBR read successfully
12:51:20.343 Disk 0 MBR scan
12:51:20.343 Disk 0 unknown MBR code
12:51:20.343 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
12:51:20.343 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 302112 MB offset 112455
12:51:20.375 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3074 MB offset 618839865
12:51:20.375 Disk 0 scanning sectors +625137345
12:51:20.437 Disk 0 scanning C:\WINDOWS\system32\drivers
12:51:27.750 Service scanning
12:51:39.296 Modules scanning
12:51:43.656 Disk 0 trace - called modules:
12:51:43.703 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
12:51:43.718 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae61ab8]
12:51:43.734 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000068[0x8ae6da90]
12:51:43.750 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ae69940]
12:51:44.593 AVAST engine scan C:\WINDOWS
12:52:06.437 AVAST engine scan C:\WINDOWS\system32
12:54:26.031 AVAST engine scan C:\WINDOWS\system32\drivers
12:54:54.343 AVAST engine scan C:\Documents and Settings\JMT
13:13:43.781 AVAST engine scan C:\Documents and Settings\All Users
13:58:36.859 Scan finished successfully
14:34:02.046 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\JMT\Desktop\MBR.dat"
14:34:02.093 The log file has been saved successfully to "C:\Documents and Settings\JMT\Desktop\aswMBR.txt"
tony5oh
Active Member
 
Posts: 14
Joined: August 29th, 2012, 1:05 pm
Location: Florida, US

Re: Requesting Help with Suspected Browser Redirect Infectio

Unread postby maxi » September 1st, 2012, 11:30 am

Hi again :)

Step 1
Run OTL Script

We need to run an OTL Fix

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :otl
    IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
    IE - HKCU\..\SearchScopes,DefaultScope = {C9DB3E52-7E89-4062-BB58-E8EA37FE2181}
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp1600@crossrider.com: C:\Documents and Settings\JMT\Local Settings\Application Data\DropinSavings\1600\Firefox [2011/12/10 17:57:53 | 000,000,000 | ---D | M]
    O2 - BHO: (DropinSavings) - {6F921B43-DE40-415f-8C21-B0DBD3ABC5DF} - C:\Program Files\DropinSavings\DropinSavings.dll (215 Apps)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Key error.)
    @Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\svchost.exe:SummaryInformation
    @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CB6E0BD
    
    :files
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    [resethosts]
    [createrestorepoint]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Step 2
  • Please download RogueKiller by Tigzy and save it to your desktop.
  • Allow the download if prompted by your security software and please close all your programs.
  • Double click on RogueKiller.exe to run it. If it does not run, please try a few times.
  • Wait for PreScan to finish, then click on Scan.
  • Once completed, a log called RKreport[1].txt will be created on the desktop. It can also be accessed via the Report button.
  • Please copy and paste the contents of that log in your next reply.

Step 3
Update and run a "Quick Scan" with Malwarebytes.

In your next reply please include
How your computer is behaving now.
The OTL fix log.
The Roguekiller log
The MBAM log.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Requesting Help with Suspected Browser Redirect Infectio

Unread postby tony5oh » September 1st, 2012, 12:15 pm

Hi maxi,

RogueKiller found Rans.Gendarm but I did not perform any clean actions without further instruction from you. Browsers are still experiencing redirects when accessing Google search results.


All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp1600@crossrider.com deleted successfully.
C:\Documents and Settings\JMT\Local Settings\Application Data\DropinSavings\1600\Firefox\skin folder moved successfully.
C:\Documents and Settings\JMT\Local Settings\Application Data\DropinSavings\1600\Firefox\locale\en-US folder moved successfully.
C:\Documents and Settings\JMT\Local Settings\Application Data\DropinSavings\1600\Firefox\locale folder moved successfully.
C:\Documents and Settings\JMT\Local Settings\Application Data\DropinSavings\1600\Firefox\defaults\preferences folder moved successfully.
C:\Documents and Settings\JMT\Local Settings\Application Data\DropinSavings\1600\Firefox\defaults folder moved successfully.
C:\Documents and Settings\JMT\Local Settings\Application Data\DropinSavings\1600\Firefox\chrome\content\lib\facebox\Images folder moved successfully.
C:\Documents and Settings\JMT\Local Settings\Application Data\DropinSavings\1600\Firefox\chrome\content\lib\facebox folder moved successfully.
C:\Documents and Settings\JMT\Local Settings\Application Data\DropinSavings\1600\Firefox\chrome\content\lib folder moved successfully.
C:\Documents and Settings\JMT\Local Settings\Application Data\DropinSavings\1600\Firefox\chrome\content folder moved successfully.
C:\Documents and Settings\JMT\Local Settings\Application Data\DropinSavings\1600\Firefox\chrome folder moved successfully.
C:\Documents and Settings\JMT\Local Settings\Application Data\DropinSavings\1600\Firefox folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F921B43-DE40-415f-8C21-B0DBD3ABC5DF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F921B43-DE40-415f-8C21-B0DBD3ABC5DF}\ deleted successfully.
C:\Program Files\DropinSavings\DropinSavings.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
ADS C:\WINDOWS\System32\svchost.exe:SummaryInformation deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0CB6E0BD deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\JMT\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\JMT\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 32768 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: All Users

User: backup Jena
->Temp folder emptied: 19617322 bytes
->Temporary Internet Files folder emptied: 26196277 bytes
->Java cache emptied: 4209178 bytes
->FireFox cache emptied: 85136934 bytes
->Google Chrome cache emptied: 6555187 bytes
->Flash cache emptied: 77301 bytes

User: Default User
->Temp folder emptied: 32768 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 56475 bytes

User: Emily
->Temp folder emptied: 26678396 bytes
->Temporary Internet Files folder emptied: 8178703 bytes
->Java cache emptied: 163824 bytes
->FireFox cache emptied: 19742349 bytes
->Flash cache emptied: 9256 bytes

User: JMT
->Temp folder emptied: 129890772 bytes
->Temporary Internet Files folder emptied: 239049702 bytes
->Java cache emptied: 2361730 bytes
->FireFox cache emptied: 124080926 bytes
->Google Chrome cache emptied: 460169948 bytes
->Flash cache emptied: 59554 bytes

User: LocalService
->Temp folder emptied: 2052600 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 1982600 bytes
->Temporary Internet Files folder emptied: 2704291 bytes

User: Tony
->Temp folder emptied: 834514910 bytes
->Temporary Internet Files folder emptied: 243372147 bytes
->Java cache emptied: 14682866 bytes
->FireFox cache emptied: 60338856 bytes
->Flash cache emptied: 62768 bytes

User: vhaispthompw

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 78445585 bytes
%systemroot%\System32\dllcache .tmp files removed: 16913920 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1228629609 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 76854252 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 4293072369 bytes

Total Files Cleaned = 7,635.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.59.1 log created on 09012012_113812

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : JMT [Admin rights]
Mode : Scan -- Date : 09/01/2012 11:50:12

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] LOGI_MWX.EXE -- C:\WINDOWS\LOGI_MWX.EXE -> KILLED [TermProc]

¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][Rans.Gendarm] HKUS\S-1-5-19[...]\Run : Update (rundll32.exe "C:\Documents and Settings\Tony\Application Data\Apple Computer\Apple Computer\xnzbyn.dll",DllRegisterServer) -> FOUND
[RUN][Rans.Gendarm] HKUS\S-1-5-20[...]\Run : Update (rundll32.exe "C:\Documents and Settings\Tony\Application Data\Apple Computer\Apple Computer\xnzbyn.dll",DllRegisterServer) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : Rans.Gendarm ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3320620AS +++++
--- User ---
[MBR] e0829052e9e0a36a146ebb66c87517e2
[BSP] dfe4c0bfa859120fb83a6a1aa43abcee : MBR Code unknown
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 112455 | Size: 302112 Mo
2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 618839865 | Size: 3074 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt




Malwarebytes Anti-Malware 1.62.0.1300
http://www.malwarebytes.org

Database version: v2012.09.01.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
JMT :: JET-MAIN [administrator]

9/1/2012 11:56:04 AM
mbam-log-2012-09-01 (11-56-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 285514
Time elapsed: 6 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
tony5oh
Active Member
 
Posts: 14
Joined: August 29th, 2012, 1:05 pm
Location: Florida, US

Re: Requesting Help with Suspected Browser Redirect Infectio

Unread postby maxi » September 1st, 2012, 1:02 pm

Hi :) I'm just going through your logs now and wanted to see if you recognise this user or is there any reason this account would have been created ?

User: vhaispthompw
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Requesting Help with Suspected Browser Redirect Infectio

Unread postby tony5oh » September 1st, 2012, 2:12 pm

Yes. It's not an actual user, just a directory I have for some professional development/continuing education files
tony5oh
Active Member
 
Posts: 14
Joined: August 29th, 2012, 1:05 pm
Location: Florida, US

Re: Requesting Help with Suspected Browser Redirect Infectio

Unread postby maxi » September 1st, 2012, 2:38 pm

Hi Tony :) Thanks for that.

Step 1
  • Please rerun RogueKiller. Try a few times if it does not run.
  • Click on Scan.
  • Go to the Registry tab and uncheck (untick) the following:
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
  • Click Delete.
  • Get the result via the Report button and post back the contents of the log.

Then



Download and Run ComboFix

  • Please download ComboFix from the following link.

    Link 1.


    **IMPORTANT !!! Save ComboFix.exe to your Desktop**
  • Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
  • Double click on ComboFix.exe & follow the prompts
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
Image
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Image

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper



In your next reply please include:
The Roguekiller log.
The ComboFix log.
How the computer is behaving now

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Requesting Help with Suspected Browser Redirect Infectio

Unread postby tony5oh » September 3rd, 2012, 8:51 am

Hi maxi. Thanks for your efforts thus far. I'm still getting hammered with browser redirects.
Here are the RogueKiller and ComboFix logs.



RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : JMT [Admin rights]
Mode : Remove -- Date : 09/02/2012 10:14:35

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] LOGI_MWX.EXE -- C:\WINDOWS\LOGI_MWX.EXE -> KILLED [TermProc]

¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][Rans.Gendarm] HKUS\S-1-5-19[...]\Run : Update (rundll32.exe "C:\Documents and Settings\Tony\Application Data\Apple Computer\Apple Computer\xnzbyn.dll",DllRegisterServer) -> DELETED
[RUN][Rans.Gendarm] HKUS\S-1-5-20[...]\Run : Update (rundll32.exe "C:\Documents and Settings\Tony\Application Data\Apple Computer\Apple Computer\xnzbyn.dll",DllRegisterServer) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : Rans.Gendarm ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3320620AS +++++
--- User ---
[MBR] e0829052e9e0a36a146ebb66c87517e2
[BSP] dfe4c0bfa859120fb83a6a1aa43abcee : MBR Code unknown
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 112455 | Size: 302112 Mo
2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 618839865 | Size: 3074 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt




ComboFix 12-09-03.06 - JMT 09/03/2012 8:32.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2300 [GMT -4:00]
Running from: c:\documents and settings\JMT\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
ADS - svchost.exe: deleted 0 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\JMT\Local Settings\Application Data\assembly\tmp
c:\documents and settings\JMT\My Documents\DPE.DUS
c:\documents and settings\JMT\Recent\Thumbs.db
c:\documents and settings\Tony\Local Settings\Application Data\assembly\tmp
c:\documents and settings\Tony\My Documents\DPE.DUS
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\default_user_class.dat.LOG
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-03 to 2012-09-03 )))))))))))))))))))))))))))))))
.
.
2012-08-31 13:37 . 2012-08-31 13:37 -------- d-----w- c:\program files\ERUNT
2012-08-29 15:21 . 2012-08-29 15:21 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
2012-08-29 15:21 . 2012-08-29 15:21 -------- d-----w- c:\program files\Common Files\xing shared
2012-08-29 15:21 . 2012-08-29 15:21 150736 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2012-08-29 15:21 . 2012-08-29 15:21 129176 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpplugin.dll
2012-08-29 15:15 . 2012-08-29 15:15 -------- d-----w- c:\program files\Common Files\Skype
2012-08-29 15:15 . 2012-08-29 15:15 -------- d-----r- c:\program files\Skype
2012-08-29 14:37 . 2012-08-29 14:37 -------- d-----w- c:\documents and settings\JMT\Local Settings\Application Data\Sun
2012-08-29 14:35 . 2012-08-29 14:34 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-29 14:32 . 2012-08-29 14:32 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2012-08-09 23:08 . 2012-08-29 15:03 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-07 21:48 . 2012-08-29 15:03 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-07 21:37 . 2012-07-14 00:17 157608 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-08-07 21:37 . 2012-07-14 00:17 113120 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-08-07 21:37 . 2012-07-14 00:16 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-08-07 21:37 . 2012-07-14 00:16 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-31 16:02 . 2010-04-29 11:47 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-29 15:21 . 2003-02-21 09:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-08-29 15:21 . 2003-03-19 01:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-08-21 09:13 . 2011-06-13 23:59 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2011-06-13 23:59 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2011-06-13 23:59 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2011-06-13 23:59 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-21 09:13 . 2011-06-13 23:59 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-08-21 09:13 . 2011-06-13 23:59 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-08-21 09:13 . 2011-06-13 23:59 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:13 . 2011-06-13 23:59 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-08-21 09:12 . 2011-06-13 23:59 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2011-06-13 23:59 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-06 13:58 . 2004-08-11 22:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2004-08-11 22:11 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 17:46 . 2010-10-07 11:57 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 15:07 . 2004-08-11 22:00 832512 ----a-w- c:\windows\system32\wininet.dll
2012-07-03 15:07 . 2004-08-11 22:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2012-07-03 15:07 . 2004-08-11 22:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-07-03 15:07 . 2004-08-11 22:00 17408 ----a-w- c:\windows\system32\corpol.dll
2012-07-03 13:40 . 2004-08-11 22:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-25 20:04 . 2012-06-25 20:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-07 00:59 . 2012-06-07 00:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-05 15:50 . 2008-08-30 01:06 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-11 22:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-07-14 00:17 . 2011-03-24 19:50 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 16384]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 19968]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-09 16859648]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-06-08 128560]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-12-20 634880]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\documents and settings\JMT\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 14:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-06 23:05 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2007-06-08 22:40 128560 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 00:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMM Mode Selection]
2011-02-14 13:55 43520 ----a-r- c:\program files\HTC\ModeSelection\VMMModeSelection.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\NET6\\net6vpn.exe"=
"c:\\Program Files\\mSeven Software\\mBackup\\mBackup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\YNAB 3\\YNAB 3\\YNAB 3.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/13/2011 7:59 PM 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/13/2011 7:59 PM 355632]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [5/14/2009 6:07 PM 759048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/13/2011 7:59 PM 21256]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [3/30/2012 5:44 PM 12184]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [9/15/2011 12:06 PM 88576]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [6/17/2009 12:55 PM 42648]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [6/17/2009 12:55 PM 12184]
R3 Net6IM;Net6;c:\windows\system32\drivers\net6im51.sys [3/31/2009 3:32 PM 44672]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [8/9/2012 7:08 PM 250568]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2/3/2011 3:43 PM 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [6/22/2010 7:01 PM 21248]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/11/2004 6:00 PM 14336]
S3 qcserxp;HTC Diagnostic Port;c:\windows\system32\DRIVERS\qcserxp.sys --> c:\windows\system32\DRIVERS\qcserxp.sys [?]
S3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcmdmxp.sys --> c:\windows\system32\DRIVERS\qcmdmxp.sys [?]
S3 yeddef;YEDDEF driver;c:\windows\system32\Drivers\yeddef.sys --> c:\windows\system32\Drivers\yeddef.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - TrueSight
*Deregistered* - uphcleanhlp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-09 15:03]
.
2012-08-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:34]
.
2012-09-03 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-10 09:12]
.
2012-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1083122780-658728187-3054398155-1009Core.job
- c:\documents and settings\JMT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-19 23:44]
.
2012-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1083122780-658728187-3054398155-1009UA.job
- c:\documents and settings\JMT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-19 23:44]
.
2012-09-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1083122780-658728187-3054398155-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 18:27]
.
2012-09-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1083122780-658728187-3054398155-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 18:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112 192.168.1.1
FF - ProfilePath - c:\documents and settings\JMT\Application Data\Mozilla\Firefox\Profiles\ea3wzgla.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Mobile Connectivity Suite - c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
MSConfigStartUp-Share-to-Web Namespace Daemon - c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
AddRemove-Your Image Emily Tippetts 1.0.5 - c:\windows\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-03 08:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\0b\00\06\14\1c\"?"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1024)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
Completion time: 2012-09-03 08:39:50
ComboFix-quarantined-files.txt 2012-09-03 12:39
.
Pre-Run: 57,008,058,368 bytes free
Post-Run: 56,943,206,400 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - BD1114D291CC3F5C8F38E6DCD0AF4987
tony5oh
Active Member
 
Posts: 14
Joined: August 29th, 2012, 1:05 pm
Location: Florida, US

Re: Requesting Help with Suspected Browser Redirect Infectio

Unread postby maxi » September 3rd, 2012, 1:40 pm

Hi Tony :)

TDSSKiller

Please download TDSSKiller.exe and save it to your Desktop.
  • Double click on TDSSKiller.exe to launch it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • To find the log go to Start > Computer > C:
  • Post the contents of that log in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT


Please post the log in your next reply :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Requesting Help with Suspected Browser Redirect Infectio

Unread postby tony5oh » September 3rd, 2012, 2:44 pm

Here we are...



14:39:15.0531 0268 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
14:39:15.0984 0268 ============================================================
14:39:15.0984 0268 Current date / time: 2012/09/03 14:39:15.0984
14:39:15.0984 0268 SystemInfo:
14:39:15.0984 0268
14:39:15.0984 0268 OS Version: 5.1.2600 ServicePack: 3.0
14:39:15.0984 0268 Product type: Workstation
14:39:15.0984 0268 ComputerName: JET-MAIN
14:39:16.0000 0268 UserName: JMT
14:39:16.0000 0268 Windows directory: C:\WINDOWS
14:39:16.0000 0268 System windows directory: C:\WINDOWS
14:39:16.0000 0268 Processor architecture: Intel x86
14:39:16.0000 0268 Number of processors: 2
14:39:16.0000 0268 Page size: 0x1000
14:39:16.0000 0268 Boot type: Normal boot
14:39:16.0000 0268 ============================================================
14:39:16.0765 0268 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:39:16.0812 0268 ============================================================
14:39:16.0812 0268 \Device\Harddisk0\DR0:
14:39:16.0812 0268 MBR partitions:
14:39:16.0812 0268 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x24E107F2
14:39:16.0812 0268 ============================================================
14:39:16.0875 0268 C: <-> \Device\Harddisk0\DR0\Partition1
14:39:16.0875 0268 ============================================================
14:39:16.0875 0268 Initialize success
14:39:16.0875 0268 ============================================================
14:39:45.0578 5412 ============================================================
14:39:45.0578 5412 Scan started
14:39:45.0578 5412 Mode: Manual;
14:39:45.0578 5412 ============================================================
14:39:46.0187 5412 ================ Scan system memory ========================
14:39:46.0187 5412 System memory - ok
14:39:46.0187 5412 ================ Scan services =============================
14:39:46.0312 5412 [ 0352A73CD6B1782EA3ED7A03A8268F55 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
14:39:46.0312 5412 Aavmker4 - ok
14:39:46.0406 5412 [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
14:39:46.0421 5412 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
14:39:46.0421 5412 Abiosdsk - ok
14:39:46.0500 5412 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
14:39:46.0500 5412 abp480n5 - ok
14:39:46.0531 5412 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
14:39:46.0531 5412 ACDaemon - ok
14:39:46.0546 5412 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:39:46.0546 5412 ACPI - ok
14:39:46.0562 5412 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
14:39:46.0578 5412 ACPIEC - ok
14:39:46.0671 5412 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:39:46.0671 5412 AdobeFlashPlayerUpdateSvc - ok
14:39:46.0687 5412 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
14:39:46.0687 5412 adpu160m - ok
14:39:46.0718 5412 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
14:39:46.0718 5412 aec - ok
14:39:46.0750 5412 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc C:\WINDOWS\system32\drivers\Afc.sys
14:39:46.0750 5412 Afc - ok
14:39:46.0781 5412 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
14:39:46.0781 5412 AFD - ok
14:39:46.0796 5412 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
14:39:46.0796 5412 agp440 - ok
14:39:46.0812 5412 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
14:39:46.0812 5412 agpCPQ - ok
14:39:46.0843 5412 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
14:39:46.0859 5412 Aha154x - ok
14:39:46.0859 5412 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
14:39:46.0859 5412 aic78u2 - ok
14:39:46.0875 5412 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
14:39:46.0875 5412 aic78xx - ok
14:39:46.0906 5412 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
14:39:46.0906 5412 Alerter - ok
14:39:46.0937 5412 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
14:39:46.0937 5412 ALG - ok
14:39:46.0937 5412 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
14:39:46.0937 5412 AliIde - ok
14:39:46.0953 5412 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
14:39:46.0953 5412 alim1541 - ok
14:39:46.0953 5412 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
14:39:46.0953 5412 amdagp - ok
14:39:46.0968 5412 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
14:39:46.0968 5412 amsint - ok
14:39:47.0046 5412 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:39:47.0046 5412 Apple Mobile Device - ok
14:39:47.0078 5412 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
14:39:47.0078 5412 AppMgmt - ok
14:39:47.0109 5412 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
14:39:47.0109 5412 asc - ok
14:39:47.0109 5412 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
14:39:47.0109 5412 asc3350p - ok
14:39:47.0125 5412 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
14:39:47.0125 5412 asc3550 - ok
14:39:47.0218 5412 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:39:47.0218 5412 aspnet_state - ok
14:39:47.0281 5412 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
14:39:47.0281 5412 aswFsBlk - ok
14:39:47.0281 5412 [ 2B9B1DF809E965EF63402CBBA6DB50AE ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
14:39:47.0281 5412 aswMon2 - ok
14:39:47.0312 5412 [ B7D5E4486BA658ED08624D8084ABB830 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
14:39:47.0312 5412 aswRdr - ok
14:39:47.0359 5412 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
14:39:47.0359 5412 aswSnx - ok
14:39:47.0390 5412 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
14:39:47.0390 5412 aswSP - ok
14:39:47.0406 5412 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
14:39:47.0406 5412 aswTdi - ok
14:39:47.0453 5412 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:39:47.0453 5412 AsyncMac - ok
14:39:47.0453 5412 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
14:39:47.0453 5412 atapi - ok
14:39:47.0468 5412 Atdisk - ok
14:39:47.0500 5412 [ DAE9B06F344AE0F877D7CE3500C12342 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
14:39:47.0500 5412 Ati HotKey Poller - ok
14:39:47.0546 5412 [ 6B6B5DE3F63C3F9E9DE4F84729395F37 ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
14:39:47.0546 5412 ATI Smart - ok
14:39:47.0687 5412 [ BDE0F5D73C04B3F16672A7E6EA9D2392 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:39:47.0718 5412 ati2mtag - ok
14:39:47.0734 5412 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:39:47.0734 5412 Atmarpc - ok
14:39:47.0750 5412 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
14:39:47.0750 5412 AudioSrv - ok
14:39:47.0796 5412 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
14:39:47.0812 5412 audstub - ok
14:39:47.0875 5412 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
14:39:47.0875 5412 avast! Antivirus - ok
14:39:47.0890 5412 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
14:39:47.0890 5412 Beep - ok
14:39:47.0937 5412 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
14:39:47.0953 5412 BITS - ok
14:39:48.0031 5412 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:39:48.0031 5412 Bonjour Service - ok
14:39:48.0062 5412 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
14:39:48.0062 5412 Browser - ok
14:39:48.0187 5412 catchme - ok
14:39:48.0203 5412 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
14:39:48.0203 5412 cbidf - ok
14:39:48.0203 5412 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
14:39:48.0203 5412 cbidf2k - ok
14:39:48.0218 5412 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
14:39:48.0218 5412 cd20xrnt - ok
14:39:48.0234 5412 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
14:39:48.0234 5412 Cdaudio - ok
14:39:48.0250 5412 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
14:39:48.0250 5412 Cdfs - ok
14:39:48.0265 5412 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:39:48.0265 5412 Cdrom - ok
14:39:48.0265 5412 Changer - ok
14:39:48.0296 5412 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
14:39:48.0296 5412 CiSvc - ok
14:39:48.0296 5412 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
14:39:48.0312 5412 ClipSrv - ok
14:39:48.0328 5412 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:39:48.0328 5412 clr_optimization_v2.0.50727_32 - ok
14:39:48.0375 5412 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
14:39:48.0375 5412 CmdIde - ok
14:39:48.0375 5412 COMSysApp - ok
14:39:48.0390 5412 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
14:39:48.0390 5412 Cpqarray - ok
14:39:48.0406 5412 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
14:39:48.0406 5412 CryptSvc - ok
14:39:48.0406 5412 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
14:39:48.0406 5412 dac2w2k - ok
14:39:48.0421 5412 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
14:39:48.0421 5412 dac960nt - ok
14:39:48.0453 5412 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
14:39:48.0468 5412 DcomLaunch - ok
14:39:48.0468 5412 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
14:39:48.0484 5412 Dhcp - ok
14:39:48.0484 5412 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
14:39:48.0484 5412 Disk - ok
14:39:48.0500 5412 dmadmin - ok
14:39:48.0531 5412 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
14:39:48.0531 5412 dmboot - ok
14:39:48.0531 5412 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
14:39:48.0531 5412 dmio - ok
14:39:48.0546 5412 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
14:39:48.0546 5412 dmload - ok
14:39:48.0562 5412 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
14:39:48.0562 5412 dmserver - ok
14:39:48.0578 5412 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
14:39:48.0578 5412 DMusic - ok
14:39:48.0593 5412 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
14:39:48.0593 5412 Dnscache - ok
14:39:48.0640 5412 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
14:39:48.0640 5412 Dot3svc - ok
14:39:48.0656 5412 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
14:39:48.0656 5412 dpti2o - ok
14:39:48.0671 5412 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
14:39:48.0687 5412 drmkaud - ok
14:39:48.0687 5412 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
14:39:48.0687 5412 E100B - ok
14:39:48.0734 5412 [ 34AAA3B298A852B3663E6E0D94D12945 ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
14:39:48.0734 5412 e1express - ok
14:39:48.0796 5412 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
14:39:48.0812 5412 EapHost - ok
14:39:48.0843 5412 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
14:39:48.0843 5412 ERSvc - ok
14:39:48.0859 5412 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
14:39:48.0859 5412 Eventlog - ok
14:39:48.0890 5412 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
14:39:48.0906 5412 EventSystem - ok
14:39:48.0921 5412 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
14:39:48.0921 5412 Fastfat - ok
14:39:48.0953 5412 [ 1926899BF9FFE2602B63074971700412 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:39:48.0953 5412 FastUserSwitchingCompatibility - ok
14:39:48.0984 5412 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
14:39:48.0984 5412 Fax - ok
14:39:49.0000 5412 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
14:39:49.0000 5412 Fdc - ok
14:39:49.0000 5412 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
14:39:49.0015 5412 Fips - ok
14:39:49.0015 5412 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:39:49.0015 5412 Flpydisk - ok
14:39:49.0046 5412 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
14:39:49.0046 5412 FltMgr - ok
14:39:49.0078 5412 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:39:49.0093 5412 FontCache3.0.0.0 - ok
14:39:49.0093 5412 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:39:49.0093 5412 Fs_Rec - ok
14:39:49.0140 5412 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:39:49.0156 5412 Ftdisk - ok
14:39:49.0156 5412 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
14:39:49.0156 5412 GEARAspiWDM - ok
14:39:49.0187 5412 [ 0879DC7444A201DF84E69C5DD5083D61 ] getPlusHelper C:\Program Files\NOS\bin\getPlus_Helper.dll
14:39:49.0187 5412 getPlusHelper - ok
14:39:49.0203 5412 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\WINDOWS\system32\giveio.sys
14:39:49.0203 5412 giveio - ok
14:39:49.0234 5412 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:39:49.0234 5412 Gpc - ok
14:39:49.0281 5412 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:39:49.0281 5412 gusvc - ok
14:39:49.0296 5412 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:39:49.0296 5412 HDAudBus - ok
14:39:49.0359 5412 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:39:49.0359 5412 helpsvc - ok
14:39:49.0375 5412 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
14:39:49.0390 5412 HidServ - ok
14:39:49.0406 5412 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:39:49.0406 5412 HidUsb - ok
14:39:49.0437 5412 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
14:39:49.0453 5412 hkmsvc - ok
14:39:49.0468 5412 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
14:39:49.0484 5412 hpn - ok
14:39:49.0531 5412 [ CE0FCEC4D4D860F36D972759B11EAF0F ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
14:39:49.0531 5412 hpqcxs08 - ok
14:39:49.0546 5412 [ 7DA3211AC63EDD90B8ECA1CA1ABFD43B ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
14:39:49.0562 5412 hpqddsvc - ok
14:39:49.0578 5412 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
14:39:49.0578 5412 HPZid412 - ok
14:39:49.0609 5412 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
14:39:49.0609 5412 HPZipr12 - ok
14:39:49.0640 5412 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
14:39:49.0640 5412 HPZius12 - ok
14:39:49.0687 5412 [ 77E4FF0B73BC0AEAAF39BF0C8104231F ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
14:39:49.0687 5412 HSFHWBS2 - ok
14:39:49.0718 5412 [ 60E1604729A15EF4A3B05F298427B3B1 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
14:39:49.0718 5412 HSF_DP - ok
14:39:49.0765 5412 [ CBD09ED9CF6822177EE85AEA4D8816A2 ] HTCAND32 C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
14:39:49.0765 5412 HTCAND32 - ok
14:39:49.0781 5412 [ 04E3B3554076B8192A668EFE88A682A1 ] htcnprot C:\WINDOWS\system32\DRIVERS\htcnprot.sys
14:39:49.0781 5412 htcnprot - ok
14:39:49.0812 5412 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
14:39:49.0812 5412 HTTP - ok
14:39:49.0843 5412 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
14:39:49.0843 5412 HTTPFilter - ok
14:39:49.0890 5412 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
14:39:49.0890 5412 i2omgmt - ok
14:39:49.0906 5412 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
14:39:49.0906 5412 i2omp - ok
14:39:49.0906 5412 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:39:49.0906 5412 i8042prt - ok
14:39:49.0937 5412 [ 997E8F5939F2D12CD9F2E6B395724C16 ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
14:39:49.0937 5412 iaStor - ok
14:39:50.0062 5412 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
14:39:50.0062 5412 IDriverT - ok
14:39:50.0140 5412 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:39:50.0140 5412 idsvc - ok
14:39:50.0171 5412 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
14:39:50.0171 5412 Imapi - ok
14:39:50.0203 5412 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
14:39:50.0203 5412 ImapiService - ok
14:39:50.0234 5412 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
14:39:50.0234 5412 ini910u - ok
14:39:50.0375 5412 [ DBC702FBC70DC58D9122CE56EADBD659 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:39:50.0390 5412 IntcAzAudAddService - ok
14:39:50.0437 5412 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
14:39:50.0437 5412 IntelIde - ok
14:39:50.0453 5412 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:39:50.0453 5412 intelppm - ok
14:39:50.0484 5412 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
14:39:50.0484 5412 Ip6Fw - ok
14:39:50.0515 5412 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:39:50.0515 5412 IpFilterDriver - ok
14:39:50.0531 5412 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:39:50.0531 5412 IpInIp - ok
14:39:50.0531 5412 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:39:50.0531 5412 IpNat - ok
14:39:50.0593 5412 [ CE004777B92DEA56FE14EC900D20BAA4 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:39:50.0593 5412 iPod Service - ok
14:39:50.0609 5412 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:39:50.0609 5412 IPSec - ok
14:39:50.0640 5412 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
14:39:50.0640 5412 IRENUM - ok
14:39:50.0687 5412 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:39:50.0687 5412 isapnp - ok
14:39:50.0765 5412 [ 80F08F50D248EEEEB9256F6522891D40 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
14:39:50.0765 5412 JavaQuickStarterService - ok
14:39:50.0781 5412 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:39:50.0781 5412 Kbdclass - ok
14:39:50.0781 5412 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:39:50.0781 5412 kbdhid - ok
14:39:50.0796 5412 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
14:39:50.0796 5412 kmixer - ok
14:39:50.0828 5412 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
14:39:50.0828 5412 KSecDD - ok
14:39:50.0859 5412 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
14:39:50.0859 5412 lanmanserver - ok
14:39:50.0890 5412 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:39:50.0890 5412 lanmanworkstation - ok
14:39:50.0921 5412 [ BE2DC24D403643A2D1D98F33C7087B38 ] LBeepKE C:\WINDOWS\system32\Drivers\LBeepKE.sys
14:39:50.0921 5412 LBeepKE - ok
14:39:50.0921 5412 lbrtfdc - ok
14:39:50.0984 5412 [ 910344E2A984010435AE84783B25E5EB ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
14:39:51.0000 5412 LBTServ - ok
14:39:51.0031 5412 [ 2B81DE27D63A2DE5876EAC1BC34ECE9B ] LCcfltr C:\WINDOWS\system32\Drivers\LCcFltr.Sys
14:39:51.0031 5412 LCcfltr - ok
14:39:51.0062 5412 [ 717E6714BCA808F2A372E636AFF3D15A ] LEqdUsb C:\WINDOWS\system32\Drivers\LEqdUsb.Sys
14:39:51.0062 5412 LEqdUsb - ok
14:39:51.0078 5412 [ 2786F7B4003ADFF88CE28BC1800B5407 ] LHidEqd C:\WINDOWS\system32\Drivers\LHidEqd.Sys
14:39:51.0078 5412 LHidEqd - ok
14:39:51.0109 5412 [ 01CC7FB6E790EF044B411377F3A1FF41 ] LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
14:39:51.0109 5412 LHidFilt - ok
14:39:51.0125 5412 [ B97D05E656818572B6B04BA682D3AA8F ] LHidFlt2 C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
14:39:51.0125 5412 LHidFlt2 - ok
14:39:51.0140 5412 [ 826AACB98A2CA5C51E982C748A60D645 ] LHidUsb C:\WINDOWS\system32\Drivers\LHidUsb.Sys
14:39:51.0140 5412 LHidUsb - ok
14:39:51.0156 5412 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
14:39:51.0171 5412 LmHosts - ok
14:39:51.0187 5412 [ A2E7EAE8898D7B4B8C302B8F4E836BB5 ] LMouFilt C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
14:39:51.0187 5412 LMouFilt - ok
14:39:51.0187 5412 [ B666F835C18974F392A387C6E863072F ] LMouFlt2 C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
14:39:51.0187 5412 LMouFlt2 - ok
14:39:51.0203 5412 [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
14:39:51.0203 5412 mdmxsdk - ok
14:39:51.0234 5412 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
14:39:51.0234 5412 Messenger - ok
14:39:51.0281 5412 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
14:39:51.0281 5412 mnmdd - ok
14:39:51.0312 5412 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
14:39:51.0312 5412 mnmsrvc - ok
14:39:51.0343 5412 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
14:39:51.0343 5412 Modem - ok
14:39:51.0390 5412 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
14:39:51.0390 5412 MODEMCSA - ok
14:39:51.0406 5412 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:39:51.0406 5412 Mouclass - ok
14:39:51.0437 5412 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:39:51.0437 5412 mouhid - ok
14:39:51.0453 5412 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
14:39:51.0453 5412 MountMgr - ok
14:39:51.0484 5412 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
14:39:51.0484 5412 mraid35x - ok
14:39:51.0515 5412 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:39:51.0515 5412 MRxDAV - ok
14:39:51.0546 5412 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:39:51.0562 5412 MRxSmb - ok
14:39:51.0562 5412 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
14:39:51.0562 5412 Msfs - ok
14:39:51.0562 5412 MSIServer - ok
14:39:51.0593 5412 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:39:51.0593 5412 MSKSSRV - ok
14:39:51.0593 5412 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:39:51.0593 5412 MSPCLOCK - ok
14:39:51.0609 5412 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
14:39:51.0609 5412 MSPQM - ok
14:39:51.0609 5412 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:39:51.0609 5412 mssmbios - ok
14:39:51.0640 5412 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
14:39:51.0656 5412 Mup - ok
14:39:51.0671 5412 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
14:39:51.0687 5412 napagent - ok
14:39:51.0718 5412 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
14:39:51.0718 5412 NDIS - ok
14:39:51.0750 5412 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:39:51.0750 5412 NdisTapi - ok
14:39:51.0750 5412 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:39:51.0765 5412 Ndisuio - ok
14:39:51.0765 5412 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:39:51.0765 5412 NdisWan - ok
14:39:51.0796 5412 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
14:39:51.0796 5412 NDProxy - ok
14:39:51.0828 5412 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
14:39:51.0843 5412 Net Driver HPZ12 - ok
14:39:51.0843 5412 [ CE3E46F0BDCD4497503BE3ED9E143352 ] Net6IM C:\WINDOWS\system32\DRIVERS\net6im51.sys
14:39:51.0859 5412 Net6IM - ok
14:39:51.0859 5412 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
14:39:51.0859 5412 NetBIOS - ok
14:39:51.0875 5412 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
14:39:51.0875 5412 NetBT - ok
14:39:51.0906 5412 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
14:39:51.0906 5412 NetDDE - ok
14:39:51.0906 5412 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
14:39:51.0921 5412 NetDDEdsdm - ok
14:39:51.0937 5412 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
14:39:51.0937 5412 Netlogon - ok
14:39:51.0937 5412 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
14:39:51.0953 5412 Netman - ok
14:39:51.0984 5412 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:39:51.0984 5412 NetTcpPortSharing - ok
14:39:52.0015 5412 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
14:39:52.0015 5412 Nla - ok
14:39:52.0046 5412 [ 0E58F99692802C501454EAC3D2AC3394 ] nosGetPlusHelper C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
14:39:52.0046 5412 nosGetPlusHelper - ok
14:39:52.0046 5412 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
14:39:52.0046 5412 Npfs - ok
14:39:52.0078 5412 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
14:39:52.0093 5412 Ntfs - ok
14:39:52.0093 5412 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
14:39:52.0093 5412 NtLmSsp - ok
14:39:52.0156 5412 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
14:39:52.0156 5412 NtmsSvc - ok
14:39:52.0187 5412 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
14:39:52.0187 5412 Null - ok
14:39:52.0250 5412 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:39:52.0250 5412 nv - ok
14:39:52.0281 5412 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:39:52.0281 5412 NwlnkFlt - ok
14:39:52.0296 5412 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:39:52.0296 5412 NwlnkFwd - ok
14:39:52.0437 5412 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:39:52.0437 5412 odserv - ok
14:39:52.0468 5412 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:39:52.0468 5412 ose - ok
14:39:52.0531 5412 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
14:39:52.0531 5412 Parport - ok
14:39:52.0578 5412 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
14:39:52.0578 5412 PartMgr - ok
14:39:52.0593 5412 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
14:39:52.0609 5412 ParVdm - ok
14:39:52.0656 5412 [ 39B9DCD7040654C2E57D7396736C718E ] PassThru Service C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
14:39:52.0656 5412 PassThru Service - ok
14:39:52.0671 5412 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
14:39:52.0671 5412 PCI - ok
14:39:52.0671 5412 PCIDump - ok
14:39:52.0718 5412 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
14:39:52.0718 5412 PCIIde - ok
14:39:52.0734 5412 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
14:39:52.0750 5412 Pcmcia - ok
14:39:52.0750 5412 PDCOMP - ok
14:39:52.0750 5412 PDFRAME - ok
14:39:52.0750 5412 PDRELI - ok
14:39:52.0765 5412 PDRFRAME - ok
14:39:52.0781 5412 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
14:39:52.0781 5412 perc2 - ok
14:39:52.0781 5412 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
14:39:52.0781 5412 perc2hib - ok
14:39:52.0828 5412 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
14:39:52.0828 5412 PlugPlay - ok
14:39:52.0859 5412 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
14:39:52.0859 5412 Pml Driver HPZ12 - ok
14:39:52.0875 5412 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
14:39:52.0875 5412 PolicyAgent - ok
14:39:52.0890 5412 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:39:52.0890 5412 PptpMiniport - ok
14:39:52.0890 5412 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:39:52.0906 5412 ProtectedStorage - ok
14:39:52.0906 5412 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
14:39:52.0906 5412 PSched - ok
14:39:52.0921 5412 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:39:52.0921 5412 Ptilink - ok
14:39:52.0937 5412 [ FEFFCFDC528764A04C8ED63D5FA6E711 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:39:52.0937 5412 PxHelp20 - ok
14:39:52.0937 5412 qcserxp - ok
14:39:52.0953 5412 qcusbser - ok
14:39:52.0953 5412 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
14:39:52.0953 5412 ql1080 - ok
14:39:52.0984 5412 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
14:39:52.0984 5412 Ql10wnt - ok
14:39:53.0000 5412 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
14:39:53.0000 5412 ql12160 - ok
14:39:53.0000 5412 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
14:39:53.0000 5412 ql1240 - ok
14:39:53.0015 5412 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
14:39:53.0015 5412 ql1280 - ok
14:39:53.0015 5412 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:39:53.0015 5412 RasAcd - ok
14:39:53.0062 5412 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
14:39:53.0062 5412 RasAuto - ok
14:39:53.0062 5412 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:39:53.0062 5412 Rasl2tp - ok
14:39:53.0093 5412 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
14:39:53.0109 5412 RasMan - ok
14:39:53.0125 5412 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:39:53.0125 5412 RasPppoe - ok
14:39:53.0125 5412 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
14:39:53.0125 5412 Raspti - ok
14:39:53.0140 5412 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:39:53.0140 5412 Rdbss - ok
14:39:53.0156 5412 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:39:53.0156 5412 RDPCDD - ok
14:39:53.0171 5412 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:39:53.0171 5412 rdpdr - ok
14:39:53.0218 5412 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
14:39:53.0218 5412 RDPWD - ok
14:39:53.0250 5412 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
14:39:53.0265 5412 RDSessMgr - ok
14:39:53.0281 5412 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
14:39:53.0281 5412 redbook - ok
14:39:53.0312 5412 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
14:39:53.0328 5412 RemoteAccess - ok
14:39:53.0343 5412 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
14:39:53.0359 5412 RemoteRegistry - ok
14:39:53.0359 5412 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
14:39:53.0359 5412 RpcLocator - ok
14:39:53.0390 5412 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
14:39:53.0406 5412 RpcSs - ok
14:39:53.0453 5412 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
14:39:53.0453 5412 RSVP - ok
14:39:53.0468 5412 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
14:39:53.0468 5412 SamSs - ok
14:39:53.0500 5412 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
14:39:53.0500 5412 SCardSvr - ok
14:39:53.0531 5412 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
14:39:53.0531 5412 Schedule - ok
14:39:53.0562 5412 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:39:53.0562 5412 Secdrv - ok
14:39:53.0593 5412 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
14:39:53.0609 5412 seclogon - ok
14:39:53.0609 5412 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
14:39:53.0609 5412 SENS - ok
14:39:53.0640 5412 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
14:39:53.0640 5412 serenum - ok
14:39:53.0671 5412 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
14:39:53.0671 5412 Serial - ok
14:39:53.0687 5412 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
14:39:53.0703 5412 Sfloppy - ok
14:39:53.0718 5412 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
14:39:53.0734 5412 SharedAccess - ok
14:39:53.0750 5412 [ 1926899BF9FFE2602B63074971700412 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:39:53.0750 5412 ShellHWDetection - ok
14:39:53.0750 5412 Simbad - ok
14:39:53.0796 5412 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
14:39:53.0796 5412 sisagp - ok
14:39:53.0843 5412 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
14:39:53.0843 5412 SkypeUpdate - ok
14:39:53.0875 5412 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
14:39:53.0875 5412 Sparrow - ok
14:39:53.0921 5412 [ 5D6401DB90EC81B71F8E2C5C8F0FEF23 ] speedfan C:\WINDOWS\system32\speedfan.sys
14:39:53.0921 5412 speedfan - ok
14:39:53.0937 5412 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
14:39:53.0937 5412 splitter - ok
14:39:53.0968 5412 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
14:39:53.0968 5412 Spooler - ok
14:39:54.0015 5412 sprtsvc_dellsupportcenter - ok
14:39:54.0062 5412 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
14:39:54.0078 5412 sr - ok
14:39:54.0093 5412 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
14:39:54.0109 5412 srservice - ok
14:39:54.0140 5412 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
14:39:54.0140 5412 Srv - ok
14:39:54.0171 5412 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
14:39:54.0171 5412 SSDPSRV - ok
14:39:54.0234 5412 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
14:39:54.0250 5412 stisvc - ok
14:39:54.0296 5412 [ 51778FD315C9882F1CBD932743E62A72 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
14:39:54.0296 5412 stllssvr - ok
14:39:54.0328 5412 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
14:39:54.0328 5412 swenum - ok
14:39:54.0343 5412 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
14:39:54.0343 5412 swmidi - ok
14:39:54.0359 5412 SwPrv - ok
14:39:54.0375 5412 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
14:39:54.0390 5412 symc810 - ok
14:39:54.0390 5412 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
14:39:54.0390 5412 symc8xx - ok
14:39:54.0390 5412 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
14:39:54.0406 5412 sym_hi - ok
14:39:54.0421 5412 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
14:39:54.0421 5412 sym_u3 - ok
14:39:54.0437 5412 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
14:39:54.0437 5412 sysaudio - ok
14:39:54.0468 5412 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
14:39:54.0468 5412 SysmonLog - ok
14:39:54.0515 5412 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
14:39:54.0515 5412 TapiSrv - ok
14:39:54.0562 5412 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:39:54.0562 5412 Tcpip - ok
14:39:54.0609 5412 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
14:39:54.0609 5412 TDPIPE - ok
14:39:54.0625 5412 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
14:39:54.0625 5412 TDTCP - ok
14:39:54.0640 5412 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
14:39:54.0640 5412 TermDD - ok
14:39:54.0671 5412 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
14:39:54.0671 5412 TermService - ok
14:39:54.0703 5412 [ 1926899BF9FFE2602B63074971700412 ] Themes C:\WINDOWS\System32\shsvcs.dll
14:39:54.0703 5412 Themes - ok
14:39:54.0750 5412 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
14:39:54.0750 5412 TlntSvr - ok
14:39:54.0765 5412 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
14:39:54.0765 5412 TosIde - ok
14:39:54.0781 5412 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
14:39:54.0781 5412 TrkWks - ok
14:39:54.0812 5412 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
14:39:54.0812 5412 Udfs - ok
14:39:54.0812 5412 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
14:39:54.0812 5412 ultra - ok
14:39:54.0843 5412 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
14:39:54.0843 5412 Update - ok
14:39:54.0875 5412 [ 3F9A3232E5F942874488981F3242C989 ] UPHClean C:\Program Files\UPHClean\uphclean.exe
14:39:54.0875 5412 UPHClean - ok
14:39:54.0890 5412 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
14:39:54.0890 5412 upnphost - ok
14:39:54.0921 5412 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
14:39:54.0921 5412 UPS - ok
14:39:54.0953 5412 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
14:39:54.0968 5412 USBAAPL - ok
14:39:55.0000 5412 [ 5AADC9297C39AA249CD994ACDBA19034 ] usbbus C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
14:39:55.0000 5412 usbbus - ok
14:39:55.0031 5412 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:39:55.0031 5412 usbccgp - ok
14:39:55.0062 5412 [ 4650FFE04E5922399B0E932319E6B215 ] UsbDiag C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
14:39:55.0062 5412 UsbDiag - ok
14:39:55.0093 5412 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:39:55.0093 5412 usbehci - ok
14:39:55.0093 5412 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:39:55.0109 5412 usbhub - ok
14:39:55.0140 5412 [ 2666FE171E0C2E7085CCD5FE0BAC09E3 ] USBModem C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
14:39:55.0140 5412 USBModem - ok
14:39:55.0171 5412 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:39:55.0171 5412 usbprint - ok
14:39:55.0203 5412 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:39:55.0203 5412 usbscan - ok
14:39:55.0234 5412 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:39:55.0250 5412 USBSTOR - ok
14:39:55.0250 5412 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:39:55.0250 5412 usbuhci - ok
14:39:55.0265 5412 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
14:39:55.0265 5412 VgaSave - ok
14:39:55.0281 5412 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
14:39:55.0296 5412 viaagp - ok
14:39:55.0296 5412 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
14:39:55.0296 5412 ViaIde - ok
14:39:55.0328 5412 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
14:39:55.0328 5412 VolSnap - ok
14:39:55.0359 5412 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
14:39:55.0375 5412 VSS - ok
14:39:55.0390 5412 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
14:39:55.0406 5412 w32time - ok
14:39:55.0421 5412 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:39:55.0421 5412 Wanarp - ok
14:39:55.0453 5412 [ 4769596D7CC0F5FA447D2BABC239672A ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
14:39:55.0453 5412 Wdf01000 - ok
14:39:55.0468 5412 WDICA - ok
14:39:55.0484 5412 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
14:39:55.0484 5412 wdmaud - ok
14:39:55.0500 5412 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
14:39:55.0500 5412 WebClient - ok
14:39:55.0531 5412 [ F59ED5A43B988A18EF582BB07B2327A7 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
14:39:55.0546 5412 winachsf - ok
14:39:55.0609 5412 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
14:39:55.0609 5412 winmgmt - ok
14:39:55.0640 5412 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
14:39:55.0656 5412 WmdmPmSN - ok
14:39:55.0671 5412 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
14:39:55.0671 5412 Wmi - ok
14:39:55.0703 5412 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:39:55.0703 5412 WmiApSrv - ok
14:39:55.0781 5412 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
14:39:55.0796 5412 WMPNetworkSvc - ok
14:39:55.0828 5412 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
14:39:55.0828 5412 WpdUsb - ok
14:39:55.0843 5412 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:39:55.0843 5412 WS2IFSL - ok
14:39:55.0875 5412 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
14:39:55.0890 5412 wscsvc - ok
14:39:55.0906 5412 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
14:39:55.0906 5412 wuauserv - ok
14:39:55.0937 5412 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:39:55.0937 5412 WudfPf - ok
14:39:55.0953 5412 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:39:55.0968 5412 WudfRd - ok
14:39:56.0000 5412 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
14:39:56.0000 5412 WudfSvc - ok
14:39:56.0046 5412 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
14:39:56.0062 5412 WZCSVC - ok
14:39:56.0093 5412 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
14:39:56.0109 5412 xmlprov - ok
14:39:56.0109 5412 yeddef - ok
14:39:56.0109 5412 ================ Scan global ===============================
14:39:56.0156 5412 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
14:39:56.0171 5412 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
14:39:56.0187 5412 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
14:39:56.0234 5412 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
14:39:56.0234 5412 [Global] - ok
14:39:56.0250 5412 ================ Scan MBR ==================================
14:39:56.0265 5412 [ 5CB90281D1A59B251F6603134774EEC3 ] \Device\Harddisk0\DR0
14:39:56.0421 5412 \Device\Harddisk0\DR0 - ok
14:39:56.0421 5412 ================ Scan VBR ==================================
14:39:56.0421 5412 [ B192AB733C07CFA4D9347441B9446B94 ] \Device\Harddisk0\DR0\Partition1
14:39:56.0421 5412 \Device\Harddisk0\DR0\Partition1 - ok
14:39:56.0421 5412 ============================================================
14:39:56.0421 5412 Scan finished
14:39:56.0421 5412 ============================================================
14:39:56.0437 5852 Detected object count: 0
14:39:56.0437 5852 Actual detected object count: 0
14:40:46.0296 4208 ============================================================
14:40:46.0296 4208 Scan started
14:40:46.0296 4208 Mode: Manual;
14:40:46.0296 4208 ============================================================
14:40:46.0750 4208 ================ Scan system memory ========================
14:40:46.0750 4208 System memory - ok
14:40:46.0750 4208 ================ Scan services =============================
14:40:46.0890 4208 [ 0352A73CD6B1782EA3ED7A03A8268F55 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
14:40:46.0890 4208 Aavmker4 - ok
14:40:47.0015 4208 [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
14:40:47.0015 4208 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
14:40:47.0015 4208 Abiosdsk - ok
14:40:47.0062 4208 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
14:40:47.0062 4208 abp480n5 - ok
14:40:47.0093 4208 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
14:40:47.0093 4208 ACDaemon - ok
14:40:47.0125 4208 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:40:47.0125 4208 ACPI - ok
14:40:47.0171 4208 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
14:40:47.0171 4208 ACPIEC - ok
14:40:47.0265 4208 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:40:47.0265 4208 AdobeFlashPlayerUpdateSvc - ok
14:40:47.0265 4208 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
14:40:47.0265 4208 adpu160m - ok
14:40:47.0296 4208 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
14:40:47.0296 4208 aec - ok
14:40:47.0328 4208 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc C:\WINDOWS\system32\drivers\Afc.sys
14:40:47.0328 4208 Afc - ok
14:40:47.0359 4208 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
14:40:47.0359 4208 AFD - ok
14:40:47.0375 4208 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
14:40:47.0375 4208 agp440 - ok
14:40:47.0390 4208 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
14:40:47.0390 4208 agpCPQ - ok
14:40:47.0406 4208 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
14:40:47.0406 4208 Aha154x - ok
14:40:47.0406 4208 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
14:40:47.0406 4208 aic78u2 - ok
14:40:47.0421 4208 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
14:40:47.0421 4208 aic78xx - ok
14:40:47.0453 4208 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
14:40:47.0468 4208 Alerter - ok
14:40:47.0484 4208 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
14:40:47.0484 4208 ALG - ok
14:40:47.0500 4208 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
14:40:47.0500 4208 AliIde - ok
14:40:47.0515 4208 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
14:40:47.0515 4208 alim1541 - ok
14:40:47.0515 4208 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
14:40:47.0515 4208 amdagp - ok
14:40:47.0531 4208 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
14:40:47.0531 4208 amsint - ok
14:40:47.0609 4208 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:40:47.0609 4208 Apple Mobile Device - ok
14:40:47.0640 4208 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
14:40:47.0640 4208 AppMgmt - ok
14:40:47.0640 4208 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
14:40:47.0640 4208 asc - ok
14:40:47.0656 4208 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
14:40:47.0656 4208 asc3350p - ok
14:40:47.0671 4208 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
14:40:47.0671 4208 asc3550 - ok
14:40:47.0781 4208 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:40:47.0781 4208 aspnet_state - ok
14:40:47.0843 4208 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
14:40:47.0843 4208 aswFsBlk - ok
14:40:47.0843 4208 [ 2B9B1DF809E965EF63402CBBA6DB50AE ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
14:40:47.0843 4208 aswMon2 - ok
14:40:47.0875 4208 [ B7D5E4486BA658ED08624D8084ABB830 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
14:40:47.0890 4208 aswRdr - ok
14:40:47.0937 4208 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
14:40:47.0937 4208 aswSnx - ok
14:40:47.0968 4208 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
14:40:47.0968 4208 aswSP - ok
14:40:48.0000 4208 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
14:40:48.0000 4208 aswTdi - ok
14:40:48.0046 4208 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:40:48.0046 4208 AsyncMac - ok
14:40:48.0046 4208 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
14:40:48.0062 4208 atapi - ok
14:40:48.0062 4208 Atdisk - ok
14:40:48.0109 4208 [ DAE9B06F344AE0F877D7CE3500C12342 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
14:40:48.0125 4208 Ati HotKey Poller - ok
14:40:48.0171 4208 [ 6B6B5DE3F63C3F9E9DE4F84729395F37 ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
14:40:48.0171 4208 ATI Smart - ok
14:40:48.0328 4208 [ BDE0F5D73C04B3F16672A7E6EA9D2392 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:40:48.0375 4208 ati2mtag - ok
14:40:48.0390 4208 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:40:48.0390 4208 Atmarpc - ok
14:40:48.0421 4208 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
14:40:48.0421 4208 AudioSrv - ok
14:40:48.0468 4208 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
14:40:48.0468 4208 audstub - ok
14:40:48.0546 4208 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
14:40:48.0546 4208 avast! Antivirus - ok
14:40:48.0546 4208 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
14:40:48.0546 4208 Beep - ok
14:40:48.0593 4208 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
14:40:48.0609 4208 BITS - ok
14:40:48.0656 4208 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:40:48.0671 4208 Bonjour Service - ok
14:40:48.0718 4208 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
14:40:48.0718 4208 Browser - ok
14:40:48.0843 4208 catchme - ok
14:40:48.0859 4208 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
14:40:48.0859 4208 cbidf - ok
14:40:48.0859 4208 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
14:40:48.0859 4208 cbidf2k - ok
14:40:48.0875 4208 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
14:40:48.0875 4208 cd20xrnt - ok
14:40:48.0890 4208 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
14:40:48.0890 4208 Cdaudio - ok
14:40:48.0906 4208 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
14:40:48.0906 4208 Cdfs - ok
14:40:48.0921 4208 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:40:48.0921 4208 Cdrom - ok
14:40:48.0921 4208 Changer - ok
14:40:48.0953 4208 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
14:40:48.0953 4208 CiSvc - ok
14:40:48.0968 4208 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
14:40:48.0984 4208 ClipSrv - ok
14:40:49.0000 4208 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:40:49.0000 4208 clr_optimization_v2.0.50727_32 - ok
14:40:49.0046 4208 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
14:40:49.0046 4208 CmdIde - ok
14:40:49.0046 4208 COMSysApp - ok
14:40:49.0062 4208 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
14:40:49.0062 4208 Cpqarray - ok
14:40:49.0093 4208 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
14:40:49.0093 4208 CryptSvc - ok
14:40:49.0109 4208 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
14:40:49.0109 4208 dac2w2k - ok
14:40:49.0125 4208 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
14:40:49.0125 4208 dac960nt - ok
14:40:49.0171 4208 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
14:40:49.0187 4208 DcomLaunch - ok
14:40:49.0218 4208 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
14:40:49.0218 4208 Dhcp - ok
14:40:49.0265 4208 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
14:40:49.0265 4208 Disk - ok
14:40:49.0281 4208 dmadmin - ok
14:40:49.0312 4208 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
14:40:49.0328 4208 dmboot - ok
14:40:49.0328 4208 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
14:40:49.0328 4208 dmio - ok
14:40:49.0359 4208 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
14:40:49.0359 4208 dmload - ok
14:40:49.0390 4208 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
14:40:49.0390 4208 dmserver - ok
14:40:49.0406 4208 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
14:40:49.0406 4208 DMusic - ok
14:40:49.0437 4208 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
14:40:49.0437 4208 Dnscache - ok
14:40:49.0468 4208 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
14:40:49.0468 4208 Dot3svc - ok
14:40:49.0484 4208 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
14:40:49.0484 4208 dpti2o - ok
14:40:49.0500 4208 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
14:40:49.0515 4208 drmkaud - ok
14:40:49.0515 4208 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
14:40:49.0515 4208 E100B - ok
14:40:49.0531 4208 [ 34AAA3B298A852B3663E6E0D94D12945 ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
14:40:49.0546 4208 e1express - ok
14:40:49.0562 4208 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
14:40:49.0562 4208 EapHost - ok
14:40:49.0593 4208 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
14:40:49.0609 4208 ERSvc - ok
14:40:49.0625 4208 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
14:40:49.0640 4208 Eventlog - ok
14:40:49.0687 4208 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
14:40:49.0687 4208 EventSystem - ok
14:40:49.0734 4208 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
14:40:49.0734 4208 Fastfat - ok
14:40:49.0781 4208 [ 1926899BF9FFE2602B63074971700412 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:40:49.0796 4208 FastUserSwitchingCompatibility - ok
14:40:49.0843 4208 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
14:40:49.0843 4208 Fax - ok
14:40:49.0875 4208 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
14:40:49.0875 4208 Fdc - ok
14:40:49.0890 4208 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
14:40:49.0890 4208 Fips - ok
14:40:49.0906 4208 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:40:49.0906 4208 Flpydisk - ok
14:40:49.0937 4208 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
14:40:49.0937 4208 FltMgr - ok
14:40:50.0000 4208 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:40:50.0000 4208 FontCache3.0.0.0 - ok
14:40:50.0015 4208 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:40:50.0015 4208 Fs_Rec - ok
14:40:50.0062 4208 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:40:50.0062 4208 Ftdisk - ok
14:40:50.0093 4208 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
14:40:50.0093 4208 GEARAspiWDM - ok
14:40:50.0109 4208 [ 0879DC7444A201DF84E69C5DD5083D61 ] getPlusHelper C:\Program Files\NOS\bin\getPlus_Helper.dll
14:40:50.0125 4208 getPlusHelper - ok
14:40:50.0140 4208 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\WINDOWS\system32\giveio.sys
14:40:50.0140 4208 giveio - ok
14:40:50.0171 4208 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:40:50.0171 4208 Gpc - ok
14:40:50.0218 4208 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:40:50.0218 4208 gusvc - ok
14:40:50.0234 4208 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:40:50.0250 4208 HDAudBus - ok
14:40:50.0312 4208 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:40:50.0312 4208 helpsvc - ok
14:40:50.0328 4208 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
14:40:50.0343 4208 HidServ - ok
14:40:50.0359 4208 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:40:50.0359 4208 HidUsb - ok
14:40:50.0406 4208 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
14:40:50.0406 4208 hkmsvc - ok
14:40:50.0437 4208 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
14:40:50.0453 4208 hpn - ok
14:40:50.0500 4208 [ CE0FCEC4D4D860F36D972759B11EAF0F ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
14:40:50.0500 4208 hpqcxs08 - ok
14:40:50.0546 4208 [ 7DA3211AC63EDD90B8ECA1CA1ABFD43B ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
14:40:50.0546 4208 hpqddsvc - ok
14:40:50.0562 4208 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
14:40:50.0562 4208 HPZid412 - ok
14:40:50.0593 4208 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
14:40:50.0593 4208 HPZipr12 - ok
14:40:50.0625 4208 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
14:40:50.0625 4208 HPZius12 - ok
14:40:50.0671 4208 [ 77E4FF0B73BC0AEAAF39BF0C8104231F ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
14:40:50.0687 4208 HSFHWBS2 - ok
14:40:50.0734 4208 [ 60E1604729A15EF4A3B05F298427B3B1 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
14:40:50.0750 4208 HSF_DP - ok
14:40:50.0781 4208 [ CBD09ED9CF6822177EE85AEA4D8816A2 ] HTCAND32 C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
14:40:50.0781 4208 HTCAND32 - ok
14:40:50.0812 4208 [ 04E3B3554076B8192A668EFE88A682A1 ] htcnprot C:\WINDOWS\system32\DRIVERS\htcnprot.sys
14:40:50.0812 4208 htcnprot - ok
14:40:50.0843 4208 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
14:40:50.0843 4208 HTTP - ok
14:40:50.0875 4208 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
14:40:50.0890 4208 HTTPFilter - ok
14:40:50.0937 4208 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
14:40:50.0937 4208 i2omgmt - ok
14:40:50.0953 4208 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
14:40:50.0953 4208 i2omp - ok
14:40:50.0968 4208 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:40:50.0968 4208 i8042prt - ok
14:40:50.0984 4208 [ 997E8F5939F2D12CD9F2E6B395724C16 ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
14:40:51.0000 4208 iaStor - ok
14:40:51.0125 4208 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
14:40:51.0125 4208 IDriverT - ok
14:40:51.0203 4208 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:40:51.0203 4208 idsvc - ok
14:40:51.0234 4208 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
14:40:51.0234 4208 Imapi - ok
14:40:51.0281 4208 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
14:40:51.0281 4208 ImapiService - ok
14:40:51.0312 4208 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
14:40:51.0312 4208 ini910u - ok
14:40:51.0484 4208 [ DBC702FBC70DC58D9122CE56EADBD659 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:40:51.0531 4208 IntcAzAudAddService - ok
14:40:51.0562 4208 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
14:40:51.0562 4208 IntelIde - ok
14:40:51.0593 4208 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:40:51.0593 4208 intelppm - ok
14:40:51.0625 4208 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
14:40:51.0625 4208 Ip6Fw - ok
14:40:51.0640 4208 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:40:51.0640 4208 IpFilterDriver - ok
14:40:51.0656 4208 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:40:51.0656 4208 IpInIp - ok
14:40:51.0656 4208 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:40:51.0671 4208 IpNat - ok
14:40:51.0718 4208 [ CE004777B92DEA56FE14EC900D20BAA4 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:40:51.0718 4208 iPod Service - ok
14:40:51.0765 4208 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:40:51.0765 4208 IPSec - ok
14:40:51.0781 4208 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
14:40:51.0781 4208 IRENUM - ok
14:40:51.0812 4208 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:40:51.0812 4208 isapnp - ok
14:40:51.0890 4208 [ 80F08F50D248EEEEB9256F6522891D40 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
14:40:51.0906 4208 JavaQuickStarterService - ok
14:40:51.0937 4208 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:40:51.0953 4208 Kbdclass - ok
14:40:51.0953 4208 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:40:51.0968 4208 kbdhid - ok
14:40:51.0984 4208 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
14:40:51.0984 4208 kmixer - ok
14:40:52.0031 4208 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
14:40:52.0031 4208 KSecDD - ok
14:40:52.0062 4208 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
14:40:52.0078 4208 lanmanserver - ok
14:40:52.0125 4208 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:40:52.0140 4208 lanmanworkstation - ok
14:40:52.0187 4208 [ BE2DC24D403643A2D1D98F33C7087B38 ] LBeepKE C:\WINDOWS\system32\Drivers\LBeepKE.sys
14:40:52.0187 4208 LBeepKE - ok
14:40:52.0187 4208 lbrtfdc - ok
14:40:52.0265 4208 [ 910344E2A984010435AE84783B25E5EB ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
14:40:52.0265 4208 LBTServ - ok
14:40:52.0296 4208 [ 2B81DE27D63A2DE5876EAC1BC34ECE9B ] LCcfltr C:\WINDOWS\system32\Drivers\LCcFltr.Sys
14:40:52.0296 4208 LCcfltr - ok
14:40:52.0328 4208 [ 717E6714BCA808F2A372E636AFF3D15A ] LEqdUsb C:\WINDOWS\system32\Drivers\LEqdUsb.Sys
14:40:52.0328 4208 LEqdUsb - ok
14:40:52.0359 4208 [ 2786F7B4003ADFF88CE28BC1800B5407 ] LHidEqd C:\WINDOWS\system32\Drivers\LHidEqd.Sys
14:40:52.0359 4208 LHidEqd - ok
14:40:52.0375 4208 [ 01CC7FB6E790EF044B411377F3A1FF41 ] LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
14:40:52.0390 4208 LHidFilt - ok
14:40:52.0406 4208 [ B97D05E656818572B6B04BA682D3AA8F ] LHidFlt2 C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
14:40:52.0406 4208 LHidFlt2 - ok
14:40:52.0421 4208 [ 826AACB98A2CA5C51E982C748A60D645 ] LHidUsb C:\WINDOWS\system32\Drivers\LHidUsb.Sys
14:40:52.0421 4208 LHidUsb - ok
14:40:52.0437 4208 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
14:40:52.0453 4208 LmHosts - ok
14:40:52.0468 4208 [ A2E7EAE8898D7B4B8C302B8F4E836BB5 ] LMouFilt C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
14:40:52.0468 4208 LMouFilt - ok
14:40:52.0468 4208 [ B666F835C18974F392A387C6E863072F ] LMouFlt2 C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
14:40:52.0468 4208 LMouFlt2 - ok
14:40:52.0500 4208 [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
14:40:52.0500 4208 mdmxsdk - ok
14:40:52.0515 4208 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
14:40:52.0531 4208 Messenger - ok
14:40:52.0562 4208 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
14:40:52.0578 4208 mnmdd - ok
14:40:52.0640 4208 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
14:40:52.0640 4208 mnmsrvc - ok
14:40:52.0687 4208 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
14:40:52.0687 4208 Modem - ok
14:40:52.0734 4208 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
14:40:52.0734 4208 MODEMCSA - ok
14:40:52.0781 4208 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:40:52.0781 4208 Mouclass - ok
14:40:52.0796 4208 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:40:52.0812 4208 mouhid - ok
14:40:52.0828 4208 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
14:40:52.0843 4208 MountMgr - ok
14:40:52.0859 4208 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
14:40:52.0859 4208 mraid35x - ok
14:40:52.0890 4208 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:40:52.0890 4208 MRxDAV - ok
14:40:52.0953 4208 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:40:52.0953 4208 MRxSmb - ok
14:40:52.0953 4208 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
14:40:52.0968 4208 Msfs - ok
14:40:52.0968 4208 MSIServer - ok
14:40:53.0000 4208 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:40:53.0000 4208 MSKSSRV - ok
14:40:53.0015 4208 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:40:53.0015 4208 MSPCLOCK - ok
14:40:53.0031 4208 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
14:40:53.0031 4208 MSPQM - ok
14:40:53.0031 4208 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:40:53.0031 4208 mssmbios - ok
14:40:53.0062 4208 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
14:40:53.0078 4208 Mup - ok
14:40:53.0093 4208 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
14:40:53.0109 4208 napagent - ok
14:40:53.0125 4208 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
14:40:53.0140 4208 NDIS - ok
14:40:53.0156 4208 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:40:53.0156 4208 NdisTapi - ok
14:40:53.0171 4208 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:40:53.0171 4208 Ndisuio - ok
14:40:53.0187 4208 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:40:53.0187 4208 NdisWan - ok
14:40:53.0218 4208 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
14:40:53.0218 4208 NDProxy - ok
14:40:53.0250 4208 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
14:40:53.0250 4208 Net Driver HPZ12 - ok
14:40:53.0265 4208 [ CE3E46F0BDCD4497503BE3ED9E143352 ] Net6IM C:\WINDOWS\system32\DRIVERS\net6im51.sys
14:40:53.0281 4208 Net6IM - ok
14:40:53.0281 4208 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
14:40:53.0281 4208 NetBIOS - ok
14:40:53.0296 4208 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
14:40:53.0296 4208 NetBT - ok
14:40:53.0328 4208 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
14:40:53.0343 4208 NetDDE - ok
14:40:53.0343 4208 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
14:40:53.0359 4208 NetDDEdsdm - ok
14:40:53.0359 4208 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
14:40:53.0375 4208 Netlogon - ok
14:40:53.0375 4208 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
14:40:53.0390 4208 Netman - ok
14:40:53.0421 4208 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:40:53.0437 4208 NetTcpPortSharing - ok
14:40:53.0453 4208 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
14:40:53.0468 4208 Nla - ok
14:40:53.0500 4208 [ 0E58F99692802C501454EAC3D2AC3394 ] nosGetPlusHelper C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
14:40:53.0500 4208 nosGetPlusHelper - ok
14:40:53.0515 4208 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
14:40:53.0515 4208 Npfs - ok
14:40:53.0546 4208 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
14:40:53.0562 4208 Ntfs - ok
14:40:53.0562 4208 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
14:40:53.0562 4208 NtLmSsp - ok
14:40:53.0609 4208 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
14:40:53.0625 4208 NtmsSvc - ok
14:40:53.0640 4208 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
14:40:53.0656 4208 Null - ok
14:40:53.0718 4208 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:40:53.0734 4208 nv - ok
14:40:53.0765 4208 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:40:53.0765 4208 NwlnkFlt - ok
14:40:53.0781 4208 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:40:53.0781 4208 NwlnkFwd - ok
14:40:53.0937 4208 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:40:53.0937 4208 odserv - ok
14:40:53.0984 4208 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:40:53.0984 4208 ose - ok
14:40:54.0015 4208 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
14:40:54.0031 4208 Parport - ok
14:40:54.0046 4208 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
14:40:54.0062 4208 PartMgr - ok
14:40:54.0078 4208 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
14:40:54.0078 4208 ParVdm - ok
14:40:54.0125 4208 [ 39B9DCD7040654C2E57D7396736C718E ] PassThru Service C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
14:40:54.0125 4208 PassThru Service - ok
14:40:54.0140 4208 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
14:40:54.0156 4208 PCI - ok
14:40:54.0156 4208 PCIDump - ok
14:40:54.0203 4208 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
14:40:54.0203 4208 PCIIde - ok
14:40:54.0234 4208 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
14:40:54.0234 4208 Pcmcia - ok
14:40:54.0250 4208 PDCOMP - ok
14:40:54.0250 4208 PDFRAME - ok
14:40:54.0250 4208 PDRELI - ok
14:40:54.0265 4208 PDRFRAME - ok
14:40:54.0281 4208 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
14:40:54.0281 4208 perc2 - ok
14:40:54.0296 4208 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
14:40:54.0296 4208 perc2hib - ok
14:40:54.0328 4208 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
14:40:54.0343 4208 PlugPlay - ok
14:40:54.0375 4208 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
14:40:54.0375 4208 Pml Driver HPZ12 - ok
14:40:54.0390 4208 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
14:40:54.0406 4208 PolicyAgent - ok
14:40:54.0421 4208 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:40:54.0421 4208 PptpMiniport - ok
14:40:54.0421 4208 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:40:54.0437 4208 ProtectedStorage - ok
14:40:54.0437 4208 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
14:40:54.0437 4208 PSched - ok
14:40:54.0453 4208 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:40:54.0453 4208 Ptilink - ok
14:40:54.0484 4208 [ FEFFCFDC528764A04C8ED63D5FA6E711 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:40:54.0484 4208 PxHelp20 - ok
14:40:54.0484 4208 qcserxp - ok
14:40:54.0500 4208 qcusbser - ok
14:40:54.0515 4208 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
14:40:54.0515 4208 ql1080 - ok
14:40:54.0531 4208 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
14:40:54.0531 4208 Ql10wnt - ok
14:40:54.0546 4208 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
14:40:54.0546 4208 ql12160 - ok
14:40:54.0562 4208 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
14:40:54.0562 4208 ql1240 - ok
14:40:54.0578 4208 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
14:40:54.0578 4208 ql1280 - ok
14:40:54.0578 4208 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:40:54.0593 4208 RasAcd - ok
14:40:54.0625 4208 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
14:40:54.0640 4208 RasAuto - ok
14:40:54.0671 4208 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:40:54.0671 4208 Rasl2tp - ok
14:40:54.0703 4208 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
14:40:54.0718 4208 RasMan - ok
14:40:54.0765 4208 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:40:54.0765 4208 RasPppoe - ok
14:40:54.0781 4208 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
14:40:54.0781 4208 Raspti - ok
14:40:54.0828 4208 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:40:54.0828 4208 Rdbss - ok
14:40:54.0828 4208 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:40:54.0828 4208 RDPCDD - ok
14:40:54.0875 4208 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:40:54.0875 4208 rdpdr - ok
14:40:54.0921 4208 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
14:40:54.0921 4208 RDPWD - ok
14:40:54.0953 4208 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
14:40:54.0968 4208 RDSessMgr - ok
14:40:54.0968 4208 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
14:40:54.0984 4208 redbook - ok
14:40:55.0015 4208 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
14:40:55.0031 4208 RemoteAccess - ok
14:40:55.0062 4208 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
14:40:55.0078 4208 RemoteRegistry - ok
14:40:55.0078 4208 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
14:40:55.0093 4208 RpcLocator - ok
14:40:55.0109 4208 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
14:40:55.0125 4208 RpcSs - ok
14:40:55.0171 4208 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
14:40:55.0187 4208 RSVP - ok
14:40:55.0203 4208 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
14:40:55.0218 4208 SamSs - ok
14:40:55.0234 4208 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
14:40:55.0250 4208 SCardSvr - ok
14:40:55.0265 4208 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
14:40:55.0281 4208 Schedule - ok
14:40:55.0312 4208 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:40:55.0328 4208 Secdrv - ok
14:40:55.0343 4208 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
14:40:55.0359 4208 seclogon - ok
14:40:55.0359 4208 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
14:40:55.0375 4208 SENS - ok
14:40:55.0421 4208 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
14:40:55.0421 4208 serenum - ok
14:40:55.0453 4208 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
14:40:55.0453 4208 Serial - ok
14:40:55.0468 4208 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
14:40:55.0468 4208 Sfloppy - ok
14:40:55.0500 4208 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
14:40:55.0515 4208 SharedAccess - ok
14:40:55.0531 4208 [ 1926899BF9FFE2602B63074971700412 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:40:55.0546 4208 ShellHWDetection - ok
14:40:55.0546 4208 Simbad - ok
14:40:55.0578 4208 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
14:40:55.0593 4208 sisagp - ok
14:40:55.0640 4208 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
14:40:55.0640 4208 SkypeUpdate - ok
14:40:55.0687 4208 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
14:40:55.0687 4208 Sparrow - ok
14:40:55.0734 4208 [ 5D6401DB90EC81B71F8E2C5C8F0FEF23 ] speedfan C:\WINDOWS\system32\speedfan.sys
14:40:55.0734 4208 speedfan - ok
14:40:55.0781 4208 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
14:40:55.0781 4208 splitter - ok
14:40:55.0812 4208 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
14:40:55.0828 4208 Spooler - ok
14:40:55.0875 4208 sprtsvc_dellsupportcenter - ok
14:40:55.0906 4208 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
14:40:55.0906 4208 sr - ok
14:40:55.0937 4208 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
14:40:55.0953 4208 srservice - ok
14:40:56.0000 4208 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
14:40:56.0015 4208 Srv - ok
14:40:56.0046 4208 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
14:40:56.0062 4208 SSDPSRV - ok
14:40:56.0078 4208 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
14:40:56.0093 4208 stisvc - ok
14:40:56.0140 4208 [ 51778FD315C9882F1CBD932743E62A72 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
14:40:56.0140 4208 stllssvr - ok
14:40:56.0171 4208 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
14:40:56.0171 4208 swenum - ok
14:40:56.0187 4208 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
14:40:56.0187 4208 swmidi - ok
14:40:56.0203 4208 SwPrv - ok
14:40:56.0218 4208 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
14:40:56.0218 4208 symc810 - ok
14:40:56.0234 4208 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
14:40:56.0234 4208 symc8xx - ok
14:40:56.0234 4208 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
14:40:56.0250 4208 sym_hi - ok
14:40:56.0250 4208 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
14:40:56.0250 4208 sym_u3 - ok
14:40:56.0281 4208 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
14:40:56.0281 4208 sysaudio - ok
14:40:56.0312 4208 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
14:40:56.0312 4208 SysmonLog - ok
14:40:56.0328 4208 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
14:40:56.0343 4208 TapiSrv - ok
14:40:56.0375 4208 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:40:56.0375 4208 Tcpip - ok
14:40:56.0406 4208 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
14:40:56.0406 4208 TDPIPE - ok
14:40:56.0437 4208 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
14:40:56.0437 4208 TDTCP - ok
14:40:56.0453 4208 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
14:40:56.0468 4208 TermDD - ok
14:40:56.0484 4208 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
14:40:56.0500 4208 TermService - ok
14:40:56.0531 4208 [ 1926899BF9FFE2602B63074971700412 ] Themes C:\WINDOWS\System32\shsvcs.dll
14:40:56.0546 4208 Themes - ok
14:40:56.0578 4208 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
14:40:56.0593 4208 TlntSvr - ok
14:40:56.0625 4208 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
14:40:56.0625 4208 TosIde - ok
14:40:56.0656 4208 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
14:40:56.0671 4208 TrkWks - ok
14:40:56.0687 4208 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
14:40:56.0687 4208 Udfs - ok
14:40:56.0687 4208 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
14:40:56.0687 4208 ultra - ok
14:40:56.0734 4208 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
14:40:56.0750 4208 Update - ok
14:40:56.0796 4208 [ 3F9A3232E5F942874488981F3242C989 ] UPHClean C:\Program Files\UPHClean\uphclean.exe
14:40:56.0796 4208 UPHClean - ok
14:40:56.0812 4208 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
14:40:56.0828 4208 upnphost - ok
14:40:56.0859 4208 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
14:40:56.0875 4208 UPS - ok
14:40:56.0937 4208 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
14:40:56.0937 4208 USBAAPL - ok
14:40:56.0968 4208 [ 5AADC9297C39AA249CD994ACDBA19034 ] usbbus C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
14:40:56.0968 4208 usbbus - ok
14:40:57.0000 4208 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:40:57.0000 4208 usbccgp - ok
14:40:57.0046 4208 [ 4650FFE04E5922399B0E932319E6B215 ] UsbDiag C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
14:40:57.0046 4208 UsbDiag - ok
14:40:57.0062 4208 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:40:57.0062 4208 usbehci - ok
14:40:57.0078 4208 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:40:57.0078 4208 usbhub - ok
14:40:57.0140 4208 [ 2666FE171E0C2E7085CCD5FE0BAC09E3 ] USBModem C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
14:40:57.0140 4208 USBModem - ok
14:40:57.0171 4208 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:40:57.0171 4208 usbprint - ok
14:40:57.0203 4208 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:40:57.0203 4208 usbscan - ok
14:40:57.0234 4208 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:40:57.0234 4208 USBSTOR - ok
14:40:57.0250 4208 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:40:57.0250 4208 usbuhci - ok
14:40:57.0265 4208 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
14:40:57.0265 4208 VgaSave - ok
14:40:57.0281 4208 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
14:40:57.0296 4208 viaagp - ok
14:40:57.0312 4208 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
14:40:57.0312 4208 ViaIde - ok
14:40:57.0328 4208 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
14:40:57.0343 4208 VolSnap - ok
14:40:57.0359 4208 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
14:40:57.0375 4208 VSS - ok
14:40:57.0406 4208 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
14:40:57.0421 4208 w32time - ok
14:40:57.0437 4208 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:40:57.0437 4208 Wanarp - ok
14:40:57.0484 4208 [ 4769596D7CC0F5FA447D2BABC239672A ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
14:40:57.0500 4208 Wdf01000 - ok
14:40:57.0500 4208 WDICA - ok
14:40:57.0515 4208 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
14:40:57.0515 4208 wdmaud - ok
14:40:57.0531 4208 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
14:40:57.0546 4208 WebClient - ok
14:40:57.0578 4208 [ F59ED5A43B988A18EF582BB07B2327A7 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
14:40:57.0593 4208 winachsf - ok
14:40:57.0656 4208 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
14:40:57.0656 4208 winmgmt - ok
14:40:57.0703 4208 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
14:40:57.0718 4208 WmdmPmSN - ok
14:40:57.0781 4208 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
14:40:57.0781 4208 Wmi - ok
14:40:57.0812 4208 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:40:57.0812 4208 WmiApSrv - ok
14:40:57.0890 4208 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
14:40:57.0906 4208 WMPNetworkSvc - ok
14:40:57.0921 4208 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
14:40:57.0937 4208 WpdUsb - ok
14:40:57.0937 4208 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:40:57.0937 4208 WS2IFSL - ok
14:40:57.0984 4208 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
14:40:58.0000 4208 wscsvc - ok
14:40:58.0031 4208 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
14:40:58.0046 4208 wuauserv - ok
14:40:58.0078 4208 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:40:58.0078 4208 WudfPf - ok
14:40:58.0109 4208 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:40:58.0125 4208 WudfRd - ok
14:40:58.0156 4208 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
14:40:58.0171 4208 WudfSvc - ok
14:40:58.0218 4208 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
14:40:58.0234 4208 WZCSVC - ok
14:40:58.0265 4208 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
14:40:58.0281 4208 xmlprov - ok
14:40:58.0281 4208 yeddef - ok
14:40:58.0281 4208 ================ Scan global ===============================
14:40:58.0328 4208 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
14:40:58.0359 4208 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
14:40:58.0390 4208 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
14:40:58.0421 4208 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
14:40:58.0421 4208 [Global] - ok
14:40:58.0421 4208 ================ Scan MBR ==================================
14:40:58.0453 4208 [ 5CB90281D1A59B251F6603134774EEC3 ] \Device\Harddisk0\DR0
14:40:58.0625 4208 \Device\Harddisk0\DR0 - ok
14:40:58.0625 4208 ================ Scan VBR ==================================
14:40:58.0625 4208 [ B192AB733C07CFA4D9347441B9446B94 ] \Device\Harddisk0\DR0\Partition1
14:40:58.0625 4208 \Device\Harddisk0\DR0\Partition1 - ok
14:40:58.0625 4208 ============================================================
14:40:58.0625 4208 Scan finished
14:40:58.0625 4208 ============================================================
14:40:58.0640 4472 Detected object count: 0
14:40:58.0640 4472 Actual detected object count: 0
14:41:53.0953 3856 Deinitialize success
tony5oh
Active Member
 
Posts: 14
Joined: August 29th, 2012, 1:05 pm
Location: Florida, US
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 49 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware