Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Selectionlinks? hit by some virus

Started by ImJustsayin , Jan 16 2013 08:54 PM

  • Please log in to reply

#1
ImJustsayin
Posted 16 January 2013 - 08:54 PM

ImJustsayin

    Member

  • Member
  • PipPipPip
  • 281 posts
I downloaded OTL but will not complete run or posr log. Ran malwarebytes it foumd 4 itens (pups) with it removed. Problem started with ads showing up above Google queries and Yahoo email inbox entries. not Yahoo home page is messed up, no graphics and your webpages are formatted improperly. The ads had very small text that said "not from this site". I had a selectionlink in my install programs somehow, I uninstalled it and that is when things got bad;

Edited by ImJustsayin, 16 January 2013 - 08:55 PM.

  • 0

Advertisements

#2
RKinner
Posted 16 January 2013 - 09:58 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Please download DDS from http://download.blee...om/sUBs/dds.com or http://download.blee...om/sUBs/dds.scr
and save it to your desktop.

* Disable any script blocking protection
* Double click dds.pif to run the tool. (Vista and Win 7 please right click and Run As Admin)
* When done, two DDS.txt's will open.
* Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a minute then:

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.


Ron
  • 0

#3
ImJustsayin
Posted 16 January 2013 - 10:36 PM

ImJustsayin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 281 posts
While waiting I ran adwcleaner, it removed a lot but no improvement, there is a log if interested. below is what you requested

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by David's HP at 22:28:28 on 2013-01-16
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3932.2285 [GMT -6:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Intel\AMT\LMS.exe
C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE
C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\vds.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\Suunto\Moveslink\Moveslink.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
BHO: Coupon Companion Plugin: {11111111-1111-1111-1111-110211181104} - C:\Program Files (x86)\Coupon Companion Plugin\Coupon Companion Plugin.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {300BEC06-B743-4D19-86B9-11DC711D7FFB} - <orphaned>
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
uRun: [EPSON WorkForce 610 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIFJA.EXE /FU "C:\Windows\TEMP\E_SCAE3.tmp" /EF "HKCU"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\Users\DAVID'~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MOVESL~1.LNK - C:\Windows\Installer\{0ED016B2-C009-4253-9DDD-BDB8DA9CE181}\_E02D80CCF13FCD5A87F526.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{714B57E2-1594-4D0F-B2EE-FE056C10D83E} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{81B78C55-7D5D-4F9D-85CF-FC78FF735239} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{81B78C55-7D5D-4F9D-85CF-FC78FF735239}\145727F62716455727E6562737 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{81B78C55-7D5D-4F9D-85CF-FC78FF735239}\478656D616E636166756 : DHCPNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{81B78C55-7D5D-4F9D-85CF-FC78FF735239}\D656C616275616 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{81B78C55-7D5D-4F9D-85CF-FC78FF735239}\E416473616A5145523 : DHCPNameServer = 191.168.2.100
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [MacDrive 8 application] "C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe"
x64-Run: [Getting started with MacDrive 8] "C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe" /auto
x64-Run: [picon] "C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" -startup
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [IntelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
x64-DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\David's HP\AppData\Roaming\Mozilla\Firefox\Profiles\q52m1tjn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-01-13 09:25; [email protected]; C:\Users\David's HP\AppData\Roaming\Mozilla\Firefox\Profiles\q52m1tjn.default\extensions\[email protected]
FF - ExtSQL: 2013-01-13 09:25; [email protected]; C:\Users\David's HP\AppData\Roaming\Mozilla\Firefox\Profiles\q52m1tjn.default\extensions\[email protected]
.
============= SERVICES / DRIVERS ===============
.
R0 MDFSYSNT;MacDrive file system driver;C:\Windows\System32\drivers\MDFSYSNT.SYS [2010-5-18 306280]
R0 MDPMGRNT;MacDrive Partition Driver;C:\Windows\System32\drivers\MDPMGRNT.SYS [2011-3-18 32352]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R1 CBDisk;CBDisk;C:\Windows\System32\drivers\CBDisk.sys [2011-3-18 70344]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-8-10 197536]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
R2 M4LIC;Mediafour M4LIC service;C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE [2009-7-29 205312]
R2 MacDrive8Service;MacDrive 8 service;C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-5-4 218112]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-1-16 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-1-16 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-1-16 168384]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2011-3-18 2058776]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2011-3-18 227896]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-6-23 56344]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2011-3-18 7680512]
R3 rismcx64;RICOH Smart Card Reader;C:\Windows\System32\drivers\rismcx64.sys [2011-3-18 79872]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2011-3-18 401920]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y62x64.sys [2011-3-18 290008]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
S3 pnetmdm;PdaNet Modem;C:\Windows\System32\drivers\pnetmdm64.sys [2011-3-18 17920]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-3-18 20992]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-18 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-18 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0105;RsFx0105 Driver;C:\Windows\System32\drivers\RsFx0105.sys [2011-9-22 311144]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
.
=============== Created Last 30 ================
.
2013-01-17 02:33:15 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-01-17 02:33:02 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-01-17 02:32:56 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-01-16 23:42:11 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7B5DFE56-D973-4B79-BDCA-A74A197B7AD9}\offreg.dll
2013-01-16 16:52:38 9161176 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7B5DFE56-D973-4B79-BDCA-A74A197B7AD9}\mpengine.dll
2013-01-15 10:41:37 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-14 18:35:37 -------- d-----w- C:\Program Files (x86)\HRBlock2012
2013-01-13 15:27:02 -------- d-----w- C:\Users\David's HP\AppData\Roaming\Bullzip
2013-01-13 15:26:22 99840 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\LXKPTPRC.DLL
2013-01-13 15:26:12 -------- d-----w- C:\Users\David's HP\AppData\Local\Programs
2013-01-13 15:25:25 -------- d-----w- C:\Users\David's HP\AppData\Local\Coupon Companion Plugin
2013-01-13 15:25:15 -------- d-----w- C:\Users\David's HP\AppData\Local\Updater21804
2013-01-13 15:24:50 -------- d-----w- C:\Program Files (x86)\Coupon Companion Plugin
2013-01-10 21:01:54 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-01-10 21:01:45 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-01-10 21:01:45 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-01-10 21:01:38 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2013-01-10 21:01:37 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2013-01-10 21:01:37 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2013-01-10 21:01:37 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-01-10 21:01:36 750592 ----a-w- C:\Windows\System32\win32spl.dll
2013-01-10 21:01:35 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-01-10 21:00:47 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-12-22 16:05:23 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-22 16:05:23 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-22 16:05:22 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-22 16:05:21 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-18 19:08:32 209112 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-12-18 19:08:32 209112 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
==================== Find3M ====================
.
2013-01-12 23:24:00 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-12 23:23:59 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-14 22:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
.
============= FINISH: 22:29:34.88 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 3/18/2011 12:37:02 PM
System Uptime: 1/16/2013 10:23:01 PM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 30DB
Processor: Intel® Core™2 Duo CPU P8700 @ 2.53GHz | Intel® Genuine processor | 785/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 232 GiB total, 98.845 GiB free.
D: is FIXED (FAT32) - 1 GiB total, 0.976 GiB free.
E: is CDROM ()
F: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e978-e325-11ce-bfc1-08002be10318}
Description: Intel® Active Management Technology - SOL
Device ID: PCI\VEN_8086&DEV_2A47&SUBSYS_30DB103C&REV_07\3&33FD14CA&0&1B
Manufacturer: Intel
Name: Intel® Active Management Technology - SOL (COM3)
PNP Device ID: PCI\VEN_8086&DEV_2A47&SUBSYS_30DB103C&REV_07\3&33FD14CA&0&1B
Service: Serial
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Intel® 82567LM Gigabit Network Connection
Device ID: PCI\VEN_8086&DEV_10F5&SUBSYS_30DB103C&REV_03\3&33FD14CA&0&C8
Manufacturer: Intel
Name: Intel® 82567LM Gigabit Network Connection
PNP Device ID: PCI\VEN_8086&DEV_10F5&SUBSYS_30DB103C&REV_03\3&33FD14CA&0&C8
Service: e1yexpress
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20 (x64 edition)
Adobe AIR
Adobe Flash Player 10 ActiveX 64-bit
Adobe Flash Player 10 Plugin 64-bit
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.01)
Amazon Games & Software Downloader
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASPCA Reminder by We-Care.com v4.1.21.1
Bonjour
ClubWPT
Coupon Companion Plugin
Coupon Printer for Windows
DivX Setup
DraftDominator Version 13.0d
Dropbox
DVDFab 8.1.0.0 (16/06/2011) Qt
Epson Event Manager
EPSON Scan
EPSON WorkForce 610 Series Printer Uninstall
EpsonNet Print
EpsonNet Setup
ESET Online Scanner v3
FileHippo.com Update Checker
Google Chrome
Google Earth
Google Update Helper
H&R Block Deluxe + Efile + State 2010
H&R Block Deluxe + Efile + State 2011
H&R Block Deluxe + Efile + State 2012
H&R Block Illinois 2010
H&R Block Illinois 2011
Hewlett-Packard ACLM.NET v1.2.1.1
Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2565057)
Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2635973)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
HP 3D DriveGuard
HP Customer Experience Enhancements
HP ESU for Microsoft Windows 7
HP Product Detection
HP Quick Launch Buttons
HP Support Assistant
HP Webcam
ImgBurn
Intel PROSet Wireless
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Interface
Intel® Network Connections Drivers
Intel® PROSet/Wireless WiFi Software
Intel® Active Management Technology
iTunes
Java 7 Update 9
Java Auto Updater
Java™ 6 Update 24
Java™ 6 Update 26 (64-bit)
Java™ SE Development Kit 6 Update 25 (64-bit)
K-Lite Codec Pack (64-bit) v4.5.0
K-Lite Codec Pack 7.0.0 (Full)
LineupDominator Version 8.0a Full
MacDrive 8
Magic ISO Maker v5.5 (build 0281)
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.70.0.1100
MFL Import Version 4.0a
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Help Viewer 1.1
Microsoft Mouse and Keyboard Center
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access database engine 2007 (English)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft SQL Server VSS Writer
Microsoft Streets & Trips 2009
Microsoft Virtual PC 2007
Microsoft Visual C++ Compilers 2010 Standard - enu - x86
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
Microsoft Visual C++ 2010 Express - ENU
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
Microsoft Visual Studio 2010 Service Pack 1
Moveslink
MozBackup 1.4.10
Mozilla Firefox 18.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0.2 (x86 en-US)
Notepad++
PCDrafter 2012
Pdf995 (installed by H&R Block)
PdfEdit995 (installed by H&R Block)
Picasa 3
Projections Dominator Version 6.0g
QLBCASL
QuickTime
RICOH R5C853 Driver Vista x64 Ver.1.00.09
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit)
Spybot - Search & Destroy
SpywareBlaster 4.4
Sql Server Customer Experience Improvement Program
Suunto USB Drive
Suunto USB Driver
Suunto USB Serial Port (Driver Removal)
Synaptics Pointing Device Driver
TradeDominator version 7.0a
TweetDeck
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.1.7
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
1/16/2013 8:15:00 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10003] - WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll
1/16/2013 5:53:06 PM, Error: Service Control Manager [7034] - The EpsonBidirectionalService service terminated unexpectedly. It has done this 1 time(s).
1/16/2013 10:24:45 PM, Error: Service Control Manager [7034] - The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
1/16/2013 10:22:33 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Audio Endpoint Builder service, but this action failed with the following error: Circular service dependency was specified.
1/16/2013 10:22:33 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Program Compatibility Assistant Service service, but this action failed with the following error: An instance of the service is already running.
1/16/2013 10:22:33 PM, Error: Service Control Manager [7019] - The Windows Audio Endpoint Builder service depends on a service in a group which starts later. Change the order in the service dependency tree to ensure that all services required to start this service are starting before this service is started.
1/16/2013 10:22:33 PM, Error: Service Control Manager [7017] - Detected circular dependencies demand starting Windows Audio Endpoint Builder. Check the service dependency tree.
1/16/2013 10:22:33 PM, Error: Service Control Manager [7000] - The Plug and Play service failed to start due to the following error: A system shutdown is in progress.
1/16/2013 10:22:33 PM, Error: Service Control Manager [7000] - The HomeGroup Listener service failed to start due to the following error: A system shutdown is in progress.
1/16/2013 10:21:33 PM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).
1/16/2013 10:21:33 PM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/16/2013 10:21:33 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/16/2013 10:21:33 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/16/2013 10:21:33 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/16/2013 10:21:33 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/16/2013 10:21:33 PM, Error: Service Control Manager [7031] - The Offline Files service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/16/2013 10:21:33 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
1/16/2013 10:21:33 PM, Error: Service Control Manager [7031] - The HomeGroup Listener service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/16/2013 10:21:33 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/16/2013 10:21:33 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/16/2013 10:21:24 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
1/16/2013 10:20:56 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}. The error: "193" Happened while starting this command: C:\Windows\system32\igfxsrvc.exe -Embedding
1/16/2013 10:20:52 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
1/16/2013 10:15:25 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort2.
1/16/2013 10:04:17 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
1/15/2013 5:02:22 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer OWNER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{81B78C55-7D5D-4F9D-85CF-FC78FF735239}. The master browser is stopping or an election is being forced.
1/10/2013 3:12:16 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
1/10/2013 3:12:16 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================


Process PID CPU Private Bytes Working Set Description Company Name Verified Signer
System Idle Process 0 57.05 0 K 24 K
procexp64.exe 808 23.91 26,164 K 47,744 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Sysinternals
Interrupts n/a 3.47 0 K 0 K Hardware Interrupts and DPCs
dwm.exe 2712 2.96 51,708 K 26,228 K Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
System 4 2.27 112 K 304 K
svchost.exe 912 1.63 20,444 K 23,720 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SynTPEnh.exe 3296 1.02 9,240 K 14,380 K Synaptics TouchPad Enhancements Synaptics Incorporated (Verified) Microsoft Windows Hardware Compatibility Publisher
SDTray.exe 5068 0.97 10,416 K 20,736 K Spybot - Search & Destroy tray access Safer-Networking Ltd. (Verified) Safer Networking Ltd.
SDWSCSvc.exe 3196 0.94 1,484 K 4,668 K Windows Security Center integration. Safer-Networking Ltd. (Verified) Safer Networking Ltd.
SDFSSvc.exe 2212 0.93 26,004 K 33,068 K Spybot-S&D 2 Scanner Service Safer-Networking Ltd. (Verified) Safer Networking Ltd.
csrss.exe 444 0.81 2,476 K 10,704 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
MsMpEng.exe 776 0.79 64,584 K 61,708 K Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation
svchost.exe 996 0.58 27,772 K 43,396 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
Moveslink.exe 4384 0.51 35,676 K 46,492 K Moveslink for synchronizing data with MovesCount Suunto Oy (Verified) Suunto
explorer.exe 2756 0.48 34,752 K 56,564 K Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
services.exe 476 0.40 6,456 K 10,208 K Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
SDUpdSvc.exe 2864 0.39 7,000 K 14,288 K Spybot-S&D 2 Background update service Safer-Networking Ltd. (Verified) Safer Networking Ltd.
svchost.exe 620 0.23 4,336 K 9,560 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
iPodService.exe 3712 0.12 2,680 K 6,840 K iPodService Module (64-bit) Apple Inc. (Verified) Apple Inc.
EEventManager.exe 4880 0.10 3,764 K 9,704 K EEventManager Application SEIKO EPSON CORPORATION (Verified) Newsoft Technology Company
AppleMobileDeviceService.exe 1820 0.08 2,964 K 9,220 K MobileDeviceService Apple Inc. (Verified) Apple Inc.
svchost.exe 724 0.06 4,488 K 8,308 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 376 0.06 2,264 K 4,572 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
eEBSvc.exe 1584 0.06 4,744 K 6,780 K eEBAPI Core Process module SEIKO EPSON CORPORATION (Unable to verify) SEIKO EPSON CORPORATION
SearchIndexer.exe 1456 0.04 36,804 K 21,744 K Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 336 0.04 10,304 K 17,384 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
LMS.exe 2020 0.03 1,492 K 4,640 K Local Manageability Service Intel Corporation (Verified) Intel Corporation
svchost.exe 1120 0.03 15,156 K 16,464 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe 5248 0.02 12,292 K 5,372 K Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
HPSA_Service.exe 4064 0.01 29,724 K 21,420 K HP Support Assistant Service Hewlett-Packard Company (Unable to verify) Hewlett-Packard Company
svchost.exe 956 0.01 80,580 K 88,800 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
iTunesHelper.exe 4972 < 0.01 3,528 K 11,036 K iTunesHelper Apple Inc. (Verified) Apple Inc.
ipoint.exe 4184 < 0.01 6,008 K 13,136 K IPoint.exe Microsoft Corporation (Verified) Microsoft Corporation
spoolsv.exe 1280 < 0.01 9,208 K 16,944 K Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
hpservice.exe 328 < 0.01 1,508 K 4,488 K HpService Hewlett-Packard Company (Verified) Microsoft Windows Hardware Compatibility Publisher
YahooAUService.exe 2500 2,076 K 6,820 K AutoUpater Service Module Yahoo! Inc. (Verified) Yahoo! Inc.
WmiPrvSE.exe 5028 4,316 K 9,800 K WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 692 2,608 K 7,108 K Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 428 1,468 K 4,344 K Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
VolCtrl.exe 4984 5,572 K 5,120 K Volume related element Hewlett-Packard Development Company, L.P. (Verified) Hewlett-Packard Company
vds.exe 3828 2,984 K 8,612 K Virtual Disk Service Microsoft Corporation (Verified) Microsoft Windows
unsecapp.exe 4764 1,692 K 5,276 K Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
unsecapp.exe 4820 1,476 K 4,580 K Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
UNS.exe 2436 2,952 K 8,016 K User Notification Service Intel Corporation (Verified) Intel Corporation
TrustedInstaller.exe 2604 3,340 K 8,648 K Windows Modules Installer Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe 2628 3,340 K 7,576 K Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
SynTPHelper.exe 3460 1,184 K 3,224 K Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Microsoft Windows Hardware Compatibility Publisher
svchost.exe 3188 1,604 K 4,884 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1348 13,140 K 14,568 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1316 9,160 K 65,600 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2400 1,976 K 6,116 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4528 3,096 K 7,748 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
sqlwriter.exe 2380 1,868 K 5,940 K SQL Server VSS Writer - 64 Bit Microsoft Corporation (Verified) Microsoft Corporation
sqlservr.exe 1396 131,696 K 68,176 K SQL Server Windows NT - 64 Bit Microsoft Corporation (Verified) Microsoft Corporation
smss.exe 240 444 K 1,104 K Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
smax4pnp.exe 4872 6,276 K 6,992 K SMax4PNP Analog Devices, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
RegSrvc.exe 2124 1,916 K 6,100 K Intel® PROSet/Wireless Registry Service Intel® Corporation (Verified) Intel Corporation - Mobile Wireless Group
QLBCTRL.exe 4852 3,692 K 10,932 K Quick Launch Buttons Hewlett-Packard Development Company, L.P. (Verified) Hewlett-Packard Company
procexp.exe 5076 2,232 K 7,208 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
msseces.exe 3484 7,100 K 18,160 K Microsoft Security Client User Interface Microsoft Corporation (Verified) Microsoft Corporation
mDNSResponder.exe 1848 2,016 K 5,348 K Bonjour Service Apple Inc. (Verified) Apple Inc.
MagicDisc.exe 4392 3,032 K 7,448 K MagicISO Virtual CD/DVD Manager MagicISO, Inc. (Unable to verify) MagicISO, Inc.
MacDrive8Service.exe 1340 2,052 K 5,412 K MacDrive service Mediafour Corporation (Unable to verify) Mediafour Corporation
MacDrive.exe 3260 4,400 K 11,128 K MacDrive application Mediafour Corporation (Unable to verify) Mediafour Corporation
M4LIC.EXE 420 1,492 K 5,072 K M4LIC.EXE Mediafour Corporation (Unable to verify) Mediafour Corporation
lsm.exe 508 2,596 K 4,280 K Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 500 5,020 K 12,072 K Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
jusched.exe 4992 1,104 K 4,300 K Java™ Update Scheduler Sun Microsystems, Inc. (Verified) Oracle America
itype.exe 3820 6,416 K 13,748 K IType.exe Microsoft Corporation (Verified) Microsoft Corporation
igfxpers.exe 3408 2,080 K 6,472 K persistence Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
iFrmewrk.exe 3308 7,280 K 18,500 K Intel® PROSet/Wireless Framework Intel® Corporation (Verified) Intel Corporation - Mobile Wireless Group
hpqWmiEx.exe 3736 1,836 K 6,288 K HP Software Framework WMI Service Hewlett-Packard Company (Verified) Hewlett-Packard Company
HPDrvMntSvc.exe 1988 1,024 K 3,432 K HP Quick Synchronization Service Hewlett-Packard Company (Verified) Hewlett-Packard Company
hkcmd.exe 3328 4,032 K 11,304 K hkcmd Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
E_S40STB.EXE 1924 1,320 K 3,616 K EPSON Status Monitor 3 SEIKO EPSON CORPORATION (Verified) Microsoft Windows Hardware Compatibility Publisher
E_S40RPB.EXE 1952 1,160 K 3,140 K EPSON Status Monitor 3 SEIKO EPSON CORPORATION (Verified) Microsoft Windows Hardware Compatibility Publisher
DivXUpdate.exe 4896 5,692 K 14,712 K DivX Update (Verified) DivX
Com4QLBEx.exe 5684 1,260 K 4,776 K Com for QLB application Hewlett-Packard Development Company, L.P. (Verified) Hewlett-Packard Company
audiodg.exe 332 14,748 K 15,700 K Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
armsvc.exe 1760 1,176 K 3,832 K Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
AEADISRV.EXE 1792 1,184 K 3,220 K Andrea filters APO access service (64-bit) Andrea Electronics Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
  • 0

#4
RKinner
Posted 17 January 2013 - 12:41 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Uninstall:

Java 7 Update 9
Java Auto Updater
Java™ 6 Update 24
Java™ 6 Update 26 (64-bit)
Java™ SE Development Kit 6 Update 25 (64-bit)
Yahoo! Toolbar
Yahoo! Software Update

Copy the next two lines:

del \PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MOVESL~1.LNK
del \Windows\Installer\{0ED016B2-C009-4253-9DDD-BDB8DA9CE181}\_E02D80CCF13FCD5A87F526.exe

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Close the command window.

Reboot. Do you still have the problem? If so let's try some more scans. If one won't work skip it and go on to the next one.



Download aswMBR.exe to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it by right clicking and Run As Admin.


If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.




Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application. VEW will overwrite the log at C:\vew.txt each time it runs so either post your System results before running VEW for Applications or copy the file c:\vew.txt to a new location.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.
  • 0

#5
ImJustsayin
Posted 17 January 2013 - 01:17 PM

ImJustsayin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 281 posts
I removed Java and Yahoo toolbar as instructed. When I copy.pasted registry lines I receive message access denied. I did open prompt as instructed, run as admin

my home page and this page are still improperly formatted. I have a screen shot to show you if there is a way to upload a .png file from paint
  • 0

#6
RKinner
Posted 17 January 2013 - 02:34 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
If you open your png file in Paint and then File, Save As, and change it to jpg or jpeg it should save OK.

I assume you did right click on Command Prompt and Run As Admin?

Right click on the Windows startup ball in the lower left and then select Open Windows Explorer. In the left pane click on arrow in front of OS (C:).

Then on the arrow in front of ProgramData, then Microsoft then Windows then StartMenu then Programs then click on Startup

In the right pane you should see something that starts with MOVESL. Right click on it and try to Delete. Does it let you delete it?

Now try the same thing for

In the left pane click on arrow in front of OS (C:).


First Windows then Installer then click on {0ED016B2-C009-4253-9DDD-BDB8DA9CE181} and find _E02D80CCF13FCD5A87F526.exe in the right pane. Right click on it and try to delete. Does it let you?

If not try:

Please download GrantPerms.zip
http://download.blee.../GrantPerms.zip
and save it to your desktop.
Unzip the file and run GrantPerms64.exe by right clicking and Run As Admin.
Copy and paste the following in the edit box:


c:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MOVESL~1.LNK
c:\Windows\Installer\{0ED016B2-C009-4253-9DDD-BDB8DA9CE181}\_E02D80CCF13FCD5A87F526.exe

Click Unlock. When it is done click "OK".
Click List Permissions and post the result (Perms.txt) that pops up. A copy of Perms.txt will be saved in the same directory the tool is run.

Now go back into Windows Explorer and try to delete the two files.

Continue with the other scans if this doesn't work. Skip anything that won't work and go on to the next.
  • 0

#7
ImJustsayin
Posted 17 January 2013 - 02:36 PM

ImJustsayin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 281 posts
I have all the logs ready except OTL, it is still running. Do you still want them?
  • 0

#8
RKinner
Posted 17 January 2013 - 02:38 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
yes.
  • 0

#9
ImJustsayin
Posted 17 January 2013 - 02:44 PM

ImJustsayin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 281 posts
I did not have MOVESL but Moves is a program for my Suunto GPS watch I upload workouts to the Moves website. I saw the CLID but left them since they are tagged for Moves.
  • 0

#10
RKinner
Posted 17 January 2013 - 02:49 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
I don't like to see an installer running at every boot. Could you uninstall this Moves thing for now and reinstall it later?
  • 0

Advertisements

#11
ImJustsayin
Posted 17 January 2013 - 02:49 PM

ImJustsayin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 281 posts
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-17 13:19:43
-----------------------------
13:19:43.612 OS Version: Windows x64 6.1.7601 Service Pack 1
13:19:43.612 Number of processors: 2 586 0x170A
13:19:43.612 ComputerName: DAVES-6930P UserName: David's HP
13:19:45.843 Initialize success
13:19:57.919 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
13:19:57.919 Disk 0 Vendor: Hitachi_HTS723225L9A360 FCDOC60D Size: 238475MB BusType: 11
13:19:57.934 Disk 0 MBR read successfully
13:19:57.934 Disk 0 MBR scan
13:19:57.950 Disk 0 Windows 7 default MBR code
13:19:57.950 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
13:19:57.966 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 237344 MB offset 206848
13:19:57.997 Disk 0 Partition 3 00 0C FAT32 LBA MSDOS5.0 1027 MB offset 486287550
13:19:58.028 Disk 0 scanning C:\Windows\system32\drivers
13:20:04.923 Service scanning
13:20:26.623 Modules scanning
13:20:26.638 Scan finished successfully
13:20:43.409 Disk 0 MBR has been saved successfully to "C:\Users\David's HP\Desktop\MBR.dat"
13:20:43.424 The log file has been saved successfully to "C:\Users\David's HP\Desktop\aswMBR.txt"


13:55:08.0831 5480 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
13:55:09.0268 5480 ============================================================
13:55:09.0268 5480 Current date / time: 2013/01/17 13:55:09.0268
13:55:09.0268 5480 SystemInfo:
13:55:09.0268 5480
13:55:09.0268 5480 OS Version: 6.1.7601 ServicePack: 1.0
13:55:09.0268 5480 Product type: Workstation
13:55:09.0268 5480 ComputerName: DAVES-6930P
13:55:09.0268 5480 UserName: David's HP
13:55:09.0268 5480 Windows directory: C:\Windows
13:55:09.0268 5480 System windows directory: C:\Windows
13:55:09.0268 5480 Running under WOW64
13:55:09.0268 5480 Processor architecture: Intel x64
13:55:09.0268 5480 Number of processors: 2
13:55:09.0268 5480 Page size: 0x1000
13:55:09.0268 5480 Boot type: Normal boot
13:55:09.0268 5480 ============================================================
13:55:10.0204 5480 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:55:10.0220 5480 ============================================================
13:55:10.0220 5480 \Device\Harddisk0\DR0:
13:55:10.0220 5480 MBR partitions:
13:55:10.0220 5480 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:55:10.0220 5480 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1CF90000
13:55:10.0220 5480 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x1CFC28BE, BlocksNum 0x201CC3
13:55:10.0220 5480 ============================================================
13:55:10.0235 5480 C: <-> \Device\Harddisk0\DR0\Partition2
13:55:10.0267 5480 D: <-> \Device\Harddisk0\DR0\Partition3
13:55:10.0267 5480 ============================================================
13:55:10.0267 5480 Initialize success
13:55:10.0267 5480 ============================================================
13:55:12.0045 4100 ============================================================
13:55:12.0045 4100 Scan started
13:55:12.0045 4100 Mode: Manual;
13:55:12.0045 4100 ============================================================
13:55:12.0856 4100 ================ Scan system memory ========================
13:55:12.0856 4100 System memory - ok
13:55:12.0856 4100 ================ Scan services =============================
13:55:13.0043 4100 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:55:13.0043 4100 1394ohci - ok
13:55:13.0090 4100 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
13:55:13.0090 4100 Accelerometer - ok
13:55:13.0121 4100 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:55:13.0121 4100 ACPI - ok
13:55:13.0137 4100 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:55:13.0137 4100 AcpiPmi - ok
13:55:13.0184 4100 [ 560649E6A9C11F6124F97310EF387C45 ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
13:55:13.0184 4100 ADIHdAudAddService - ok
13:55:13.0246 4100 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:55:13.0246 4100 AdobeARMservice - ok
13:55:13.0293 4100 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
13:55:13.0309 4100 adp94xx - ok
13:55:13.0355 4100 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
13:55:13.0355 4100 adpahci - ok
13:55:13.0371 4100 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
13:55:13.0371 4100 adpu320 - ok
13:55:13.0402 4100 [ 3BDB13C79CC8C06E2F8182595903ED69 ] AEADIFilters C:\Windows\system32\AEADISRV.EXE
13:55:13.0402 4100 AEADIFilters - ok
13:55:13.0418 4100 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:55:13.0418 4100 AeLookupSvc - ok
13:55:13.0480 4100 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
13:55:13.0496 4100 AFD - ok
13:55:13.0527 4100 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:55:13.0527 4100 agp440 - ok
13:55:13.0543 4100 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
13:55:13.0543 4100 ALG - ok
13:55:13.0558 4100 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
13:55:13.0558 4100 aliide - ok
13:55:13.0621 4100 [ FF6F0F6A2D72065AE4300426FA414693 ] Amazon Download Agent C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
13:55:13.0621 4100 Amazon Download Agent - ok
13:55:13.0636 4100 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
13:55:13.0636 4100 amdide - ok
13:55:13.0683 4100 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
13:55:13.0683 4100 AmdK8 - ok
13:55:13.0699 4100 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:55:13.0699 4100 AmdPPM - ok
13:55:13.0761 4100 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:55:13.0777 4100 amdsata - ok
13:55:13.0917 4100 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
13:55:13.0917 4100 amdsbs - ok
13:55:13.0933 4100 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:55:13.0933 4100 amdxata - ok
13:55:13.0995 4100 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
13:55:13.0995 4100 androidusb - ok
13:55:14.0057 4100 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
13:55:14.0057 4100 AppID - ok
13:55:14.0089 4100 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:55:14.0089 4100 AppIDSvc - ok
13:55:14.0120 4100 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
13:55:14.0120 4100 Appinfo - ok
13:55:14.0182 4100 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:55:14.0198 4100 Apple Mobile Device - ok
13:55:14.0229 4100 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
13:55:14.0229 4100 AppMgmt - ok
13:55:14.0260 4100 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
13:55:14.0276 4100 arc - ok
13:55:14.0291 4100 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
13:55:14.0291 4100 arcsas - ok
13:55:14.0401 4100 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:55:14.0401 4100 aspnet_state - ok
13:55:14.0432 4100 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:55:14.0432 4100 AsyncMac - ok
13:55:14.0463 4100 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
13:55:14.0463 4100 atapi - ok
13:55:14.0494 4100 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:55:14.0510 4100 AudioEndpointBuilder - ok
13:55:14.0525 4100 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:55:14.0525 4100 AudioSrv - ok
13:55:14.0557 4100 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:55:14.0557 4100 AxInstSV - ok
13:55:14.0603 4100 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
13:55:14.0603 4100 b06bdrv - ok
13:55:14.0635 4100 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
13:55:14.0635 4100 b57nd60a - ok
13:55:14.0666 4100 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
13:55:14.0666 4100 BDESVC - ok
13:55:14.0697 4100 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
13:55:14.0697 4100 Beep - ok
13:55:14.0744 4100 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
13:55:14.0744 4100 BFE - ok
13:55:14.0775 4100 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
13:55:14.0791 4100 BITS - ok
13:55:14.0822 4100 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:55:14.0822 4100 blbdrive - ok
13:55:14.0931 4100 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:55:14.0947 4100 Bonjour Service - ok
13:55:14.0978 4100 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:55:14.0978 4100 bowser - ok
13:55:15.0009 4100 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:55:15.0009 4100 BrFiltLo - ok
13:55:15.0025 4100 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:55:15.0025 4100 BrFiltUp - ok
13:55:15.0056 4100 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
13:55:15.0056 4100 BridgeMP - ok
13:55:15.0103 4100 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
13:55:15.0103 4100 Browser - ok
13:55:15.0134 4100 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:55:15.0134 4100 Brserid - ok
13:55:15.0149 4100 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:55:15.0149 4100 BrSerWdm - ok
13:55:15.0165 4100 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:55:15.0165 4100 BrUsbMdm - ok
13:55:15.0181 4100 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:55:15.0181 4100 BrUsbSer - ok
13:55:15.0196 4100 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
13:55:15.0196 4100 BTHMODEM - ok
13:55:15.0227 4100 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
13:55:15.0227 4100 bthserv - ok
13:55:15.0243 4100 catchme - ok
13:55:15.0274 4100 [ B99D91E4CD9017F213645AA2E80EB425 ] CBDisk C:\Windows\system32\drivers\CBDisk.sys
13:55:15.0274 4100 CBDisk - ok
13:55:15.0305 4100 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:55:15.0305 4100 cdfs - ok
13:55:15.0352 4100 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:55:15.0352 4100 cdrom - ok
13:55:15.0383 4100 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
13:55:15.0383 4100 CertPropSvc - ok
13:55:15.0415 4100 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
13:55:15.0415 4100 circlass - ok
13:55:15.0446 4100 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
13:55:15.0446 4100 CLFS - ok
13:55:15.0493 4100 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:55:15.0493 4100 clr_optimization_v2.0.50727_32 - ok
13:55:15.0555 4100 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:55:15.0555 4100 clr_optimization_v2.0.50727_64 - ok
13:55:15.0633 4100 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:55:15.0633 4100 clr_optimization_v4.0.30319_32 - ok
13:55:15.0664 4100 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:55:15.0680 4100 clr_optimization_v4.0.30319_64 - ok
13:55:15.0711 4100 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:55:15.0711 4100 CmBatt - ok
13:55:15.0727 4100 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:55:15.0727 4100 cmdide - ok
13:55:15.0773 4100 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
13:55:15.0773 4100 CNG - ok
13:55:15.0836 4100 [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
13:55:15.0836 4100 Com4QLBEx - ok
13:55:15.0867 4100 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:55:15.0867 4100 Compbatt - ok
13:55:15.0898 4100 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
13:55:15.0898 4100 CompositeBus - ok
13:55:15.0898 4100 COMSysApp - ok
13:55:15.0914 4100 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
13:55:15.0914 4100 crcdisk - ok
13:55:15.0961 4100 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:55:15.0961 4100 CryptSvc - ok
13:55:16.0007 4100 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
13:55:16.0023 4100 CSC - ok
13:55:16.0054 4100 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
13:55:16.0070 4100 CscService - ok
13:55:16.0117 4100 [ E6CE7188CC47AE5DAFDAF552D370C52F ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
13:55:16.0117 4100 dc3d - ok
13:55:16.0163 4100 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:55:16.0163 4100 DcomLaunch - ok
13:55:16.0195 4100 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
13:55:16.0195 4100 defragsvc - ok
13:55:16.0226 4100 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:55:16.0226 4100 DfsC - ok
13:55:16.0241 4100 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
13:55:16.0241 4100 Dhcp - ok
13:55:16.0273 4100 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
13:55:16.0273 4100 discache - ok
13:55:16.0288 4100 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
13:55:16.0288 4100 Disk - ok
13:55:16.0319 4100 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:55:16.0319 4100 Dnscache - ok
13:55:16.0351 4100 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
13:55:16.0366 4100 dot3svc - ok
13:55:16.0397 4100 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
13:55:16.0397 4100 DPS - ok
13:55:16.0429 4100 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:55:16.0429 4100 drmkaud - ok
13:55:16.0491 4100 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:55:16.0507 4100 DXGKrnl - ok
13:55:16.0538 4100 [ 1F20AEAAD1BE0121647257235B788224 ] e1yexpress C:\Windows\system32\DRIVERS\e1y62x64.sys
13:55:16.0538 4100 e1yexpress - ok
13:55:16.0569 4100 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
13:55:16.0585 4100 EapHost - ok
13:55:16.0694 4100 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
13:55:16.0709 4100 ebdrv - ok
13:55:16.0756 4100 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
13:55:16.0772 4100 EFS - ok
13:55:16.0819 4100 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:55:16.0819 4100 ehRecvr - ok
13:55:16.0850 4100 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
13:55:16.0850 4100 ehSched - ok
13:55:16.0897 4100 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
13:55:16.0897 4100 elxstor - ok
13:55:16.0928 4100 [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
13:55:16.0928 4100 EpsonBidirectionalService - ok
13:55:16.0990 4100 [ B5581646636759D0DAFA8B008881C079 ] EPSON_EB_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
13:55:17.0006 4100 EPSON_EB_RPCV4_01 - ok
13:55:17.0006 4100 [ 1E345F2A2D95DA3190596E691CDE9342 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
13:55:17.0006 4100 EPSON_PM_RPCV4_01 - ok
13:55:17.0037 4100 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:55:17.0037 4100 ErrDev - ok
13:55:17.0084 4100 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
13:55:17.0099 4100 EventSystem - ok
13:55:17.0224 4100 [ B56D9602DB5FE1C116B1CA5EFD8E2E50 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
13:55:17.0240 4100 EvtEng - ok
13:55:17.0255 4100 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
13:55:17.0255 4100 exfat - ok
13:55:17.0287 4100 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:55:17.0287 4100 fastfat - ok
13:55:17.0333 4100 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
13:55:17.0333 4100 Fax - ok
13:55:17.0365 4100 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:55:17.0365 4100 fdc - ok
13:55:17.0380 4100 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
13:55:17.0380 4100 fdPHost - ok
13:55:17.0396 4100 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
13:55:17.0396 4100 FDResPub - ok
13:55:17.0427 4100 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:55:17.0427 4100 FileInfo - ok
13:55:17.0427 4100 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:55:17.0427 4100 Filetrace - ok
13:55:17.0458 4100 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:55:17.0458 4100 flpydisk - ok
13:55:17.0474 4100 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:55:17.0474 4100 FltMgr - ok
13:55:17.0521 4100 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
13:55:17.0536 4100 FontCache - ok
13:55:17.0567 4100 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:55:17.0567 4100 FontCache3.0.0.0 - ok
13:55:17.0599 4100 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:55:17.0599 4100 FsDepends - ok
13:55:17.0645 4100 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:55:17.0645 4100 Fs_Rec - ok
13:55:17.0677 4100 [ ED07200CFF78FACFB66EBB0B89F503A4 ] FTDIBUS C:\Windows\system32\drivers\ftdibus.sys
13:55:17.0677 4100 FTDIBUS - ok
13:55:17.0708 4100 [ 9980E7584484A009E77E9BFA14C0C18A ] FTSER2K C:\Windows\system32\drivers\ftser2k.sys
13:55:17.0708 4100 FTSER2K - ok
13:55:17.0755 4100 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:55:17.0755 4100 fvevol - ok
13:55:17.0786 4100 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
13:55:17.0786 4100 gagp30kx - ok
13:55:17.0848 4100 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:55:17.0848 4100 GEARAspiWDM - ok
13:55:17.0895 4100 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
13:55:17.0911 4100 gpsvc - ok
13:55:17.0973 4100 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:55:17.0973 4100 gupdate - ok
13:55:17.0989 4100 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:55:17.0989 4100 gupdatem - ok
13:55:18.0020 4100 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
13:55:18.0035 4100 gusvc - ok
13:55:18.0067 4100 [ B958F58F24ED2CDC296E42D0CC590025 ] HBtnKey C:\Windows\system32\DRIVERS\cpqbttn.sys
13:55:18.0067 4100 HBtnKey - ok
13:55:18.0098 4100 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:55:18.0098 4100 hcw85cir - ok
13:55:18.0145 4100 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:55:18.0145 4100 HdAudAddService - ok
13:55:18.0176 4100 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
13:55:18.0176 4100 HDAudBus - ok
13:55:18.0223 4100 [ 15C9789470B8855AC2F54FDF96802D13 ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
13:55:18.0223 4100 HECIx64 - ok
13:55:18.0238 4100 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
13:55:18.0238 4100 HidBatt - ok
13:55:18.0254 4100 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
13:55:18.0269 4100 HidBth - ok
13:55:18.0285 4100 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
13:55:18.0285 4100 HidIr - ok
13:55:18.0316 4100 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
13:55:18.0316 4100 hidserv - ok
13:55:18.0347 4100 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:55:18.0347 4100 HidUsb - ok
13:55:18.0363 4100 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:55:18.0379 4100 hkmsvc - ok
13:55:18.0394 4100 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:55:18.0410 4100 HomeGroupListener - ok
13:55:18.0425 4100 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:55:18.0441 4100 HomeGroupProvider - ok
13:55:18.0519 4100 [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
13:55:18.0519 4100 HP Support Assistant Service - ok
13:55:18.0597 4100 [ B7382BEC806B7B00FC84B3E2061FF48E ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
13:55:18.0597 4100 HPDrvMntSvc.exe - ok
13:55:18.0628 4100 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
13:55:18.0628 4100 hpdskflt - ok
13:55:18.0659 4100 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
13:55:18.0659 4100 HpqKbFiltr - ok
13:55:18.0706 4100 [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
13:55:18.0722 4100 hpqwmiex - ok
13:55:18.0753 4100 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:55:18.0753 4100 HpSAMD - ok
13:55:18.0784 4100 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe
13:55:18.0784 4100 hpsrv - ok
13:55:18.0847 4100 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:55:18.0847 4100 HTTP - ok
13:55:18.0878 4100 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:55:18.0878 4100 hwpolicy - ok
13:55:18.0909 4100 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
13:55:18.0909 4100 i8042prt - ok
13:55:19.0018 4100 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:55:19.0018 4100 iaStorV - ok
13:55:19.0081 4100 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:55:19.0096 4100 idsvc - ok
13:55:19.0346 4100 [ F59AC361DFE9BFD9BE81E20B04EADAA2 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
13:55:19.0393 4100 igfx - ok
13:55:19.0424 4100 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
13:55:19.0424 4100 iirsp - ok
13:55:19.0455 4100 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
13:55:19.0471 4100 IKEEXT - ok
13:55:19.0502 4100 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
13:55:19.0502 4100 intelide - ok
13:55:19.0517 4100 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:55:19.0517 4100 intelppm - ok
13:55:19.0549 4100 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:55:19.0549 4100 IPBusEnum - ok
13:55:19.0580 4100 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:55:19.0580 4100 IpFilterDriver - ok
13:55:19.0611 4100 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:55:19.0611 4100 iphlpsvc - ok
13:55:19.0627 4100 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:55:19.0627 4100 IPMIDRV - ok
13:55:19.0642 4100 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:55:19.0642 4100 IPNAT - ok
13:55:19.0673 4100 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:55:19.0673 4100 iPod Service - ok
13:55:19.0689 4100 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:55:19.0689 4100 IRENUM - ok
13:55:19.0720 4100 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:55:19.0720 4100 isapnp - ok
13:55:19.0736 4100 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:55:19.0736 4100 iScsiPrt - ok
13:55:19.0751 4100 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:55:19.0751 4100 kbdclass - ok
13:55:19.0767 4100 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:55:19.0767 4100 kbdhid - ok
13:55:19.0783 4100 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
13:55:19.0783 4100 KeyIso - ok
13:55:19.0814 4100 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:55:19.0814 4100 KSecDD - ok
13:55:19.0829 4100 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:55:19.0829 4100 KSecPkg - ok
13:55:19.0845 4100 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:55:19.0845 4100 ksthunk - ok
13:55:19.0892 4100 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
13:55:19.0892 4100 KtmRm - ok
13:55:19.0939 4100 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
13:55:19.0939 4100 LanmanServer - ok
13:55:19.0970 4100 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:55:19.0970 4100 LanmanWorkstation - ok
13:55:20.0001 4100 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:55:20.0001 4100 lltdio - ok
13:55:20.0032 4100 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:55:20.0032 4100 lltdsvc - ok
13:55:20.0048 4100 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:55:20.0048 4100 lmhosts - ok
13:55:20.0110 4100 [ 44CBF7F9E2FB9C36ACC892812F8750A0 ] LMS C:\Program Files (x86)\Intel\AMT\LMS.exe
13:55:20.0110 4100 LMS - ok
13:55:20.0157 4100 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
13:55:20.0157 4100 LSI_FC - ok
13:55:20.0188 4100 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
13:55:20.0188 4100 LSI_SAS - ok
13:55:20.0204 4100 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:55:20.0204 4100 LSI_SAS2 - ok
13:55:20.0219 4100 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:55:20.0219 4100 LSI_SCSI - ok
13:55:20.0235 4100 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
13:55:20.0235 4100 luafv - ok
13:55:20.0266 4100 [ 543080D7653128B1FA7CD8F7DB22BADB ] M4LIC C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE
13:55:20.0266 4100 M4LIC - ok
13:55:20.0297 4100 [ AC98B1E43C54ECD4A8F348FD388FA7A8 ] MacDrive8Service C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
13:55:20.0297 4100 MacDrive8Service - ok
13:55:20.0329 4100 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
13:55:20.0329 4100 mcdbus - ok
13:55:20.0360 4100 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:55:20.0360 4100 Mcx2Svc - ok
13:55:20.0391 4100 [ 1F2A22E735646F72BEA9D6E454DE2F57 ] MDFSYSNT C:\Windows\system32\drivers\MDFSYSNT.sys
13:55:20.0391 4100 MDFSYSNT - ok
13:55:20.0422 4100 [ E742557A08EABCCC897D79717DB2D5FE ] MDPMGRNT C:\Windows\system32\DRIVERS\MDPMGRNT.SYS
13:55:20.0422 4100 MDPMGRNT - ok
13:55:20.0438 4100 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
13:55:20.0438 4100 megasas - ok
13:55:20.0453 4100 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
13:55:20.0469 4100 MegaSR - ok
13:55:20.0531 4100 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
13:55:20.0547 4100 Microsoft Office Groove Audit Service - ok
13:55:20.0578 4100 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
13:55:20.0578 4100 MMCSS - ok
13:55:20.0594 4100 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
13:55:20.0594 4100 Modem - ok
13:55:20.0625 4100 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:55:20.0625 4100 monitor - ok
13:55:20.0656 4100 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
13:55:20.0656 4100 mouclass - ok
13:55:20.0687 4100 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:55:20.0687 4100 mouhid - ok
13:55:20.0719 4100 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:55:20.0719 4100 mountmgr - ok
13:55:20.0781 4100 [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:55:20.0781 4100 MozillaMaintenance - ok
13:55:20.0843 4100 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
13:55:20.0843 4100 MpFilter - ok
13:55:20.0859 4100 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
13:55:20.0875 4100 mpio - ok
13:55:20.0890 4100 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:55:20.0890 4100 mpsdrv - ok
13:55:20.0937 4100 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:55:20.0937 4100 MpsSvc - ok
13:55:20.0999 4100 MREMP50 - ok
13:55:21.0031 4100 MREMP50a64 - ok
13:55:21.0046 4100 MREMPR5 - ok
13:55:21.0062 4100 MRENDIS5 - ok
13:55:21.0093 4100 MRESP50 - ok
13:55:21.0093 4100 MRESP50a64 - ok
13:55:21.0124 4100 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:55:21.0124 4100 MRxDAV - ok
13:55:21.0155 4100 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:55:21.0155 4100 mrxsmb - ok
13:55:21.0187 4100 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:55:21.0202 4100 mrxsmb10 - ok
13:55:21.0218 4100 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:55:21.0218 4100 mrxsmb20 - ok
13:55:21.0233 4100 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
13:55:21.0249 4100 msahci - ok
13:55:21.0265 4100 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:55:21.0265 4100 msdsm - ok
13:55:21.0296 4100 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
13:55:21.0296 4100 MSDTC - ok
13:55:21.0327 4100 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:55:21.0327 4100 Msfs - ok
13:55:21.0343 4100 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:55:21.0343 4100 mshidkmdf - ok
13:55:21.0374 4100 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:55:21.0374 4100 msisadrv - ok
13:55:21.0405 4100 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:55:21.0405 4100 MSiSCSI - ok
13:55:21.0405 4100 msiserver - ok
13:55:21.0436 4100 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:55:21.0436 4100 MSKSSRV - ok
13:55:21.0499 4100 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
13:55:21.0499 4100 MsMpSvc - ok
13:55:21.0530 4100 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:55:21.0530 4100 MSPCLOCK - ok
13:55:21.0545 4100 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:55:21.0545 4100 MSPQM - ok
13:55:21.0577 4100 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:55:21.0577 4100 MsRPC - ok
13:55:21.0592 4100 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
13:55:21.0592 4100 mssmbios - ok
13:55:21.0701 4100 MSSQL$SQLEXPRESS - ok
13:55:21.0811 4100 [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
13:55:21.0811 4100 MSSQLServerADHelper100 - ok
13:55:21.0826 4100 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:55:21.0826 4100 MSTEE - ok
13:55:21.0842 4100 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
13:55:21.0842 4100 MTConfig - ok
13:55:21.0873 4100 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
13:55:21.0873 4100 Mup - ok
13:55:21.0951 4100 [ A9BC2302FBDF52C8AF4E2FC966288D21 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
13:55:21.0951 4100 MyWiFiDHCPDNS - ok
13:55:21.0998 4100 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
13:55:22.0013 4100 napagent - ok
13:55:22.0045 4100 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:55:22.0045 4100 NativeWifiP - ok
13:55:22.0123 4100 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:55:22.0123 4100 NDIS - ok
13:55:22.0138 4100 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:55:22.0138 4100 NdisCap - ok
13:55:22.0169 4100 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:55:22.0169 4100 NdisTapi - ok
13:55:22.0185 4100 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:55:22.0185 4100 Ndisuio - ok
13:55:22.0216 4100 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:55:22.0216 4100 NdisWan - ok
13:55:22.0247 4100 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:55:22.0247 4100 NDProxy - ok
13:55:22.0263 4100 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:55:22.0263 4100 NetBIOS - ok
13:55:22.0294 4100 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:55:22.0294 4100 NetBT - ok
13:55:22.0310 4100 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
13:55:22.0310 4100 Netlogon - ok
13:55:22.0357 4100 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
13:55:22.0357 4100 Netman - ok
13:55:22.0388 4100 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:55:22.0388 4100 NetMsmqActivator - ok
13:55:22.0403 4100 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:55:22.0419 4100 NetPipeActivator - ok
13:55:22.0435 4100 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
13:55:22.0435 4100 netprofm - ok
13:55:22.0450 4100 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:55:22.0450 4100 NetTcpActivator - ok
13:55:22.0450 4100 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:55:22.0450 4100 NetTcpPortSharing - ok
13:55:22.0653 4100 [ 24F64343F14A119308456E1CA7507B26 ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
13:55:22.0700 4100 NETw5s64 - ok
13:55:22.0840 4100 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
13:55:22.0871 4100 netw5v64 - ok
13:55:22.0903 4100 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
13:55:22.0903 4100 nfrd960 - ok
13:55:22.0934 4100 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:55:22.0934 4100 NisDrv - ok
13:55:22.0981 4100 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
13:55:22.0981 4100 NisSrv - ok
13:55:23.0012 4100 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:55:23.0027 4100 NlaSvc - ok
13:55:23.0027 4100 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:55:23.0027 4100 Npfs - ok
13:55:23.0059 4100 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
13:55:23.0059 4100 nsi - ok
13:55:23.0059 4100 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:55:23.0059 4100 nsiproxy - ok
13:55:23.0137 4100 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:55:23.0137 4100 Ntfs - ok
13:55:23.0168 4100 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
13:55:23.0168 4100 Null - ok
13:55:23.0199 4100 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:55:23.0199 4100 nvraid - ok
13:55:23.0215 4100 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:55:23.0215 4100 nvstor - ok
13:55:23.0246 4100 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:55:23.0246 4100 nv_agp - ok
13:55:23.0339 4100 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:55:23.0339 4100 odserv - ok
13:55:23.0371 4100 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:55:23.0371 4100 ohci1394 - ok
13:55:23.0402 4100 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:55:23.0402 4100 ose - ok
13:55:23.0449 4100 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:55:23.0449 4100 p2pimsvc - ok
13:55:23.0480 4100 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
13:55:23.0480 4100 p2psvc - ok
13:55:23.0511 4100 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:55:23.0511 4100 Parport - ok
13:55:23.0527 4100 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:55:23.0527 4100 partmgr - ok
13:55:23.0542 4100 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:55:23.0542 4100 PcaSvc - ok
13:55:23.0558 4100 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
13:55:23.0558 4100 pci - ok
13:55:23.0573 4100 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
13:55:23.0573 4100 pciide - ok
13:55:23.0589 4100 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
13:55:23.0589 4100 pcmcia - ok
13:55:23.0605 4100 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
13:55:23.0605 4100 pcw - ok
13:55:23.0636 4100 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:55:23.0636 4100 PEAUTH - ok
13:55:23.0698 4100 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
13:55:23.0714 4100 PeerDistSvc - ok
13:55:23.0839 4100 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:55:23.0839 4100 PerfHost - ok
13:55:23.0901 4100 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
13:55:23.0917 4100 pla - ok
13:55:23.0963 4100 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:55:23.0979 4100 PlugPlay - ok
13:55:24.0010 4100 [ 06841F5CD8410B6BDC0B5A631B8F8787 ] pnetmdm C:\Windows\system32\DRIVERS\pnetmdm64.sys
13:55:24.0010 4100 pnetmdm - ok
13:55:24.0041 4100 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:55:24.0041 4100 PNRPAutoReg - ok
13:55:24.0073 4100 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:55:24.0073 4100 PNRPsvc - ok
13:55:24.0104 4100 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:55:24.0119 4100 PolicyAgent - ok
13:55:24.0151 4100 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
13:55:24.0151 4100 Power - ok
13:55:24.0182 4100 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:55:24.0182 4100 PptpMiniport - ok
13:55:24.0213 4100 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
13:55:24.0213 4100 Processor - ok
13:55:24.0229 4100 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
13:55:24.0229 4100 ProfSvc - ok
13:55:24.0244 4100 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:55:24.0244 4100 ProtectedStorage - ok
13:55:24.0291 4100 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:55:24.0291 4100 Psched - ok
13:55:24.0353 4100 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
13:55:24.0369 4100 ql2300 - ok
13:55:24.0385 4100 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
13:55:24.0400 4100 ql40xx - ok
13:55:24.0416 4100 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
13:55:24.0416 4100 QWAVE - ok
13:55:24.0431 4100 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:55:24.0431 4100 QWAVEdrv - ok
13:55:24.0447 4100 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:55:24.0447 4100 RasAcd - ok
13:55:24.0494 4100 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:55:24.0494 4100 RasAgileVpn - ok
13:55:24.0494 4100 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
13:55:24.0509 4100 RasAuto - ok
13:55:24.0525 4100 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:55:24.0525 4100 Rasl2tp - ok
13:55:24.0556 4100 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
13:55:24.0556 4100 RasMan - ok
13:55:24.0572 4100 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:55:24.0572 4100 RasPppoe - ok
13:55:24.0587 4100 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:55:24.0587 4100 RasSstp - ok
13:55:24.0619 4100 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:55:24.0634 4100 rdbss - ok
13:55:24.0634 4100 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:55:24.0634 4100 rdpbus - ok
13:55:24.0650 4100 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:55:24.0650 4100 RDPCDD - ok
13:55:24.0681 4100 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
13:55:24.0681 4100 RDPDR - ok
13:55:24.0697 4100 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:55:24.0697 4100 RDPENCDD - ok
13:55:24.0712 4100 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:55:24.0712 4100 RDPREFMP - ok
13:55:24.0759 4100 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
13:55:24.0759 4100 RdpVideoMiniport - ok
13:55:24.0790 4100 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:55:24.0790 4100 RDPWD - ok
13:55:24.0821 4100 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:55:24.0837 4100 rdyboost - ok
13:55:24.0946 4100 [ 0AA473966357C4A41B5EB19649EB6E5E ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
13:55:24.0946 4100 RegSrvc - ok
13:55:24.0977 4100 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:55:24.0977 4100 RemoteAccess - ok
13:55:25.0009 4100 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:55:25.0009 4100 RemoteRegistry - ok
13:55:25.0024 4100 [ EA67DEBAD5EEB97A5003011145B6FD19 ] rimmptsk C:\Windows\system32\DRIVERS\rimmpx64.sys
13:55:25.0024 4100 rimmptsk - ok
13:55:25.0055 4100 [ 858BBB1B592CF7016E67B17B07E20E61 ] rismcx64 C:\Windows\system32\DRIVERS\rismcx64.sys
13:55:25.0055 4100 rismcx64 - ok
13:55:25.0087 4100 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
13:55:25.0102 4100 ROOTMODEM - ok
13:55:25.0102 4100 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:55:25.0118 4100 RpcEptMapper - ok
13:55:25.0133 4100 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
13:55:25.0133 4100 RpcLocator - ok
13:55:25.0165 4100 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
13:55:25.0165 4100 RpcSs - ok
13:55:25.0227 4100 [ C9FE05A63C500ABE3AFA5786504C4D36 ] RsFx0105 C:\Windows\system32\DRIVERS\RsFx0105.sys
13:55:25.0227 4100 RsFx0105 - ok
13:55:25.0258 4100 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:55:25.0258 4100 rspndr - ok
13:55:25.0274 4100 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
13:55:25.0274 4100 s3cap - ok
13:55:25.0305 4100 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
13:55:25.0305 4100 SamSs - ok
13:55:25.0321 4100 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:55:25.0321 4100 sbp2port - ok
13:55:25.0352 4100 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:55:25.0367 4100 SCardSvr - ok
13:55:25.0383 4100 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:55:25.0383 4100 scfilter - ok
13:55:25.0430 4100 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
13:55:25.0445 4100 Schedule - ok
13:55:25.0461 4100 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:55:25.0461 4100 SCPolicySvc - ok
13:55:25.0477 4100 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
13:55:25.0492 4100 sdbus - ok
13:55:25.0508 4100 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:55:25.0508 4100 SDRSVC - ok
13:55:25.0539 4100 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:55:25.0539 4100 secdrv - ok
13:55:25.0570 4100 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
13:55:25.0570 4100 seclogon - ok
13:55:25.0586 4100 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
13:55:25.0586 4100 SENS - ok
13:55:25.0586 4100 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:55:25.0586 4100 SensrSvc - ok
13:55:25.0601 4100 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:55:25.0601 4100 Serenum - ok
13:55:25.0648 4100 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:55:25.0648 4100 Serial - ok
13:55:25.0679 4100 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
13:55:25.0679 4100 sermouse - ok
13:55:25.0711 4100 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
13:55:25.0711 4100 SessionEnv - ok
13:55:25.0726 4100 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
13:55:25.0742 4100 sffdisk - ok
13:55:25.0757 4100 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:55:25.0757 4100 sffp_mmc - ok
13:55:25.0773 4100 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
13:55:25.0773 4100 sffp_sd - ok
13:55:25.0789 4100 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
13:55:25.0789 4100 sfloppy - ok
13:55:25.0835 4100 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:55:25.0851 4100 SharedAccess - ok
13:55:25.0882 4100 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:55:25.0898 4100 ShellHWDetection - ok
13:55:25.0898 4100 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:55:25.0898 4100 SiSRaid2 - ok
13:55:25.0929 4100 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
13:55:25.0929 4100 SiSRaid4 - ok
13:55:25.0960 4100 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:55:25.0960 4100 Smb - ok
13:55:26.0007 4100 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:55:26.0007 4100 SNMPTRAP - ok
13:55:26.0101 4100 [ 84DE101B4FA40CD28B84637924C060CE ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
13:55:26.0132 4100 SNP2UVC - ok
13:55:26.0147 4100 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
13:55:26.0147 4100 spldr - ok
13:55:26.0194 4100 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
13:55:26.0194 4100 Spooler - ok
13:55:26.0288 4100 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
13:55:26.0319 4100 sppsvc - ok
13:55:26.0335 4100 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:55:26.0335 4100 sppuinotify - ok
13:55:26.0475 4100 [ 45E65FB17A4CD5FACBD3CA16C8334C82 ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
13:55:26.0475 4100 SQLAgent$SQLEXPRESS - ok
13:55:26.0569 4100 [ 10D936DCED9EACD1A1B3FCDDA6D7A4EB ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
13:55:26.0569 4100 SQLBrowser - ok
13:55:26.0631 4100 [ F92E5F93BE572B512DA3C016B675EDE0 ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
13:55:26.0631 4100 SQLWriter - ok
13:55:26.0678 4100 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
13:55:26.0678 4100 srv - ok
13:55:26.0725 4100 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:55:26.0725 4100 srv2 - ok
13:55:26.0740 4100 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:55:26.0740 4100 srvnet - ok
13:55:26.0787 4100 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
13:55:26.0787 4100 ssadbus - ok
13:55:26.0803 4100 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
13:55:26.0803 4100 ssadmdfl - ok
13:55:26.0818 4100 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
13:55:26.0818 4100 ssadmdm - ok
13:55:26.0865 4100 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:55:26.0865 4100 SSDPSRV - ok
13:55:26.0881 4100 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:55:26.0881 4100 SstpSvc - ok
13:55:26.0896 4100 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
13:55:26.0896 4100 stexstor - ok
13:55:26.0943 4100 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
13:55:26.0943 4100 stisvc - ok
13:55:26.0959 4100 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
13:55:26.0959 4100 storflt - ok
13:55:26.0990 4100 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
13:55:26.0990 4100 storvsc - ok
13:55:26.0990 4100 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
13:55:27.0005 4100 swenum - ok
13:55:27.0037 4100 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
13:55:27.0037 4100 swprv - ok
13:55:27.0052 4100 Synth3dVsc - ok
13:55:27.0161 4100 [ D268D2A0DB2A2BBE963E688D0B039267 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
13:55:27.0177 4100 SynTP - ok
13:55:27.0255 4100 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
13:55:27.0271 4100 SysMain - ok
13:55:27.0286 4100 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:55:27.0286 4100 TabletInputService - ok
13:55:27.0317 4100 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:55:27.0317 4100 TapiSrv - ok
13:55:27.0349 4100 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
13:55:27.0349 4100 TBS - ok
13:55:27.0427 4100 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:55:27.0442 4100 Tcpip - ok
13:55:27.0473 4100 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:55:27.0489 4100 TCPIP6 - ok
13:55:27.0520 4100 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:55:27.0520 4100 tcpipreg - ok
13:55:27.0536 4100 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:55:27.0551 4100 TDPIPE - ok
13:55:27.0583 4100 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:55:27.0583 4100 TDTCP - ok
13:55:27.0614 4100 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:55:27.0614 4100 tdx - ok
13:55:27.0645 4100 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
13:55:27.0645 4100 TermDD - ok
13:55:27.0676 4100 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
13:55:27.0676 4100 TermService - ok
13:55:27.0707 4100 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
13:55:27.0707 4100 Themes - ok
13:55:27.0739 4100 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
13:55:27.0739 4100 THREADORDER - ok
13:55:27.0770 4100 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
13:55:27.0770 4100 TPM - ok
13:55:27.0785 4100 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
13:55:27.0785 4100 TrkWks - ok
13:55:27.0817 4100 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:55:27.0817 4100 TrustedInstaller - ok
13:55:27.0848 4100 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:55:27.0848 4100 tssecsrv - ok
13:55:27.0863 4100 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:55:27.0863 4100 TsUsbFlt - ok
13:55:27.0863 4100 tsusbhub - ok
13:55:27.0910 4100 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:55:27.0910 4100 tunnel - ok
13:55:27.0926 4100 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
13:55:27.0926 4100 uagp35 - ok
13:55:27.0941 4100 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:55:27.0941 4100 udfs - ok
13:55:27.0957 4100 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:55:27.0957 4100 UI0Detect - ok
13:55:27.0988 4100 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:55:27.0988 4100 uliagpkx - ok
13:55:28.0035 4100 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:55:28.0035 4100 umbus - ok
13:55:28.0051 4100 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
13:55:28.0051 4100 UmPass - ok
13:55:28.0066 4100 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
13:55:28.0066 4100 UmRdpService - ok
13:55:28.0160 4100 [ C0AD6D5023060BB22CAC042A50B989D7 ] UNS C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
13:55:28.0160 4100 UNS - ok
13:55:28.0191 4100 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
13:55:28.0207 4100 upnphost - ok
13:55:28.0222 4100 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
13:55:28.0222 4100 USBAAPL64 - ok
13:55:28.0269 4100 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
13:55:28.0285 4100 usbaudio - ok
13:55:28.0331 4100 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:55:28.0331 4100 usbccgp - ok
13:55:28.0378 4100 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:55:28.0378 4100 usbcir - ok
13:55:28.0394 4100 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:55:28.0394 4100 usbehci - ok
13:55:28.0425 4100 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:55:28.0425 4100 usbhub - ok
13:55:28.0456 4100 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
13:55:28.0456 4100 usbohci - ok
13:55:28.0487 4100 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:55:28.0487 4100 usbprint - ok
13:55:28.0519 4100 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
13:55:28.0519 4100 usbscan - ok
13:55:28.0534 4100 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:55:28.0550 4100 USBSTOR - ok
13:55:28.0565 4100 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
13:55:28.0565 4100 usbuhci - ok
13:55:28.0597 4100 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
13:55:28.0597 4100 usbvideo - ok
13:55:28.0628 4100 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
13:55:28.0628 4100 UxSms - ok
13:55:28.0643 4100 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
13:55:28.0643 4100 VaultSvc - ok
13:55:28.0659 4100 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:55:28.0659 4100 vdrvroot - ok
13:55:28.0706 4100 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
13:55:28.0706 4100 vds - ok
13:55:28.0721 4100 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:55:28.0721 4100 vga - ok
13:55:28.0737 4100 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
13:55:28.0737 4100 VgaSave - ok
13:55:28.0737 4100 VGPU - ok
13:55:28.0768 4100 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:55:28.0768 4100 vhdmp - ok
13:55:28.0799 4100 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
13:55:28.0799 4100 viaide - ok
13:55:28.0831 4100 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
13:55:28.0831 4100 vmbus - ok
13:55:28.0846 4100 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
13:55:28.0846 4100 VMBusHID - ok
13:55:28.0877 4100 [ 091E009EF749C9D65CF9ADFAD316D251 ] vmm C:\Windows\system32\Drivers\vmm.sys
13:55:28.0893 4100 vmm - ok
13:55:28.0909 4100 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:55:28.0909 4100 volmgr - ok
13:55:28.0940 4100 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:55:28.0940 4100 volmgrx - ok
13:55:28.0955 4100 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:55:28.0971 4100 volsnap - ok
13:55:28.0987 4100 [ BC2EA40B98B5E866D9A4F98AFB66B682 ] VPCNetS2 C:\Windows\system32\DRIVERS\VMNetSrv.sys
13:55:28.0987 4100 VPCNetS2 - ok
13:55:29.0018 4100 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
13:55:29.0018 4100 vsmraid - ok
13:55:29.0065 4100 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
13:55:29.0080 4100 VSS - ok
13:55:29.0096 4100 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
13:55:29.0096 4100 vwifibus - ok
13:55:29.0111 4100 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
13:55:29.0111 4100 vwififlt - ok
13:55:29.0111 4100 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
13:55:29.0111 4100 vwifimp - ok
13:55:29.0158 4100 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
13:55:29.0158 4100 W32Time - ok
13:55:29.0174 4100 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
13:55:29.0174 4100 WacomPen - ok
13:55:29.0205 4100 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:55:29.0205 4100 WANARP - ok
13:55:29.0221 4100 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:55:29.0221 4100 Wanarpv6 - ok
13:55:29.0267 4100 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
13:55:29.0283 4100 WatAdminSvc - ok
13:55:29.0330 4100 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
13:55:29.0345 4100 wbengine - ok
13:55:29.0361 4100 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:55:29.0361 4100 WbioSrvc - ok
13:55:29.0408 4100 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:55:29.0423 4100 wcncsvc - ok
13:55:29.0439 4100 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:55:29.0439 4100 WcsPlugInService - ok
13:55:29.0470 4100 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
13:55:29.0470 4100 Wd - ok
13:55:29.0517 4100 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:55:29.0517 4100 Wdf01000 - ok
13:55:29.0533 4100 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:55:29.0548 4100 WdiServiceHost - ok
13:55:29.0548 4100 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:55:29.0548 4100 WdiSystemHost - ok
13:55:29.0579 4100 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
13:55:29.0579 4100 WebClient - ok
13:55:29.0595 4100 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:55:29.0595 4100 Wecsvc - ok
13:55:29.0595 4100 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:55:29.0611 4100 wercplsupport - ok
13:55:29.0626 4100 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
13:55:29.0626 4100 WerSvc - ok
13:55:29.0642 4100 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:55:29.0642 4100 WfpLwf - ok
13:55:29.0657 4100 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:55:29.0657 4100 WIMMount - ok
13:55:29.0673 4100 WinDefend - ok
13:55:29.0673 4100 WinHttpAutoProxySvc - ok
13:55:29.0704 4100 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:55:29.0720 4100 Winmgmt - ok
13:55:29.0782 4100 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
13:55:29.0798 4100 WinRM - ok
13:55:29.0845 4100 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
13:55:29.0845 4100 WinUSB - ok
13:55:29.0876 4100 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
13:55:29.0891 4100 Wlansvc - ok
13:55:29.0907 4100 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:55:29.0907 4100 WmiAcpi - ok
13:55:29.0938 4100 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:55:29.0938 4100 wmiApSrv - ok
13:55:29.0969 4100 WMPNetworkSvc - ok
13:55:29.0969 4100 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:55:29.0969 4100 WPCSvc - ok
13:55:30.0001 4100 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:55:30.0001 4100 WPDBusEnum - ok
13:55:30.0016 4100 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:55:30.0016 4100 ws2ifsl - ok
13:55:30.0047 4100 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
13:55:30.0047 4100 wscsvc - ok
13:55:30.0079 4100 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
13:55:30.0079 4100 WSDPrintDevice - ok
13:55:30.0141 4100 [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
13:55:30.0141 4100 WSDScan - ok
13:55:30.0141 4100 WSearch - ok
13:55:30.0266 4100 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
13:55:30.0281 4100 wuauserv - ok
13:55:30.0313 4100 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:55:30.0313 4100 WudfPf - ok
13:55:30.0344 4100 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:55:30.0344 4100 WUDFRd - ok
13:55:30.0375 4100 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:55:30.0391 4100 wudfsvc - ok
13:55:30.0406 4100 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
13:55:30.0422 4100 WwanSvc - ok
13:55:30.0453 4100 ================ Scan global ===============================
13:55:30.0469 4100 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:55:30.0515 4100 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
13:55:30.0531 4100 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
13:55:30.0562 4100 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:55:30.0578 4100 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:55:30.0593 4100 [Global] - ok
13:55:30.0593 4100 ================ Scan MBR ==================================
13:55:30.0593 4100 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:55:30.0921 4100 \Device\Harddisk0\DR0 - ok
13:55:30.0921 4100 ================ Scan VBR ==================================
13:55:30.0921 4100 [ 0ECEC21B381F46EF1DDD809EDAFAC140 ] \Device\Harddisk0\DR0\Partition1
13:55:30.0921 4100 \Device\Harddisk0\DR0\Partition1 - ok
13:55:30.0952 4100 [ D87996F3D76E505C70A72D4F625A26B5 ] \Device\Harddisk0\DR0\Partition2
13:55:30.0952 4100 \Device\Harddisk0\DR0\Partition2 - ok
13:55:30.0983 4100 [ 6E92F36D1956CC09D22AD0876CA79333 ] \Device\Harddisk0\DR0\Partition3
13:55:30.0983 4100 \Device\Harddisk0\DR0\Partition3 - ok
13:55:30.0983 4100 ============================================================
13:55:30.0983 4100 Scan finished
13:55:30.0983 4100 ============================================================
13:55:30.0999 5496 Detected object count: 0
13:55:30.0999 5496 Actual detected object count: 0
13:55:35.0851 5292 Deinitialize success


Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.17.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
David's HP :: DAVES-6930P [administrator]

1/17/2013 1:58:34 PM
mbam-log-2013-01-17 (13-58-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 237292
Time elapsed: 2 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 17/01/2013 2:09:13 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 01/01/2013 8:36:31 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 28/12/2012 6:44:55 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 21/12/2012 1:43:21 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 31/10/2012 3:08:11 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 23/09/2012 3:28:29 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 11/09/2012 10:23:09 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 02/09/2012 3:23:31 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 27/08/2012 4:39:34 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 19/08/2012 8:32:07 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 10/06/2012 3:24:54 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 28/05/2012 8:10:02 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 25/05/2012 5:17:30 PM
Type: Critical Category: 64
Event: 10111 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device H:\ (location (unknown)) is offline due to a user-mode driver crash. Windows will attempt to restart the device 5 more times. Please contact the device manufacturer for more information about this problem.

Log: 'System' Date/Time: 25/05/2012 5:17:30 PM
Type: Critical Category: 64
Event: 10110 Source: Microsoft-Windows-DriverFrameworks-UserMode
A problem has occurred with one or more user-mode drivers and the hosting process has been terminated. This may temporarily interrupt your ability to access the devices.

Log: 'System' Date/Time: 24/05/2012 6:11:54 PM
Type: Critical Category: 64
Event: 10111 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device H:\ (location (unknown)) is offline due to a user-mode driver crash. Windows will attempt to restart the device 5 more times. Please contact the device manufacturer for more information about this problem.

Log: 'System' Date/Time: 24/05/2012 6:11:54 PM
Type: Critical Category: 64
Event: 10110 Source: Microsoft-Windows-DriverFrameworks-UserMode
A problem has occurred with one or more user-mode drivers and the hosting process has been terminated. This may temporarily interrupt your ability to access the devices.

Log: 'System' Date/Time: 05/04/2012 12:29:46 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 04/04/2012 3:16:37 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 23/03/2012 3:44:47 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 17/01/2013 8:06:18 PM
Type: Error Category: 0
Event: 10003 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll

Log: 'System' Date/Time: 17/01/2013 8:06:03 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 17/01/2013 8:04:42 PM
Type: Error Category: 0
Event: 10003 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll

Log: 'System' Date/Time: 17/01/2013 8:04:42 PM
Type: Error Category: 0
Event: 10003 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll

Log: 'System' Date/Time: 17/01/2013 8:04:38 PM
Type: Error Category: 0
Event: 10003 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll

Log: 'System' Date/Time: 17/01/2013 7:36:48 PM
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Log: 'System' Date/Time: 17/01/2013 7:36:16 PM
Type: Error Category: 0
Event: 1060 Source: Application Popup
\??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Log: 'System' Date/Time: 17/01/2013 7:34:35 PM
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Log: 'System' Date/Time: 17/01/2013 7:11:43 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 17/01/2013 7:10:17 PM
Type: Error Category: 0
Event: 10003 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll

Log: 'System' Date/Time: 17/01/2013 7:10:17 PM
Type: Error Category: 0
Event: 10003 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll

Log: 'System' Date/Time: 17/01/2013 7:10:13 PM
Type: Error Category: 0
Event: 10003 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll

Log: 'System' Date/Time: 17/01/2013 5:01:45 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 17/01/2013 5:00:11 AM
Type: Error Category: 0
Event: 10003 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll

Log: 'System' Date/Time: 17/01/2013 5:00:11 AM
Type: Error Category: 0
Event: 10003 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll

Log: 'System' Date/Time: 17/01/2013 5:00:09 AM
Type: Error Category: 0
Event: 10003 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll

Log: 'System' Date/Time: 17/01/2013 4:24:45 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 17/01/2013 4:22:33 AM
Type: Error Category: 0
Event: 7032 Source: Service Control Manager
The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Audio Endpoint Builder service, but this action failed with the following error: Circular service dependency was specified.

Log: 'System' Date/Time: 17/01/2013 4:22:33 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Plug and Play service failed to start due to the following error: A system shutdown is in progress.

Log: 'System' Date/Time: 17/01/2013 4:22:33 AM
Type: Error Category: 0
Event: 7017 Source: Service Control Manager
Detected circular dependencies demand starting Windows Audio Endpoint Builder. Check the service dependency tree.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 17/01/2013 8:04:42 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 17/01/2013 7:10:17 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 17/01/2013 5:00:11 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 17/01/2013 4:21:55 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.hsd1.il.comcast.net timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 17/01/2013 4:17:48 AM
Type: Warning Category: 2
Event: 57 Source: Ntfs
The system failed to flush data to the transaction log. Corruption may occur.

Log: 'System' Date/Time: 17/01/2013 4:06:28 AM
Type: Warning Category: 2
Event: 57 Source: Ntfs
The system failed to flush data to the transaction log. Corruption may occur.

Log: 'System' Date/Time: 17/01/2013 2:32:26 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.eset.sg timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 17/01/2013 2:13:45 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 17/01/2013 12:01:12 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 16/01/2013 11:53:55 PM
Type: Warning Category: 0
Event: 1002 Source: Microsoft Antimalware
Microsoft Antimalware scan has been stopped before completion. Scan ID: {2B32470A-3FB4-4B18-B351-B0A951CA9D73} Scan Type: Antimalware Scan Parameters: Full Scan User: DAVES-6930P\David's HP

Log: 'System' Date/Time: 16/01/2013 10:17:21 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name 3841095.fls.doubleclick.net timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 16/01/2013 4:40:47 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name teredo.ipv6.microsoft.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 16/01/2013 4:40:42 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.natcazau.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 15/01/2013 6:39:31 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.chainlove.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 15/01/2013 2:35:41 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name cdn.brcdn.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 15/01/2013 1:00:21 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.natcazau.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 15/01/2013 10:53:14 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.hsd1.il.comcast.net timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 15/01/2013 10:43:29 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.bonktown.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 14/01/2013 5:11:07 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.chainlove.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 13/01/2013 5:56:03 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.hsd1.il.comcast.net timed out after none of the configured DNS servers responded.



Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 17/01/2013 2:11:28 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 17/01/2013 8:05:57 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: EvtEng.exe, version: 13.2.0.3, time stamp: 0x4b913eba Faulting module name: KERNELBASE.dll, version: 6.1.7601.17965, time stamp: 0x506dcae6 Exception code: 0xe06d7363 Fault offset: 0x000000000000bccd Faulting process id: 0x9cc Faulting application start time: 0x01cdf4ee0c83292e Faulting application path: C:\Program Files\Intel\WiFi\bin\EvtEng.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll Report Id: 4dcdd269-60e1-11e2-854e-df481fb09c6a

Log: 'Application' Date/Time: 17/01/2013 8:05:57 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: WLANExt.exe, version: 6.1.7600.16385, time stamp: 0x4a5bcc33 Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeb033f Exception code: 0x40000015 Fault offset: 0x000000000002a84e Faulting process id: 0x4c0 Faulting application start time: 0x01cdf4ee06993e00 Faulting application path: C:\Windows\system32\WLANExt.exe Faulting module path: C:\Windows\system32\msvcrt.dll Report Id: 4dcdab59-60e1-11e2-854e-df481fb09c6a

Log: 'Application' Date/Time: 17/01/2013 7:11:36 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: EvtEng.exe, version: 13.2.0.3, time stamp: 0x4b913eba Faulting module name: KERNELBASE.dll, version: 6.1.7601.17965, time stamp: 0x506dcae6 Exception code: 0xe06d7363 Fault offset: 0x000000000000bccd Faulting process id: 0x998 Faulting application start time: 0x01cdf4e6757960d2 Faulting application path: C:\Program Files\Intel\WiFi\bin\EvtEng.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll Report Id: b5f00884-60d9-11e2-857d-ee4f022d5c65

Log: 'Application' Date/Time: 17/01/2013 7:11:36 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: WLANExt.exe, version: 6.1.7600.16385, time stamp: 0x4a5bcc33 Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeb033f Exception code: 0x40000015 Fault offset: 0x000000000002a84e Faulting process id: 0x4e0 Faulting application start time: 0x01cdf4e66db1010c Faulting application path: C:\Windows\system32\WLANExt.exe Faulting module path: C:\Windows\system32\msvcrt.dll Report Id: b5eda724-60d9-11e2-857d-ee4f022d5c65

Log: 'Application' Date/Time: 17/01/2013 3:11:32 PM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "C:\Users\David's HP\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Log: 'Application' Date/Time: 17/01/2013 6:33:49 AM
Type: Error Category: 0
Event: 63 Source: SideBySide
Activation context generation failed for "c:\program files (x86)\mozbackup\dll\DelZip179.dll".Error in manifest or policy file "c:\program files (x86)\mozbackup\dll\DelZip179.dll" on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Log: 'Application' Date/Time: 17/01/2013 6:33:12 AM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Log: 'Application' Date/Time: 17/01/2013 5:01:26 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: EvtEng.exe, version: 13.2.0.3, time stamp: 0x4b913eba Faulting module name: KERNELBASE.dll, version: 6.1.7601.17965, time stamp: 0x506dcae6 Exception code: 0xe06d7363 Fault offset: 0x000000000000bccd Faulting process id: 0x9e8 Faulting application start time: 0x01cdf46faf59d14d Faulting application path: C:\Program Files\Intel\WiFi\bin\EvtEng.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll Report Id: f210ad13-6062-11e2-bd40-80ead0c92068

Log: 'Application' Date/Time: 17/01/2013 5:01:26 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: WLANExt.exe, version: 6.1.7600.16385, time stamp: 0x4a5bcc33 Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeb033f Exception code: 0x40000015 Fault offset: 0x000000000002a84e Faulting process id: 0x514 Faulting application start time: 0x01cdf46faa69af8b Faulting application path: C:\Windows\system32\WLANExt.exe Faulting module path: C:\Windows\system32\msvcrt.dll Report Id: f20988f2-6062-11e2-bd40-80ead0c92068

Log: 'Application' Date/Time: 17/01/2013 4:23:49 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: EvtEng.exe, version: 13.2.0.3, time stamp: 0x4b913eba Faulting module name: KERNELBASE.dll, version: 6.1.7601.17965, time stamp: 0x506dcae6 Exception code: 0xe06d7363 Fault offset: 0x000000000000bccd Faulting process id: 0x9ec Faulting application start time: 0x01cdf46a6c63f2ab Faulting application path: C:\Program Files\Intel\WiFi\bin\EvtEng.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll Report Id: b0b88993-605d-11e2-8ea9-9e82fcfa6462

Log: 'Application' Date/Time: 17/01/2013 4:23:47 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: WLANExt.exe, version: 6.1.7600.16385, time stamp: 0x4a5bcc33 Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeb033f Exception code: 0x40000015 Fault offset: 0x000000000002a84e Faulting process id: 0x4b4 Faulting application start time: 0x01cdf46a63981ce8 Faulting application path: C:\Windows\system32\WLANExt.exe Faulting module path: C:\Windows\system32\msvcrt.dll Report Id: af6b48ed-605d-11e2-8ea9-9e82fcfa6462

Log: 'Application' Date/Time: 17/01/2013 4:21:25 AM
Type: Error Category: 100
Event: 1005 Source: Application Error
Windows cannot access the file C:\Windows\System32\sysmain.dll for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Host Process for Windows Services because of this error. Program: Host Process for Windows Services File: C:\Windows\System32\sysmain.dll The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C0000185 Disk type: 3

Log: 'Application' Date/Time: 17/01/2013 4:21:24 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e Exception code: 0xc0000006 Fault offset: 0x0000000000018f36 Faulting process id: 0x3e4 Faulting application start time: 0x01cdf45865ae9672 Faulting application path: C:\Windows\System32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 5a58d245-605d-11e2-95ad-c743f4537a67

Log: 'Application' Date/Time: 17/01/2013 2:33:25 AM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "C:\Users\David's HP\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Log: 'Application' Date/Time: 17/01/2013 2:33:20 AM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "C:\Users\David's HP\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Log: 'Application' Date/Time: 17/01/2013 2:33:15 AM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "C:\Users\David's HP\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Log: 'Application' Date/Time: 17/01/2013 2:33:14 AM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "C:\Users\David's HP\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Log: 'Application' Date/Time: 17/01/2013 2:31:19 AM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: d64 Start Time: 01cdf45a3c46c6eb Termination Time: 0 Application Path: C:\Users\David's HP\Desktop\OTL.exe Report Id: f8263b05-604d-11e2-95ad-c743f4537a67

Log: 'Application' Date/Time: 17/01/2013 2:27:41 AM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: d50 Start Time: 01cdf458f2ee1a39 Termination Time: 0 Application Path: C:\Users\David's HP\Desktop\OTL.exe Report Id: 75a0b069-604d-11e2-95ad-c743f4537a67

Log: 'Application' Date/Time: 17/01/2013 2:14:55 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: EvtEng.exe, version: 13.2.0.3, time stamp: 0x4b913eba Faulting module name: KERNELBASE.dll, version: 6.1.7601.17965, time stamp: 0x506dcae6 Exception code: 0xe06d7363 Fault offset: 0x000000000000bccd Faulting process id: 0x9d8 Faulting application start time: 0x01cdf4586ed4e07f Faulting application path: C:\Program Files\Intel\WiFi\bin\EvtEng.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll Report Id: aeeeb287-604b-11e2-95ad-c743f4537a67

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 17/01/2013 7:10:13 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 5 user registry handles leaked from \Registry\User\S-1-5-21-1916152551-4166504153-3791849091-1001:
Process 544 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1916152551-4166504153-3791849091-1001
Process 544 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1916152551-4166504153-3791849091-1001
Process 544 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1916152551-4166504153-3791849091-1001\Software\Microsoft\SystemCertificates\My
Process 544 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1916152551-4166504153-3791849091-1001\Software\Microsoft\SystemCertificates\CA
Process 544 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1916152551-4166504153-3791849091-1001\Software\Microsoft\SystemCertificates\Disallowed


Log: 'Application' Date/Time: 17/01/2013 4:22:22 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 5 user registry handles leaked from \Registry\User\S-1-5-21-1916152551-4166504153-3791849091-1001:
Process 540 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1916152551-4166504153-3791849091-1001
Process 540 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1916152551-4166504153-3791849091-1001
Process 540 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1916152551-4166504153-3791849091-1001\Software\Microsoft\SystemCertificates\My
Process 540 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1916152551-4166504153-3791849091-1001\Software\Microsoft\SystemCertificates\CA
Process 540 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1916152551-4166504153-3791849091-1001\Software\Microsoft\SystemCertificates\Disallowed


Log: 'Application' Date/Time: 13/01/2013 4:41:18 AM
Type: Warning Category: 0
Event: 1 Source: LMS
LMS Service cannot connect to Intel® MEI driver

Log: 'Application' Date/Time: 12/01/2013 11:20:41 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 5 user registry handles leaked from \Registry\User\S-1-5-21-1916152551-4166504153-3791849091-1001:
Process 584 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1916152551-4166504153-3791849091-1001
Process 584 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1916152551-4166504153-3791849091-1001
Process 584 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1916152551-4166504153-3791849091-1001\Software\Microsoft\SystemCertificates\My
Process 584 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1916152551-4166504153-3791849091-1001\Software\Microsoft\SystemCertificates\CA
Process 584 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1916152551-4166504153-3791849091-1001\Software\Microsoft\SystemCertificates\Disallowed


Log: 'Application' Date/Time: 11/01/2013 6:04:54 PM
Type: Warning Category: 0
Event: 1 Source: LMS
LMS Service cannot connect to Intel® MEI driver

Log: 'Application' Date/Time: 10/01/2013 10:59:22 PM
Type: Warning Category: 0
Event: 1021 Source: .NET Runtime
.NET Runtime version 2.0.50727.5466 - Executable "C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe" AppDomain "DefaultDomain" deleted obsolete native image "C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll"

Log: 'Application' Date/Time: 10/01/2013 10:54:28 PM
Type: Warning Category: 0
Event: 1021 Source: .NET Runtime
.NET Runtime version 2.0.50727.5466 - Executable "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe" AppDomain "DefaultDomain" deleted obsolete native image "C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\74a5f0c2bc0d0e6e3c4ec4886b9be891\mscorlib.ni.dll"

Log: 'Application' Date/Time: 10/01/2013 9:17:59 PM
Type: Warning Category: 1
Event: 1020 Source: ASP.NET 4.0.30319.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Log: 'Application' Date/Time: 10/01/2013 9:17:51 PM
Type: Warning Category: 1
Event: 1020 Source: ASP.NET 4.0.30319.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Log: 'Application' Date/Time: 10/01/2013 9:08:11 PM
Type: Warning Category: 1
Event: 1020 Source: ASP.NET 4.0.30319.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Log: 'Application' Date/Time: 10/01/2013 9:08:02 PM
Type: Warning Category: 1
Event: 1020 Source: ASP.NET 4.0.30319.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Log: 'Application' Date/Time: 03/01/2013 11:37:18 PM
Type: Warning Category: 0
Event: 1 Source: LMS
LMS Service cannot connect to Intel® MEI driver

Log: 'Application' Date/Time: 01/01/2013 10:31:58 PM
Type: Warning Category: 0
Event: 1 Source: LMS
LMS Service cannot connect to Intel® MEI driver

Log: 'Application' Date/Time: 29/12/2012 1:21:26 AM
Type: Warning Category: 0
Event: 1 Source: LMS
LMS Service cannot connect to Intel® MEI driver

Log: 'Application' Date/Time: 22/12/2012 11:14:28 PM
Type: Warning Category: 0
Event: 1 Source: LMS
LMS Service cannot connect to Intel® MEI driver

Log: 'Application' Date/Time: 19/12/2012 5:19:10 PM
Type: Warning Category: 0
Event: 1 Source: LMS
LMS Service cannot connect to Intel® MEI driver

Log: 'Application' Date/Time: 14/12/2012 2:42:21 PM
Type: Warning Category: 0
Event: 1 Source: LMS
LMS Service cannot connect to Intel® MEI driver

Log: 'Application' Date/Time: 13/12/2012 9:12:57 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-1916152551-4166504153-3791849091-1001}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
(HRESULT : 0x80004005) (0x80004005)


Log: 'Application' Date/Time: 03/12/2012 4:27:20 PM
Type: Warning Category: 7
Event: 508 Source: ESENT
wuaueng.dll (112) SUS20ClientDataStore: A request to write to the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 10256384 (0x00000000009c8000) for 32768 (0x00008000) bytes succeeded, but took an abnormally long time (70303 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 17/11/2012 8:31:14 PM
Type: Warning Category: 0
Event: 1 Source: LMS
LMS Service cannot connect to Intel® MEI driver


ComboFix 13-01-17.03 - David's HP 01/17/2013 13:30:22.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3932.2342 [GMT -6:00]
Running from: c:\users\David's HP\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\458057107
c:\windows\iun6002.exe
c:\windows\SysWow64\setup.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-12-17 to 2013-01-17 )))))))))))))))))))))))))))))))
.
.
2013-01-17 19:36 . 2013-01-17 19:36 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-01-17 19:36 . 2013-01-17 19:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-14 18:35 . 2013-01-14 18:36 -------- d-----w- c:\program files (x86)\HRBlock2012
2013-01-14 17:07 . 2013-01-14 17:07 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-01-13 15:27 . 2013-01-13 15:27 -------- d-----w- c:\users\David's HP\AppData\Roaming\Bullzip
2013-01-13 15:26 . 2009-07-14 01:41 99840 ----a-w- c:\windows\system32\Spool\prtprocs\x64\LXKPTPRC.DLL
2013-01-13 15:26 . 2013-01-13 15:26 -------- d-----w- c:\users\David's HP\AppData\Local\Programs
2013-01-13 15:25 . 2013-01-17 04:57 -------- d-----w- c:\users\David's HP\AppData\Local\Coupon Companion Plugin
2013-01-10 21:52 . 2013-01-10 22:14 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2013-01-10 21:01 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-10 21:01 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-10 21:01 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-01-10 21:01 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
2013-01-10 21:01 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2013-01-10 21:01 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-01-10 21:01 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-01-10 21:01 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-10 21:01 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-10 21:00 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2013-01-03 21:51 . 2013-01-03 21:51 -------- d-----w- c:\users\Guest\AppData\Roaming\Foxit Software
2013-01-03 21:45 . 2013-01-03 21:45 -------- d-----w- c:\users\Guest\AppData\Roaming\Intel
2012-12-22 16:05 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 16:05 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-22 16:05 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 16:05 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-12 23:24 . 2012-05-11 21:35 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-12 23:23 . 2011-05-21 14:32 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-10 21:08 . 2011-03-18 17:58 67599240 ----a-w- c:\windows\system32\MRT.exe
2012-12-14 22:49 . 2011-03-18 23:14 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-30 00:24 . 2012-11-30 00:25 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{418F8CA5-9456-47CD-8EF4-2907E3577D00}\gapaengine.dll
2012-11-14 07:06 . 2012-12-13 20:57 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-13 20:57 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-13 20:57 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-13 20:58 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-13 20:57 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-13 20:58 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-13 20:58 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-13 20:57 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-13 20:57 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-13 20:57 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-13 20:58 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-13 20:57 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-13 20:57 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-13 20:58 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-13 20:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-13 20:58 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-13 20:57 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-13 20:58 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 20:57 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-13 20:58 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 20:58 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-13 20:58 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-13 20:55 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-13 20:55 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-02 05:59 . 2012-12-13 20:54 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-13 20:54 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-10-23 22:56 . 2012-11-30 00:25 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-10-23 10:17 . 2011-03-18 19:01 285328 ----a-w- c:\windows\system32\aswBoot.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\David's HP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\David's HP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\David's HP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 287800]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"AmazonGSDownloaderTray"="c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
c:\users\David's HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2011-3-18 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2012-09-29 75928]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [2010-04-07 290008]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys [2007-03-07 17920]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-18 1255736]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-23 311144]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464]
S0 MDFSYSNT;MacDrive file system driver; [x]
S0 MDPMGRNT;MacDrive Partition Driver;c:\windows\system32\DRIVERS\MDPMGRNT.SYS [2010-05-05 32352]
S1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [2010-01-13 70344]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-08-10 197536]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 M4LIC;Mediafour M4LIC service;c:\program files (x86)\Common Files\Mediafour\M4LIC.EXE [2009-07-29 205312]
S2 MacDrive8Service;MacDrive 8 service;c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-05-04 218112]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2009-07-15 2058776]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-06-23 56344]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2011-03-18 7680512]
S3 rismcx64;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismcx64.sys [2006-12-20 79872]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-12 11:03 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-21 11:42]
.
2013-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-21 11:42]
.
2013-01-03 c:\windows\Tasks\HPCeeScheduleForDavid's HP.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 04:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\David's HP\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\David's HP\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\David's HP\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\David's HP\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MacDrive 8 application"="c:\program files\Mediafour\MacDrive 8\MacDrive.exe" [2010-05-25 343040]
"Getting started with MacDrive 8"="c:\program files\Mediafour\MacDrive 8\MDGetStarted.exe" [2010-05-25 192512]
"picon"="c:\program files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-07-15 358936]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-21 162584]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-21 386840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-21 417560]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-10-12 1464984]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-10-12 2075288]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\David's HP\AppData\Roaming\Mozilla\Firefox\Profiles\q52m1tjn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - ExtSQL: 2013-01-13 09:25; [email protected]; c:\users\David's HP\AppData\Roaming\Mozilla\Firefox\Profiles\q52m1tjn.default\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
BHO-{300BEC06-B743-4D19-86B9-11DC711D7FFB} - (no file)
ShellIconOverlayIdentifiers-MacDrive volume icons - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-SUUVCOMM&10C4&80F6 - c:\program files (x86)\Suunto\SuuntoUSB\DriverUninstaller.exe VCP CP210x Cardinal\SUUVCOMM&10C4&80F6
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-17 13:39:06
ComboFix-quarantined-files.txt 2013-01-17 19:39
.
Pre-Run: 105,030,922,240 bytes free
Post-Run: 104,510,554,112 bytes free
.
- - End Of File - - CD6C7FB18948382731560125478F7B79
  • 0

#12
ImJustsayin
Posted 17 January 2013 - 02:51 PM

ImJustsayin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 281 posts

I don't like to see an installer running at every boot. Could you uninstall this Moves thing for now and reinstall it later?


It is uninstalled, It is called Moveslink. I can see the confusion with the similarity of the name
  • 0

#13
ImJustsayin
Posted 17 January 2013 - 03:02 PM

ImJustsayin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 281 posts
jpeg attatched

OTL is still running, is this normal?

Attached Thumbnails

  • yahoomess.jpg

Edited by ImJustsayin, 17 January 2013 - 03:03 PM.

  • 0

#14
RKinner
Posted 17 January 2013 - 03:19 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Uninstall MozBackup. It's got a bug in it and isn't working.

Your Intel Wireless program is also acting up. Go to your PC maker's website and look for wireless driver downloads and see if there is a newer version available.

You have a file on your desktop called: esetsmartinstaller_enu.exe I would delete it as it is not working.

Go to:
http://downloadcente...g&DwnldID=18532 and Download then Accept and Save the file. Right click on it and Run As Admin.

Can you do a search for svchost.exe_SysMain ? If you find it right click on it and select Properties and see if you can tell me who makes it?

Also do a search for sysmain.dll If you find it give me the full path.
  • 0

#15
ImJustsayin
Posted 17 January 2013 - 03:27 PM

ImJustsayin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 281 posts
Message said computer does not meet minimum requirements for installinh software ( Intel ME)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP