Jump to content

fyzhix

Members
 View Profile  See their activity

  • Posts

    10

  • Joined

  • Last visited

 Content Type 

Everything posted by fyzhix

  1. fyzhix

    Thanks for your help with the removal of a rootkit I had installed in my system. I came to the forums as a last resort since I assumed I would have to format and restore and you saved me countless hours of installing and restoring backups. Greatly appreciated!!

  2. fyzhix
    Here's the report: Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.13.11 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Jon :: FYZHIX [administrator] 13/07/2012 8:07:48 PM mbam-log-2012-07-13 (20-07-48).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 212973 Time elapsed: 5 minute(s), 4 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) The system appears to be running great now - PrevX didn't pick anything up on boot either.
  3. fyzhix
    Here's ComboFix.txt: ComboFix 12-07-13.03 - Jon 13/07/2012 19:10:47.1.8 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.8181.6213 [GMT -4:00] Running from: c:\users\Jon\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Jon\Documents\~WRL0003.tmp c:\users\Jon\Documents\~WRL0233.tmp c:\users\Jon\Documents\~WRL3545.tmp . Infected copy of c:\windows\SysWow64\kernel32.dll was found and disinfected Restored copy from - c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_fc7f5397ba9be6d3\kernel32.dll . . ((((((((((((((((((((((((( Files Created from 2012-06-13 to 2012-07-13 ))))))))))))))))))))))))))))))) . . 2012-07-13 23:21 . 2012-07-13 23:21 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-13 22:36 . 2012-07-13 22:36 -------- d-----w- C:\FRST 2012-07-13 20:44 . 2012-07-13 20:44 -------- d-----w- c:\users\Jon\.jenny 2012-07-11 06:55 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 05:38 . 2012-07-11 05:38 -------- d-----w- c:\program files (x86)\DeepSkyStacker 2012-07-10 23:46 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-07-10 23:46 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-07-10 23:46 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-07-10 23:46 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-07-10 23:46 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-07-10 23:46 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-07-07 11:45 . 2012-07-07 11:45 -------- d-----w- c:\users\Jon\AppData\Roaming\Stellarium 2012-07-07 11:45 . 2012-07-07 11:45 -------- d-----w- c:\program files (x86)\Stellarium 2012-07-05 22:55 . 2012-07-05 22:55 -------- d-----w- c:\program files (x86)\Oracle 2012-07-04 23:32 . 2012-07-04 23:32 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-07-04 04:29 . 2012-02-10 14:21 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6416C25-A024-45AA-9B44-12E1C603B8EE}\gapaengine.dll 2012-07-04 04:29 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6A6CAAFD-F45B-4F7B-BC03-6F77D703EAB3}\mpengine.dll 2012-07-03 04:22 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-06-25 10:31 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-25 10:31 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-25 10:31 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-25 10:31 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-25 10:31 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-25 10:31 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-25 10:31 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-25 10:30 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-25 10:30 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-20 02:09 . 2012-06-20 02:09 -------- d-----w- c:\program files (x86)\RegiStax 5_1 2012-06-15 07:07 . 2012-06-15 07:08 -------- d-----w- c:\users\Jon\Logitech 2012-06-15 07:07 . 2012-06-15 07:07 -------- d-----w- c:\program files (x86)\Common Files\Remote Control Software Common 2012-06-15 07:06 . 2012-06-15 07:06 -------- d-----w- c:\program files (x86)\Logitech 2012-06-15 07:06 . 2012-06-15 07:06 -------- d-----w- c:\program files (x86)\Common Files\Remote Control USB Driver 2012-06-15 07:05 . 2006-02-07 19:44 65024 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe 2012-06-15 07:05 . 2006-02-07 19:45 757760 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll 2012-06-15 07:05 . 2006-02-07 19:40 204800 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll 2012-06-15 07:05 . 2006-02-07 19:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll 2012-06-15 07:05 . 2006-02-07 19:40 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll 2012-06-15 07:05 . 2005-11-14 03:19 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe 2012-06-15 07:05 . 2012-06-15 07:05 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll 2012-06-15 07:05 . 2012-06-15 07:05 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll 2012-06-14 18:16 . 2012-06-14 18:16 -------- d-----w- c:\users\Jon\AppData\Local\Macromedia . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-12 03:48 . 2012-04-09 20:55 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-12 03:48 . 2011-05-22 23:01 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-03 17:46 . 2010-09-09 03:21 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-02 00:57 . 2012-06-02 00:57 101680 ----a-w- c:\windows\system32\stkMonitor.dll 2012-05-04 23:29 . 2012-05-16 17:31 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-05-04 23:29 . 2010-06-05 14:42 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-05-04 11:06 . 2012-06-13 20:51 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 10:03 . 2012-06-13 20:51 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03 . 2012-06-13 20:51 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-04-28 03:55 . 2012-06-13 20:51 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-26 05:41 . 2012-06-13 20:52 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-26 05:41 . 2012-06-13 20:52 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-26 05:34 . 2012-06-13 20:52 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696] "Steam"="c:\program files (x86)\Steam\steam.exe" [2011-12-24 1242448] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-10 343168] "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160] "DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168] "ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2010-02-11 165184] . c:\users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x] R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-24 113120] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-09-21 315664] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-05 1255736] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280] S0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [2012-04-11 36384] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-08 834544] S1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2012-04-11 65736] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/05/27 12:31];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-12-29 21:35 146928] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-02 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-10 204288] S2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2012-04-11 6746280] S2 HDRExpressService;HDRExpressService;c:\program files\UCT\HDR Express\HDRExpressService.exe [2012-04-04 32400] S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe [2012-03-29 66560] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-02-11 660800] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [2009-09-17 23912] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-11-10 10567680] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-11-10 325632] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704] S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960] S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [2009-11-13 74272] S3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2012-04-11 24024] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040] . . Contents of the 'Scheduled Tasks' folder . 2012-07-13 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 03:48] . 2012-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-13878151-3475214259-3496771340-1001Core.job - c:\users\Jon\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-05 04:50] . 2012-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-13878151-3475214259-3496771340-1001UA.job - c:\users\Jon\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-05 04:50] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-20 487424] "QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-21 1926928] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = https://my.olg.ca/dana-na/auth/url_default/welcome.cgi uDefault_Search_URL = hxxp://www.google.com/ie mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.0.1 DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://my.olg.ca/,DanaInfo=OLGCTOR03.ent.ad.mre,ST=1+/dwa85W.cab FF - ProfilePath - c:\users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\gk0r17dz.default\ . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-AdobeBridge - (no file) SafeBoot-mcmscsvc SafeBoot-MCODS SafeBoot-MsMpSvc Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-{C73A3942-84C8-4597-9F9B-EE227DCBA758} - c:\programdata\{D19C2D22-6043-47E7-B400-83A351841204}\delldock.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}] "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dd,31,4e,36,ea,f6,14,41,aa,dd,9f,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dd,31,4e,36,ea,f6,14,41,aa,dd,9f,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\system32\DRIVERS\o2flash.exe c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe . ************************************************************************** . Completion time: 2012-07-13 19:28:56 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-13 23:28 . Pre-Run: 123,919,413,248 bytes free Post-Run: 124,083,171,328 bytes free . - - End Of File - - 62A16DCE39662319E71BB647906A67B1
  4. fyzhix
    Here is fixlog.txt : Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 11-07-2012 Ran by SYSTEM at 2012-07-13 18:51:37 Run:1 Running from F:\ ============================================== C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb} moved successfully. C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\@ not found. C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\L not found. C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U not found. C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\L\00000004.@ not found. C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\L\1afb2d56 not found. C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\L\201d3dde not found. C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U\00000004.@ not found. C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U\00000008.@ not found. C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U\000000cb.@ not found. C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U\80000000.@ not found. C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U\80000064.@ not found. C:\Users\Jon\AppData\Local\{e606ccdd-5c40-8e0d-5bae-d4e785712afb} moved successfully. C:\Users\Jon\AppData\Local\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\@ not found. C:\Users\Jon\AppData\Local\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\L not found. C:\Users\Jon\AppData\Local\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U not found. C:\Windows\assembly\GAC_32\Desktop.ini moved successfully. C:\Windows\assembly\GAC_64\Desktop.ini moved successfully. C:\Windows\System32\services.exe moved successfully. C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe ==== End of Fixlog ==== Thanks for all of your help so far! Greatly appreciated.
  5. fyzhix
    Here's search.txt: Farbar Recovery Scan Tool Version: 11-07-2012 Ran by SYSTEM at 2012-07-13 18:15:08 Running from F:\ ================== Search: "services.exe" =================== C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe [2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06 ====== End Of Search ======
  6. fyzhix
    I read the disclaimer and agree. Here's the log: Scan result of Farbar Recovery Scan Tool Version: 11-07-2012 Ran by SYSTEM at 13-07-2012 17:36:31 Running from F:\ Windows 7 Professional (X64) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1882920 2009-10-29] (Synaptics Incorporated) HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-20] (IDT, Inc.) HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.) HKLM\...\Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1926928 2009-09-21] (Intel® Corporation) HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-30] (Adobe Systems Incorporated) HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation) HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-11-09] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-12-29] (CyberLink Corp.) HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd) HKLM-x32\...\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-10-15] () HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.) HKLM-x32\...\Run: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [1159168 2009-05-26] (Brother Industries, Ltd.) HKLM-x32\...\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.) HKLM-x32\...\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2012-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [815512 2012-04-04] (Adobe Systems Inc.) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.) HKU\Jon\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3872080 2010-04-16] (Microsoft Corporation) HKU\Jon\...\Run: [Google Update] "C:\Users\Jon\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-06-04] (Google Inc.) HKU\Jon\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [357696 2010-04-01] (DT Soft Ltd) HKU\Jon\...\Run: [AdobeBridge] [x] HKU\Jon\...\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2011-12-24] (Valve Corporation) HKLM\...\RunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe" [161736 2010-02-11] () HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165184 2010-02-11] (Softthinks) Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X] Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File) Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File) Startup: C:\Users\Jon\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File) ==================== Services (Whitelisted) ====== 2 CSIScanner; "C:\Program Files\Prevx\prevx.exe" /service [6746280 2012-04-10] (Prevx) 2 HDRExpressService; C:\Program Files\UCT\HDR Express\HDRExpressService.exe [32400 2012-04-04] () 3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [315664 2009-09-21] () 3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation) 2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2012-03-28] (Nalpeiron Ltd.) 2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe [244736 2010-01-20] (IDT, Inc.) 2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [x] ========================== Drivers (Whitelisted) ============= 3 pxkbf; C:\Windows\System32\Drivers\pxkbf.sys [24024 2012-04-10] (Prevx) 1 pxrts; C:\Windows\System32\Drivers\pxrts.sys [65736 2012-04-10] (Prevx) 0 pxscan; C:\Windows\System32\Drivers\pxscan.sys [36384 2012-04-10] (Prevx) 0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-10-07] (Duplex Secure Ltd.) 2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13784 2009-11-02] () 2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}; \??\C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [146928 2009-12-29] (CyberLink Corp.) 3 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [x] 0 vmci; C:\Windows\System32\DRIVERS\vmci.sys [x] 3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-07-13 15:44 - 2012-07-13 15:44 - 00002604 ____A C:\Users\Jon\Desktop\RKreport[1].txt 2012-07-13 15:44 - 2012-07-13 15:44 - 00000000 ____D C:\Users\Jon\Desktop\RK_Quarantine 2012-07-13 15:44 - 2012-07-13 15:44 - 00000000 ____D C:\Users\Jon\.jenny 2012-07-13 15:43 - 2012-07-13 15:43 - 01558528 ____A C:\Users\Jon\Downloads\RogueKiller.exe 2012-07-13 14:30 - 2012-07-13 14:30 - 00055028 ____A C:\Users\Jon\Desktop\Extras.Txt 2012-07-13 14:26 - 2012-07-13 14:26 - 00119472 ____A C:\Users\Jon\Desktop\OTL.Txt 2012-07-13 14:26 - 2012-07-13 14:26 - 00055028 ____A C:\Users\Jon\Downloads\Extras.Txt 2012-07-13 14:25 - 2012-07-13 14:25 - 00119472 ____A C:\Users\Jon\Downloads\OTL.Txt 2012-07-13 14:15 - 2012-07-13 14:15 - 00596480 ____A (OldTimer Tools) C:\Users\Jon\Downloads\OTL.exe 2012-07-13 14:13 - 2012-07-13 14:13 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Jon\Downloads\tdsskiller.exe 2012-07-12 18:56 - 2012-07-12 18:56 - 00000000 ____D C:\Users\Jon\Desktop\Untitled Export 2012-07-12 18:02 - 2012-07-12 18:02 - 00000000 ____D C:\Users\Jon\My Documents\Adobe 2012-07-12 18:02 - 2012-07-12 18:02 - 00000000 ____D C:\Users\Jon\Documents\Adobe 2012-07-12 18:00 - 2012-07-13 11:42 - 00002928 ____A C:\Users\Jon\My Documents\PerfectEffectsConduit.log 2012-07-12 18:00 - 2012-07-13 11:42 - 00002928 ____A C:\Users\Jon\Documents\PerfectEffectsConduit.log 2012-07-12 18:00 - 2012-07-13 11:42 - 00002348 ____A C:\Users\Jon\My Documents\PerfectPortraitConduit.log 2012-07-12 18:00 - 2012-07-13 11:42 - 00002348 ____A C:\Users\Jon\Documents\PerfectPortraitConduit.log 2012-07-12 18:00 - 2012-07-13 11:42 - 00002332 ____A C:\Users\Jon\My Documents\PerfectLayersConduit.log 2012-07-12 18:00 - 2012-07-13 11:42 - 00002332 ____A C:\Users\Jon\Documents\PerfectLayersConduit.log 2012-07-12 18:00 - 2012-07-13 11:42 - 00001120 ____A C:\Users\Jon\My Documents\PhotoFrameConduit.log 2012-07-12 18:00 - 2012-07-13 11:42 - 00001120 ____A C:\Users\Jon\Documents\PhotoFrameConduit.log 2012-07-12 18:00 - 2012-07-13 11:42 - 00001112 ____A C:\Users\Jon\My Documents\GenuineFractalsConduit.log 2012-07-12 18:00 - 2012-07-13 11:42 - 00001112 ____A C:\Users\Jon\Documents\GenuineFractalsConduit.log 2012-07-12 18:00 - 2012-07-13 11:42 - 00001108 ____A C:\Users\Jon\My Documents\PhotoTuneConduit.log 2012-07-12 18:00 - 2012-07-13 11:42 - 00001108 ____A C:\Users\Jon\Documents\PhotoTuneConduit.log 2012-07-12 18:00 - 2012-07-13 11:42 - 00001088 ____A C:\Users\Jon\My Documents\PhotoToolsConduit.log 2012-07-12 18:00 - 2012-07-13 11:42 - 00001088 ____A C:\Users\Jon\My Documents\FocalPointConduit.log 2012-07-12 18:00 - 2012-07-13 11:42 - 00001088 ____A C:\Users\Jon\Documents\PhotoToolsConduit.log 2012-07-12 18:00 - 2012-07-13 11:42 - 00001088 ____A C:\Users\Jon\Documents\FocalPointConduit.log 2012-07-12 17:58 - 2012-07-12 17:58 - 00002069 ____A C:\Users\Public\Desktop\Lightroom 4.1 64-bit.lnk 2012-07-12 17:58 - 2012-07-12 17:58 - 00002069 ____A C:\Users\All Users\Desktop\Lightroom 4.1 64-bit.lnk 2012-07-12 17:51 - 2012-07-12 17:51 - 00000000 ____D C:\Users\Jon\Desktop\Adobe 2012-07-12 17:44 - 2012-07-12 17:51 - 765299656 ____A (Adobe Systems Incorporated) C:\Users\Jon\Downloads\Lightroom_4_LS11.exe 2012-07-12 14:30 - 2012-07-12 14:30 - 00112797 ____A C:\Users\Jon\Downloads\GradientXTerminatorWin.zip 2012-07-12 14:30 - 2012-07-12 14:30 - 00000000 ____D C:\Users\Jon\Downloads\GradientXTerminatorWin 2012-07-11 01:55 - 2012-06-11 22:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-07-11 01:50 - 2012-06-02 07:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-07-11 01:50 - 2012-06-02 07:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-07-11 01:50 - 2012-06-02 07:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-07-11 01:50 - 2012-06-02 07:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-07-11 01:50 - 2012-06-02 07:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-07-11 01:50 - 2012-06-02 07:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-07-11 01:50 - 2012-06-02 07:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-07-11 01:50 - 2012-06-02 07:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-07-11 01:50 - 2012-06-02 07:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-07-11 01:50 - 2012-06-02 07:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-07-11 01:50 - 2012-06-02 06:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-07-11 01:50 - 2012-06-02 06:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-07-11 01:50 - 2012-06-02 06:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-07-11 01:50 - 2012-06-02 06:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-07-11 01:50 - 2012-06-02 04:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-07-11 01:50 - 2012-06-02 03:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-07-11 01:50 - 2012-06-02 03:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-07-11 01:50 - 2012-06-02 03:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-07-11 01:50 - 2012-06-02 03:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-07-11 01:50 - 2012-06-02 03:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-07-11 01:50 - 2012-06-02 03:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-07-11 01:50 - 2012-06-02 03:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-07-11 01:50 - 2012-06-02 03:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-07-11 01:50 - 2012-06-02 03:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-07-11 01:50 - 2012-06-02 03:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-07-11 01:50 - 2012-06-02 03:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-07-11 01:50 - 2012-06-02 03:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-07-11 01:50 - 2012-06-02 03:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-07-11 00:38 - 2012-07-11 00:38 - 00002591 ____A C:\Users\Public\Desktop\DeepSkyStacker.lnk 2012-07-11 00:38 - 2012-07-11 00:38 - 00002591 ____A C:\Users\All Users\Desktop\DeepSkyStacker.lnk 2012-07-11 00:38 - 2012-07-11 00:38 - 00000000 ____D C:\Program Files (x86)\DeepSkyStacker 2012-07-11 00:37 - 2012-07-11 00:37 - 00000000 ____D C:\Users\Jon\Downloads\DeepSkyStacker 2012-07-10 18:47 - 2012-06-09 00:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-07-10 18:47 - 2012-06-08 23:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-07-10 18:47 - 2012-06-06 01:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-07-10 18:47 - 2012-06-06 01:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-07-10 18:47 - 2012-06-06 00:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-07-10 18:47 - 2012-06-06 00:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-07-10 18:47 - 2012-06-02 00:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-07-10 18:47 - 2012-06-02 00:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-07-10 18:47 - 2012-06-02 00:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-07-10 18:47 - 2012-06-02 00:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-07-10 18:47 - 2012-06-02 00:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-07-10 18:47 - 2012-06-01 23:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-07-10 18:47 - 2012-06-01 23:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-07-10 18:47 - 2012-06-01 23:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-07-10 18:47 - 2012-06-01 23:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-07-10 18:47 - 2010-06-25 22:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll 2012-07-10 18:47 - 2010-06-25 22:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2012-07-10 18:46 - 2012-04-24 00:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2012-07-10 18:46 - 2012-04-24 00:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2012-07-10 18:46 - 2012-04-24 00:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2012-07-10 18:46 - 2012-04-23 23:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2012-07-10 18:46 - 2012-04-23 23:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2012-07-10 18:46 - 2012-04-23 23:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2012-07-10 18:44 - 2012-06-06 01:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-07-10 18:44 - 2012-06-06 00:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-07-09 07:13 - 2012-07-09 07:14 - 05120402 ____A C:\Users\Jon\Downloads\FL_30_Win.exe 2012-07-07 07:33 - 2012-07-07 07:33 - 00000000 ____D C:\Users\Jon\My Documents\Astronomy Tools 2012-07-07 07:33 - 2012-07-07 07:33 - 00000000 ____D C:\Users\Jon\Documents\Astronomy Tools 2012-07-07 07:33 - 2012-07-07 07:33 - 00000000 ____D C:\Users\Jon\Desktop\New Folder 2012-07-07 06:45 - 2012-07-07 06:45 - 00001929 ____A C:\Users\Public\Desktop\Stellarium.lnk 2012-07-07 06:45 - 2012-07-07 06:45 - 00001929 ____A C:\Users\All Users\Desktop\Stellarium.lnk 2012-07-07 06:45 - 2012-07-07 06:45 - 00000000 ____D C:\Users\Jon\Application Data\Stellarium 2012-07-07 06:45 - 2012-07-07 06:45 - 00000000 ____D C:\Users\Jon\AppData\Roaming\Stellarium 2012-07-07 06:45 - 2012-07-07 06:45 - 00000000 ____D C:\Program Files (x86)\Stellarium 2012-07-07 06:42 - 2012-07-07 06:45 - 59408090 ____A ( ) C:\Users\Jon\Downloads\stellarium-0.11.3-win32.exe 2012-07-05 17:55 - 2012-07-05 17:55 - 00000000 ____D C:\Program Files (x86)\Oracle 2012-07-05 17:53 - 2012-05-04 18:29 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2012-07-05 17:52 - 2012-05-15 18:06 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2012-07-05 17:52 - 2012-05-15 18:06 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2012-07-05 17:49 - 2012-07-05 17:52 - 00002954 ____A C:\Windows\SysWOW64\jupdate-1.7.0_05-b05.log 2012-07-04 18:32 - 2012-07-04 18:32 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA% 2012-06-25 21:19 - 2012-06-25 21:19 - 00008883 ____A C:\Users\Jon\My Documents\blood pressure.xlsx 2012-06-25 21:19 - 2012-06-25 21:19 - 00008883 ____A C:\Users\Jon\Documents\blood pressure.xlsx 2012-06-25 05:31 - 2012-06-02 17:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-25 05:31 - 2012-06-02 17:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-25 05:31 - 2012-06-02 17:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-25 05:31 - 2012-06-02 17:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-25 05:31 - 2012-06-02 17:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-25 05:31 - 2012-06-02 17:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-25 05:31 - 2012-06-02 17:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-25 05:30 - 2012-06-02 14:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-25 05:30 - 2012-06-02 14:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-23 17:55 - 2012-06-23 18:17 - 1086629167 ____A C:\Users\Jon\Downloads\2012-06-Marketplace-Bundle.zip 2012-06-22 21:33 - 2012-06-22 21:33 - 00024136 ____A C:\Users\Jon\My Documents\ReadMe-Astronomy.txt 2012-06-22 21:33 - 2012-06-22 21:33 - 00024136 ____A C:\Users\Jon\Documents\ReadMe-Astronomy.txt 2012-06-22 21:32 - 2012-06-22 21:32 - 00047636 ____A C:\Users\Jon\Downloads\Astronomy_Tools_v1_6.zip 2012-06-20 18:10 - 2012-07-04 16:19 - 00000000 ____D C:\Users\Jon\My Documents\Pay stubs 2012-06-20 18:10 - 2012-07-04 16:19 - 00000000 ____D C:\Users\Jon\Documents\Pay stubs 2012-06-19 21:16 - 2012-06-19 21:17 - 10754751 ____A C:\Users\Jon\Downloads\DeepSkyStacker.zip 2012-06-19 21:09 - 2012-06-19 21:09 - 00001077 ____A C:\Users\Jon\Desktop\RegiStax 5.1 .lnk 2012-06-19 21:09 - 2012-06-19 21:09 - 00000000 ____D C:\Program Files (x86)\RegiStax 5_1 2012-06-19 21:08 - 2012-06-19 21:08 - 01847685 ____A () C:\Users\Jon\Downloads\setupregistax5_1.exe 2012-06-19 12:38 - 2012-06-19 12:40 - 16561880 ____A (UCT) C:\Users\Jon\Downloads\HDRExpressSetup_x64.exe 2012-06-15 02:07 - 2012-06-15 02:08 - 00000000 ____D C:\Users\Jon\Logitech 2012-06-15 02:07 - 2012-06-15 02:07 - 00002359 ____A C:\Users\Public\Desktop\Logitech Harmony Remote Software 7.lnk 2012-06-15 02:07 - 2012-06-15 02:07 - 00002359 ____A C:\Users\All Users\Desktop\Logitech Harmony Remote Software 7.lnk 2012-06-15 02:06 - 2012-06-15 02:06 - 00000000 ____D C:\Program Files (x86)\Logitech 2012-06-15 02:02 - 2012-06-15 02:05 - 48357912 ____A (Logitech Inc.) C:\Users\Jon\Downloads\LogitechHarmonyRemote7.7.0-WIN-x86.exe 2012-06-14 13:16 - 2012-06-14 13:16 - 00000000 ____D C:\Users\Jon\Local Settings\Macromedia 2012-06-14 13:16 - 2012-06-14 13:16 - 00000000 ____D C:\Users\Jon\Local Settings\Application Data\Macromedia 2012-06-14 13:16 - 2012-06-14 13:16 - 00000000 ____D C:\Users\Jon\AppData\Local\Macromedia 2012-06-13 15:52 - 2012-04-26 00:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll 2012-06-13 15:52 - 2012-04-26 00:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll 2012-06-13 15:52 - 2012-04-26 00:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe 2012-06-13 15:51 - 2012-05-04 06:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-06-13 15:51 - 2012-05-04 05:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2012-06-13 15:51 - 2012-05-04 05:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2012-06-13 15:51 - 2012-04-27 22:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys ============ 3 Months Modified Files ======================== 2012-07-13 16:31 - 2009-07-14 00:10 - 01925595 ____A C:\Windows\WindowsUpdate.log 2012-07-13 16:28 - 2009-07-14 00:13 - 00717324 ____A C:\Windows\System32\PerfStringBackup.INI 2012-07-13 16:25 - 2009-07-13 23:51 - 00056974 ____A C:\Windows\setupact.log 2012-07-13 15:58 - 2010-06-04 23:50 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-13878151-3475214259-3496771340-1001UA.job 2012-07-13 15:47 - 2012-04-09 15:55 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-07-13 15:44 - 2012-07-13 15:44 - 00002604 ____A C:\Users\Jon\Desktop\RKreport[1].txt 2012-07-13 15:43 - 2012-07-13 15:43 - 01558528 ____A C:\Users\Jon\Downloads\RogueKiller.exe 2012-07-13 15:32 - 2011-08-21 15:58 - 01684992 __ASH C:\Users\Jon\My Documents\Thumbs.db 2012-07-13 15:32 - 2011-08-21 15:58 - 01684992 __ASH C:\Users\Jon\Documents\Thumbs.db 2012-07-13 15:28 - 2010-06-19 19:31 - 00001456 ____A C:\Users\Jon\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs 2012-07-13 15:28 - 2010-06-19 19:31 - 00001456 ____A C:\Users\Jon\Local Settings\Adobe Save for Web 12.0 Prefs 2012-07-13 15:28 - 2010-06-19 19:31 - 00001456 ____A C:\Users\Jon\AppData\Local\Adobe Save for Web 12.0 Prefs 2012-07-13 14:30 - 2012-07-13 14:30 - 00055028 ____A C:\Users\Jon\Desktop\Extras.Txt 2012-07-13 14:26 - 2012-07-13 14:26 - 00119472 ____A C:\Users\Jon\Desktop\OTL.Txt 2012-07-13 14:26 - 2012-07-13 14:26 - 00055028 ____A C:\Users\Jon\Downloads\Extras.Txt 2012-07-13 14:25 - 2012-07-13 14:25 - 00119472 ____A C:\Users\Jon\Downloads\OTL.Txt 2012-07-13 14:15 - 2012-07-13 14:15 - 00596480 ____A (OldTimer Tools) C:\Users\Jon\Downloads\OTL.exe 2012-07-13 14:13 - 2012-07-13 14:13 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Jon\Downloads\tdsskiller.exe 2012-07-13 13:49 - 2009-07-13 23:45 - 00014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-07-13 13:49 - 2009-07-13 23:45 - 00014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-07-13 13:37 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-07-13 13:36 - 2010-05-27 14:05 - 00537496 ____A C:\Windows\PFRO.log 2012-07-13 13:24 - 2009-07-14 00:08 - 00032628 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-07-13 13:17 - 2012-04-10 18:44 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-07-13 13:17 - 2012-04-10 18:44 - 00001111 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2012-07-13 11:42 - 2012-07-12 18:00 - 00002928 ____A C:\Users\Jon\My Documents\PerfectEffectsConduit.log 2012-07-13 11:42 - 2012-07-12 18:00 - 00002928 ____A C:\Users\Jon\Documents\PerfectEffectsConduit.log 2012-07-13 11:42 - 2012-07-12 18:00 - 00002348 ____A C:\Users\Jon\My Documents\PerfectPortraitConduit.log 2012-07-13 11:42 - 2012-07-12 18:00 - 00002348 ____A C:\Users\Jon\Documents\PerfectPortraitConduit.log 2012-07-13 11:42 - 2012-07-12 18:00 - 00002332 ____A C:\Users\Jon\My Documents\PerfectLayersConduit.log 2012-07-13 11:42 - 2012-07-12 18:00 - 00002332 ____A C:\Users\Jon\Documents\PerfectLayersConduit.log 2012-07-13 11:42 - 2012-07-12 18:00 - 00001120 ____A C:\Users\Jon\My Documents\PhotoFrameConduit.log 2012-07-13 11:42 - 2012-07-12 18:00 - 00001120 ____A C:\Users\Jon\Documents\PhotoFrameConduit.log 2012-07-13 11:42 - 2012-07-12 18:00 - 00001112 ____A C:\Users\Jon\My Documents\GenuineFractalsConduit.log 2012-07-13 11:42 - 2012-07-12 18:00 - 00001112 ____A C:\Users\Jon\Documents\GenuineFractalsConduit.log 2012-07-13 11:42 - 2012-07-12 18:00 - 00001108 ____A C:\Users\Jon\My Documents\PhotoTuneConduit.log 2012-07-13 11:42 - 2012-07-12 18:00 - 00001108 ____A C:\Users\Jon\Documents\PhotoTuneConduit.log 2012-07-13 11:42 - 2012-07-12 18:00 - 00001088 ____A C:\Users\Jon\My Documents\PhotoToolsConduit.log 2012-07-13 11:42 - 2012-07-12 18:00 - 00001088 ____A C:\Users\Jon\My Documents\FocalPointConduit.log 2012-07-13 11:42 - 2012-07-12 18:00 - 00001088 ____A C:\Users\Jon\Documents\PhotoToolsConduit.log 2012-07-13 11:42 - 2012-07-12 18:00 - 00001088 ____A C:\Users\Jon\Documents\FocalPointConduit.log 2012-07-12 17:58 - 2012-07-12 17:58 - 00002069 ____A C:\Users\Public\Desktop\Lightroom 4.1 64-bit.lnk 2012-07-12 17:58 - 2012-07-12 17:58 - 00002069 ____A C:\Users\All Users\Desktop\Lightroom 4.1 64-bit.lnk 2012-07-12 17:51 - 2012-07-12 17:44 - 765299656 ____A (Adobe Systems Incorporated) C:\Users\Jon\Downloads\Lightroom_4_LS11.exe 2012-07-12 16:59 - 2010-06-04 23:51 - 00002389 ____A C:\Users\Jon\Desktop\Google Chrome.lnk 2012-07-12 16:58 - 2010-06-04 23:50 - 00000848 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-13878151-3475214259-3496771340-1001Core.job 2012-07-12 14:30 - 2012-07-12 14:30 - 00112797 ____A C:\Users\Jon\Downloads\GradientXTerminatorWin.zip 2012-07-11 22:48 - 2012-04-09 15:55 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-07-11 22:48 - 2011-05-22 18:01 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-07-11 10:36 - 2009-07-13 23:45 - 05194928 ____A C:\Windows\System32\FNTCACHE.DAT 2012-07-11 01:52 - 2010-06-04 23:31 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-07-11 00:38 - 2012-07-11 00:38 - 00002591 ____A C:\Users\Public\Desktop\DeepSkyStacker.lnk 2012-07-11 00:38 - 2012-07-11 00:38 - 00002591 ____A C:\Users\All Users\Desktop\DeepSkyStacker.lnk 2012-07-09 07:14 - 2012-07-09 07:13 - 05120402 ____A C:\Users\Jon\Downloads\FL_30_Win.exe 2012-07-07 06:45 - 2012-07-07 06:45 - 00001929 ____A C:\Users\Public\Desktop\Stellarium.lnk 2012-07-07 06:45 - 2012-07-07 06:45 - 00001929 ____A C:\Users\All Users\Desktop\Stellarium.lnk 2012-07-07 06:45 - 2012-07-07 06:42 - 59408090 ____A ( ) C:\Users\Jon\Downloads\stellarium-0.11.3-win32.exe 2012-07-05 17:52 - 2012-07-05 17:49 - 00002954 ____A C:\Windows\SysWOW64\jupdate-1.7.0_05-b05.log 2012-07-03 12:46 - 2010-09-08 22:21 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-06-25 21:19 - 2012-06-25 21:19 - 00008883 ____A C:\Users\Jon\My Documents\blood pressure.xlsx 2012-06-25 21:19 - 2012-06-25 21:19 - 00008883 ____A C:\Users\Jon\Documents\blood pressure.xlsx 2012-06-23 18:17 - 2012-06-23 17:55 - 1086629167 ____A C:\Users\Jon\Downloads\2012-06-Marketplace-Bundle.zip 2012-06-22 21:33 - 2012-06-22 21:33 - 00024136 ____A C:\Users\Jon\My Documents\ReadMe-Astronomy.txt 2012-06-22 21:33 - 2012-06-22 21:33 - 00024136 ____A C:\Users\Jon\Documents\ReadMe-Astronomy.txt 2012-06-22 21:32 - 2012-06-22 21:32 - 00047636 ____A C:\Users\Jon\Downloads\Astronomy_Tools_v1_6.zip 2012-06-19 21:17 - 2012-06-19 21:16 - 10754751 ____A C:\Users\Jon\Downloads\DeepSkyStacker.zip 2012-06-19 21:09 - 2012-06-19 21:09 - 00001077 ____A C:\Users\Jon\Desktop\RegiStax 5.1 .lnk 2012-06-19 21:08 - 2012-06-19 21:08 - 01847685 ____A () C:\Users\Jon\Downloads\setupregistax5_1.exe 2012-06-19 12:40 - 2012-06-19 12:38 - 16561880 ____A (UCT) C:\Users\Jon\Downloads\HDRExpressSetup_x64.exe 2012-06-15 02:07 - 2012-06-15 02:07 - 00002359 ____A C:\Users\Public\Desktop\Logitech Harmony Remote Software 7.lnk 2012-06-15 02:07 - 2012-06-15 02:07 - 00002359 ____A C:\Users\All Users\Desktop\Logitech Harmony Remote Software 7.lnk 2012-06-15 02:06 - 2010-05-27 12:16 - 00020626 ____A C:\Windows\DPINST.LOG 2012-06-15 02:05 - 2012-06-15 02:02 - 48357912 ____A (Logitech Inc.) C:\Users\Jon\Downloads\LogitechHarmonyRemote7.7.0-WIN-x86.exe 2012-06-15 02:03 - 2010-07-23 21:59 - 00038912 ____A C:\Users\Jon\My Documents\workout.xls 2012-06-15 02:03 - 2010-07-23 21:59 - 00038912 ____A C:\Users\Jon\Documents\workout.xls 2012-06-12 16:30 - 2010-11-12 15:19 - 00000426 ____A C:\Windows\BRWMARK.INI 2012-06-11 22:08 - 2012-07-11 01:55 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-06-09 00:43 - 2012-07-10 18:47 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-06-08 23:41 - 2012-07-10 18:47 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-06-06 01:06 - 2012-07-10 18:47 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-06-06 01:06 - 2012-07-10 18:47 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-06-06 01:02 - 2012-07-10 18:44 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-06-06 00:05 - 2012-07-10 18:47 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-06-06 00:05 - 2012-07-10 18:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-06-06 00:03 - 2012-07-10 18:44 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-06-02 17:19 - 2012-06-25 05:31 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-02 17:19 - 2012-06-25 05:31 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-02 17:19 - 2012-06-25 05:31 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-02 17:19 - 2012-06-25 05:31 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-02 17:19 - 2012-06-25 05:31 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-02 17:15 - 2012-06-25 05:31 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-02 17:15 - 2012-06-25 05:31 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-02 14:19 - 2012-06-25 05:30 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-02 14:15 - 2012-06-25 05:30 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-02 07:49 - 2012-07-11 01:50 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-06-02 07:17 - 2012-07-11 01:50 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-06-02 07:12 - 2012-07-11 01:50 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-06-02 07:05 - 2012-07-11 01:50 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-06-02 07:05 - 2012-07-11 01:50 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-06-02 07:04 - 2012-07-11 01:50 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-06-02 07:04 - 2012-07-11 01:50 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-06-02 07:03 - 2012-07-11 01:50 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-06-02 07:01 - 2012-07-11 01:50 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-06-02 07:00 - 2012-07-11 01:50 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-06-02 06:59 - 2012-07-11 01:50 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-06-02 06:57 - 2012-07-11 01:50 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-06-02 06:57 - 2012-07-11 01:50 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-06-02 06:54 - 2012-07-11 01:50 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-06-02 04:07 - 2012-07-11 01:50 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-06-02 03:43 - 2012-07-11 01:50 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-06-02 03:33 - 2012-07-11 01:50 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-06-02 03:26 - 2012-07-11 01:50 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-06-02 03:25 - 2012-07-11 01:50 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-06-02 03:25 - 2012-07-11 01:50 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-06-02 03:23 - 2012-07-11 01:50 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-06-02 03:21 - 2012-07-11 01:50 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-06-02 03:20 - 2012-07-11 01:50 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-06-02 03:19 - 2012-07-11 01:50 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-06-02 03:19 - 2012-07-11 01:50 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-06-02 03:17 - 2012-07-11 01:50 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-06-02 03:16 - 2012-07-11 01:50 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-06-02 03:14 - 2012-07-11 01:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-06-02 00:50 - 2012-07-10 18:47 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-06-02 00:48 - 2012-07-10 18:47 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-06-02 00:48 - 2012-07-10 18:47 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-06-02 00:45 - 2012-07-10 18:47 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-06-02 00:44 - 2012-07-10 18:47 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-06-01 23:40 - 2012-07-10 18:47 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-06-01 23:40 - 2012-07-10 18:47 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-06-01 23:39 - 2012-07-10 18:47 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-06-01 23:34 - 2012-07-10 18:47 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-06-01 20:08 - 2012-06-01 19:32 - 00001959 ____A C:\Users\Jon\Application Data\Requiem.log 2012-06-01 20:08 - 2012-06-01 19:32 - 00001959 ____A C:\Users\Jon\AppData\Roaming\Requiem.log 2012-06-01 20:05 - 2012-06-01 20:05 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk 2012-06-01 20:05 - 2012-06-01 20:05 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk 2012-06-01 20:01 - 2012-06-01 20:00 - 76761968 ____A (Apple Inc.) C:\Users\Jon\Downloads\iTunes64Setup(2).exe 2012-06-01 20:00 - 2012-06-01 19:59 - 07405262 ____A C:\Users\Jon\Downloads\pdfdrm.zip 2012-06-01 19:57 - 2012-06-01 19:57 - 00101680 ____A (Amazon.com, Inc.) C:\Windows\System32\stkMonitor.dll 2012-06-01 19:50 - 2012-06-01 19:48 - 71279472 ____A (Apple Inc.) C:\Users\Jon\Downloads\iTunes64Setup(1).exe 2012-06-01 19:32 - 2012-06-01 19:32 - 11394763 ____A C:\Users\Jon\Downloads\iSmoothBlog-requiem-3.3.5-win.zip 2012-06-01 19:21 - 2012-06-01 19:20 - 47520208 ____A C:\Users\Jon\Downloads\calibre-0.8.54.msi 2012-06-01 19:01 - 2012-06-01 18:59 - 34817706 ____A ( ) C:\Users\Jon\Downloads\iphonetransfer.exe 2012-05-24 21:58 - 2012-05-22 21:01 - 00000026 ____A C:\Users\Jon\My Documents\auradata.txt 2012-05-24 21:58 - 2012-05-22 21:01 - 00000026 ____A C:\Users\Jon\Documents\auradata.txt 2012-05-22 12:30 - 2012-05-22 12:29 - 15109264 ____A (3D RealityMaps GmbH. ) C:\Users\Jon\Downloads\Setup_MountEverestOnlineViewer.exe 2012-05-20 19:25 - 2012-05-20 19:25 - 00003584 ____A C:\Users\Jon\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-05-20 19:25 - 2012-05-20 19:25 - 00003584 ____A C:\Users\Jon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-05-20 19:25 - 2012-05-20 19:25 - 00003584 ____A C:\Users\Jon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-05-17 19:26 - 2012-05-17 19:26 - 00001847 ____A C:\Users\Public\Desktop\QuickTime Player.lnk 2012-05-17 19:26 - 2012-05-17 19:26 - 00001847 ____A C:\Users\All Users\Desktop\QuickTime Player.lnk 2012-05-17 11:38 - 2012-05-03 15:05 - 00011973 ____A C:\Users\Jon\My Documents\Rob - Working Hour Ledger.xlsx 2012-05-17 11:38 - 2012-05-03 15:05 - 00011973 ____A C:\Users\Jon\Documents\Rob - Working Hour Ledger.xlsx 2012-05-16 12:30 - 2012-05-16 12:30 - 03406018 ____A C:\Users\Jon\Downloads\545966_10151715433235704_559880703_24167381_704922201_n.psd 2012-05-16 12:29 - 2012-05-16 12:29 - 00892360 ____A (Oracle Corporation) C:\Users\Jon\Downloads\jxpiinstall.exe 2012-05-15 18:06 - 2012-07-05 17:52 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2012-05-15 18:06 - 2012-07-05 17:52 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2012-05-04 18:29 - 2012-07-05 17:53 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2012-05-04 18:29 - 2012-05-16 12:31 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2012-05-04 18:29 - 2010-06-05 09:42 - 00687504 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2012-05-04 06:06 - 2012-06-13 15:51 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-05-04 05:03 - 2012-06-13 15:51 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2012-05-04 05:03 - 2012-06-13 15:51 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2012-05-01 17:52 - 2012-05-01 17:52 - 01284232 ____A (Coupons.com Incorporated) C:\Users\Jon\Downloads\couponprinter.exe 2012-05-01 02:01 - 2011-01-07 16:10 - 00001945 ____A C:\Windows\epplauncher.mif 2012-05-01 02:01 - 2011-01-07 16:09 - 00726950 ____A C:\Windows\SysWOW64\PerfStringBackup.INI 2012-04-27 22:55 - 2012-06-13 15:51 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys 2012-04-26 00:41 - 2012-06-13 15:52 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll 2012-04-26 00:41 - 2012-06-13 15:52 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll 2012-04-26 00:34 - 2012-06-13 15:52 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe 2012-04-24 00:37 - 2012-07-10 18:46 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2012-04-24 00:37 - 2012-07-10 18:46 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2012-04-24 00:37 - 2012-07-10 18:46 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2012-04-23 23:36 - 2012-07-10 18:46 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2012-04-23 23:36 - 2012-07-10 18:46 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2012-04-23 23:36 - 2012-07-10 18:46 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2012-04-19 21:24 - 2012-04-19 21:24 - 00001045 ____A C:\Users\Jon\Desktop\Machinarium.lnk 2012-04-19 20:44 - 2012-04-19 20:18 - 579317344 ____A C:\Users\Jon\Downloads\Botanicula_1804.exe 2012-04-19 20:33 - 2012-04-19 20:10 - 363218549 ____A C:\Users\Jon\Downloads\Machinarium_full_en.exe 2012-04-19 20:28 - 2012-04-19 20:11 - 1631325414 ____A C:\Users\Jon\Downloads\Kooky.zip 2012-04-19 20:19 - 2012-04-19 20:18 - 20709564 ____A C:\Users\Jon\Downloads\Install_Samorost2.exe 2012-04-19 20:03 - 2012-04-19 20:03 - 07967867 ____A (Adobe Systems, Inc.) C:\Users\Jon\Downloads\windosill-windows-1.0.8-1334813813.exe 2012-04-18 19:56 - 2012-04-18 19:56 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx 2012-04-18 19:56 - 2012-04-18 19:56 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts 2012-04-17 11:39 - 2011-08-28 16:01 - 00002028 ____A C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk 2012-04-17 11:39 - 2011-08-28 16:01 - 00002028 ____A C:\Users\All Users\Desktop\Adobe Acrobat X Pro.lnk ZeroAccess: C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb} C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\@ C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\L C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\L\00000004.@ C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\L\1afb2d56 C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\L\201d3dde C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U\00000004.@ C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U\00000008.@ C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U\000000cb.@ C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U\80000000.@ C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U\80000064.@ ZeroAccess: C:\Users\Jon\AppData\Local\{e606ccdd-5c40-8e0d-5bae-d4e785712afb} C:\Users\Jon\AppData\Local\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\@ C:\Users\Jon\AppData\Local\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\L C:\Users\Jon\AppData\Local\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U ZeroAccess: C:\Windows\assembly\GAC_32\Desktop.ini ZeroAccess: C:\Windows\assembly\GAC_64\Desktop.ini ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!. C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 9% Total physical RAM: 8180.51 MB Available physical RAM: 7371.46 MB Total Pagefile: 8178.66 MB Available Pagefile: 7366.35 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ======================= Partitions ========================= 1 Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:114.92 GB) NTFS 3 Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:7.92 GB) NTFS ==>[system with boot components (obtained from reading drive)] 4 Drive f: () (Removable) (Total:0.47 GB) (Free:0.47 GB) FAT 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 465 GB 0 B Disk 1 Online 478 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 39 MB 31 KB Partition 2 Primary 14 GB 40 MB Partition 3 Primary 451 GB 14 GB ================================================================================== Disk: 0 Partition 1 Type : DE Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 FAT Partition 39 MB Healthy Hidden ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 E RECOVERY NTFS Partition 14 GB Healthy ================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C OS NTFS Partition 451 GB Healthy ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 477 MB 32 KB ================================================================================== Disk: 1 Partition 1 Type : 06 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 F FAT Removable 477 MB Healthy ================================================================================== ========================================================== Last Boot: 2012-07-07 23:54 ======================= End Of Log ==========================
  7. fyzhix
    Thanks for the quick reply. I apologise for the unsolicited scans / log files. Here's the rogue killer report: RogueKiller V7.6.3 [07/08/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Jon [Admin rights] Mode: Scan -- Date: 07/13/2012 16:44:32 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 8 ¤¤¤ [ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Jon\AppData\Local\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\n.) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : c:\windows\installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\windows\installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U --> FOUND [ZeroAccess][FOLDER] L : c:\windows\installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\L --> FOUND [ZeroAccess][FILE] @ : c:\users\jon\appdata\local\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\users\jon\appdata\local\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U --> FOUND [ZeroAccess][FOLDER] L : c:\users\jon\appdata\local\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\L --> FOUND [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS725050A9A364 ATA Device +++++ --- User --- [MBR] c79f2bd0be0c416046337c7b4be5e0f7 [bSP] 86e0863e50002712c3a8f7a1fcd1f6b6 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 461899 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
  8. fyzhix
    15:34:43.0596 4896 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35 15:34:43.0953 4896 ============================================================ 15:34:43.0953 4896 Current date / time: 2012/07/13 15:34:43.0953 15:34:43.0954 4896 SystemInfo: 15:34:43.0954 4896 15:34:43.0954 4896 OS Version: 6.1.7601 ServicePack: 1.0 15:34:43.0954 4896 Product type: Workstation 15:34:43.0954 4896 ComputerName: FYZHIX 15:34:43.0954 4896 UserName: Jon 15:34:43.0954 4896 Windows directory: C:\Windows 15:34:43.0954 4896 System windows directory: C:\Windows 15:34:43.0954 4896 Running under WOW64 15:34:43.0954 4896 Processor architecture: Intel x64 15:34:43.0954 4896 Number of processors: 8 15:34:43.0954 4896 Page size: 0x1000 15:34:43.0954 4896 Boot type: Normal boot 15:34:43.0954 4896 ============================================================ 15:34:45.0260 4896 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 15:34:45.0270 4896 ============================================================ 15:34:45.0270 4896 \Device\Harddisk0\DR0: 15:34:45.0271 4896 MBR partitions: 15:34:45.0271 4896 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000 15:34:45.0271 4896 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x38625830 15:34:45.0271 4896 ============================================================ 15:34:45.0289 4896 C: <-> \Device\Harddisk0\DR0\Partition1 15:34:45.0289 4896 ============================================================ 15:34:45.0289 4896 Initialize success 15:34:45.0289 4896 ============================================================ 15:34:51.0144 2852 ============================================================ 15:34:51.0144 2852 Scan started 15:34:51.0144 2852 Mode: Manual; SigCheck; TDLFS; 15:34:51.0144 2852 ============================================================ 15:34:52.0385 2852 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 15:34:52.0434 2852 1394ohci - ok 15:34:52.0489 2852 Acceler (c49c56b35bfc6cda8d1fdcad2885568f) C:\Windows\system32\DRIVERS\Acceler.sys 15:34:52.0502 2852 Acceler - ok 15:34:52.0542 2852 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 15:34:52.0555 2852 ACPI - ok 15:34:52.0565 2852 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 15:34:52.0579 2852 AcpiPmi - ok 15:34:52.0751 2852 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 15:34:52.0764 2852 AdobeFlashPlayerUpdateSvc - ok 15:34:52.0841 2852 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 15:34:52.0858 2852 adp94xx - ok 15:34:52.0909 2852 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 15:34:52.0922 2852 adpahci - ok 15:34:52.0941 2852 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 15:34:52.0953 2852 adpu320 - ok 15:34:53.0009 2852 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 15:34:53.0044 2852 AeLookupSvc - ok 15:34:53.0227 2852 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe 15:34:53.0238 2852 AESTFilters - ok 15:34:53.0325 2852 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 15:34:53.0343 2852 AFD - ok 15:34:53.0404 2852 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 15:34:53.0418 2852 agp440 - ok 15:34:53.0434 2852 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 15:34:53.0447 2852 ALG - ok 15:34:53.0468 2852 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 15:34:53.0478 2852 aliide - ok 15:34:53.0549 2852 AMD External Events Utility (5ec60409bd50953bd4f892b18840039e) C:\Windows\system32\atiesrxx.exe 15:34:53.0564 2852 AMD External Events Utility - ok 15:34:53.0578 2852 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 15:34:53.0588 2852 amdide - ok 15:34:53.0645 2852 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 15:34:53.0660 2852 AmdK8 - ok 15:34:54.0252 2852 amdkmdag (322e5c178990f116f00e3d923f4e6b1c) C:\Windows\system32\DRIVERS\atikmdag.sys 15:34:54.0347 2852 amdkmdag - ok 15:34:54.0554 2852 amdkmdap (961a81a84fdd700e361e8294528a37ba) C:\Windows\system32\DRIVERS\atikmpag.sys 15:34:54.0569 2852 amdkmdap - ok 15:34:54.0626 2852 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 15:34:54.0640 2852 AmdPPM - ok 15:34:54.0691 2852 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 15:34:54.0708 2852 amdsata - ok 15:34:54.0750 2852 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 15:34:54.0768 2852 amdsbs - ok 15:34:54.0815 2852 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 15:34:54.0829 2852 amdxata - ok 15:34:54.0929 2852 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 15:34:54.0964 2852 AppID - ok 15:34:55.0017 2852 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 15:34:55.0052 2852 AppIDSvc - ok 15:34:55.0097 2852 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 15:34:55.0130 2852 Appinfo - ok 15:34:55.0324 2852 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 15:34:55.0338 2852 Apple Mobile Device - ok 15:34:55.0405 2852 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll 15:34:55.0420 2852 AppMgmt - ok 15:34:55.0478 2852 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 15:34:55.0488 2852 arc - ok 15:34:55.0509 2852 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 15:34:55.0520 2852 arcsas - ok 15:34:55.0555 2852 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 15:34:55.0583 2852 AsyncMac - ok 15:34:55.0638 2852 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 15:34:55.0653 2852 atapi - ok 15:34:55.0692 2852 AtiHdmiService (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys 15:34:55.0704 2852 AtiHdmiService - ok 15:34:56.0291 2852 atikmdag (322e5c178990f116f00e3d923f4e6b1c) C:\Windows\system32\DRIVERS\atikmdag.sys 15:34:56.0387 2852 atikmdag - ok 15:34:56.0600 2852 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 15:34:56.0633 2852 AudioEndpointBuilder - ok 15:34:56.0638 2852 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 15:34:56.0672 2852 AudioSrv - ok 15:34:56.0736 2852 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 15:34:56.0752 2852 AxInstSV - ok 15:34:56.0845 2852 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 15:34:56.0862 2852 b06bdrv - ok 15:34:56.0905 2852 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 15:34:56.0919 2852 b57nd60a - ok 15:34:56.0991 2852 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 15:34:57.0005 2852 BDESVC - ok 15:34:57.0012 2852 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 15:34:57.0041 2852 Beep - ok 15:34:57.0096 2852 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll 15:34:57.0130 2852 BITS - ok 15:34:57.0173 2852 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 15:34:57.0185 2852 blbdrive - ok 15:34:57.0451 2852 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 15:34:57.0463 2852 Bonjour Service - ok 15:34:57.0522 2852 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 15:34:57.0535 2852 bowser - ok 15:34:57.0591 2852 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 15:34:57.0609 2852 BrFiltLo - ok 15:34:57.0617 2852 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 15:34:57.0630 2852 BrFiltUp - ok 15:34:57.0690 2852 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 15:34:57.0724 2852 Browser - ok 15:34:57.0759 2852 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 15:34:57.0775 2852 Brserid - ok 15:34:57.0785 2852 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 15:34:57.0798 2852 BrSerWdm - ok 15:34:57.0816 2852 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 15:34:57.0830 2852 BrUsbMdm - ok 15:34:57.0844 2852 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 15:34:57.0856 2852 BrUsbSer - ok 15:34:57.0876 2852 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 15:34:57.0889 2852 BTHMODEM - ok 15:34:57.0944 2852 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 15:34:57.0979 2852 bthserv - ok 15:34:58.0011 2852 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 15:34:58.0040 2852 cdfs - ok 15:34:58.0103 2852 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 15:34:58.0115 2852 cdrom - ok 15:34:58.0173 2852 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 15:34:58.0201 2852 CertPropSvc - ok 15:34:58.0255 2852 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 15:34:58.0270 2852 circlass - ok 15:34:58.0359 2852 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 15:34:58.0375 2852 CLFS - ok 15:34:58.0486 2852 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 15:34:58.0501 2852 clr_optimization_v2.0.50727_32 - ok 15:34:58.0603 2852 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 15:34:58.0619 2852 clr_optimization_v2.0.50727_64 - ok 15:34:58.0633 2852 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 15:34:58.0645 2852 CmBatt - ok 15:34:58.0692 2852 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 15:34:58.0708 2852 cmdide - ok 15:34:58.0787 2852 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys 15:34:58.0812 2852 CNG - ok 15:34:58.0880 2852 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 15:34:58.0895 2852 Compbatt - ok 15:34:58.0952 2852 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 15:34:58.0971 2852 CompositeBus - ok 15:34:58.0985 2852 COMSysApp - ok 15:34:58.0999 2852 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 15:34:59.0009 2852 crcdisk - ok 15:34:59.0075 2852 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll 15:34:59.0088 2852 CryptSvc - ok 15:34:59.0165 2852 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys 15:34:59.0185 2852 CSC - ok 15:34:59.0234 2852 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll 15:34:59.0251 2852 CscService - ok 15:34:59.0676 2852 CSIScanner (5131d2469b6b19dc20b446ebe43ebb79) C:\Program Files\Prevx\prevx.exe 15:34:59.0765 2852 CSIScanner - ok 15:34:59.0984 2852 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys 15:34:59.0995 2852 CtClsFlt - ok 15:35:00.0076 2852 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 15:35:00.0108 2852 DcomLaunch - ok 15:35:00.0170 2852 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 15:35:00.0200 2852 defragsvc - ok 15:35:00.0265 2852 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 15:35:00.0295 2852 DfsC - ok 15:35:00.0331 2852 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 15:35:00.0362 2852 Dhcp - ok 15:35:00.0413 2852 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 15:35:00.0441 2852 discache - ok 15:35:00.0513 2852 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 15:35:00.0529 2852 Disk - ok 15:35:00.0583 2852 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 15:35:00.0602 2852 Dnscache - ok 15:35:00.0689 2852 DockLoginService - ok 15:35:00.0753 2852 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 15:35:00.0783 2852 dot3svc - ok 15:35:00.0839 2852 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 15:35:00.0874 2852 DPS - ok 15:35:00.0906 2852 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 15:35:00.0919 2852 drmkaud - ok 15:35:01.0029 2852 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 15:35:01.0051 2852 DXGKrnl - ok 15:35:01.0107 2852 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 15:35:01.0143 2852 EapHost - ok 15:35:01.0367 2852 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 15:35:01.0405 2852 ebdrv - ok 15:35:01.0591 2852 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 15:35:01.0610 2852 EFS - ok 15:35:01.0743 2852 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 15:35:01.0766 2852 ehRecvr - ok 15:35:01.0823 2852 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 15:35:01.0838 2852 ehSched - ok 15:35:01.0976 2852 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 15:35:01.0991 2852 elxstor - ok 15:35:02.0045 2852 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 15:35:02.0060 2852 ErrDev - ok 15:35:02.0141 2852 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 15:35:02.0175 2852 EventSystem - ok 15:35:02.0358 2852 EvtEng (51643ee2712d9212e1e53ca7e8d8eb4a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe 15:35:02.0381 2852 EvtEng - ok 15:35:02.0602 2852 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 15:35:02.0632 2852 exfat - ok 15:35:02.0659 2852 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 15:35:02.0689 2852 fastfat - ok 15:35:02.0806 2852 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 15:35:02.0827 2852 Fax - ok 15:35:02.0841 2852 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 15:35:02.0853 2852 fdc - ok 15:35:02.0899 2852 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 15:35:02.0932 2852 fdPHost - ok 15:35:02.0944 2852 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 15:35:02.0974 2852 FDResPub - ok 15:35:02.0994 2852 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 15:35:03.0004 2852 FileInfo - ok 15:35:03.0011 2852 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 15:35:03.0038 2852 Filetrace - ok 15:35:03.0177 2852 FLEXnet Licensing Service (d778107d7c2a19d7e7a884a9f0d79581) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 15:35:03.0187 2852 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning 15:35:03.0187 2852 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1) 15:35:03.0233 2852 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 15:35:03.0247 2852 flpydisk - ok 15:35:03.0308 2852 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 15:35:03.0324 2852 FltMgr - ok 15:35:03.0424 2852 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 15:35:03.0444 2852 FontCache - ok 15:35:03.0628 2852 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 15:35:03.0637 2852 FontCache3.0.0.0 - ok 15:35:03.0701 2852 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 15:35:03.0712 2852 FsDepends - ok 15:35:03.0761 2852 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 15:35:03.0778 2852 Fs_Rec - ok 15:35:03.0854 2852 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 15:35:03.0869 2852 fvevol - ok 15:35:03.0931 2852 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 15:35:03.0942 2852 gagp30kx - ok 15:35:04.0077 2852 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe 15:35:04.0087 2852 GameConsoleService - ok 15:35:04.0181 2852 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 15:35:04.0188 2852 GEARAspiWDM - ok 15:35:04.0199 2852 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe 15:35:04.0206 2852 GoToAssist - ok 15:35:04.0295 2852 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 15:35:04.0333 2852 gpsvc - ok 15:35:04.0407 2852 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 15:35:04.0419 2852 gusvc - ok 15:35:04.0470 2852 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 15:35:04.0482 2852 hcw85cir - ok 15:35:04.0556 2852 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 15:35:04.0572 2852 HDAudBus - ok 15:35:04.0731 2852 HDRExpressService (7a481913ac1219d13a8b2d6a66901f72) C:\Program Files\UCT\HDR Express\HDRExpressService.exe 15:35:04.0740 2852 HDRExpressService - ok 15:35:04.0754 2852 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 15:35:04.0766 2852 HidBatt - ok 15:35:04.0778 2852 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 15:35:04.0792 2852 HidBth - ok 15:35:04.0809 2852 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 15:35:04.0823 2852 HidIr - ok 15:35:04.0873 2852 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 15:35:04.0904 2852 hidserv - ok 15:35:04.0929 2852 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 15:35:04.0941 2852 HidUsb - ok 15:35:04.0991 2852 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 15:35:05.0022 2852 hkmsvc - ok 15:35:05.0082 2852 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 15:35:05.0097 2852 HomeGroupListener - ok 15:35:05.0160 2852 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 15:35:05.0173 2852 HomeGroupProvider - ok 15:35:05.0242 2852 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 15:35:05.0256 2852 HpSAMD - ok 15:35:05.0344 2852 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 15:35:05.0382 2852 HTTP - ok 15:35:05.0432 2852 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 15:35:05.0443 2852 hwpolicy - ok 15:35:05.0512 2852 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 15:35:05.0527 2852 i8042prt - ok 15:35:05.0596 2852 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 15:35:05.0609 2852 iaStorV - ok 15:35:05.0805 2852 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 15:35:05.0822 2852 idsvc - ok 15:35:05.0872 2852 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 15:35:05.0885 2852 iirsp - ok 15:35:05.0999 2852 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 15:35:06.0034 2852 IKEEXT - ok 15:35:06.0053 2852 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 15:35:06.0063 2852 intelide - ok 15:35:06.0088 2852 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 15:35:06.0099 2852 intelppm - ok 15:35:06.0148 2852 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 15:35:06.0177 2852 IPBusEnum - ok 15:35:06.0242 2852 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 15:35:06.0275 2852 IpFilterDriver - ok 15:35:06.0328 2852 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 15:35:06.0347 2852 IPMIDRV - ok 15:35:06.0365 2852 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 15:35:06.0395 2852 IPNAT - ok 15:35:06.0546 2852 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe 15:35:06.0567 2852 iPod Service - ok 15:35:06.0624 2852 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 15:35:06.0640 2852 IRENUM - ok 15:35:06.0667 2852 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 15:35:06.0677 2852 isapnp - ok 15:35:06.0702 2852 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 15:35:06.0715 2852 iScsiPrt - ok 15:35:06.0742 2852 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 15:35:06.0752 2852 kbdclass - ok 15:35:06.0774 2852 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 15:35:06.0786 2852 kbdhid - ok 15:35:06.0833 2852 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 15:35:06.0846 2852 KeyIso - ok 15:35:06.0893 2852 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys 15:35:06.0907 2852 KSecDD - ok 15:35:06.0971 2852 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys 15:35:06.0982 2852 KSecPkg - ok 15:35:06.0989 2852 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 15:35:07.0018 2852 ksthunk - ok 15:35:07.0094 2852 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 15:35:07.0126 2852 KtmRm - ok 15:35:07.0189 2852 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll 15:35:07.0223 2852 LanmanServer - ok 15:35:07.0285 2852 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 15:35:07.0317 2852 LanmanWorkstation - ok 15:35:07.0350 2852 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 15:35:07.0380 2852 lltdio - ok 15:35:07.0408 2852 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 15:35:07.0439 2852 lltdsvc - ok 15:35:07.0463 2852 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 15:35:07.0493 2852 lmhosts - ok 15:35:07.0555 2852 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 15:35:07.0568 2852 LSI_FC - ok 15:35:07.0577 2852 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 15:35:07.0588 2852 LSI_SAS - ok 15:35:07.0603 2852 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 15:35:07.0613 2852 LSI_SAS2 - ok 15:35:07.0619 2852 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 15:35:07.0632 2852 LSI_SCSI - ok 15:35:07.0654 2852 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 15:35:07.0684 2852 luafv - ok 15:35:07.0740 2852 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 15:35:07.0758 2852 Mcx2Svc - ok 15:35:07.0777 2852 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 15:35:07.0787 2852 megasas - ok 15:35:07.0811 2852 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 15:35:07.0823 2852 MegaSR - ok 15:35:07.0883 2852 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 15:35:07.0916 2852 MMCSS - ok 15:35:07.0920 2852 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 15:35:07.0949 2852 Modem - ok 15:35:07.0967 2852 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 15:35:07.0980 2852 monitor - ok 15:35:08.0030 2852 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys 15:35:08.0044 2852 mouclass - ok 15:35:08.0071 2852 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 15:35:08.0083 2852 mouhid - ok 15:35:08.0150 2852 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 15:35:08.0165 2852 mountmgr - ok 15:35:08.0340 2852 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 15:35:08.0349 2852 MozillaMaintenance - ok 15:35:08.0437 2852 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys 15:35:08.0453 2852 MpFilter - ok 15:35:08.0508 2852 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 15:35:08.0524 2852 mpio - ok 15:35:08.0578 2852 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 15:35:08.0614 2852 mpsdrv - ok 15:35:08.0668 2852 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 15:35:08.0684 2852 MRxDAV - ok 15:35:08.0738 2852 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 15:35:08.0750 2852 mrxsmb - ok 15:35:08.0816 2852 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 15:35:08.0831 2852 mrxsmb10 - ok 15:35:08.0841 2852 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 15:35:08.0853 2852 mrxsmb20 - ok 15:35:08.0905 2852 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 15:35:08.0915 2852 msahci - ok 15:35:08.0941 2852 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 15:35:08.0958 2852 msdsm - ok 15:35:09.0017 2852 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 15:35:09.0035 2852 MSDTC - ok 15:35:09.0052 2852 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 15:35:09.0081 2852 Msfs - ok 15:35:09.0103 2852 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 15:35:09.0132 2852 mshidkmdf - ok 15:35:09.0140 2852 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 15:35:09.0150 2852 msisadrv - ok 15:35:09.0206 2852 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 15:35:09.0238 2852 MSiSCSI - ok 15:35:09.0240 2852 msiserver - ok 15:35:09.0309 2852 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 15:35:09.0346 2852 MSKSSRV - ok 15:35:09.0361 2852 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 15:35:09.0389 2852 MSPCLOCK - ok 15:35:09.0403 2852 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 15:35:09.0435 2852 MSPQM - ok 15:35:09.0503 2852 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 15:35:09.0520 2852 MsRPC - ok 15:35:09.0573 2852 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 15:35:09.0589 2852 mssmbios - ok 15:35:09.0596 2852 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 15:35:09.0626 2852 MSTEE - ok 15:35:09.0644 2852 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 15:35:09.0662 2852 MTConfig - ok 15:35:09.0674 2852 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 15:35:09.0685 2852 Mup - ok 15:35:09.0798 2852 MyWiFiDHCPDNS (d285d0539016be299a55ff997b44da33) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe 15:35:09.0814 2852 MyWiFiDHCPDNS - ok 15:35:09.0897 2852 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 15:35:09.0930 2852 napagent - ok 15:35:10.0029 2852 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 15:35:10.0048 2852 NativeWifiP - ok 15:35:10.0123 2852 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 15:35:10.0144 2852 NDIS - ok 15:35:10.0161 2852 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 15:35:10.0189 2852 NdisCap - ok 15:35:10.0212 2852 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 15:35:10.0245 2852 NdisTapi - ok 15:35:10.0301 2852 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 15:35:10.0332 2852 Ndisuio - ok 15:35:10.0383 2852 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 15:35:10.0416 2852 NdisWan - ok 15:35:10.0467 2852 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 15:35:10.0503 2852 NDProxy - ok 15:35:10.0572 2852 Net Driver HPZ12 (dc6530a291d4bdf6df399f1f128e7f8f) C:\Windows\system32\HPZinw12.dll 15:35:10.0578 2852 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 15:35:10.0578 2852 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 15:35:10.0636 2852 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 15:35:10.0671 2852 NetBIOS - ok 15:35:10.0733 2852 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 15:35:10.0765 2852 NetBT - ok 15:35:10.0825 2852 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 15:35:10.0843 2852 Netlogon - ok 15:35:10.0916 2852 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 15:35:10.0949 2852 Netman - ok 15:35:10.0983 2852 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 15:35:11.0015 2852 netprofm - ok 15:35:11.0202 2852 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 15:35:11.0212 2852 NetTcpPortSharing - ok 15:35:11.0570 2852 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys 15:35:11.0634 2852 NETw5s64 - ok 15:35:11.0891 2852 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 15:35:11.0904 2852 nfrd960 - ok 15:35:11.0968 2852 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys 15:35:11.0982 2852 NisDrv - ok 15:35:12.0140 2852 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe 15:35:12.0153 2852 NisSrv - ok 15:35:12.0243 2852 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 15:35:12.0278 2852 NlaSvc - ok 15:35:12.0374 2852 nlsX86cc (b1ef4686961986dffb7fe8f18e6fcb5b) C:\Windows\SysWOW64\nlssrv32.exe 15:35:12.0382 2852 nlsX86cc - ok 15:35:12.0481 2852 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 15:35:12.0516 2852 Npfs - ok 15:35:12.0563 2852 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 15:35:12.0593 2852 nsi - ok 15:35:12.0603 2852 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 15:35:12.0632 2852 nsiproxy - ok 15:35:12.0769 2852 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 15:35:12.0796 2852 Ntfs - ok 15:35:12.0910 2852 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 15:35:12.0939 2852 Null - ok 15:35:13.0004 2852 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 15:35:13.0022 2852 nvraid - ok 15:35:13.0041 2852 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 15:35:13.0052 2852 nvstor - ok 15:35:13.0117 2852 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 15:35:13.0132 2852 nv_agp - ok 15:35:13.0205 2852 O2FLASH (d955d5de998db2476bf0892be3a96c26) C:\Windows\system32\DRIVERS\o2flash.exe 15:35:13.0219 2852 O2FLASH - ok 15:35:13.0239 2852 O2MDGRDR (8c2953537ca19dfaa67d612407e0f33e) C:\Windows\system32\DRIVERS\o2mdgx64.sys 15:35:13.0248 2852 O2MDGRDR - ok 15:35:13.0269 2852 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 15:35:13.0280 2852 ohci1394 - ok 15:35:13.0388 2852 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 15:35:13.0401 2852 ose - ok 15:35:13.0766 2852 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 15:35:13.0830 2852 osppsvc - ok 15:35:14.0022 2852 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 15:35:14.0036 2852 p2pimsvc - ok 15:35:14.0067 2852 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 15:35:14.0081 2852 p2psvc - ok 15:35:14.0185 2852 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 15:35:14.0197 2852 Parport - ok 15:35:14.0251 2852 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 15:35:14.0268 2852 partmgr - ok 15:35:14.0282 2852 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 15:35:14.0298 2852 PcaSvc - ok 15:35:14.0360 2852 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 15:35:14.0376 2852 pci - ok 15:35:14.0385 2852 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 15:35:14.0395 2852 pciide - ok 15:35:14.0422 2852 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 15:35:14.0437 2852 pcmcia - ok 15:35:14.0455 2852 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 15:35:14.0464 2852 pcw - ok 15:35:14.0507 2852 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 15:35:14.0545 2852 PEAUTH - ok 15:35:14.0663 2852 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll 15:35:14.0685 2852 PeerDistSvc - ok 15:35:14.0857 2852 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 15:35:14.0873 2852 PerfHost - ok 15:35:15.0109 2852 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 15:35:15.0147 2852 pla - ok 15:35:15.0220 2852 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 15:35:15.0235 2852 PlugPlay - ok 15:35:15.0314 2852 Pml Driver HPZ12 (71f62c51dfdfbc04c83c5c64b2b8058e) C:\Windows\system32\HPZipm12.dll 15:35:15.0321 2852 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 15:35:15.0321 2852 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 15:35:15.0379 2852 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 15:35:15.0395 2852 PNRPAutoReg - ok 15:35:15.0421 2852 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 15:35:15.0440 2852 PNRPsvc - ok 15:35:15.0466 2852 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 15:35:15.0496 2852 PolicyAgent - ok 15:35:15.0570 2852 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 15:35:15.0601 2852 Power - ok 15:35:15.0716 2852 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 15:35:15.0746 2852 PptpMiniport - ok 15:35:15.0797 2852 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 15:35:15.0814 2852 Processor - ok 15:35:15.0869 2852 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll 15:35:15.0906 2852 ProfSvc - ok 15:35:15.0958 2852 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 15:35:15.0969 2852 ProtectedStorage - ok 15:35:16.0022 2852 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 15:35:16.0056 2852 Psched - ok 15:35:16.0108 2852 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys 15:35:16.0122 2852 PxHlpa64 - ok 15:35:16.0156 2852 pxkbf (ba5f7c107eace67973b4b798832a74c7) C:\Windows\system32\drivers\pxkbf.sys 15:35:16.0165 2852 pxkbf - ok 15:35:16.0198 2852 pxrts (007e57428802f587d0d6737ae7a9d989) C:\Windows\system32\drivers\pxrts.sys 15:35:16.0207 2852 pxrts - ok 15:35:16.0266 2852 pxscan (66d4d00c8908888a68b749d91f1e6789) C:\Windows\system32\drivers\pxscan.sys 15:35:16.0278 2852 pxscan - ok 15:35:16.0418 2852 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 15:35:16.0444 2852 ql2300 - ok 15:35:16.0599 2852 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 15:35:16.0610 2852 ql40xx - ok 15:35:16.0676 2852 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 15:35:16.0695 2852 QWAVE - ok 15:35:16.0711 2852 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 15:35:16.0726 2852 QWAVEdrv - ok 15:35:16.0745 2852 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 15:35:16.0774 2852 RasAcd - ok 15:35:16.0839 2852 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 15:35:16.0869 2852 RasAgileVpn - ok 15:35:16.0892 2852 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 15:35:16.0923 2852 RasAuto - ok 15:35:16.0983 2852 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 15:35:17.0016 2852 Rasl2tp - ok 15:35:17.0082 2852 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 15:35:17.0116 2852 RasMan - ok 15:35:17.0171 2852 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 15:35:17.0201 2852 RasPppoe - ok 15:35:17.0217 2852 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 15:35:17.0246 2852 RasSstp - ok 15:35:17.0309 2852 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 15:35:17.0345 2852 rdbss - ok 15:35:17.0358 2852 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 15:35:17.0371 2852 rdpbus - ok 15:35:17.0383 2852 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 15:35:17.0410 2852 RDPCDD - ok 15:35:17.0466 2852 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys 15:35:17.0481 2852 RDPDR - ok 15:35:17.0502 2852 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 15:35:17.0531 2852 RDPENCDD - ok 15:35:17.0538 2852 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 15:35:17.0568 2852 RDPREFMP - ok 15:35:17.0627 2852 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys 15:35:17.0644 2852 RDPWD - ok 15:35:17.0718 2852 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 15:35:17.0730 2852 rdyboost - ok 15:35:17.0874 2852 RegSrvc (3b71b5b91e7dca93585d5a86c897adc4) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 15:35:17.0893 2852 RegSrvc - ok 15:35:17.0958 2852 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 15:35:17.0992 2852 RemoteAccess - ok 15:35:18.0053 2852 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 15:35:18.0087 2852 RemoteRegistry - ok 15:35:18.0101 2852 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 15:35:18.0132 2852 RpcEptMapper - ok 15:35:18.0139 2852 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 15:35:18.0153 2852 RpcLocator - ok 15:35:18.0230 2852 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 15:35:18.0268 2852 RpcSs - ok 15:35:18.0368 2852 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 15:35:18.0400 2852 rspndr - ok 15:35:18.0490 2852 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys 15:35:18.0506 2852 RTL8167 - ok 15:35:18.0553 2852 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys 15:35:18.0565 2852 s3cap - ok 15:35:18.0618 2852 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 15:35:18.0634 2852 SamSs - ok 15:35:18.0689 2852 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 15:35:18.0707 2852 sbp2port - ok 15:35:18.0734 2852 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 15:35:18.0765 2852 SCardSvr - ok 15:35:18.0812 2852 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 15:35:18.0844 2852 scfilter - ok 15:35:18.0959 2852 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 15:35:18.0994 2852 Schedule - ok 15:35:19.0052 2852 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 15:35:19.0085 2852 SCPolicySvc - ok 15:35:19.0104 2852 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys 15:35:19.0119 2852 sdbus - ok 15:35:19.0174 2852 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 15:35:19.0191 2852 SDRSVC - ok 15:35:19.0249 2852 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 15:35:19.0282 2852 secdrv - ok 15:35:19.0328 2852 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 15:35:19.0359 2852 seclogon - ok 15:35:19.0428 2852 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 15:35:19.0457 2852 SENS - ok 15:35:19.0466 2852 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 15:35:19.0478 2852 SensrSvc - ok 15:35:19.0494 2852 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 15:35:19.0505 2852 Serenum - ok 15:35:19.0550 2852 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 15:35:19.0562 2852 Serial - ok 15:35:19.0620 2852 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 15:35:19.0637 2852 sermouse - ok 15:35:19.0692 2852 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 15:35:19.0722 2852 SessionEnv - ok 15:35:19.0768 2852 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 15:35:19.0786 2852 sffdisk - ok 15:35:19.0801 2852 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 15:35:19.0812 2852 sffp_mmc - ok 15:35:19.0824 2852 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\DRIVERS\sffp_sd.sys 15:35:19.0838 2852 sffp_sd - ok 15:35:19.0892 2852 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 15:35:19.0909 2852 sfloppy - ok 15:35:20.0034 2852 SftService (beb504962e36d6f368ebfc702a659e09) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE 15:35:20.0048 2852 SftService - ok 15:35:20.0128 2852 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 15:35:20.0161 2852 ShellHWDetection - ok 15:35:20.0189 2852 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 15:35:20.0199 2852 SiSRaid2 - ok 15:35:20.0213 2852 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 15:35:20.0223 2852 SiSRaid4 - ok 15:35:20.0252 2852 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 15:35:20.0281 2852 Smb - ok 15:35:20.0342 2852 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 15:35:20.0360 2852 SNMPTRAP - ok 15:35:20.0365 2852 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 15:35:20.0375 2852 spldr - ok 15:35:20.0454 2852 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 15:35:20.0490 2852 Spooler - ok 15:35:20.0719 2852 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 15:35:20.0775 2852 sppsvc - ok 15:35:20.0918 2852 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 15:35:20.0949 2852 sppuinotify - ok 15:35:21.0063 2852 sprtsvc_DellSupportCenter (d630b6f2e8379b6f10dc16e82a426552) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe 15:35:21.0078 2852 sprtsvc_DellSupportCenter - ok 15:35:21.0197 2852 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys 15:35:21.0197 2852 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb 15:35:21.0199 2852 sptd ( LockedFile.Multi.Generic ) - warning 15:35:21.0199 2852 sptd - detected LockedFile.Multi.Generic (1) 15:35:21.0270 2852 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 15:35:21.0284 2852 srv - ok 15:35:21.0312 2852 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 15:35:21.0326 2852 srv2 - ok 15:35:21.0347 2852 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 15:35:21.0360 2852 srvnet - ok 15:35:21.0426 2852 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 15:35:21.0457 2852 SSDPSRV - ok 15:35:21.0467 2852 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 15:35:21.0499 2852 SstpSvc - ok 15:35:21.0689 2852 STacSV (da7702025dfd169b909c4da3126762cc) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe 15:35:21.0701 2852 STacSV - ok 15:35:21.0782 2852 Steam Client Service - ok 15:35:21.0816 2852 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 15:35:21.0830 2852 stexstor - ok 15:35:21.0875 2852 STHDA (caf5a9708671b14b9670260735b22c4e) C:\Windows\system32\DRIVERS\stwrt64.sys 15:35:21.0888 2852 STHDA - ok 15:35:21.0950 2852 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys 15:35:21.0963 2852 StillCam - ok 15:35:22.0058 2852 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 15:35:22.0082 2852 stisvc - ok 15:35:22.0141 2852 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys 15:35:22.0157 2852 storflt - ok 15:35:22.0211 2852 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll 15:35:22.0224 2852 StorSvc - ok 15:35:22.0239 2852 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys 15:35:22.0250 2852 storvsc - ok 15:35:22.0267 2852 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 15:35:22.0277 2852 swenum - ok 15:35:22.0365 2852 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 15:35:22.0377 2852 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning 15:35:22.0377 2852 SwitchBoard - detected UnsignedFile.Multi.Generic (1) 15:35:22.0455 2852 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 15:35:22.0491 2852 swprv - ok 15:35:22.0501 2852 sxuptp - ok 15:35:22.0572 2852 SynTP (29ad5ff846e8939c10112f34cb2e334a) C:\Windows\system32\DRIVERS\SynTP.sys 15:35:22.0582 2852 SynTP - ok 15:35:22.0729 2852 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 15:35:22.0758 2852 SysMain - ok 15:35:22.0942 2852 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 15:35:22.0959 2852 TabletInputService - ok 15:35:22.0982 2852 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 15:35:23.0013 2852 TapiSrv - ok 15:35:23.0028 2852 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 15:35:23.0059 2852 TBS - ok 15:35:23.0232 2852 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 15:35:23.0264 2852 Tcpip - ok 15:35:23.0397 2852 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 15:35:23.0427 2852 TCPIP6 - ok 15:35:23.0511 2852 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 15:35:23.0543 2852 tcpipreg - ok 15:35:23.0588 2852 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 15:35:23.0601 2852 TDPIPE - ok 15:35:23.0657 2852 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 15:35:23.0673 2852 TDTCP - ok 15:35:23.0732 2852 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 15:35:23.0766 2852 tdx - ok 15:35:23.0823 2852 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 15:35:23.0839 2852 TermDD - ok 15:35:23.0926 2852 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 15:35:23.0960 2852 TermService - ok 15:35:24.0012 2852 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 15:35:24.0028 2852 Themes - ok 15:35:24.0085 2852 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 15:35:24.0119 2852 THREADORDER - ok 15:35:24.0135 2852 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 15:35:24.0166 2852 TrkWks - ok 15:35:24.0273 2852 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 15:35:24.0307 2852 TrustedInstaller - ok 15:35:24.0365 2852 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 15:35:24.0392 2852 tssecsrv - ok 15:35:24.0446 2852 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 15:35:24.0458 2852 TsUsbFlt - ok 15:35:24.0531 2852 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 15:35:24.0563 2852 tunnel - ok 15:35:24.0591 2852 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys 15:35:24.0599 2852 TurboB - ok 15:35:24.0682 2852 TurboBoost (b206be1174d5964d49a56bb6c4e0524a) C:\Program Files\Intel\TurboBoost\TurboBoost.exe 15:35:24.0694 2852 TurboBoost - ok 15:35:24.0739 2852 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 15:35:24.0754 2852 uagp35 - ok 15:35:24.0823 2852 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 15:35:24.0854 2852 udfs - ok 15:35:24.0907 2852 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 15:35:24.0923 2852 UI0Detect - ok 15:35:24.0978 2852 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 15:35:24.0994 2852 uliagpkx - ok 15:35:25.0012 2852 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 15:35:25.0023 2852 umbus - ok 15:35:25.0040 2852 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 15:35:25.0052 2852 UmPass - ok 15:35:25.0112 2852 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll 15:35:25.0130 2852 UmRdpService - ok 15:35:25.0155 2852 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 15:35:25.0187 2852 upnphost - ok 15:35:25.0246 2852 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys 15:35:25.0262 2852 USBAAPL64 - ok 15:35:25.0321 2852 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 15:35:25.0339 2852 usbccgp - ok 15:35:25.0361 2852 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 15:35:25.0376 2852 usbcir - ok 15:35:25.0395 2852 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys 15:35:25.0406 2852 usbehci - ok 15:35:25.0433 2852 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 15:35:25.0446 2852 usbhub - ok 15:35:25.0465 2852 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 15:35:25.0476 2852 usbohci - ok 15:35:25.0538 2852 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 15:35:25.0554 2852 usbprint - ok 15:35:25.0606 2852 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 15:35:25.0626 2852 usbscan - ok 15:35:25.0642 2852 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 15:35:25.0654 2852 USBSTOR - ok 15:35:25.0671 2852 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 15:35:25.0682 2852 usbuhci - ok 15:35:25.0764 2852 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys 15:35:25.0781 2852 usbvideo - ok 15:35:25.0834 2852 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 15:35:25.0868 2852 UxSms - ok 15:35:25.0918 2852 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 15:35:25.0930 2852 VaultSvc - ok 15:35:25.0993 2852 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 15:35:26.0009 2852 vdrvroot - ok 15:35:26.0090 2852 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 15:35:26.0127 2852 vds - ok 15:35:26.0186 2852 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 15:35:26.0199 2852 vga - ok 15:35:26.0218 2852 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 15:35:26.0247 2852 VgaSave - ok 15:35:26.0272 2852 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 15:35:26.0283 2852 vhdmp - ok 15:35:26.0300 2852 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 15:35:26.0310 2852 viaide - ok 15:35:26.0333 2852 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys 15:35:26.0344 2852 vmbus - ok 15:35:26.0358 2852 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys 15:35:26.0370 2852 VMBusHID - ok 15:35:26.0386 2852 vmci - ok 15:35:26.0389 2852 VMnetAdapter - ok 15:35:26.0410 2852 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 15:35:26.0421 2852 volmgr - ok 15:35:26.0483 2852 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 15:35:26.0497 2852 volmgrx - ok 15:35:26.0564 2852 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 15:35:26.0577 2852 volsnap - ok 15:35:26.0608 2852 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 15:35:26.0627 2852 vsmraid - ok 15:35:26.0764 2852 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 15:35:26.0805 2852 VSS - ok 15:35:27.0037 2852 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 15:35:27.0053 2852 vwifibus - ok 15:35:27.0071 2852 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 15:35:27.0085 2852 vwififlt - ok 15:35:27.0100 2852 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 15:35:27.0115 2852 vwifimp - ok 15:35:27.0188 2852 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 15:35:27.0220 2852 W32Time - ok 15:35:27.0234 2852 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 15:35:27.0246 2852 WacomPen - ok 15:35:27.0296 2852 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 15:35:27.0324 2852 WANARP - ok 15:35:27.0331 2852 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 15:35:27.0359 2852 Wanarpv6 - ok 15:35:27.0451 2852 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 15:35:27.0475 2852 WatAdminSvc - ok 15:35:27.0616 2852 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 15:35:27.0640 2852 wbengine - ok 15:35:27.0840 2852 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 15:35:27.0857 2852 WbioSrvc - ok 15:35:27.0929 2852 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 15:35:27.0949 2852 wcncsvc - ok 15:35:27.0965 2852 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 15:35:27.0978 2852 WcsPlugInService - ok 15:35:28.0045 2852 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 15:35:28.0057 2852 Wd - ok 15:35:28.0107 2852 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 15:35:28.0125 2852 Wdf01000 - ok 15:35:28.0143 2852 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 15:35:28.0160 2852 WdiServiceHost - ok 15:35:28.0163 2852 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 15:35:28.0179 2852 WdiSystemHost - ok 15:35:28.0242 2852 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 15:35:28.0262 2852 WebClient - ok 15:35:28.0284 2852 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 15:35:28.0315 2852 Wecsvc - ok 15:35:28.0331 2852 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 15:35:28.0361 2852 wercplsupport - ok 15:35:28.0380 2852 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 15:35:28.0411 2852 WerSvc - ok 15:35:28.0463 2852 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 15:35:28.0502 2852 WfpLwf - ok 15:35:28.0544 2852 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys 15:35:28.0561 2852 WimFltr - ok 15:35:28.0573 2852 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 15:35:28.0583 2852 WIMMount - ok 15:35:28.0586 2852 WinHttpAutoProxySvc - ok 15:35:28.0704 2852 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 15:35:28.0739 2852 Winmgmt - ok 15:35:28.0936 2852 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 15:35:28.0981 2852 WinRM - ok 15:35:29.0198 2852 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 15:35:29.0211 2852 WinUsb - ok 15:35:29.0316 2852 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 15:35:29.0343 2852 Wlansvc - ok 15:35:29.0365 2852 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 15:35:29.0375 2852 WmiAcpi - ok 15:35:29.0487 2852 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 15:35:29.0502 2852 wmiApSrv - ok 15:35:29.0605 2852 WMPNetworkSvc - ok 15:35:29.0619 2852 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 15:35:29.0635 2852 WPCSvc - ok 15:35:29.0692 2852 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 15:35:29.0709 2852 WPDBusEnum - ok 15:35:29.0757 2852 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 15:35:29.0794 2852 ws2ifsl - ok 15:35:29.0827 2852 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys 15:35:29.0848 2852 WSDPrintDevice - ok 15:35:29.0851 2852 WSearch - ok 15:35:30.0037 2852 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll 15:35:30.0073 2852 wuauserv - ok 15:35:30.0317 2852 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 15:35:30.0345 2852 WudfPf - ok 15:35:30.0384 2852 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 15:35:30.0414 2852 WUDFRd - ok 15:35:30.0471 2852 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 15:35:30.0503 2852 wudfsvc - ok 15:35:30.0567 2852 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 15:35:30.0586 2852 WwanSvc - ok 15:35:30.0682 2852 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl 15:35:30.0695 2852 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} - ok 15:35:30.0713 2852 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 15:35:31.0028 2852 \Device\Harddisk0\DR0 - ok 15:35:31.0032 2852 Boot (0x1200) (47a2b6601a482770db82e6c7c1fb0314) \Device\Harddisk0\DR0\Partition0 15:35:31.0034 2852 \Device\Harddisk0\DR0\Partition0 - ok 15:35:31.0062 2852 Boot (0x1200) (55d86f776e8bcfec33b424e6fe457015) \Device\Harddisk0\DR0\Partition1 15:35:31.0063 2852 \Device\Harddisk0\DR0\Partition1 - ok 15:35:31.0064 2852 ============================================================ 15:35:31.0064 2852 Scan finished 15:35:31.0064 2852 ============================================================ 15:35:31.0071 2344 Detected object count: 5 15:35:31.0071 2344 Actual detected object count: 5 15:35:41.0377 2344 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user 15:35:41.0377 2344 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:35:41.0377 2344 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 15:35:41.0378 2344 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:35:41.0378 2344 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 15:35:41.0379 2344 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:35:41.0380 2344 sptd ( LockedFile.Multi.Generic ) - skipped by user 15:35:41.0380 2344 sptd ( LockedFile.Multi.Generic ) - User select action: Skip 15:35:41.0381 2344 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user 15:35:41.0381 2344 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:35:46.0709 3540 Deinitialize success
  9. fyzhix
    OTL logfile created on: 7/13/2012 3:16:48 PM - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Jon\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 7.99 Gb Total Physical Memory | 5.91 Gb Available Physical Memory | 73.99% Memory free 15.98 Gb Paging File | 13.63 Gb Available in Paging File | 85.32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451.07 Gb Total Space | 115.00 Gb Free Space | 25.49% Space Free | Partition Type: NTFS Computer Name: FYZHIX | User Name: Jon | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2012/07/13 15:15:59 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Jon\Downloads\OTL.exe PRC - [2012/07/05 16:39:23 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2012/06/23 21:50:22 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012/04/04 01:53:56 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe PRC - [2012/03/28 21:54:08 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe PRC - [2011/12/24 02:05:21 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe PRC - [2010/04/01 05:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe PRC - [2010/02/11 12:56:00 | 000,415,040 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe PRC - [2010/02/11 12:53:00 | 000,660,800 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe PRC - [2009/12/29 17:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe PRC - [2009/10/15 04:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe PRC - [2009/06/24 17:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe PRC - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe PRC - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe PRC - [2009/02/24 16:47:06 | 000,143,360 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe ========== Modules (No Company Name) ========== MOD - [2012/07/05 16:39:20 | 020,313,384 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll MOD - [2012/07/05 16:39:12 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll MOD - [2012/07/05 16:39:12 | 000,895,312 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll MOD - [2012/07/05 16:39:12 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll MOD - [2012/07/05 16:39:12 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll MOD - [2012/06/23 21:50:21 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012/05/10 03:30:01 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012/05/10 03:29:57 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012/05/10 03:29:51 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010/11/20 08:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL MOD - [2010/11/20 08:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll MOD - [2010/02/11 12:56:00 | 000,415,040 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe MOD - [2010/02/11 12:53:00 | 000,234,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll MOD - [2010/02/11 12:53:00 | 000,128,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll MOD - [2010/02/11 12:53:00 | 000,121,152 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll MOD - [2010/02/11 12:53:00 | 000,111,936 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll MOD - [2010/02/11 12:53:00 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll MOD - [2010/02/11 12:53:00 | 000,075,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll MOD - [2010/02/11 12:52:00 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll MOD - [2009/10/15 04:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe MOD - [2009/02/27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService) SRV:64bit: - [2012/04/10 23:07:31 | 006,746,280 | ---- | M] (Prevx) [Auto | Running] -- C:\Program Files\Prevx\prevx.exe -- (CSIScanner) SRV:64bit: - [2012/04/04 13:51:56 | 000,032,400 | ---- | M] () [Auto | Running] -- C:\Program Files\UCT\HDR Express\HDRExpressService.exe -- (HDRExpressService) SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2011/11/09 23:11:32 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010/01/20 16:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe -- (STacSV) SRV:64bit: - [2009/11/02 13:48:18 | 000,126,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2009/09/21 16:24:40 | 001,420,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel® SRV:64bit: - [2009/09/21 16:03:06 | 000,315,664 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2009/09/21 16:00:44 | 000,831,760 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel® SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009/03/02 14:42:00 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe -- (AESTFilters) SRV:64bit: - [2007/02/12 04:43:00 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH) SRV - [2012/07/11 23:48:54 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/07/05 16:39:23 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012/06/23 21:50:21 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/03/28 21:54:08 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc) SRV - [2010/10/08 15:51:29 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010/05/27 13:20:53 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist) SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010/02/11 12:53:00 | 000,660,800 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService) SRV - [2010/01/20 16:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe -- (STacSV) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/06/05 20:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) SRV - [2009/03/02 14:42:00 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe -- (AESTFilters) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/04/10 23:07:32 | 000,065,736 | ---- | M] (Prevx) [File_System | System | Running] -- C:\Windows\SysNative\drivers\pxrts.sys -- (pxrts) DRV:64bit: - [2012/04/10 23:07:32 | 000,036,384 | ---- | M] (Prevx) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pxscan.sys -- (pxscan) DRV:64bit: - [2012/04/10 23:07:31 | 000,024,024 | ---- | M] (Prevx) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pxkbf.sys -- (pxkbf) DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/11/09 23:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2011/11/09 23:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011/11/09 22:12:44 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/10/08 00:41:53 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010/04/08 04:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010/01/20 16:10:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2009/11/13 02:42:52 | 000,074,272 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdgx64.sys -- (O2MDGRDR) DRV:64bit: - [2009/11/02 13:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2009/10/29 06:02:48 | 000,299,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009/09/17 14:33:00 | 000,023,912 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Acceler.sys -- (Acceler) DRV:64bit: - [2009/09/15 12:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel® DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009/07/09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009/06/15 14:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2009/12/29 17:35:40 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/05/27 12:31:11] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl -- ({1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0E937946-F307-4D87-B8EC-7264358E0E93} IE:64bit: - HKLM\..\SearchScopes\{0E937946-F307-4D87-B8EC-7264358E0E93}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {F36BF7D4-67A4-4797-965A-DAA94CECC552} IE - HKLM\..\SearchScopes\{F36BF7D4-67A4-4797-965A-DAA94CECC552}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {F36BF7D4-67A4-4797-965A-DAA94CECC552} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {F36BF7D4-67A4-4797-965A-DAA94CECC552} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-13878151-3475214259-3496771340-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/23 IE - HKU\S-1-5-21-13878151-3475214259-3496771340-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie IE - HKU\S-1-5-21-13878151-3475214259-3496771340-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie'>http://www.google.com/ie IE - HKU\S-1-5-21-13878151-3475214259-3496771340-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-13878151-3475214259-3496771340-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://my.olg.ca/dana-na/auth/url_default/welcome.cgi IE - HKU\S-1-5-21-13878151-3475214259-3496771340-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie IE - HKU\S-1-5-21-13878151-3475214259-3496771340-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie IE - HKU\S-1-5-21-13878151-3475214259-3496771340-1001\..\SearchScopes,DefaultScope = {06BBA5A7-DF97-455E-897A-DE1D33E6B3F2} IE - HKU\S-1-5-21-13878151-3475214259-3496771340-1001\..\SearchScopes\{06BBA5A7-DF97-455E-897A-DE1D33E6B3F2}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-13878151-3475214259-3496771340-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear IE - HKU\S-1-5-21-13878151-3475214259-3496771340-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-13878151-3475214259-3496771340-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Jon\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Jon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Jon\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jon\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jon\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/08/28 16:46:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/04/17 12:39:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/23 21:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/05 18:53:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/06/22 19:09:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/05/17 20:26:17 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/23 21:50:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/05 18:53:57 | 000,000,000 | ---D | M] [2010/06/05 01:20:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon\AppData\Roaming\Mozilla\Extensions [2010/06/05 01:07:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012/07/05 16:54:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\gk0r17dz.default\extensions [2012/01/09 20:59:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/04/17 12:39:40 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES (X86)\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN [2012/07/05 16:54:31 | 000,743,290 | ---- | M] () (No name found) -- C:\USERS\JON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GK0R17DZ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012/05/05 12:26:06 | 000,035,695 | ---- | M] () (No name found) -- C:\USERS\JON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GK0R17DZ.DEFAULT\EXTENSIONS\FACEBOOK@DISCONNECT.ME.XPI [2012/06/23 21:50:22 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010/06/05 01:26:04 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2011/05/04 23:40:47 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011/11/08 20:58:15 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - homepage: http://g.msn.com/USCON/23 CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://g.msn.com/USCON/23 CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jon\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Jon\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jon\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Jon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Jon\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\Jon\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Jon\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Dark abstract theme = C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnneafiffajmgfkidbdfpfkehpodbhkd\1.2_0\ CHR - Extension: Downloads = C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfchnphgogjhineanplmfkofljiagjfb\1_0\ CHR - Extension: Gmail = C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [intelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-13878151-3475214259-3496771340-1001..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-13878151-3475214259-3496771340-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-13878151-3475214259-3496771340-1001..\Run: [steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4:64bit: - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell) O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O4 - Startup: C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1 O7 - HKU\S-1-5-21-13878151-3475214259-3496771340-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} https://my.olg.ca/,DanaInfo=OLGCTOR03.ent.ad.mre,ST=1+/dwa85W.cab (IBM Lotus iNotes 8.5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{592560D1-F2F9-4783-A21A-244096A5A365}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O35 - HKU\S-1-5-21-13878151-3475214259-3496771340-1001..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "%1" %* O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "%1" %* O37 - HKU\S-1-5-21-13878151-3475214259-3496771340-1001\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/07/13 10:59:42 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [2012/07/12 19:56:34 | 000,000,000 | ---D | C] -- C:\Users\Jon\Desktop\Untitled Export [2012/07/12 19:02:32 | 000,000,000 | ---D | C] -- C:\Users\Jon\Documents\Adobe [2012/07/12 18:51:30 | 000,000,000 | ---D | C] -- C:\Users\Jon\Desktop\Adobe [2012/07/11 01:38:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DeepSkyStacker [2012/07/11 01:38:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DeepSkyStacker [2012/07/07 08:33:41 | 000,000,000 | ---D | C] -- C:\Users\Jon\Documents\Astronomy Tools [2012/07/07 08:33:22 | 000,000,000 | ---D | C] -- C:\Users\Jon\Desktop\New Folder [2012/07/07 07:45:43 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Stellarium [2012/07/07 07:45:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellarium [2012/07/07 07:45:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stellarium [2012/07/05 18:55:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle [2012/07/04 19:32:19 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2012/06/20 19:10:38 | 000,000,000 | ---D | C] -- C:\Users\Jon\Documents\Pay stubs [2012/06/19 22:09:05 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RegiStax 5 [2012/06/19 22:09:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegiStax 5_1 [2012/06/15 03:07:43 | 000,000,000 | ---D | C] -- C:\Users\Jon\Logitech [2012/06/15 03:07:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Remote Control Software Common [2012/06/15 03:07:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2012/06/15 03:06:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech [2012/06/15 03:06:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Remote Control USB Driver [2012/06/14 14:16:21 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\Macromedia [3 C:\Users\Jon\Documents\*.tmp files -> C:\Users\Jon\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/07/13 14:58:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-13878151-3475214259-3496771340-1001UA.job [2012/07/13 14:49:03 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/07/13 14:49:03 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/07/13 14:47:08 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/07/13 14:44:23 | 000,717,324 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/07/13 14:44:23 | 000,621,742 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/07/13 14:44:23 | 000,108,792 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/07/13 14:37:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/07/13 14:37:00 | 2138,447,871 | -HS- | M] () -- C:\hiberfil.sys [2012/07/13 14:35:06 | 000,249,623 | ---- | M] () -- C:\Users\Jon\Desktop\tumblr_m710oxajQl1qhhq9ro1_1280.jpg [2012/07/13 14:17:48 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/07/12 19:44:03 | 000,110,673 | ---- | M] () -- C:\Users\Jon\Desktop\milky-way-EDIT.jpg [2012/07/12 19:44:03 | 000,001,456 | ---- | M] () -- C:\Users\Jon\AppData\Local\Adobe Save for Web 12.0 Prefs [2012/07/12 18:58:38 | 000,002,069 | ---- | M] () -- C:\Users\Public\Desktop\Lightroom 4.1 64-bit.lnk [2012/07/12 17:59:21 | 000,002,389 | ---- | M] () -- C:\Users\Jon\Desktop\Google Chrome.lnk [2012/07/12 17:58:01 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-13878151-3475214259-3496771340-1001Core.job [2012/07/12 15:07:47 | 000,035,231 | ---- | M] () -- C:\Users\Jon\Desktop\enhanced-buzz-22028-1341865646-1.jpg [2012/07/12 13:04:57 | 000,128,524 | ---- | M] () -- C:\Users\Jon\Desktop\_MG_2862.jpg [2012/07/12 12:50:30 | 000,135,792 | ---- | M] () -- C:\Users\Jon\Desktop\_MG_2881.jpg [2012/07/12 12:34:43 | 000,160,140 | ---- | M] () -- C:\Users\Jon\Desktop\_MG_2660.jpg [2012/07/12 12:23:57 | 000,146,034 | ---- | M] () -- C:\Users\Jon\Desktop\_MG_2671.jpg [2012/07/11 22:58:21 | 000,153,906 | ---- | M] () -- C:\Users\Jon\Desktop\_MG_2921.jpg [2012/07/11 22:52:51 | 000,177,000 | ---- | M] () -- C:\Users\Jon\Desktop\_MG_2913.jpg [2012/07/11 22:44:52 | 000,214,610 | ---- | M] () -- C:\Users\Jon\Desktop\_MG_2884.jpg [2012/07/11 22:37:18 | 000,195,454 | ---- | M] () -- C:\Users\Jon\Desktop\_MG_2901.jpg [2012/07/11 22:30:51 | 000,164,047 | ---- | M] () -- C:\Users\Jon\Desktop\_MG_2854.jpg [2012/07/11 22:26:01 | 000,217,048 | ---- | M] () -- C:\Users\Jon\Desktop\_MG_2870.jpg [2012/07/11 15:35:43 | 000,160,994 | ---- | M] () -- C:\Users\Jon\Desktop\_MG_2886.jpg [2012/07/11 11:36:31 | 005,194,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/07/11 01:38:29 | 000,002,591 | ---- | M] () -- C:\Users\Public\Desktop\DeepSkyStacker.lnk [2012/07/09 07:56:10 | 000,069,170 | ---- | M] () -- C:\Users\Jon\Documents\Deep Sky Stacker.pdf [2012/07/09 07:43:56 | 000,845,758 | ---- | M] () -- C:\Users\Jon\Documents\DSS Le nebulose IC405 e IC 410 in Auriga.pdf [2012/07/09 07:41:24 | 000,997,615 | ---- | M] () -- C:\Users\Jon\Documents\My Quick DeepSkyStacker Tutorial « Flintstone Stargazing.pdf [2012/07/08 22:22:57 | 000,667,857 | ---- | M] () -- C:\Users\Jon\Desktop\hdr-2637-2639.jpg [2012/07/08 22:07:16 | 000,209,128 | ---- | M] () -- C:\Users\Jon\Desktop\_MG_2649.jpg [2012/07/08 14:07:11 | 001,192,175 | ---- | M] () -- C:\Users\Jon\Desktop\forest-1.jpg [2012/07/07 07:45:31 | 000,001,929 | ---- | M] () -- C:\Users\Public\Desktop\Stellarium.lnk [2012/07/07 05:22:58 | 000,053,696 | ---- | M] () -- C:\Users\Jon\Desktop\_MG_2614.jpg [2012/07/06 17:28:02 | 000,108,071 | ---- | M] () -- C:\Users\Jon\Desktop\_MG_2613.jpg [2012/07/05 21:25:45 | 000,138,588 | ---- | M] () -- C:\Users\Jon\Documents\jen - flihjt.pdf [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/06/22 22:32:28 | 000,076,234 | ---- | M] () -- C:\Users\Jon\Documents\Astronomy Receipt.pdf [2012/06/22 12:46:30 | 001,311,928 | ---- | M] () -- C:\Users\Jon\Documents\Cindy.jpg [2012/06/19 22:09:05 | 000,001,077 | ---- | M] () -- C:\Users\Jon\Desktop\RegiStax 5.1 .lnk [2012/06/15 03:07:38 | 000,002,359 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Harmony Remote Software 7.lnk [3 C:\Users\Jon\Documents\*.tmp files -> C:\Users\Jon\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/07/13 14:37:20 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U\00000008.@ [2012/07/13 14:37:19 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\L\00000004.@ [2012/07/13 14:36:52 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U\80000000.@ [2012/07/13 14:36:52 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U\00000004.@ [2012/07/13 14:33:14 | 000,249,623 | ---- | C] () -- C:\Users\Jon\Desktop\tumblr_m710oxajQl1qhhq9ro1_1280.jpg [2012/07/12 19:44:02 | 000,110,673 | ---- | C] () -- C:\Users\Jon\Desktop\milky-way-EDIT.jpg [2012/07/12 18:58:38 | 000,002,077 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 4.1 64-bit.lnk [2012/07/12 18:58:38 | 000,002,069 | ---- | C] () -- C:\Users\Public\Desktop\Lightroom 4.1 64-bit.lnk [2012/07/12 15:07:46 | 000,035,231 | ---- | C] () -- C:\Users\Jon\Desktop\enhanced-buzz-22028-1341865646-1.jpg [2012/07/12 13:04:56 | 000,128,524 | ---- | C] () -- C:\Users\Jon\Desktop\_MG_2862.jpg [2012/07/12 12:50:29 | 000,135,792 | ---- | C] () -- C:\Users\Jon\Desktop\_MG_2881.jpg [2012/07/12 12:34:43 | 000,160,140 | ---- | C] () -- C:\Users\Jon\Desktop\_MG_2660.jpg [2012/07/12 12:23:57 | 000,146,034 | ---- | C] () -- C:\Users\Jon\Desktop\_MG_2671.jpg [2012/07/11 22:58:20 | 000,153,906 | ---- | C] () -- C:\Users\Jon\Desktop\_MG_2921.jpg [2012/07/11 22:52:50 | 000,177,000 | ---- | C] () -- C:\Users\Jon\Desktop\_MG_2913.jpg [2012/07/11 22:44:51 | 000,214,610 | ---- | C] () -- C:\Users\Jon\Desktop\_MG_2884.jpg [2012/07/11 22:37:17 | 000,195,454 | ---- | C] () -- C:\Users\Jon\Desktop\_MG_2901.jpg [2012/07/11 22:30:50 | 000,164,047 | ---- | C] () -- C:\Users\Jon\Desktop\_MG_2854.jpg [2012/07/11 22:26:00 | 000,217,048 | ---- | C] () -- C:\Users\Jon\Desktop\_MG_2870.jpg [2012/07/11 15:35:42 | 000,160,994 | ---- | C] () -- C:\Users\Jon\Desktop\_MG_2886.jpg [2012/07/11 01:38:29 | 000,002,591 | ---- | C] () -- C:\Users\Public\Desktop\DeepSkyStacker.lnk [2012/07/09 07:56:16 | 000,069,170 | ---- | C] () -- C:\Users\Jon\Documents\Deep Sky Stacker.pdf [2012/07/09 07:44:29 | 000,845,758 | ---- | C] () -- C:\Users\Jon\Documents\DSS Le nebulose IC405 e IC 410 in Auriga.pdf [2012/07/09 07:41:30 | 000,997,615 | ---- | C] () -- C:\Users\Jon\Documents\My Quick DeepSkyStacker Tutorial « Flintstone Stargazing.pdf [2012/07/08 22:22:56 | 000,667,857 | ---- | C] () -- C:\Users\Jon\Desktop\hdr-2637-2639.jpg [2012/07/08 22:07:16 | 000,209,128 | ---- | C] () -- C:\Users\Jon\Desktop\_MG_2649.jpg [2012/07/08 14:07:10 | 001,192,175 | ---- | C] () -- C:\Users\Jon\Desktop\forest-1.jpg [2012/07/07 07:45:31 | 000,001,929 | ---- | C] () -- C:\Users\Public\Desktop\Stellarium.lnk [2012/07/07 05:22:57 | 000,053,696 | ---- | C] () -- C:\Users\Jon\Desktop\_MG_2614.jpg [2012/07/06 17:28:02 | 000,108,071 | ---- | C] () -- C:\Users\Jon\Desktop\_MG_2613.jpg [2012/07/05 21:25:58 | 000,138,588 | ---- | C] () -- C:\Users\Jon\Documents\jen - flihjt.pdf [2012/07/04 19:25:51 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U\80000064.@ [2012/07/04 19:25:41 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U\000000cb.@ [2012/06/22 22:32:39 | 000,076,234 | ---- | C] () -- C:\Users\Jon\Documents\Astronomy Receipt.pdf [2012/06/22 12:46:27 | 001,311,928 | ---- | C] () -- C:\Users\Jon\Documents\Cindy.jpg [2012/06/19 22:09:05 | 000,001,077 | ---- | C] () -- C:\Users\Jon\Desktop\RegiStax 5.1 .lnk [2012/06/15 03:07:38 | 000,002,359 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Harmony Remote Software 7.lnk [2012/05/20 20:25:13 | 000,003,584 | ---- | C] () -- C:\Users\Jon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/01/11 09:19:17 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\@ [2012/01/11 09:19:17 | 000,002,048 | -HS- | C] () -- C:\Users\Jon\AppData\Local\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\@ [2011/11/09 23:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll [2011/11/09 23:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011/11/09 22:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2011/11/09 22:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011/09/12 19:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011/01/07 17:09:21 | 000,726,950 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010/11/17 01:18:13 | 000,000,032 | ---- | C] () -- C:\Users\Jon\AppData\Roaming\mintinlu [2010/11/12 16:20:11 | 000,000,333 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2010/11/12 16:20:11 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini [2010/11/12 16:19:48 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010/11/12 16:19:48 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7840W.DAT [2010/11/12 16:18:27 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll [2010/11/12 16:18:27 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2010/11/12 16:18:26 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2010/11/12 16:18:19 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL [2010/11/12 16:18:12 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI [2010/08/04 19:23:59 | 000,010,752 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll [2010/06/19 20:31:29 | 000,001,456 | ---- | C] () -- C:\Users\Jon\AppData\Local\Adobe Save for Web 12.0 Prefs [2010/06/05 23:11:55 | 000,007,605 | ---- | C] () -- C:\Users\Jon\AppData\Local\Resmon.ResmonCfg ========== LOP Check ========== [2011/08/28 17:44:28 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\onOne Software [2011/08/28 17:44:28 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\onOne Software [2012/05/22 13:34:31 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\3D RealityMaps Viewer [2012/05/22 13:51:04 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Alpen 3D Online [2012/06/01 20:26:26 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\calibre [2010/06/07 19:50:40 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Canon [2011/10/12 17:53:27 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011/02/25 23:54:41 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\com.inm.fusion.PixtorioViewer.744790F1545733D757EA034B675902690507C2E8.1 [2011/08/10 20:55:28 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Crayon Physics Deluxe [2010/10/08 15:49:58 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\DAEMON Tools Lite [2012/06/01 21:02:13 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\eBookConverter [2010/06/19 20:32:34 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Facebook [2010/08/03 12:53:55 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Foxit Software [2010/08/04 19:21:47 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\GlobalSCAPE [2012/06/01 21:09:41 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\libimobiledevice [2012/06/01 20:14:06 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\log [2010/06/17 23:08:49 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Mask Pro 4.0 [2012/07/12 19:35:46 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\onOne Software [2012/03/13 09:10:12 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\PC-FAX TX [2012/02/02 03:43:59 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Pdfsvg [2010/07/06 23:24:10 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\PictureCode [2012/07/07 07:45:45 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Stellarium [2010/06/05 01:07:00 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Thunderbird [2012/06/01 20:33:23 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\uTorrent [2012/07/13 14:24:55 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Extras logfile created on: 7/13/2012 3:16:48 PM - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Jon\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 7.99 Gb Total Physical Memory | 5.91 Gb Available Physical Memory | 73.99% Memory free 15.98 Gb Paging File | 13.63 Gb Available in Paging File | 85.32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451.07 Gb Total Space | 115.00 Gb Free Space | 25.49% Space Free | Partition Type: NTFS Computer Name: FYZHIX | User Name: Jon | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>] [HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>] [HKEY_USERS\S-1-5-21-13878151-3475214259-3496771340-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0611B3CC-B5DB-4B93-ACE4-97B8F938E6B7}" = 64 Bit HP CIO Components Installer "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{26A24AE4-039D-4CA4-87B4-2F86416018FF}" = Java 6 Update 18 (64-bit) "{2D7ED2A0-9553-412B-939F-D6E0AEB2ABE1}" = ISO Recorder "{35A50BE1-FDD7-4FC7-CCE5-03D2A63D4CF4}" = AMD Catalyst Install Manager "{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel® Turbo Boost Technology Monitor "{3C32C938-3071-BEF0-1EA5-403A420031A0}" = ccc-utility64 "{3F372A41-8007-012F-F5AE-685F588FC897}" = AMD Media Foundation Decoders "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64 "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64 "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel® PROSet/Wireless WiFi Software "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{F20BB80C-4979-65A2-92A3-AA9A12C664AA}" = ATI AVIVO64 Codecs "{F325B47E-7592-7556-52F6-3D3D3842A028}" = ccc-utility64 "{F7ADB493-B913-4D61-9A63-DA736C20C3F2}" = Adobe Photoshop Lightroom 4.1 64-bit "6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager "CutePDF Writer Installation" = CutePDF Writer 2.8 "Microsoft Security Client" = Microsoft Security Essentials "PCSI" = Prevx "ProInst" = Intel PROSet Wireless "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinRAR archiver" = WinRAR archiver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{05886DF5-4816-0808-67D3-CC7583FF2412}" = CCC Help Spanish "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0B41DC4A-DF1E-949F-5665-31483F2C72F4}" = Catalyst Control Center Graphics Previews Vista "{0D961826-E722-B86D-7BA7-AA70A0B110C5}" = Catalyst Control Center Graphics Previews Common "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0EA3F981-CC0C-E079-726E-CD0F7D23F2AA}" = Catalyst Control Center Localization All "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{10CE3DC0-A77E-7661-13F4-25D30BC113B2}" = Catalyst Control Center Graphics Full New "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{1204CCB8-9A7D-3375-C8E0-6A4FA16A4036}" = CCC Help Chinese Traditional "{18435829-4E75-4CD1-9796-A62DBBAE2ED7}" = DeepSkyStacker "{1C11FFE1-50D3-B755-A8A7-8363385B4CA3}" = CCC Help Danish "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{21B8371C-9EBA-2CB4-E0A2-9DF0C4A074EC}" = Catalyst Control Center Core Implementation "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2461E016-9FB4-B233-A74D-91D11A664342}" = CCC Help English "{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2 "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 29 "{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java 7 Update 5 "{27A21358-02A7-B745-ABBE-25566FE9B397}" = Catalyst Control Center Graphics Full Existing "{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64) "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{32778D4F-E904-E33E-0C48-15E672604D09}" = Catalyst Control Center InstallProxy "{3444DB77-6D7A-9553-2EE1-60D2A4D003D3}" = CCC Help German "{34842CCC-AE14-61AE-C8FB-87FAD755B483}" = CCC Help Russian "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{3D65CEB1-0709-43EB-D6CF-DB66D3FAB2D4}" = CCC Help Japanese "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite MFC-7840W "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{49F1C7D8-B6D5-448C-C9D5-F6C2E3889B16}" = CCC Help Norwegian "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CA1E8E2-B2A9-40C1-8EC4-BBCB23BAAA19}_is1" = Crayon Physics Deluxe version 55 "{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer "{51002784-18FA-8FF9-9A1A-2468E7FCA096}" = Catalyst Control Center Graphics Previews Common "{53104B7F-FE3A-B641-1E46-89870E1A63D8}" = CCC Help Chinese Standard "{59679381-3F22-4A40-A7AD-890242D74DF4}" = Perfect Photo Suite 6.1 "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7 "{5E2E222D-D776-A325-362C-B95017148AB1}" = CCC Help Dutch "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX "{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding "{6A6CD707-5B29-5069-B571-2778668C952F}" = CCC Help Finnish "{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}" = Rosetta Stone V3 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7 "{816E3C02-DABF-1354-0B98-5E153F7DF79B}" = Skins "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver "{856DC9B3-F770-9F58-E939-EBEB66C880C1}" = CCC Help Portuguese "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{975C3A93-2491-3D44-A071-F6CBF153E46D}" = Google Talk Plugin "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56904D-6C69-DA2A-F573-9F362C55CB6C}" = CCC Help Swedish "{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker "{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software "{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync "{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn "{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup "{B51C759D-20FD-A4B0-83D1-C4F45E60EC8B}" = CCC Help English "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{B862DF65-94C8-6119-1096-2B230D7A6C0E}" = ccc-core-static "{B9CB74A9-8C7C-16C1-D75A-199B4331CEC2}" = CCC Help French "{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser "{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story "{C454E7DD-A09A-6D06-7FF9-59753475FC09}" = Catalyst Pro Control Center "{CE23BD08-F6FD-3337-D8BC-5B55E69263A5}" = Catalyst Control Center InstallProxy "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D489B636-E9AB-C08A-ED7B-EA21B2D3D633}" = CCC Help Korean "{D8D2B468-8342-411A-8760-BCC362C3408F}" = Adobe Creative Suite 5.5 Master Collection "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DA109884-7CDC-5F21-5F0B-742AA74F84E1}" = Catalyst Control Center Localization All "{DDDBB2E2-D331-1DB1-7FC0-AB896FDCA8AE}" = Catalyst Control Center Graphics Light "{E19490CD-5380-4F37-B0A7-624D635605DC}" = Catalyst Control Center - Branding "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software) "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F18C2534-CE61-542B-3662-19935DB555BD}" = Pixtorio Viewer "{FB2BED9C-50ED-F5C9-1475-B6C15D21C02A}" = CCC Help Italian "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2 "Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings "Advanced Audio FX Engine" = Advanced Audio FX Engine "AlpenOnlineViewer_is1" = 3D RealityMaps Viewer 1.2.11.0 "Bejeweled 2 Deluxe" = Bejeweled 2 Deluxe "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story "com.adobe.dmp.contentviewer" = Adobe Content Viewer "com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser "com.inm.fusion.PixtorioViewer.744790F1545733D757EA034B675902690507C2E8.1" = Pixtorio Viewer "Dell Webcam Central" = Dell Webcam Central "DPP" = Canon Utilities Digital Photo Professional 3.8 "Foxit Reader" = Foxit Reader "Free ISO Creator (by minidvdsoft)_is1" = Free ISO Creator version 2.8 "Frozen Synapse_is1" = Frozen Synapse "GoToAssist" = GoToAssist 8.0.0.514 "HDR Express" = HDR Express "Machinarium" = Machinarium "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300 "Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US) "Mozilla Thunderbird 13.0.1 (x86 en-US)" = Mozilla Thunderbird 13.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "nLite_is1" = nLite 1.4.9.1 "Office14.SingleImage" = Microsoft Office Home and Student 2010 "Picasa 3" = Picasa 3 "PST Walker_is1" = PST Walker Evaluation 4.61 "QuickGamma_is1" = QuickGamma 3.0.0.1 "SendToKindle" = Amazon Send to Kindle "Steam App 400" = Portal "Steam App 620" = Portal 2 "Steam App 644" = Portal 2 Publishing Tool "Steam App 72850" = The Elder Scrolls V: Skyrim "Stellarium_is1" = Stellarium 0.11.3 "uTorrent" = µTorrent "WildTangent dell Master Uninstall" = WildTangent Games "WinLiveSuite_Wave3" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-13878151-3475214259-3496771340-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Amazon Kindle" = Amazon Kindle "Facebook Plug-In" = Facebook Plug-In "Google Chrome" = Google Chrome "RegiStax 5.1" = RegiStax 5.1 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 7/9/2012 4:04:26 PM | Computer Name = fyzhix | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 998 Error - 7/9/2012 4:04:26 PM | Computer Name = fyzhix | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 998 Error - 7/9/2012 4:04:27 PM | Computer Name = fyzhix | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 7/9/2012 4:04:27 PM | Computer Name = fyzhix | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 1996 Error - 7/9/2012 4:04:27 PM | Computer Name = fyzhix | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 1996 Error - 7/9/2012 4:04:28 PM | Computer Name = fyzhix | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 7/9/2012 4:04:28 PM | Computer Name = fyzhix | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 2995 Error - 7/9/2012 4:04:28 PM | Computer Name = fyzhix | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 2995 Error - 7/9/2012 4:04:29 PM | Computer Name = fyzhix | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 7/9/2012 4:04:29 PM | Computer Name = fyzhix | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 3993 Error - 7/9/2012 4:04:29 PM | Computer Name = fyzhix | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 3993 [ System Events ] Error - 7/13/2012 2:37:06 PM | Computer Name = fyzhix | Source = Service Control Manager | ID = 7023 Description = The Computer Browser service terminated with the following error: %%1060 Error - 7/13/2012 2:37:07 PM | Computer Name = fyzhix | Source = Service Control Manager | ID = 7003 Description = The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. Error - 7/13/2012 2:37:07 PM | Computer Name = fyzhix | Source = Service Control Manager | ID = 7003 Description = The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. Error - 7/13/2012 2:37:07 PM | Computer Name = fyzhix | Source = Service Control Manager | ID = 7023 Description = The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 Error - 7/13/2012 2:37:12 PM | Computer Name = fyzhix | Source = VDS Basic Provider | ID = 33554433 Description = Error - 7/13/2012 2:38:08 PM | Computer Name = fyzhix | Source = DCOM | ID = 10016 Description = Error - 7/13/2012 2:40:17 PM | Computer Name = fyzhix | Source = Service Control Manager | ID = 7023 Description = The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 Error - 7/13/2012 2:40:17 PM | Computer Name = fyzhix | Source = Service Control Manager | ID = 7001 Description = The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 Error - 7/13/2012 2:43:12 PM | Computer Name = fyzhix | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. Error - 7/13/2012 2:45:17 PM | Computer Name = fyzhix | Source = Service Control Manager | ID = 7022 Description = The Windows Update service hung on starting. < End of report >
  10. fyzhix
    Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.13.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Jon :: FYZHIX [administrator] 13/07/2012 2:19:50 PM mbam-log-2012-07-13 (14-19-50).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 211615 Time elapsed: 3 minute(s), 41 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully. (end)
  11. fyzhix
    Hello, I was hoping to receive some help removing the above mentioned malware which was recently found on my laptop. I've tried a number of malware removal tools and they have been unsuccessful (Malwarebytes, Prevx) along with a few guides online. I've booted into windows safe mode (and booted from a flashdrive made on a clean computer) and tried to remove the files manually in the command prompt but again, no success. TDS detected some suspicious items but the option to cure was not available. I'll post each of the scan logs as a reply to this message. Thank you
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.