Jump to content

jaysabi

Members
  • Posts

    8
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Everything went all right with the uninstall and clean up except I couldn't find bitdefender in the program list, which I thought was odd. Thank you for all your help!
  2. I have uninstalled all previous version of Java and updated Java to Version 7 update 7. I have followed the subsequent directions you listed, however under the advanced settings tab, the Java quick starter was not checked and is shaded gray. It is impossible to even check.
  3. The system seems to be running fine at the moment. Everything appears to have stabilized since the Kapersky removal. Here are the requested logs: McAfee® Labs Stinger Version 10.2.0.783 built on Sep 12 2012 Copyright © 2012 McAfee, Inc. All Rights Reserved. Virus data file v1000.0000 created on Sep 12 2012. Ready to scan for 4959 viruses, trojans and variants. Scan initiated on Wed Sep 12 14:05:43 2012 Rootkit scan result : Clean Master Boot Record(s):....1 Possibly Infected:.............0 Boot Sector(s):.................1 Possibly Infected: ............0 Number of clean files: 19515 Malwarebytes Anti-Malware (Trial) 1.65.0.1400 www.malwarebytes.org Database version: v2012.09.12.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 MJ :: MJ-PC [administrator] Protection: Enabled 9/12/2012 2:18:49 PM mbam-log-2012-09-12 (14-18-49).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 379839 Time elapsed: 48 minute(s), 42 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) QuickScan 32-bit v0.9.9.118 --------------------------- Scan date: Wed Sep 12 15:25:19 2012 Machine ID: B2B014EC No infection found. ------------------- Processes --------- AcroTray - Adobe Acrobat Distiller help 3404 C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe Adobe Acrobat Update Service 1576 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe Adobe Reader and Acrobat Manager 3336 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe APO Access Service (32-bit) 1608 C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe Brother ControlCenter 3448 C:\Program Files\ControlCenter4\BrCcUxSys.exe Brother ControlCenter 3300 C:\Program Files\ControlCenter4\BrCtrlCntr.exe Brother Status Monitor Application 3836 C:\Program Files\Browny02\Brother\BrStMonW.exe BrYNCSvc 3868 C:\Program Files\Browny02\BrYNSvc.exe Canon Advanced Printing Technology 2076 C:\Windows\System32\CAPM1RSK.EXE Canon Advanced Printing Technology 2260 C:\Windows\System32\spool\drivers\w32x86\3\CAPM1LAK.EXE Canon Advanced Printing Technology 2248 C:\Windows\System32\spool\drivers\w32x86\3\CAPM1SWK.EXE Canon Advanced Printing Technology 2516 C:\Windows\System32\spool\drivers\w32x86\3\CAPM1SWK.EXE Carbonite InfoCenter 3964 C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe Carbonite Secure Backup Engine 1632 C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe Cyberlink PowerDVD 3276 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe HD Audio Control Panel 3256 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe Intel® Common User Interface 3368 C:\Windows\System32\hkcmd.exe Intel® Common User Interface 3376 C:\Windows\System32\igfxpers.exe Intel® Common User Interface 3360 C:\Windows\System32\igfxtray.exe LMIGuardianSvc 1696 C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe LogMeIn 1784 C:\Program Files\LogMeIn\x86\LogMeIn.exe LogMeIn 1732 C:\Program Files\LogMeIn\x86\ramaint.exe Malwarebytes Anti-Malware 3060 C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe Malwarebytes Anti-Malware 3012 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe Microsoft® CoReXT 2312 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE Microsoft® CoReXT 2440 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE Microsoft® Windows Mobile® Device Cente 3324 C:\Windows\WindowsMobile\wmdcBase.exe Microsoft® Windows® Operating System 4160 C:\Program Files\Windows Media Player\wmpnetwk.exe Microsoft® Windows® Operating System 2108 C:\Windows\explorer.exe Microsoft® Windows® Operating System 496 C:\Windows\System32\csrss.exe Microsoft® Windows® Operating System 444 C:\Windows\System32\csrss.exe Microsoft® Windows® Operating System 592 C:\Windows\System32\lsass.exe Microsoft® Windows® Operating System 604 C:\Windows\System32\lsm.exe Microsoft® Windows® Operating System 584 C:\Windows\System32\services.exe Microsoft® Windows® Operating System 320 C:\Windows\System32\smss.exe Microsoft® Windows® Operating System 1448 C:\Windows\System32\spoolsv.exe Microsoft® Windows® Operating System 1832 C:\Windows\System32\taskhost.exe Microsoft® Windows® Operating System 504 C:\Windows\System32\wininit.exe Microsoft® Windows® Operating System 552 C:\Windows\System32\winlogon.exe Microsoft® Windows® Operating System 3628 C:\Windows\System32\wuauclt.exe Nuance PDF Products 3468 C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe PaperPort 1900 C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe PaperPort 3424 C:\Program Files\Nuance\PaperPort\pptd40nt.exe RAID Event Monitor 3268 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe RAID Monitor 2356 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe Software Manager 2588 C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe Symantec Security Technologies 1256 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccsvchst.exe Symantec Security Technologies 1872 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccsvchst.exe WD Drive Manager 2008 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe WD Drive Manager 3708 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe WD SmartWare 3932 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe WDSmartWareBackgroundService 384 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe Windows® Internet Explorer 2752 C:\Program Files\Internet Explorer\iexplore.exe Windows® Internet Explorer 3556 C:\Program Files\Internet Explorer\iexplore.exe Windows® Internet Explorer 1812 C:\Program Files\Internet Explorer\iexplore.exe Windows® Internet Explorer 4168 C:\Program Files\Internet Explorer\iexplore.exe Windows® Search 740 C:\Windows\System32\SearchFilterHost.exe Windows® Search 3000 C:\Windows\System32\SearchIndexer.exe Windows® Search 4936 C:\Windows\System32\SearchProtocolHost.exe (verified) LogMeIn 3308 C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (verified) Microsoft® Windows® Operating System 1836 C:\Windows\System32\dwm.exe (verified) Microsoft® Windows® Operating System 1940 C:\Windows\System32\svchost.exe (verified) Microsoft® Windows® Operating System 2812 C:\Windows\System32\svchost.exe (verified) Microsoft® Windows® Operating System 1148 C:\Windows\System32\svchost.exe (verified) Microsoft® Windows® Operating System 972 C:\Windows\System32\svchost.exe (verified) Microsoft® Windows® Operating System 1264 C:\Windows\System32\svchost.exe (verified) Microsoft® Windows® Operating System 936 C:\Windows\System32\svchost.exe (verified) Microsoft® Windows® Operating System 716 C:\Windows\System32\svchost.exe (verified) Microsoft® Windows® Operating System 3552 C:\Windows\System32\svchost.exe (verified) Microsoft® Windows® Operating System 1476 C:\Windows\System32\svchost.exe (verified) Microsoft® Windows® Operating System 888 C:\Windows\System32\svchost.exe (verified) Microsoft® Windows® Operating System 3848 C:\Windows\System32\svchost.exe (verified) Microsoft® Windows® Operating System 792 C:\Windows\System32\svchost.exe (verified) Microsoft® Windows® Operating System 3900 C:\Windows\System32\svchost.exe Network activity ---------------- Process svchost.exe (1264) connected on port 80 (HTTP) --> 77.67.86.152 Process LogMeIn.exe (1784) connected on port 443 (HTTP over SSL) --> 64.74.103.130 Process iexplore.exe (1812) connected on port 80 (HTTP) --> 184.51.156.155 Process iexplore.exe (1812) connected on port 80 (HTTP) --> 184.51.156.155 Process iexplore.exe (1812) connected on port 80 (HTTP) --> 184.51.156.155 Process iexplore.exe (1812) connected on port 80 (HTTP) --> 184.51.156.155 Process iexplore.exe (1812) connected on port 80 (HTTP) --> 184.51.156.155 Process iexplore.exe (1812) connected on port 80 (HTTP) --> 184.51.156.155 Process iexplore.exe (1812) connected on port 80 (HTTP) --> 184.51.156.155 Process iexplore.exe (1812) connected on port 80 (HTTP) --> 69.171.237.32 Process iexplore.exe (1812) connected on port 80 (HTTP) --> 69.171.237.32 Process iexplore.exe (1812) connected on port 80 (HTTP) --> 69.171.237.32 Process iexplore.exe (1812) connected on port 80 (HTTP) --> 184.51.156.162 Process iexplore.exe (1812) connected on port 80 (HTTP) --> 184.51.156.162 Process iexplore.exe (1812) connected on port 80 (HTTP) --> 184.51.156.162 Process iexplore.exe (1812) connected on port 80 (HTTP) --> 184.51.156.162 Process iexplore.exe (1812) connected on port 80 (HTTP) --> 77.67.86.107 Process iexplore.exe (1812) connected on port 80 (HTTP) --> 77.67.86.107 Process iexplore.exe (1812) connected on port 80 (HTTP) --> 23.60.95.139 Process iexplore.exe (1812) connected on port 80 (HTTP) --> 23.60.95.139 Process iexplore.exe (1812) connected on port 80 (HTTP) --> 72.21.81.253 Process iexplore.exe (1812) connected on port 80 (HTTP) --> 74.125.225.109 Process iexplore.exe (1812) connected on port 80 (HTTP) --> 74.125.225.109 Process iexplore.exe (1812) connected on port 80 (HTTP) --> 74.125.225.102 Process iexplore.exe (1812) connected on port 80 (HTTP) --> 74.125.225.102 Process iexplore.exe (1812) connected on port 80 (HTTP) --> 74.125.225.57 Process iexplore.exe (1812) connected on port 80 (HTTP) --> 74.125.225.57 Process iexplore.exe (1812) connected on port 80 (HTTP) --> 74.125.142.99 Process iexplore.exe (1812) connected on port 80 (HTTP) --> 74.125.142.99 Process iexplore.exe (4168) connected on port 80 (HTTP) --> 74.125.225.102 Process wininit.exe (504) listens on ports: 49152 (RPC) Process services.exe (584) listens on ports: 49162 (RPC) Process lsass.exe (592) listens on ports: 49158 (RPC) Process svchost.exe (792) listens on ports: 135 (RPC) Process svchost.exe (888) listens on ports: 49153 (RPC) Process svchost.exe (972) listens on ports: 49154 (RPC) Process spoolsv.exe (1448) listens on ports: 49161 (RPC) Process LogMeIn.exe (1784) listens on ports: 2002 (Cisco ACS) Process CAPM1RSK.EXE (2076) listens on ports: 1101 Process svchost.exe (3848) listens on ports: 990 (FTP over SSL) Autoruns and critical files --------------------------- AcroTray - Adobe Acrobat Distiller help C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe Adobe Acrobat C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe AdobeCollabSync.exe C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe Brother ControlCenter C:\Program Files\ControlCenter4\BrCcBoot.exe Brother Status Monitor Application C:\Program Files\Browny02\Brother\BrStMonW.exe Canon Advanced Printing Technology C:\Windows\System32\spool\drivers\w32x86\3\CAPM1LAK.EXE Carbonite InfoCenter C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe Cyberlink PowerDVD C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe Google Update C:\Users\MJ\AppData\Local\Google\Update\GoogleUpdate.exe HD Audio Control Panel C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe Intel® Common User Interface C:\Windows\System32\hkcmd.exe Intel® Common User Interface C:\Windows\system32\igfxdev.dll Intel® Common User Interface C:\Windows\System32\igfxpers.exe Intel® Common User Interface C:\Windows\System32\igfxtray.exe Microsoft Office OneNote C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE Microsoft® Windows Mobile® Device Cente C:\Windows\WindowsMobile\wmdcBase.exe Microsoft® Windows® Operating System c:\windows\system32\userinit.exe Nuance PDF Products C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe Nuance PDF Products C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe PaperPort C:\Program Files\Nuance\PaperPort\IndexSearch.exe PaperPort C:\Program Files\Nuance\PaperPort\pptd40nt.exe RAID Event Monitor C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe Software Manager C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe SSEreg C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe WD Drive Manager C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe WD SmartWare C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe Windows® Internet Explorer c:\windows\system32\webcheck.dll (verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe (verified) LogMeIn C:\Program Files\LogMeIn\x86\LogMeInSystray.exe Browser plugins --------------- AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll Adobe Acrobat C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll Adobe Acrobat C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll Adobe PDF Toolbar for IE c:\program files\common files\adobe\acrobat\activex\acroiefavclient.dll Akamai Download Manager ActiveX Control C:\Windows\Downloaded Program Files\DownloadManagerV2.ocx Akamai Download Manager ActiveX Control C:\Windows\Downloaded Program Files\Manager.exe Bitdefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll Google Earth Plugin C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll Google Update C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll Google Update C:\Users\MJ\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.exe Java Deployment Toolkit 7.0.50.255 C:\Windows\system32\npDeployJava1.dll Java Platform SE 7 U5 C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll Microsoft® CoReXT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll Microsoft® CoReXT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll Norton Confidential c:\program files\norton internet security\engine\19.8.0.14\coieplg.dll Norton Confidential C:\Users\MJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\npcoplgn.dll nppdf32.DEU C:\Program Files\Mozilla Firefox\plugins\nppdf32.DEU nppdf32.FRA C:\Program Files\Mozilla Firefox\plugins\nppdf32.FRA PlusIEContextMenu c:\program files\nuance\pdf viewer plus\bin\plusiecontextmenu.dll Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll SimCityX ActiveX Control Module C:\Windows\Downloaded Program Files\SimCityX.ocx Software Manager C:\Windows\Downloaded Program Files\isusweb.dll Symantec Intrusion Detection c:\program files\norton internet security\engine\19.8.0.14\ips\ipsbho.dll WebEx Download Module C:\Windows\Downloaded Program Files\ieatgpc.dll Windows Live Photo Gallery C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll Windows® Internet Explorer C:\Windows\system32\ieframe.dll (verified) InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.dll (verified) Microsoft Office 2003 C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll (verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll (verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll Scan ---- MD5: 675768f27997468394aef7a785acd28c C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe MD5: 16aedbebd92d1ecba79bceb09ed90f32 C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe MD5: 424270b45d9545c8f67bee0ebd3120e5 C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe MD5: 8082f66dc9c8167ff1aa548736f58457 C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll MD5: 84cbd6f6aa7ee399fbdc265b8ea64474 C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll MD5: b11f7db91e12bbca71be88bfb2120faf C:\Program Files\Brother\BrUtilities\BrLogAPI.dll MD5: b431f2725136a9a2b64acd9cd6624d52 C:\Program Files\Browny02\brlm03a.dll MD5: f71ec3fec2ebeb67d067e9da1469a9e0 C:\Program Files\Browny02\brlmw03a.dll MD5: f410ac07933bddd13278299df222e03d C:\Program Files\Browny02\BrMonitor.dll MD5: b907641b954b7c8c7f81ea8679314bfd C:\Program Files\Browny02\Brother\BrFirmUpdateCheck.dll MD5: 7f42ffcd6ff7ca558c2d95dadcd5efa9 C:\Program Files\Browny02\Brother\BrStMonW.exe MD5: caa5e8de421c5875731cd3ba5233f162 C:\Program Files\Browny02\Brother\BrStMonWRes.dll MD5: ea7e57f87d6fee5fd6c5f813c04e8cd2 C:\Program Files\Browny02\BrYNSvc.exe MD5: 28406a359487238e704e458c7029172d C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll MD5: 442745bf42053a779ab514c5746df11b C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe MD5: fe23d126327d5a46060466bea762a387 C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe MD5: edc07b6df34c39ec40df1904c7459b4f c:\program files\common files\adobe\acrobat\activex\acroiefavclient.dll MD5: ba0ed7aa3c36a8da27ded1d6b3508158 c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll MD5: b63e5c7807334a3a8f731062f15462cc C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe MD5: d19c4ee2ac7c47b8f5f84fff1a789d8a C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe MD5: cf39a105cd553eed31e2255aff4c6742 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll MD5: 45406ffd87f6ba4345b018e303a64ff1 C:\Program Files\Common Files\Microsoft Shared\Windows Live\wlidcli.DLL MD5: 12b79422a23814429cda9e734c58f78f C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL MD5: fb01d4ae207b9efdbabfc55dc95c7e31 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE MD5: c649f293b8b047a2694f3c615d09bf17 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE MD5: e476c66713c842f58e61a95826ed1d57 C:\Program Files\Common Files\SureThing Shared\stllssvr.exe MD5: 85b8b4032a895a746d46a288a9b30ded C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys MD5: b5a8a04a6e5b4e86b95b1553aa918f5f C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys MD5: dee58aeef984a13d6923326444caed6d C:\Program Files\ControlCenter4\BrCcAssoc.dll MD5: 27bf45e6900ae1056daf0b5647e2e266 C:\Program Files\ControlCenter4\BrCcBoot.exe MD5: 6aa7883986d3b351cb068919daf2f309 C:\Program Files\ControlCenter4\BrCcDlgRc.dll MD5: 649b5aa7a518cf14b128d73059c3a55a C:\Program Files\ControlCenter4\BrCcGrImg.dll MD5: 00afc59555c605a006c6a11ed42a65d1 C:\Program Files\ControlCenter4\BrCcLUsa.dll MD5: ddf441f9c40507d582a7d09ab46c6f98 C:\Program Files\ControlCenter4\BrCcUxSys.exe MD5: 50fb420dedf67926910e3b869bb243a1 C:\Program Files\ControlCenter4\BrCtrlCntr.exe MD5: f35a584e947a5b401feb0fe01db4a0d7 C:\Program Files\CyberLink\PowerDVD DX\MFC71.DLL MD5: 2437be68d5a37a75fad51c5f0e9a03ed C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll MD5: 8f628060daecf76c537bd89a53228d3b C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll MD5: c0ce1fd30ce222852a061207a579a6fc C:\Program Files\Intel\Intel Matrix Storage Manager\ENU\IAAMon_ENU.dll MD5: f8ba8a317b5675629854fc9700f8af6d C:\Program Files\Intel\Intel Matrix Storage Manager\ENU\PlugInRAID_ENU.dll MD5: 0b1b7568ced61abf5fd717f28175c96a C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe MD5: 0e899d0db39617aa0b2f992e7e95b5eb C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe MD5: 5621d03adc16eade46d2242c39e1a99c C:\Program Files\Intel\Intel Matrix Storage Manager\ISDI.dll MD5: a1659e4d08fe8d0f0bc61960d8c0369e C:\Program Files\Internet Explorer\ieproxy.dll MD5: cf5d4889c15cc8a40be54f55f27093b1 C:\Program Files\Internet Explorer\IEShims.dll MD5: 904e13ba41af2e353a32cf351ca53639 C:\Program Files\Internet Explorer\iexplore.exe MD5: 94a0ed766a374a960982bedab874c7ae C:\Program Files\LogMeIn\x86\LMIGuardianDll.dll MD5: 63daf163d1617dd611bd0ab8e41a43e8 C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe MD5: 36d58db4ad9c00247ad07c6cfd1b8692 C:\Program Files\LogMeIn\x86\LogMeIn.dll MD5: 432618fa75b61059d2c57d6a7e55147a C:\Program Files\LogMeIn\x86\LogMeIn.exe MD5: 697281830297b87b6544ef9f4f67ad71 C:\Program Files\LogMeIn\x86\LogMeInSystray.dll MD5: 175f50f37eeaa1d4d744bcccbb7cf68c C:\Program Files\LogMeIn\x86\ramaint.exe MD5: 60bc67fac9dff89b17f5792844de1b7d C:\Program Files\LogMeIn\x86\rntfywnd.dll MD5: 923bb61d913c37eab1570f236ccdce41 C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll MD5: 420e9bf21339f51b31df4194d5a0e12e C:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll MD5: aebdb652d9273ad61e10c5d8f51c86fb C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll MD5: 0dcf16b1449811efa47ab52cac84093c C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe MD5: 9eaaba4d601004bea4daa6e146e19a96 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe MD5: 63336300c6cc335203fe003e6ff7a1de C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE MD5: ed327201724ea05d509b7939abe49e98 c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll MD5: 7b18b2325b41196905fe71219aa2d154 C:\Program Files\Mozilla Firefox\plugins\nppdf32.DEU MD5: 0a7b01235b1cbfa387b04a91e2f2b7d0 C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll MD5: cc62f141b4b8bd5bafdb10079891556a C:\Program Files\Mozilla Firefox\plugins\nppdf32.FRA MD5: 46297fa8e30a6007f14118fc2b942fbc C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe MD5: 6df0e2c64cd2c719a5530b302c792186 C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\APPMGR32.DLL MD5: 86a424e3845c8bd3414b15c3119fa609 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\asEngine.dll MD5: f481d6099da5b4b40eeaaf08c4547f7d C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\ASHELPER.DLL MD5: 0f2ff924384cefafed27e95bab63731f C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\ASOEHOOK.DLL MD5: b10b38b22709a66325775f3b77c0558c C:\Program Files\Norton Internet Security\Engine\19.8.0.14\AVIfc.dll MD5: b67a8e2103197f8fd2fed28ca6fd4245 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\AVMail.dll MD5: 002e7895f88b96cff2a03313b88a7e64 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\avModule.dll MD5: 7a3d87207f25c41dae8230fbb99ae562 C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\AVPAPP32.DLL MD5: 3d58c37846ebc8068246f8398192a3d0 C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\AVPSVC32.DLL MD5: d0c0c17e2a31c33fa495d3ab8a0d5bb2 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\BHClient.dll MD5: 1f761da08b1855ddbdd97204d69b48dd C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\BHSVCPLG.DLL MD5: 3662262608adc5dea6fd9f5ac465528d C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\CCEMLPXY.DLL MD5: 3a9738a0c71a9a5098356bd3aa46d0bd C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccGEvt.dll MD5: e036aa5e1f4a94c2d7058192da0514ba C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccGLog.dll MD5: 79ed7408d94471522d5c34ba10bcc7b9 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccIPC.dll MD5: 93ed9ff632cee1d181cd89bb67256c92 C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\CCJOBMGR.DLL MD5: 4853faa23868e66fd66dc81b8dd42333 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccL110U.dll MD5: 5684762cf40116976a0007eecd5a587d C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccSet.dll MD5: a9e790f2c9b5f22ec9e9be7855b9bffc C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\CCSUBENG.DLL MD5: 8b8eeda3d4b9c32170918b4eb8ef023b C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccSvc.dll MD5: f2840dbfe9322f35557219ae82cc4597 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccsvchst.exe MD5: 2257c98561ebac594a8bb797970d6d54 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccVrTrst.dll MD5: 84dd22e6a6399aef7ffa86035122f13d C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\CLTALDIS.DLL MD5: 36e8c701b168e58c6ab0946f5abad9eb C:\Program Files\Norton Internet Security\Engine\19.8.0.14\cltLMS.dll MD5: 34256e81f0efb05d244376f4c387317b C:\Program Files\Norton Internet Security\Engine\19.8.0.14\cltPE.dll MD5: b88dc38209cc72b56d79edbc3182b29a C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\COACTMGR.DLL MD5: 971a138e6a474e87b576a0e333584433 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\coDataPr.dll MD5: 39347c63f68e3ec0959ccdb0501c4958 c:\program files\norton internet security\engine\19.8.0.14\coieplg.dll MD5: 4c230e31630087b78d061d29a43e6d11 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\Comm.dll MD5: 2975906c981b3fe1156594a6fc30b708 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\coShdObj.dll MD5: d810b8996608832b6ad64f3afca7c280 C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\COSVCPLG.DLL MD5: 53726eba2b0d9dd215cce7b8923d73bf C:\Program Files\Norton Internet Security\Engine\19.8.0.14\DataStor.dll MD5: 284dae55ded345f240df806d45711e0b C:\Program Files\Norton Internet Security\Engine\19.8.0.14\diMaster.dll MD5: 198d51ab311ef8ed8882985048a93406 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\diStRptr.dll MD5: 5e0c5b5be5304e133968d6d6f8840b28 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\DSCli.dll MD5: 52364b2bba5d1cb4e6a55076eb184d90 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\EFACli.dll MD5: b7a8f271355559721ccc8b2b93a5aab4 C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\FWCORE.DLL MD5: fd36c7cf327e32fd75bdbcd5f732c7f2 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\FWGenPlg.dll MD5: 468cd8dd7825578c3e2a105d062659f6 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\FWHelper.dll MD5: 26a037c4ad6d6892ad7516be512b875a C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\FWSESAL.DLL MD5: c4ffe41d9ef211791cb404e7158593a1 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\FWSetup.dll MD5: a9318d1d48956caea4d7d88925bae218 C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\HNCORE.DLL MD5: 8e460b4333b3b4df34350f4f7c0058ec C:\Program Files\Norton Internet Security\Engine\19.8.0.14\IMCfg.dll MD5: ff3e0c3dcce988eb391823f62f9397d0 c:\program files\norton internet security\engine\19.8.0.14\ips\ipsbho.dll MD5: d750ea29eb42573062c3f115c4884942 C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\IPSPLUG.DLL MD5: 99056a9ff85141b3337c5d392dd9eba7 C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\IRON.DLL MD5: 9133538a1d892c07c2c724cc87775907 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\isDataPr.dll MD5: 3e09b60e3dcf3ef673db25d5799efdfd C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\ISDATASV.DLL MD5: bdb746e17148a1b509c06d2518b7e12a C:\Program Files\Norton Internet Security\Engine\19.8.0.14\isPwd.dll MD5: 9053fb3e5a6dda6ed0c77c8e103fb239 C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\LUE.DLL MD5: a864ffb85eae5ebbc7e4861e91c67fb6 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\naHelper.dll MD5: 7debba26b7175384180bd7958d7a184c C:\Program Files\Norton Internet Security\Engine\19.8.0.14\NAVLOGV.dll MD5: 3a00d9ed1bca5de87f84ce9328fecf73 C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\NCW.DLL MD5: d870d9fbd5e019174afe43907529af63 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\NPCStats.dll MD5: 545638475b03b252ed540369ccb278a0 C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\NPCTRAY.DLL MD5: 77532995cd077e27e6ab868b3382681f C:\Program Files\Norton Internet Security\Engine\19.8.0.14\NUMEng.dll MD5: 8718831f001a4c4f8add98833c2b1211 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ProxyClt.dll MD5: 39f63a3b7d445571116b590d7cc12652 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\QBackup.dll MD5: cc58af5ce271db23db19034077a7f08d C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\QSPLUGIN.DLL MD5: c0479dfdb520b7117eda736ade855698 C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\SDKCMN.DLL MD5: 7eabaa542a7da553552128f595dda08e C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\SNDSVC.DLL MD5: ca591bb0b28c777065d8a16b7057fcf8 C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\SPOCCLNT.DLL MD5: f7dc4705a1b1d14ff9582d373af080ba C:\Program Files\Norton Internet Security\Engine\19.8.0.14\SQLite.dll MD5: 468d9c5404d6202dc7a5d96b8480929b C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\SQSVC.DLL MD5: 65d64bb840abf8aa317e1a56595c5e28 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\srtsp32.dll MD5: 6487a19e0ea3228515394a4b1a780b17 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\SYMHTML.DLL MD5: ff6b44e0bd9c3941a9d7764839100ac6 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\SymNeti.dll MD5: 7601a29152ed8edf2478debf5cdd89b6 C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\SYMRDRSV.DLL MD5: 2cfe545abafce9ab0c375dc05ce831c7 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\SymRedir.dll MD5: 583d3a8c4ca75ef706e2c6b8e739d62e C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\UIALERT.DLL MD5: 60402f4bc7e1dde03ceca8b50e7a942e C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\USERCTXT.DLL MD5: 10729d2d308c5aa804ece537b49c16ad C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\USERLOG.DLL MD5: ba8a9ec5f381c1a2b81f632f88d1ec2d C:\Program Files\Norton Internet Security\MUI\19.8.0.14\09\01\cltRes.loc MD5: 992776dd978494547dd1ce211d978868 C:\Program Files\Nuance\PaperPort\BindRes.dll MD5: e2bf206e5164569500742637b5459402 C:\Program Files\Nuance\PaperPort\blicectr.dll MD5: 0d1d2fbae112bddb9f77b7bc7a956d3a C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe MD5: 07c4ebd3107799774fa3103956cd1c40 C:\Program Files\Nuance\PaperPort\IndexSearch.exe MD5: 519835d8c5215b09dc6d60f356625a66 C:\Program Files\Nuance\PaperPort\MaxRes.dll MD5: c1c3baf078be5a14384a4ba2d730817d C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe MD5: e5f1d2c7d51c816437bbe2306828bc4b C:\Program Files\Nuance\PaperPort\pptd40nt.exe MD5: 874650bf7c7063fb2455e0498456d29c C:\Program Files\Nuance\PaperPort\XMAXUTIL.dll MD5: 198e148b007b7a14a4d2e5efffc6f2cc c:\program files\nuance\pdf viewer plus\bin\plusiecontextmenu.dll MD5: 9f0acaa725cf5a391af7e2067ae45746 C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe MD5: 154420a93e4f676aa33a055a116255d9 C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe MD5: 18c6a57b569f088c2bd7b828a211ac06 C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll MD5: 7a841462ad4749f8a07b27ae8e8947b8 C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe MD5: d8039d9d877710cce2c1125fe23010d2 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe MD5: cb7ce390b5d12715be724114aef75edd C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll MD5: e74aedf39f5c7fa9f6c1fdccbd7c648d C:\Program Files\Western Digital\WD SmartWare\Front Parlor\MemeoRemoteCore.dll MD5: 96fb79af7bbf061decbff753bb19f2af C:\Program Files\Western Digital\WD SmartWare\Front Parlor\SQLite.NET.dll MD5: f3455e60b905d95d22f7ab8a6b49acce C:\Program Files\Western Digital\WD SmartWare\Front Parlor\sqlite3.DLL MD5: f5425b6163e26baa30af4f272baf4d8a C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Tanagra.BMU.dll MD5: 8238d3ab25de278a7c77f7e52917dfc9 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Tanagra.DataClad.DataAccess.dll MD5: 2df845510efa14f41e24d71c65ba289f C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Tanagra.DataClad.dll MD5: 8723be5c6080534a3e20d3804f1cb0a9 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Tanagra.Interop.dll MD5: c672c17b84492b0ab22a0b73d2bf66ad C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Tanagra.Utility.dll MD5: aad176e52745443aa7be60279333aa97 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe MD5: 138ab06adbbf300aa804d7974a5aec82 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe MD5: 1069a0918a0ca1e00b1afd30b75043d7 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\XMLSettings.dll MD5: 7d1e301e2eeaf6d3730887de933413e6 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe MD5: f74eb03b9ec03c9e71064713f9001b42 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe MD5: c517e5ea7cee783f3681f62d2a362e5b C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll MD5: 3b40d3a61aa8c21b88ae57c58ab3122e C:\Program Files\Windows Media Player\wmpnetwk.exe MD5: 6bf7676296d5359afc135a5397000053 C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe MD5: c364f02969e9a842321dd91bcff749d4 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120905.001\BHDrvx86.sys MD5: 02896052e43e1452893806f6d2da8786 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120905.001\BHEngine.dll MD5: 404fb2aaf532bc7bbacc8880be401c74 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120911.001\IDSvix86.sys MD5: 14d289f63d9538306cb560c4cd12172f C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120911.001\IDSxpx86.dll MD5: fa0b7d801e71ce79b915bae5a90de224 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120912.004\NAVENG.SYS MD5: 80bb71a7d14cf14b54514a201bf5b985 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120912.004\NAVEX15.SYS MD5: 19a5a783ba98a27a2ffbc16a1e46dd63 C:\Users\MJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\npcoplgn.dll MD5: 586fdc4e02623ee228ec35b9604ae5f2 C:\Users\MJ\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll MD5: 506708142bc63daba64f2d3ad1dcd5bf C:\Users\MJ\AppData\Local\Google\Update\GoogleUpdate.exe MD5: 35cab7cf3754c41aeb69dce1d5aca5a4 C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MD5: 4c790c3c2edf1aebf95b6baa248cf230 C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\659bc287f3b51e5e604208ce93d983ec\Microsoft.VisualBasic.ni.dll MD5: 638f45c6397c911828d2a478729b23aa C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MD5: 95e8d9c0e865ead5a440c91d933b7d60 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll MD5: 33eb87995918fea7ba6d0d6ba1f308ce C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\eedf95f16a7e81ca43dd8accf11498a3\System.Data.ni.dll MD5: 56cebc1d7b1d98959b87149ea3d22071 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll MD5: 98783e8c36399c5c2fad62a8f4539547 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll MD5: a2c3f8e5ac37dbee96c563606f710fe3 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll MD5: fff324a37cb0a2704d070f41059e5ab0 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\075d9c27aa02085fef8983b5f5f85834\System.ServiceProcess.ni.dll MD5: 397b4f06383bae9cd93f2b9a90d071cc C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll MD5: 5764f20720f350d46fd6cef6cb3a4941 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll MD5: dcc1ac29aa8d2ce725cc86a626cec360 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll MD5: 3d725c257ea3952158fffbb5874896da C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll MD5: 04ebaa3e9fa5fbdcd73c1e162a906187 C:\Windows\Downloaded Program Files\DownloadManagerV2.ocx MD5: d715a946e66028cdb04c9e9f8c7137f5 C:\Windows\Downloaded Program Files\dwusplay.exe MD5: a04e6a2d1159fe65f25bf7a904e34262 C:\Windows\Downloaded Program Files\ieatgpc.dll MD5: 2d54daecba60eb03f9e63dd50669f634 C:\Windows\Downloaded Program Files\isusweb.dll MD5: a594716d8d12bae296da6cf35f3c5748 C:\Windows\Downloaded Program Files\Manager.exe MD5: 56940b50ab0e5923822f47b0e4463885 C:\Windows\Downloaded Program Files\qsax.dll MD5: 6ae3ea9448e194f4fa5228eff256439b C:\Windows\Downloaded Program Files\SimCityX.ocx MD5: a8c362018efc87beb013ee28f29c0863 C:\Windows\ehome\ehRecvr.exe MD5: 8b88ebbb05a0e56b7dcc708498c02b3e C:\Windows\explorer.exe MD5: 59d16fd61802739988728790bf1232b3 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll MD5: 96076b8fcdff3c6db4ccfbf7fe3a9b28 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll MD5: 972dcc74d4cdcb64086e7cfacbdb74cb C:\Windows\Microsoft.NET\Framework\v2.0.50727\wminet_utils.dll MD5: c521d7eb6497bb1af6afa89e322fb43c C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe MD5: f5df6846f30e9f54ea60ccaeb3fb2055 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll MD5: 2c49b175aee1d4364b91b531417fe583 C:\Windows\servicing\TrustedInstaller.exe MD5: 9a39a2a5f443a756c568c6ed5748afe4 C:\Windows\System32\Actioncenter.dll MD5: d2958325c1ae1ae37a83334c6229e3bc C:\Windows\system32\actxprxy.dll MD5: c95638d03aad90f27d0f2855adc316ec C:\Windows\System32\AdobePDF.dll MD5: 95e2376b3323f062eb562b8586d0f14a C:\Windows\system32\ADVAPI32.dll MD5: 8b794ae6d5c7d42092804bc39a2eb8f6 c:\windows\system32\AEPIC.dll MD5: 37ce7a79d901235504f9add99a7ac177 C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll MD5: 7a044b0746d957bfd7aae18cfd8422c5 C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll MD5: 0a12d948b2cc7fbb01e28daa5e7c01ea C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll MD5: cb4863f2bd46aa02d954b86b56a149da C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll MD5: 2cae4ed96aa903578452b85e5383940c C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll MD5: e96170a923a69711b4d08e885f05d889 C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll MD5: 44ca750001f0db8c308d1ca4abd0f8e5 C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll MD5: 15df9eb8daba744e4d0e9b117f760f49 C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll MD5: a2385b02cb492131af6f79959a42a93f C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll MD5: 3ad0832e8e29fbe9bd722e3354dd4f57 C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll MD5: 88dc1714e38d4eb41a4378aab98e753b C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll MD5: a1d4deb5176c96b1a80715f6a1fdfb4f C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll MD5: b302a1630e5aea2d830b76bbcd761d72 C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll MD5: 22f767bb3b704f79363999bd4a49e68e C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll MD5: 00b83152f99e846fefb139c574cd4a96 C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll MD5: 50035c36acee069d0c209288208626d9 C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll MD5: cdf677ad479fa99f2e4d9766b83ef53c C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll MD5: 12c34c7325b74e8347e8db75279a8f3f C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll MD5: 96324ed3218133a13fff82055afac733 C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll MD5: a7bdf88a46bcc218b73e383e6547ba5f C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll MD5: 573c70d7076f2f101752a727db7c2280 C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll MD5: 29b01d02e9ff3d8a63f8747b50a5a1a3 C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll MD5: 0cc90316b34118e3b8af760d92c262a4 C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll MD5: 6f399c3e562c4e69df96039743a7aa26 C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll MD5: f3b94e04053c2483a6fecf953d6661d6 C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll MD5: c6942a18444bfffc3cceca69a7e1879c C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll MD5: f47e08b025ae376ef1342fc9ecfecdf1 C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll MD5: 8a13e14b68e00ac2cb67420396d8a1c5 C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll MD5: 863f793d15b4026b1a5fdeca873d4d84 C:\Windows\system32\apphelp.dll MD5: fb1959012294d6ad43e5304df65e3c26 c:\windows\system32\appinfo.dll MD5: c940f2f5c60b3727c5f18840735b229c C:\Windows\System32\audioses.dll MD5: ce3b4e731638d2ef62fcb419be0d39f0 c:\windows\system32\audiosrv.dll MD5: cdd35c1ce1ebfe80c055691cdc8df443 C:\Windows\system32\authui.dll MD5: 6e30d02aac9cac84f421622e3a2f6178 c:\windows\system32\axinstsv.dll MD5: dab748ae0439955ed2fa22357533dddb C:\Windows\system32\basesrv.DLL MD5: 67c1b58706b47eeba4e117ac197289e6 C:\Windows\system32\BatMeter.dll MD5: 1e2bac209d184bb851e1a187d8a29136 c:\windows\system32\bfe.dll MD5: f45ed8c4f9af862cd9992849b5203c11 C:\Windows\system32\bitsigd.dll MD5: 0552a8684bf7566f744d5b19ff6aec6b c:\windows\system32\bitsperf.dll MD5: 45760eecc8b74b251171be4f247f17cb C:\Windows\system32\BROWCLI.DLL MD5: 6e11f33d14d020f58d5e02e4d67dfa19 c:\windows\system32\browser.dll MD5: e6b581a57edfaa22d12094853a58086e C:\Windows\system32\BrUsi09d.dll MD5: 2dc03543284df9bf594623a2646d42a1 C:\Windows\system32\BrWi209d.dll MD5: e3d5e244807ad655787fcd25477cc1bc C:\Windows\System32\bthprops.cpl MD5: 7a6986dd659b96398a11af5173892715 C:\Windows\system32\Cabinet.dll MD5: d7ee78523e0c1eca8f45d1fd9b395da5 C:\Windows\System32\CAPM1EMN.DLL MD5: aa608e2e14299979ab2c02ab6fb4bc55 C:\Windows\System32\CAPM1LMK.DLL MD5: 083c571ee34399199baac5c0daa7d849 C:\Windows\System32\CAPM1PTN.DLL MD5: d615aec9fc50f2edcd1009350fa0b5d7 C:\Windows\System32\CAPM1RSK.EXE MD5: e4650bbfa3ae2396687c2b798c0a1259 C:\Windows\System32\CAPM1SMK.DLL MD5: 44f5c1cf70ac8f7239f3b3667e58697a C:\Windows\system32\certpoleng.dll MD5: 319c6b309773d063541d01df8ac6f55f C:\Windows\System32\certprop.dll MD5: b0b4c590c0cae7741da17e3dc86cc828 C:\Windows\system32\CEUTIL.dll MD5: 3ffaea12666e565ff51bf2fca674f543 C:\Windows\system32\CFGMGR32.dll MD5: ae9898d5600a232cd8ae3298692162e5 C:\Windows\system32\CLUSAPI.DLL MD5: ad7b9c14083b52bc532fba5948342b98 C:\Windows\system32\cmd.exe MD5: 50ba656134f78af64e4dd3c8b6fefd7e C:\Windows\system32\cngaudit.dll MD5: d1de1eafde97be41cf6585027ff3e732 C:\Windows\system32\COMDLG32.dll MD5: 4e5fe39c1076d115ec8bfcfe14d75b80 C:\Windows\system32\credssp.dll MD5: 454e292861a4ef1d72f43f42bbaf6917 C:\Windows\system32\CRYPT32.dll MD5: a585bebf7d054bd9618eda0922d5484a c:\windows\system32\cryptsvc.dll MD5: 28ca821606669bb9215ce010767720fa C:\Windows\system32\CRYPTUI.dll MD5: 465bea35f7ed4a4a57686dea7ea10f47 C:\Windows\system32\cscapi.dll MD5: 57a51217581614de07f30e34d6bb4993 C:\Windows\System32\CSCDLL.dll MD5: cf4274ceea9f7791fb7fc40a066bc2c7 C:\Windows\system32\cscobj.dll MD5: 15f93b37f6801943360d9eb42485d5d3 c:\windows\system32\cscsvc.dll MD5: 3ec541c196de18ed9a0d0ac82a694d4c C:\Windows\System32\cscui.dll MD5: 6c062ea09313872d2235027ef7a4554e C:\Windows\system32\CSRSRV.dll MD5: 342271f6142e7c70805b8a81e1ba5f5c C:\Windows\System32\csrss.exe MD5: 35cede6439ff0d8903223a0817ffe46c C:\Windows\system32\d2d1.dll MD5: 2de90400a63818fa38c4c5c9adb166bf C:\Windows\system32\d3d10_1.dll MD5: 9c36a3ca80f9b204c670336d344f5df8 C:\Windows\system32\d3d10_1core.dll MD5: 78b7a3bda25c90daa50d36a56a8d1351 C:\Windows\system32\D3D10Warp.dll MD5: 6ef5f3f18413c367195f06e503ab86a6 C:\Windows\system32\d3d9.dll MD5: 284b59d7b56fc76c80e622ab856b1fab C:\Windows\System32\davclnt.dll MD5: 53223b673a3fa2f9a4d1c31c8d3f6cd8 c:\windows\system32\dbghelp.dll MD5: e9e01eb683c132f7fa27cd607b8a2b63 c:\windows\system32\dhcpcore.dll MD5: 990a58a0b01720e419b55efc5ff387f8 C:\Windows\System32\dhcpcore6.dll MD5: b40420876b9288e0a1c8cca8a84e5dc9 C:\Windows\system32\DNSAPI.dll MD5: 100103c6535c66265267f5eea5f5846e C:\Windows\System32\dnsext.dll MD5: 33ef4861f19a0736b11314aad9ae28d0 c:\windows\system32\dnsrslvr.dll MD5: 366ba8fb4b7bb7435e3b9eacb3843f67 C:\Windows\System32\dot3svc.dll MD5: 8ec04ca86f1d68da9e11952eb85973d6 c:\windows\system32\dps.dll MD5: 1b133875b8aa8ac48969bd3458afe9f5 C:\Windows\system32\drivers\1394ohci.sys MD5: cea80c80bed809aa0da6febc04733349 C:\Windows\system32\drivers\ACPI.sys MD5: 1efbc664abff416d1d07db115dcb264f C:\Windows\system32\drivers\acpipmi.sys MD5: 9ebbba55060f786f0fcaa3893bfa2806 C:\Windows\system32\drivers\afd.sys MD5: e7f4d42d8076ec60e21715cd11743a0d C:\Windows\system32\drivers\amdsata.sys MD5: 146459d2b08bfdcbfa856d9947043c81 C:\Windows\system32\drivers\amdxata.sys MD5: aea177f783e20150ace5383ee368da19 C:\Windows\system32\drivers\appid.sys MD5: 8f2da3028d5fcbd1a060a3de64cd6506 C:\Windows\system32\DRIVERS\bowser.sys MD5: 77361d72a04f18809d0efb6cceb74d4b C:\Windows\system32\DRIVERS\bridge.sys MD5: 9f80879913dc2712fd0c4d734e3f519b C:\Windows\system32\DRIVERS\BrSerIb.sys MD5: b67512da42c0c90bf236d5485226c1c7 C:\Windows\system32\DRIVERS\BrUsbSIb.sys MD5: 7f599e8bcc5ebc78fa711e9e55eea40c C:\Windows\system32\Drivers\CAPM1LP.SYS MD5: be167ed0fdb9c1fa1133953c18d5a6c9 C:\Windows\system32\drivers\cdrom.sys MD5: 6427525d76f61d0c519b008d3680e8e7 C:\Windows\System32\Drivers\cng.sys MD5: cbe8c58a8579cfe5fccf809e6f114e89 C:\Windows\system32\drivers\CompositeBus.sys MD5: 3c2177a897b4ca2788c6fb0c3fd81d4b C:\Windows\system32\drivers\csc.sys MD5: f024449c97ec1e464aaffda18593db88 C:\Windows\System32\Drivers\dfsc.sys MD5: 23f5d28378a160352ba8f817bd8c71cb C:\Windows\System32\drivers\dxgkrnl.sys MD5: 8a73e79089b282100b9393b644cb853b C:\Windows\System32\DRIVERS\fvevol.sys MD5: 9036377b8a6c15dc2eec53e489d159b5 C:\Windows\system32\drivers\HDAudBus.sys MD5: 10c19f8290891af023eaec0832e1eb4d C:\Windows\system32\drivers\hidusb.sys MD5: 871917b07a141bff43d76d8844d48106 C:\Windows\system32\drivers\HTTP.sys MD5: 0c4e035c7f105f1299258c90886c64c5 C:\Windows\System32\drivers\hwpolicy.sys MD5: 01446278d4563b3013c92830ae6cbb26 C:\Windows\system32\DRIVERS\iaStor.sys MD5: a3cae5d281db4cff7cff8233507ee5ad C:\Windows\system32\drivers\iaStorV.sys MD5: 8266ae06df974e5ba047b3e9e9e70b3f C:\Windows\system32\DRIVERS\igdkmd32.sys MD5: 4bd7134618c1d2a27466a099062547bf C:\Windows\system32\drivers\IPMIDrv.sys MD5: d7b5b5c5130b775ec7e32edd780d737f C:\Windows\system32\DRIVERS\jraid.sys MD5: 9e3ced91863e6ee98c24794d05e27a71 C:\Windows\system32\drivers\kbdhid.sys MD5: f4647bb23db9038a7536cf6b68f4207f C:\Windows\System32\Drivers\ksecdd.sys MD5: e73cae53bbb72ba26918492c6b4c229d C:\Windows\System32\Drivers\ksecpkg.sys MD5: 65e794e86468b61f2bc79abc48bc4433 C:\Windows\system32\drivers\mbam.sys MD5: fc8771f45ecccfd89684e38842539b9b C:\Windows\System32\drivers\mountmgr.sys MD5: 2d699fb6e89ce0d8da14ecc03b3edfe0 C:\Windows\system32\drivers\mpio.sys MD5: ceb46ab7c01c9f825f8cc6babc18166a C:\Windows\system32\drivers\mrxdav.sys MD5: 5d16c921e3671636c0eba3bbaac5fd25 C:\Windows\system32\DRIVERS\mrxsmb.sys MD5: 6d17a4791aca19328c685d256349fefc C:\Windows\system32\DRIVERS\mrxsmb10.sys MD5: b81f204d146000be76651a50670a5e9e C:\Windows\system32\DRIVERS\mrxsmb20.sys MD5: 012c5f4e9349e711e11e0f19a8589f0a C:\Windows\system32\drivers\msahci.sys MD5: 55055f8ad8be27a64c831322a780a228 C:\Windows\system32\drivers\msdsm.sys MD5: cb7a9abb12b8415bce5d74994c7ba3ae C:\Windows\system32\drivers\msiscsi.sys MD5: e7c54812a2aaf43316eb6930c1ffa108 C:\Windows\system32\drivers\ndis.sys MD5: d8a65dafb3eb41cbb622745676fcd072 C:\Windows\system32\DRIVERS\ndisuio.sys MD5: 38fbe267e7e6983311179230facb1017 C:\Windows\system32\DRIVERS\ndiswan.sys MD5: 280122ddcf04b378edd1ad54d71c1e54 C:\Windows\System32\DRIVERS\netbt.sys MD5: ace85af1c31f68bdfee9333f6592917e C:\Windows\system32\drivers\NIS\1308000.00E\ccSetx86.sys MD5: 2c356cca706505cf63cbe39d532b9236 C:\Windows\system32\drivers\NIS\1308000.00E\Ironx86.SYS MD5: 7bb297cada42903328e92425d9761da6 C:\Windows\System32\Drivers\NIS\1308000.00E\SRTSP.SYS MD5: 475fcf0f28d845bf1c8abac27f19003e C:\Windows\system32\drivers\NIS\1308000.00E\SRTSPX.SYS MD5: 690fa0e61b90084c4d9a721bd4f3d779 C:\Windows\system32\drivers\NIS\1308000.00E\SYMDS.SYS MD5: 8f88edb211b12537d2dc2a6d73d6067c C:\Windows\system32\drivers\NIS\1308000.00E\SYMEFA.SYS MD5: 3ee215d6fe821e3edf0f7134d9ae905a C:\Windows\System32\Drivers\NIS\1308000.00E\SYMNETS.SYS MD5: af2eec9580c1d32fb7eaf105d9784061 C:\Windows\system32\drivers\nvraid.sys MD5: 9283c58ebaa2618f93482eb5dabcec82 C:\Windows\system32\drivers\nvstor.sys MD5: bf8f6af06da75b336f07e23aef97d93b C:\Windows\System32\drivers\partmgr.sys MD5: 673e55c3498eb970088e812ea820aa8f C:\Windows\system32\drivers\pci.sys MD5: d528bc58a489409ba40334ebf96a311b C:\Windows\system32\DRIVERS\rdbss.sys MD5: 23dae03f29d253ae74c44f99e515f9a1 C:\Windows\System32\DRIVERS\RDPCDD.sys MD5: b973fcfc50dc1434e1970a146f7e3885 C:\Windows\System32\drivers\rdpdr.sys MD5: 518395321dc96fe2c9f0e96ac743b656 C:\Windows\System32\drivers\rdyboost.sys MD5: d5ede44ca85899e0478208c8413c1c31 C:\Windows\system32\DRIVERS\Rt86win7.sys MD5: 8b27c21412ae4404eb0acfe1d98579ec C:\Windows\system32\drivers\RTKVHDA.sys MD5: 05d860da1040f111503ac416ccef2bca C:\Windows\system32\drivers\sbp2port.sys MD5: 0693b5ec673e34dc147e195779a4dcf6 C:\Windows\System32\DRIVERS\scfilter.sys MD5: 6d4ccaedc018f1cf52866bbbaa235982 C:\Windows\system32\drivers\sffp_sd.sys MD5: e4c2764065d66ea1d2d3ebc28fe99c46 C:\Windows\System32\DRIVERS\srv.sys MD5: 03f0545bd8d4c77fa0ae1ceedfcc71ab C:\Windows\System32\DRIVERS\srv2.sys MD5: be6bd660caa6f291ae06a718a4fa8abc C:\Windows\System32\DRIVERS\srvnet.sys MD5: dcaffd62259e0bdb433dd67b5bb37619 C:\Windows\system32\drivers\storvsc.sys MD5: 555fb450fe6908600310e990738b41d6 C:\Windows\system32\Drivers\SYMEVENT.SYS MD5: 65d10b191c59c5501a1263fc33f6894b C:\Windows\System32\drivers\tcpip.sys MD5: cca24162e055c3714ce5a88b100c64ed C:\Windows\System32\drivers\tcpipreg.sys MD5: 1cb91b2bd8f6dd367dfc2ef26fd751b2 C:\Windows\system32\drivers\tdpipe.sys MD5: 2c10395baa4847f83042813c515cc289 C:\Windows\system32\drivers\tdtcp.sys MD5: b459575348c20e8121d6039da063c704 C:\Windows\system32\DRIVERS\tdx.sys MD5: 04dbf4b01ea4bf25a9a3e84affac9b20 C:\Windows\system32\drivers\termdd.sys MD5: 254bb140eee3c59d6114c1a86b636877 C:\Windows\System32\DRIVERS\tssecsrv.sys MD5: fd1d6c73e6333be727cbcc6054247654 C:\Windows\System32\drivers\tsusbflt.sys MD5: b2fa25d9b17a68bb93d58b0556e8c90d C:\Windows\system32\DRIVERS\tunnel.sys MD5: ee43346c7e4b5e63e54f927babbb32ff C:\Windows\system32\DRIVERS\udfs.sys MD5: d295bed4b898f0fd999fcfa9b32b071b C:\Windows\system32\drivers\umbus.sys MD5: 7e72e7d7e0757d59481d530fd2b0bfae C:\Windows\system32\DRIVERS\usbccgp.sys MD5: 9d22aad9ac6a07c691a1113e5f860868 C:\Windows\system32\drivers\usbhub.sys MD5: bf63ebfc6979fefb2bc03df7989a0c1a C:\Windows\system32\DRIVERS\USBSTOR.SYS MD5: 5461686cca2fda57b024547733ab42e3 C:\Windows\system32\drivers\vhdmp.sys MD5: c2f2911156fdc7817c52829c86da494e C:\Windows\system32\drivers\vmbus.sys MD5: d4d77455211e204f370d08f4963063ce C:\Windows\system32\drivers\VMBusHID.sys MD5: 7fa7f2e249a5dcbb7970630e15e1f482 C:\Windows\system32\drivers\vms3cap.sys MD5: 472af0311073dceceaa8fa18ba2bdf89 C:\Windows\system32\drivers\vmstorfl.sys MD5: 4c63e00f2f4b5f86ab48a58cd990f212 C:\Windows\system32\drivers\volmgr.sys MD5: f497f67932c6fa693d7de2780631cfe7 C:\Windows\system32\drivers\volsnap.sys MD5: 3c3c78515f5ab448b022bdf5b8ffdd2e C:\Windows\system32\DRIVERS\wanarp.sys MD5: a67e5f9a400f3bd1be3d80613b45f708 C:\Windows\system32\DRIVERS\WinUsb.sys MD5: e714a1c0354636837e20ccbf00888ee7 C:\Windows\system32\drivers\WudfPf.sys MD5: 1023ee888c9b47178c5293ed5336ab69 C:\Windows\system32\DRIVERS\WUDFRd.sys MD5: 497e59d9f01c6f247e72222a61835119 C:\Windows\system32\dwmcore.dll MD5: 754afc50022c95da7c86b7020db78136 C:\Windows\system32\dwmredir.dll MD5: 0a5c7253183a6f956d10a3a4bbc96288 C:\Windows\system32\DWrite.dll MD5: 0411b7958c524bb2e91ee1b3035fe321 C:\Windows\system32\dxgi.dll MD5: addb05c93272a62606599b24730bd645 C:\Windows\system32\dxp.dll MD5: 4312debdacbe338f0b90e7f08e7672be C:\Windows\System32\Dxtmsft.dll MD5: ca493a92da9880b6f1a89c3dbd54ba5b C:\Windows\System32\Dxtrans.dll MD5: 3f6d9269e7b3a754b1c2f8533dc7f318 C:\Windows\system32\EFSCORE.dll MD5: 91f434ff6606ed9bdc6a05d651b69553 C:\Windows\system32\efslsaext.dll MD5: 00a99da54c14969a899ed316d16e9a9e C:\Windows\system32\efssvc.dll MD5: 359c3ac547aa1d24eed35be3ab3759dc C:\Windows\system32\EFSUTIL.dll MD5: 8444a7364d6877922049e99bf4b78c5c C:\Windows\system32\elscore.dll MD5: 02a2ed8497f437ea200df3aced255afe C:\Windows\system32\ElsLad.dll MD5: 256503028879103e9741a276fa24d65d c:\windows\system32\ESENT.dll MD5: 53af1750fd45ddd705c9b68c7dc58827 C:\Windows\System32\EVR.dll MD5: e2a17bcc08d92f42e08af6ba2f93aba7 C:\Windows\system32\EXPLORERFRAME.dll MD5: f34cfada6c48daa41b996d24c7d8d3ca C:\Windows\system32\fdPnp.dll MD5: b3a5ec6b6b6673db7e87c2bcdbddc074 c:\windows\system32\fntcache.dll MD5: d0481fb85beedd30a0884be327880f80 C:\Windows\System32\framedynos.dll MD5: e6d90dc604f407b3b5e0fd285e46b2a0 C:\Windows\system32\FVEAPI.dll MD5: c87f28a34b3840f4b40011d170b1a159 C:\Windows\system32\FVECERTS.dll MD5: 03a03a453f1aaae0c73aaaf895321c7a C:\Windows\system32\fwpuclnt.dll MD5: db603d3fd090c66f9709ef6493c26ba3 c:\windows\system32\FwRemoteSvr.DLL MD5: 126f8331bd023178c7f0ef2f5ede16b3 C:\Windows\System32\FXSMON.DLL MD5: 967ea5b213e9984cbe270205df37755b C:\Windows\system32\fxssvc.exe MD5: 19bc13711ac403feb830522e4831701b C:\Windows\System32\gameux.dll MD5: e87f5393f7d8ce2facc4dff703531392 C:\Windows\system32\GDI32.dll MD5: e897eaf5ed6ba41e081060c9b447a673 c:\windows\system32\gpsvc.dll MD5: 6b0450136dbca36c6722c21a746d96cb C:\Windows\System32\hccutils.DLL MD5: c7952d0a4c43a965a1741916bb134751 C:\Windows\System32\hgcpl.dll MD5: 3cd5bbda19a1ab4eba359e0a14fdf0f0 C:\Windows\System32\hkcmd.exe MD5: 490fc0d07f7c0468e232ab8e8e956719 C:\Windows\system32\ieframe.dll MD5: cdf5b6aec538e02d5579e2e791042a1a C:\Windows\system32\iertutil.dll MD5: 07970aa4c392efb133d1a1bfbd66a58f C:\Windows\system32\IEUI.dll MD5: b0335e0e041106e15acc6d36d6d75bf5 C:\Windows\system32\igd10umd32.dll MD5: 10ab9c9adb89816befb077e72659d029 C:\Windows\system32\igdumd32.dll MD5: ba38c50f523dc053488ac3f9ef99aa0b C:\Windows\system32\igdumdx32.dll MD5: fdc6bd427e353d205c1afb6065fa8175 C:\Windows\system32\igfxdev.dll MD5: 3142195521fee436088ee8a5748de1b1 C:\Windows\System32\igfxpers.exe MD5: 5bc881b4befcd1f005a7c1845ac63ad7 C:\Windows\system32\igfxrENU.lrc MD5: 2c00a2f21463e1dda5536720d2bd6195 C:\Windows\System32\igfxress.dll MD5: 493164122dc72e1bf6d12f575604fbda C:\Windows\system32\igfxsrvc.dll MD5: 1029b84ecbe4b95acb8491a3fe63d70f C:\Windows\System32\igfxtray.exe MD5: f95622f161474511b8d80d6b093aa610 c:\windows\system32\ikeext.dll MD5: b2fd31e20b423335fe3273b4bf95813c C:\Windows\system32\imagehlp.dll MD5: 2d11bc8b460957e62e4420373a0d8bda C:\Windows\system32\imapi2.dll MD5: 4a8e2f20809cc161107faa94f6cf2685 C:\Windows\system32\IMM32.DLL MD5: bf7ddbe14fa4b68aab6a3c78ef5c96b8 C:\Windows\system32\inetmib1.dll MD5: d27dde7e0444c7f1819f958469eb7d93 C:\Windows\System32\inetpp.dll MD5: a90dc9abd65db1a8902f361103029952 C:\Windows\system32\IPHLPAPI.DLL MD5: 4d65a07b795d6674312f879d09aa7663 c:\windows\system32\iphlpsvc.dll MD5: 53946b69ba0836bd95b03759530c81ec c:\windows\system32\ipsecsvc.dll MD5: 2f0971c08f73ee881bb54cc7c11dff7b C:\Windows\System32\jscript9.dll MD5: 2f4348dc0d06a0eba5f5c4cb435790c1 C:\Windows\system32\kerberos.DLL MD5: e570cbd732848438eac574eb3442a2a8 C:\Windows\system32\KERNEL32.dll MD5: a9f8e23c1fc00190376b11ffad9de6c6 C:\Windows\system32\KERNELBASE.dll MD5: 196b4e3f4cccc24af836ce58facbb699 C:\Windows\system32\kmsvc.dll MD5: 6658f4404de03d75fe3ba09f7aba6a30 C:\Windows\system32\ListSvc.dll MD5: 9ede13f62e7be92dba561218eddc4e21 C:\Windows\system32\livessp.DLL MD5: 55ca01ba19d0006c8f2639b6c045e08b c:\windows\system32\lmhsvc.dll MD5: 7b27637e896dba10895ecfdecdb1f1fa C:\Windows\System32\LMIport.dll MD5: dd4952e744611dd061201c2b081ed875 C:\Windows\system32\LMIRfsClientNP.dll MD5: 12c4e95f468a5fd3fbb8166e27ed4d53 C:\Windows\System32\localspl.dll MD5: 8ea53101ff2b15bdff934b62a8fb326d C:\Windows\system32\logoncli.dll MD5: c95ca687d32ddab1c91e1122e80d5e16 C:\Windows\system32\lsasrv.dll MD5: 81951f51e318aecc2d68559e47485cc4 C:\Windows\System32\lsass.exe MD5: 8aea9a37c1a3565a204d37c5e72ab791 C:\Windows\System32\lsm.exe MD5: 8bc9db92c4b2f3be89185beab2afc1f6 C:\Windows\system32\MAPI32.dll MD5: bfb9ee8ee977efe85d1a3105abef6dd1 C:\Windows\system32\Mcx2Svc.dll MD5: fdba1dec4f9be4274a00b9b850c63484 C:\Windows\System32\mf.dll MD5: 1db437c52ac6cb0d2922fd35f84a0af3 C:\Windows\system32\MFC71ENU.DLL MD5: bfebb6f76a0988a38260870c61a6d1b7 C:\Windows\system32\MFReadWrite.dll MD5: 243974ec02f7ae49e4179c54624143ab c:\windows\system32\MMDevAPI.DLL MD5: d4191efab91e00fc09257aa5ebaf503b C:\Windows\System32\MPRAPI.dll MD5: 9835584e999d25004e1ee8e5f3e3b881 c:\windows\system32\mpssvc.dll MD5: 938f39b50bafe13d6f58c7790682c010 C:\Windows\system32\MSASN1.dll MD5: 7f8678c59f188528d60104e697c2361e C:\Windows\system32\mscms.dll MD5: d83947a58613e9091b4c9cc0f1546a8d C:\Windows\SYSTEM32\MSCOREE.DLL MD5: 7069aab8536f29ed7323140973a2894b C:\Windows\system32\msdmo.dll MD5: 3a16ea01fcfaab40882db5bfee632322 C:\Windows\system32\MsftEdit.dll MD5: 497c9c3db953a60ec4f43a097e15f75e C:\Windows\system32\MSHTML.dll MD5: 0ce4d3bd306da6d1f6f233c403f5b667 C:\Windows\system32\msi.dll MD5: eee470f2a771fc0b543bdeef74fceca0 C:\Windows\system32\msiexec.exe MD5: 35aae2e841aa1a949775168e119482c9 C:\Windows\system32\msls31.dll MD5: 3de43bfdaf3f8979699650202aa18b12 C:\Windows\System32\msmpeg2vdec.dll MD5: 387a8a473ecc5ba02cf453277c1f3274 c:\windows\system32\mspatcha.dll MD5: c90878913df3dc504790282043db5f4c C:\Windows\system32\msprivs.DLL MD5: db67c7c62038bde813cb6486581a7611 C:\Windows\system32\mssph.dll MD5: 0241cb16136b9a4939ca0395768ae286 C:\Windows\system32\MSSRCH.DLL MD5: c5a99a4c0dc9f0f5a95ba0c83d30a549 C:\Windows\System32\mstask.dll MD5: 56ceed370508f69a1ba04939bd1badda C:\Windows\system32\MSUTB.dll MD5: 4c1e16b9a53102c8d6fba587cbcb95de C:\Windows\system32\msv1_0.DLL MD5: 9dc80a8aaaaac397bdab3c67165a824e C:\Windows\system32\msvcrt.dll MD5: 8999b8631c7fd9f7f9ec3cafd953ba24 C:\Windows\system32\mswsock.dll MD5: 4205ca4cd43e725db9ff02b0a588a8c6 C:\Windows\System32\msxml3.dll MD5: 269d867585cda04d3972a39f3694e7df C:\Windows\System32\msxml6.dll MD5: 8b57a1ad493653bb57f281fe75dd175b C:\Windows\System32\NaturalLanguage6.dll MD5: 45d9f6cd2469cdb6a640dd4bd2b01471 C:\Windows\system32\NCI.dll MD5: a4cc7227a452c4909f9499d91b184364 C:\Windows\system32\NCObjAPI.DLL MD5: 75ea62927355189876081ef863064982 c:\windows\system32\ncsi.dll MD5: 6dcfaec6d1334aa6cdf8961db4633cbf C:\Windows\system32\negoexts.DLL MD5: 8ce1a6d16b9077e91e192499eb611c5f c:\windows\system32\NETAPI32.dll MD5: 1ff7e4f548c7c372c804938f0d5b36ae C:\Windows\system32\netcfgx.dll MD5: e343cabbd8d600abaf3f11625d33b3d0 C:\Windows\system32\netjoin.dll MD5: c1809b9907adedaf16f50c894100883b C:\Windows\system32\netlogon.DLL MD5: eab975db4c2805927fe5bd047d05c9aa C:\Windows\System32\netshell.dll MD5: 20b3934db73eaba2b49b7177873cb81f C:\Windows\system32\netutils.dll MD5: 3d57ffbad3ed16b63de3879bab0fb56f C:\Windows\system32\NetworkExplorer.dll MD5: 104a1070e90f1c530328e69b49718841 C:\Windows\System32\nlaapi.dll MD5: 912084381d30d8b89ec4e293053f4710 c:\windows\system32\nlasvc.dll MD5: 2f4781f84c92e8c4b1586e47a78e8a61 C:\Windows\system32\npDeployJava1.dll MD5: d2a937964199f647b1c3bc435712e5d9 c:\windows\system32\nrpsrv.DLL MD5: ba387e955e890c8a88306d9b8d06bf17 c:\windows\system32\nsisvc.dll MD5: c30a91ade8c9cb91e4281ec83c4500c6 C:\Windows\SYSTEM32\ntdll.dll MD5: d7b7159bc8374e87d8c45a30377a3440 C:\Windows\System32\ntlanman.dll MD5: 03f3b770dfbed6131653ceda8ca780f0 C:\Windows\system32\ntshrui.dll MD5: 928cf7268086631f54c3d8e17238c6dd C:\Windows\system32\ole32.dll MD5: 8e01332cc4b68bc6b5b7effe374442aa C:\Windows\system32\OLEACC.dll MD5: 6c765e82b57f2e66ce9c54ac238471d9 C:\Windows\system32\OLEAUT32.dll MD5: f748f53fe09d21d8ecbb6421e6792024 C:\Windows\system32\OneX.DLL MD5: 487f44b08efeaf5ad087878357b9403d C:\Windows\system32\pdh.dll MD5: 7e82616bee76bf5eaa5b30f681414e21 C:\Windows\system32\perftrack.dll MD5: 37cc990d4e2cdfae12ac47f6b620fc13 C:\Windows\system32\pku2u.DLL MD5: 414bba67a3ded1d28437eb66aeb8a720 C:\Windows\system32\pla.dll MD5: 3d6f22551d422f97aacb0bb927e4c846 C:\Windows\System32\pnidui.dll MD5: e98278865e8daba21cfe5fe4be34210a C:\Windows\system32\PortableDeviceApi.dll MD5: c693e642acfbdd76433af6be3c3eee6f C:\Windows\System32\portabledeviceconnectapi.dll MD5: 03cf941d031f30272d3063e5a4d686f5 C:\Windows\System32\PrintIsolationProxy.dll MD5: c8333f1f77a1b2e25f2202e892caf634 C:\Windows\system32\prnfldr.dll MD5: 43ca4ccc22d52fb58e8988f0198851d0 c:\windows\system32\profsvc.dll MD5: 12c45e3cb6d65f73209549e2d02eca7a c:\windows\system32\PROPSYS.dll MD5: dbc02d918fff1cad628acbe0c0eaa8e8 C:\Windows\System32\provsvc.dll MD5: 02530b0b7e048dd5ac8d52daeacaeb2b C:\Windows\System32\QAgent.dll MD5: 61d57a5d7c6d9afe10e77dae6e1b445e C:\Windows\system32\qagentRT.dll MD5: e585445d5021971fae10393f0f1c3961 c:\windows\system32\qmgr.dll MD5: bd626ef05967d14c772b8096292731a3 C:\Windows\System32\QUtil.dll MD5: 7ffd52d73352806969d424ef327d10a7 C:\Windows\system32\radardt.dll MD5: 11fbb8cb6865b7ba387095398eb91ed4 C:\Windows\system32\RAPI.dll MD5: 3379989f06b31347792836dcf028a325 C:\Windows\system32\rapiproxystub.dll MD5: b1e4d190cd21cc75ae38562400dd5345 C:\Windows\system32\rapistub.dll MD5: cb9e04dc05eacf5b9a36ca276d475006 C:\Windows\System32\rasmans.dll MD5: 2af094c822bd6094f14a8e85fb51d52a C:\Windows\system32\RESUTILS.DLL MD5: 102cf6879887bbe846a00c459e6d4abc C:\Windows\system32\RICHED20.dll MD5: b5506b451bfe7148eca7056bda2970bd C:\Windows\system32\riched32.dll MD5: 6400774e903729add0a62a24a334ee56 C:\Windows\system32\RPCRT4.dll MD5: 5997d769cdb108390dcfaebf442bf816 C:\Windows\system32\RpcRtRemote.dll MD5: 7660f01d3b38aca1747e397d21d790af c:\windows\system32\rpcss.dll MD5: 0915c4db6dbc3bb9e11b7ecbbe4b7159 C:\Windows\System32\rtutils.dll MD5: 68ecca523ed760aafc03c5d587569859 C:\Windows\system32\samcli.dll MD5: 245f4691314f42d4d1bc06442f0b2086 C:\Windows\system32\SAMSRV.dll MD5: 8124944ec89d6a1815e4e53f5b96aaf4 C:\Windows\system32\scecli.DLL MD5: 250aa41de690561af1282d598914564c C:\Windows\system32\SCESRV.dll MD5: 3369d021265e369d57317d61fa86dd79 C:\Windows\system32\scext.dll MD5: 1affb765af1fdcc0c185c38e9ddddaee C:\Windows\system32\schannel.DLL MD5: a42e7748be906434c5fd17161d168c20 C:\Windows\system32\SCHEDCLI.DLL MD5: a04bb13f8a72f8b6e8b4071723e4e336 c:\windows\system32\schedsvc.dll MD5: 08236c4bce5edd0a0318a438af28e0f7 C:\Windows\System32\SDRSVC.dll MD5: a6cd6b3f71e13e2e45b727fb8a47ea87 C:\Windows\System32\SearchFilterHost.exe MD5: 236f286e103fd44bd85fdd93097fd5dd C:\Windows\System32\SearchIndexer.exe MD5: e1ac89f6c5252057e6062843e36a6701 C:\Windows\System32\SearchProtocolHost.exe MD5: 69678722290c78d5d7198c60b5a4e3e8 C:\Windows\system32\secur32.dll MD5: 5f1b6a9c35d3d5ca72d6d6fdef9747d6 C:\Windows\System32\services.exe MD5: 4ae380f39a0032eab7dd953030b26d28 C:\Windows\system32\sessenv.dll MD5: 10fb16b50affda6d44588f3c445dc273 C:\Windows\system32\SETUPAPI.dll MD5: f14a9b1778376d0b1788e402ac1f831a C:\Windows\System32\shacct.dll MD5: be247ae996a9fde007a27b51413a6c79 C:\Windows\System32\shdocvw.dll MD5: 358fc25391c6733eaf49db480afdfd8c C:\Windows\system32\shell32.dll MD5: 8cc3c111d653e96f3ea1590891491d71 C:\Windows\system32\SHLWAPI.dll MD5: 414da952a35bf5d50192e28263b40577 c:\windows\system32\shsvcs.dll MD5: 16742790895960690237a5143cedec8b C:\Windows\System32\smss.exe MD5: 2cfa4569350b7f84f815e9ec34e85766 C:\Windows\system32\SndVolSSO.DLL MD5: d50d8c2380a0f39a47ef2ec76c64f4ef C:\Windows\System32\spool\drivers\w32x86\3\CAPM1LAK.EXE MD5: 8eafe585d51b9f21d3abbbb634ee65c2 C:\Windows\system32\spool\drivers\w32x86\3\CAPM1PMN.DLL MD5: e4650bbfa3ae2396687c2b798c0a1259 C:\Windows\system32\spool\drivers\w32x86\3\CAPM1SMK.DLL MD5: 25a2c52507d8b8cc92ce8424fc323389 C:\Windows\System32\spool\drivers\w32x86\3\CAPM1SWK.EXE MD5: d94e0bc61dc5dd928d91fd5b9f016197 C:\Windows\system32\spool\PRTPROCS\W32X86\LMIproc.dll MD5: cd72c6406ba561bed6d42cb145e55307 C:\Windows\system32\spool\PRTPROCS\W32X86\winprint.dll MD5: 629181c26a78eb66b0b4e774e5ac2882 C:\Windows\System32\SPOOLSS.DLL MD5: 866a43013535dc8587c258e43579c764 C:\Windows\System32\spoolsv.exe MD5: cf87a1de791347e75b98885214ced2b8 C:\Windows\system32\sppsvc.exe MD5: b0180b20b065d89232a78a40fe56eaa6 C:\Windows\system32\sppuinotify.dll MD5: ce292c4c10b8db6070f262ea2733f0dc c:\windows\system32\sqmapi.dll MD5: 674b0c0f6a448eb185caab9c51d44032 C:\Windows\System32\srchadmin.dll MD5: 5ccdcd40e732d54e0f7451ac66ac1c87 C:\Windows\system32\srvcli.dll MD5: d64af876d53eca3668bb97b51b4e70ab c:\windows\system32\srvsvc.dll MD5: 89e783711af91af09e1ef30ef3107446 C:\Windows\system32\SSCORE.DLL MD5: 4a054c853031616d161a84becf281f47 C:\Windows\system32\SSPICLI.DLL MD5: e361ae3010ea4b3123dab5bdae21798f C:\Windows\system32\SspiSrv.dll MD5: 912649a1b3f9e6acb3899fbdaba2ed5f C:\Windows\system32\stobject.dll MD5: 0bf669f0a910beda4a32258d363af2a5 C:\Windows\system32\storsvc.dll MD5: 6a1e8deb746912df47cf651e138401d7 C:\Windows\System32\StructuredQuery.dll MD5: 919001d2bb17df06ca3f8ac16ad039f6 C:\Windows\system32\sxs.dll MD5: 364455805e64882844ee9acb72522830 C:\Windows\system32\sxssrv.DLL MD5: 2ddea2c345da5bc589efd398f220db0e C:\Windows\System32\SyncCenter.dll MD5: 36650d618ca34c9d357dfd3d89b2c56f c:\windows\system32\sysmain.dll MD5: ba51ffe170c5b3ae8ec4f5bd2581a29e C:\Windows\system32\SYSNTFY.dll MD5: 763fecdc3d30c815fe72dd57936c6cd1 C:\Windows\System32\TabSvc.dll MD5: 613bf4820361543956909043a265c6ac C:\Windows\System32\tapisrv.dll MD5: 1c3e8371377e988b683797a132effe1b C:\Windows\system32\taskcomp.dll MD5: 7fa8ba5a780e4757964ac9d4238302b9 C:\Windows\System32\taskhost.exe MD5: 544eff88ac6c85df5a4d6f18dfe08cfc C:\Windows\system32\taskschd.dll MD5: eafc149cd3bd78c443e31bb157841197 C:\Windows\system32\tbs.dll MD5: b390c1d825c7687493bede237c6c2f25 C:\Windows\System32\tcpmon.dll MD5: 382c804c92811be57829d8e550a900e2 C:\Windows\System32\termsrv.dll MD5: 7e9917d5309a90e7576653bfe39f80d8 C:\Windows\system32\timedate.cpl MD5: 465dbf63a5049e4db4bc5c12ffe781cb C:\Windows\system32\TQUERY.DLL MD5: d29e45078cf4020ce0aac82ec652d1ea C:\Windows\system32\tspkg.DLL MD5: 7222995615bf93b628dcea4bd6ccacf7 C:\Windows\system32\UBPM.dll MD5: d33e95c0a2754061233b58dc41f8094c C:\Windows\system32\umb.dll MD5: ec7bc28d207da09e79b3e9faf8b232ca c:\windows\system32\umpnpmgr.dll MD5: f87d30e72e03d579a5199ccb3831d6ea c:\windows\system32\umpo.dll MD5: 409994a8eaceee4e328749c0353527a0 C:\Windows\System32\umrdp.dll MD5: 954ea9b34f155c844b11f4047a8f6f89 C:\Windows\system32\upnp.dll MD5: 79f14b5df9e17e12193337ed4ee1c491 C:\Windows\system32\urlmon.dll MD5: 923cdd30092db73ec4a0ebcddd16c686 C:\Windows\System32\usbmon.dll MD5: f1dd3acaee5e6b4bbc69bc6df75cef66 C:\Windows\system32\USER32.dll MD5: d15618a0ff8dbc2c5bf3726bacc75a0b C:\Windows\system32\USERENV.dll MD5: 61ac3efdfacfdd3f0f11dd4fd4044223 c:\windows\system32\userinit.exe MD5: 804aaafebb3ad5f49334dd906bcb1de5 C:\Windows\system32\USP10.dll MD5: a12829e9974f57e9b5dbfea7c93190f6 C:\Windows\system32\UXINIT.dll MD5: 370349f79315d4db86cd992cacefee61 C:\Windows\system32\van.dll MD5: c3cd30495687c2a2f66a65ca6fd89be9 C:\Windows\System32\vds.exe MD5: 13337a3fb17f2242487fd45488ed0485 C:\Windows\system32\VSSAPI.DLL MD5: 209a3b1901b83aeb8527ed211cce9e4c C:\Windows\system32\vssvc.exe MD5: 5ae88135c6a86fcd67ba16afbb1c8389 C:\Windows\system32\wbem\esscli.dll MD5: cfc7d8289d2b5f3cf8d16e2db7f93d4a C:\Windows\system32\wbem\FastProx.dll MD5: f148865e4ac4f715e322ea06e6e21d84 C:\Windows\system32\wbem\ncprov.dll MD5: 371e3b05894549113d07cd3081ed55ef C:\Windows\system32\wbem\repdrvfs.dll MD5: 585eb475e7af55c9065256e8ffb751a1 C:\Windows\system32\wbem\wbemcore.dll MD5: b350509b6c9296529bc464c60feeaef1 C:\Windows\system32\wbem\wbemess.dll MD5: 701c9eb15e1e23d22f7c7184c0506673 C:\Windows\system32\wbem\wmidcprv.dll MD5: 3cde2911462fec80064a409c07710c06 C:\Windows\system32\wbem\wmiprvsd.dll MD5: 704314fd398c81d5f342caa5df7b7f21 C:\Windows\system32\wbemcomn.dll MD5: 691e3285e53dca558e1a84667f13e15a C:\Windows\system32\wbengine.exe MD5: 917422e1b95a72b0328b301bacbf1b07 C:\Windows\system32\wcescommproxy.dll MD5: 34eee0dfaadb4f691d6d5308a51315dc C:\Windows\System32\wcncsvc.dll MD5: f0016853fa3f38f55fd868ff74c0359b C:\Windows\system32\wdiasqmmodule.dll MD5: d205c24a9d069049fe2df2a1b38726a7 C:\Windows\system32\wdmaud.drv MD5: a399514d3b28c9a3453a486bbaaff1c7 c:\windows\system32\WDSCORE.dll MD5: 5193de33f3284c447e0d31dafbf92570 c:\windows\system32\webcheck.dll MD5: a9d880f97530d5b8fee278923349929d C:\Windows\System32\webclnt.dll MD5: fb19fc5951a88f3c523e35c2c98d23c0 c:\windows\system32\webio.dll MD5: db846eeca70ee9d2e2ff31147c57b0f4 C:\Windows\System32\webservices.dll MD5: 590d5c506044fe02ff7643e32ff9bdac C:\Windows\system32\wer.dll MD5: 1869bd251211fb6275067372a45682d6 C:\Windows\System32\werconcpl.dll MD5: 241e015dd809cfb23242f890b1fc575b c:\windows\system32\wevtsvc.dll MD5: 019c372b1a9da73a22d0d35a4d40f5c9 C:\Windows\system32\wfapigp.dll MD5: e2d56ae1d40e3725084054cd8e9cfbb1 C:\Windows\system32\wiarpc.dll MD5: e1fb3706030fb4578a0d72c2fc3689e4 c:\windows\system32\wiaservc.dll MD5: 536e06b5a05c6e39c8748e3941fb083d C:\Windows\System32\win32spl.dll MD5: 1db71a41daee6b3f8cd0dda8209fa2d5 C:\Windows\system32\WindowsCodecs.dll MD5: ca9f7888b524d8100b977c81f44c3234 c:\windows\system32\WINHTTP.dll MD5: 1d94fa7c81d2ffe494af094619ba706f C:\Windows\system32\WININET.dll MD5: b5c5dcad3899512020d135600129d665 C:\Windows\System32\wininit.exe MD5: 6d13e1406f50c66e2a95d97f22c47560 C:\Windows\System32\winlogon.exe MD5: d5aefad57c08349a4393d987df7c715d C:\Windows\system32\WINMM.dll MD5: 9419abf3163b6f0e3ad3dd2b381c879f C:\Windows\system32\WinSCard.dll MD5: 9e4b0e7472b4ceba9e17f440b8cb0ab8 C:\Windows\system32\winspool.drv MD5: 183b4188d5d91b271613ec3efd1b3cef C:\Windows\system32\winsrv.DLL MD5: 418e881201583a3039d81f43e39e6c78 C:\Windows\system32\WINSTA.dll MD5: 2d0d2da87bea7144f2a17f19d0d17e4c C:\Windows\system32\WINTRUST.dll MD5: e5a4a1326a02f8e7b59e6c3270ce7202 C:\Windows\system32\wkscli.dll MD5: 58405e4f68ba8e4057c6e914f326aba2 c:\windows\system32\wkssvc.dll MD5: a8bb45f9ecad993461e0fef8e2a99152 C:\Windows\system32\WLDAP32.dll MD5: 633c2c060cf857099f6c4f8d75c952b1 C:\Windows\system32\wls0wndh.dll MD5: 5cf15474ffdb5005e54958df6edd97ab C:\Windows\system32\wmdrmdev.dll MD5: 1957d49a9613faad1c73b508cce02aa5 C:\Windows\system32\wmp.dll MD5: 0fbc74aa20fe0ae6884279f893169c60 C:\Windows\system32\wmploc.dll MD5: 3f2b83695e5bf11930c16af50e991f96 C:\Windows\System32\wmpps.dll MD5: d412b1b72c5ab020218e9a047d90ca05 C:\Windows\system32\WMsgAPI.dll MD5: aa53356d60af47eacc85bc617a4f3f66 C:\Windows\system32\wpdbusenum.dll MD5: 735263da17bf5baf9ccd483843bf9d5a C:\Windows\system32\wpdshserviceobj.dll MD5: 7ff15a4f092cd4a96055ba69f903e3e9 C:\Windows\system32\WS2_32.dll MD5: a8cdf3768604ff95b54669e20053d569 C:\Windows\System32\WSCAPI.dll MD5: 7fd5532c142db6c9cc47aa4dcf71fdec C:\Windows\System32\wscui.cpl MD5: 73f6c5223f7e9b5780dd4a6c30fcf569 C:\Windows\System32\wsdapi.dll MD5: aaf7beb63e2cc499834b608a85a55e4e C:\Windows\system32\WSDCHNGR.DLL MD5: a8eb761de499242becf153b2b34f020e C:\Windows\System32\WSDMon.dll MD5: 81f08948a0f1475894c99d4d19a158a8 C:\Windows\System32\wshqos.dll MD5: 1b91cd34ea3a90ab6a4ef0550174f4cc C:\Windows\system32\WsmSvc.dll MD5: 6357e2b68753a1f5cf4a68a25c4fd14a C:\Windows\System32\wsnmp32.dll MD5: 6a6b2ee4565a178035be2a4ff6f2c968 C:\Windows\system32\WTSAPI32.dll MD5: 1a617835452eee5060976c9b9f5fe635 C:\Windows\system32\wuapi.dll MD5: 2e0b0a051ffaa86e358465bb0880d453 C:\Windows\System32\wuauclt.exe MD5: fc3ec24fce372c89423e015a2ac1a31e c:\windows\system32\wuaueng.dll MD5: 285c594c4913fa9dc7bb6ba3ad6f101a C:\Windows\system32\wucltux.dll MD5: 9fbcfd7e88a7ace0e94456504895dd7f c:\windows\system32\WUDFPlatform.dll MD5: 8d1e1e529a2c9e9b6a85b55a345f7629 c:\windows\system32\wudfsvc.dll MD5: 3458eda96e30fbd0477a2800d3fb1909 C:\Windows\system32\wups.dll MD5: bdc0c99e472176c8c2c853a68adc5073 C:\Windows\system32\wups2.dll MD5: edf2a5e96bec469da3f64e9bdd386111 C:\Windows\System32\XmlLite.dll MD5: a2f0b6a45ef5b68173aaa2a39690904e C:\Windows\system32\zipfldr.dll MD5: d5d7c7cbdd63c5938c83846b313fcf3b C:\Windows\WindowsMobile\BthASPlugin.dll MD5: 523df3b590d8a353a49235b1b7c571ad C:\Windows\windowsmobile\dtptdns.dll MD5: 8f97d374ad1857e1eed85a79f29a1d3d c:\windows\windowsmobile\rapimgr.dll MD5: 8c8c82633a7e90a33e8d7d9617b2b46c c:\windows\windowsmobile\TCP2UDP.dll MD5: 59e19bd13c3bdb857646b9e436ba27f7 c:\windows\windowsmobile\wcescomm.dll MD5: 96b3c4e20f02ca16aa1e3e425bffcc8b C:\Windows\WindowsMobile\wmdcBase.exe MD5: c9564cf4976e7e96b4052737aa2492b4 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll MD5: e2c48cd0132d4d1dc7d0df9a6bef686a C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL MD5: 28a09777d2d952122567a8a82f1a2c7b C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL MD5: db001faea818ae2e14a74e0adc530fc0 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\MSVCP90.dll MD5: b3892e6da8e2c8ce4b0a9d3eb9a185e5 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\MSVCR90.dll MD5: bdac1aa64495d0f7e1ff810ebbf1f018 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\COMCTL32.dll MD5: 352b3dc62a0d259a82a052238425c872 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll MD5: 0029eba325f2fc9b6ba46bee33f32a09 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll No file uploaded. Scan finished - communication took 3 sec Total traffic - 0.03 MB sent, 2.50 KB recvd Scanned 1081 files and modules - 59 seconds ============================================================================== Results of screen317's Security Check version 0.99.50 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Norton Internet Security WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.0.1400 JavaFX 2.1.1 Java version out of Date! Adobe Reader X (10.1.4) Mozilla Firefox (14.0.1) Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Malwarebytes Anti-Malware mbamservice.exe MJ Desktop Virus Battle SecurityCheck.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  4. The computer has been running better since Kapersky removed a file on Monday. I haven't noticed any added improvement since today's changes. I was able to uninstall 3 out of the 4 outdated programs you highlighted, however Adobe Flash Player 10.3.183.20 was not listed in my program files. I uninstalled Adobe Flash Player 11 ActiveX instead. I don't know if this was an updated version of the one you listed. Here are the requested logs: RogueKiller V8.0.2 [08/31/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : MJ [Admin rights] Mode : Scan -- Date : 09/12/2012 08:50:58 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤ [TASK][sUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} : "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ SSDT[13] : NtAlertResumeThread @ 0x83332A55 -> HOOKED (Unknown @ 0x875C5940) SSDT[14] : NtAlertThread @ 0x83285B00 -> HOOKED (Unknown @ 0x875C5A20) SSDT[19] : NtAllocateVirtualMemory @ 0x8327EB0C -> HOOKED (Unknown @ 0x875E0B60) SSDT[22] : NtAlpcConnectPort @ 0x832CA2BE -> HOOKED (Unknown @ 0x86D62C18) SSDT[43] : NtAssignProcessToJobObject @ 0x83253F4E -> HOOKED (Unknown @ 0x875C50E8) SSDT[74] : NtCreateMutant @ 0x83265212 -> HOOKED (Unknown @ 0x875C5690) SSDT[86] : NtCreateSymbolicLinkObject @ 0x83256871 -> HOOKED (Unknown @ 0x875D6E18) SSDT[87] : NtCreateThread @ 0x83330CEE -> HOOKED (Unknown @ 0x875E0070) SSDT[88] : NtCreateThreadEx @ 0x832C51E4 -> HOOKED (Unknown @ 0x875D6F08) SSDT[96] : NtDebugActiveProcess @ 0x83302C00 -> HOOKED (Unknown @ 0x875C51C8) SSDT[111] : NtDuplicateObject @ 0x8328659A -> HOOKED (Unknown @ 0x875E0D30) SSDT[131] : NtFreeVirtualMemory @ 0x8310E4BB -> HOOKED (Unknown @ 0x875E0918) SSDT[145] : NtImpersonateAnonymousToken @ 0x8324A840 -> HOOKED (Unknown @ 0x875C5780) SSDT[147] : NtImpersonateThread @ 0x832CE6BC -> HOOKED (Unknown @ 0x875C5860) SSDT[155] : NtLoadDriver @ 0x8321AB80 -> HOOKED (Unknown @ 0x86D546B8) SSDT[168] : NtMapViewOfSection @ 0x8329B452 -> HOOKED (Unknown @ 0x875E0818) SSDT[177] : NtOpenEvent @ 0x83264C0E -> HOOKED (Unknown @ 0x875C55B0) SSDT[190] : NtOpenProcess @ 0x83266A58 -> HOOKED (Unknown @ 0x875E0EF0) SSDT[191] : NtOpenProcessToken @ 0x832B90BF -> HOOKED (Unknown @ 0x875E0C50) SSDT[194] : NtOpenSection @ 0x832BE734 -> HOOKED (Unknown @ 0x875C53F0) SSDT[198] : NtOpenThread @ 0x832B2E45 -> HOOKED (Unknown @ 0x875E0E20) SSDT[215] : NtProtectVirtualMemory @ 0x832974C1 -> HOOKED (Unknown @ 0x875D6008) SSDT[304] : NtResumeThread @ 0x832C540B -> HOOKED (Unknown @ 0x875C5B00) SSDT[316] : NtSetContextThread @ 0x83331DEF -> HOOKED (Unknown @ 0x875C5DA0) SSDT[333] : NtSetInformationProcess @ 0x8328D6AD -> HOOKED (Unknown @ 0x875C5E80) SSDT[350] : NtSetSystemInformation @ 0x832A31AC -> HOOKED (Unknown @ 0x875C52A8) SSDT[366] : NtSuspendProcess @ 0x8333298F -> HOOKED (Unknown @ 0x875C54D0) SSDT[367] : NtSuspendThread @ 0x832E9EF5 -> HOOKED (Unknown @ 0x875C5BE0) SSDT[370] : NtTerminateProcess @ 0x832AFA7D -> HOOKED (Unknown @ 0x875E0150) SSDT[371] : NtTerminateThread @ 0x832CD3F4 -> HOOKED (Unknown @ 0x875C5CC0) SSDT[385] : NtUnmapViewOfSection @ 0x832B96FA -> HOOKED (Unknown @ 0x875C5F70) SSDT[399] : NtWriteVirtualMemory @ 0x832B47DA -> HOOKED (Unknown @ 0x875E0A08) S_SSDT[318] : Unknown -> HOOKED (Unknown @ 0x87805458) S_SSDT[402] : Unknown -> HOOKED (Unknown @ 0x883FF850) S_SSDT[434] : Unknown -> HOOKED (Unknown @ 0x87B68850) S_SSDT[436] : Unknown -> HOOKED (Unknown @ 0x8837D1D0) S_SSDT[448] : Unknown -> HOOKED (Unknown @ 0x86C84100) S_SSDT[490] : Unknown -> HOOKED (Unknown @ 0x8759D8D8) S_SSDT[508] : Unknown -> HOOKED (Unknown @ 0x8759D9F8) S_SSDT[509] : Unknown -> HOOKED (Unknown @ 0x8759D968) S_SSDT[585] : Unknown -> HOOKED (Unknown @ 0x87678120) S_SSDT[588] : Unknown -> HOOKED (Unknown @ 0x876784A8) ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD2500AAJS-75M0A0 +++++ --- User --- [MBR] 3a1ed7ebb3d0a9214baeb524b3ac1850 [bSP] 7599e6e61e4129e184d4051f55323357 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 8118 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 16707584 | Size: 230259 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt All processes killed ========== PROCESSES ========== ========== FILES ========== recycler not found in C:\ ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0dc087c2-7d6e-11df-8d6b-002564ec136d}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0dc087c2-7d6e-11df-8d6b-002564ec136d}\ not found. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ac18984-1585-11df-8517-002564ec136d}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ac18984-1585-11df-8517-002564ec136d}\ not found. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a32a1cf-673a-11df-847f-002564ec136d}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4a32a1cf-673a-11df-847f-002564ec136d}\ not found. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{774e842f-bc3f-11df-9e54-002564ec136d}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{774e842f-bc3f-11df-9e54-002564ec136d}\ not found. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa3db801-9691-11df-a812-002564ec136d}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa3db801-9691-11df-a812-002564ec136d}\ not found. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb2c3ca2-5137-11df-a710-002564ec136d}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb2c3ca2-5137-11df-a710-002564ec136d}\ not found. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56466 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LogMeInRemoteUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: MJ ->Temp folder emptied: 22207567192 bytes ->Temporary Internet Files folder emptied: 10988631065 bytes ->Java cache emptied: 351075439 bytes ->FireFox cache emptied: 59242777 bytes ->Google Chrome cache emptied: 179976679 bytes ->Flash cache emptied: 2235 bytes User: ParkPlace ->Temp folder emptied: 20230466 bytes ->Temporary Internet Files folder emptied: 619262 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 56972 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 3739479037 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 1892690569 bytes Total Files Cleaned = 37,613.00 mb Restore point Set: OTL Restore Point [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: LogMeInRemoteUser User: MJ ->Flash cache emptied: 0 bytes User: ParkPlace ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0.00 mb [EMPTYJAVA] User: All Users User: Default User: Default User User: LogMeInRemoteUser User: MJ ->Java cache emptied: 0 bytes User: ParkPlace ->Java cache emptied: 0 bytes User: Public Total Java Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.61.3 log created on 09122012_085815 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... ComboFix 12-09-12.02 - MJ 09/12/2012 9:28.1.2 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2013.842 [GMT -5:00] Running from: c:\users\MJ\Desktop\ComboFix.exe AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\data . . ((((((((((((((((((((((((( Files Created from 2012-08-12 to 2012-09-12 ))))))))))))))))))))))))))))))) . . 2012-09-12 14:34 . 2012-09-12 14:34 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp 2012-09-12 14:34 . 2012-09-12 14:34 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-12 13:58 . 2012-09-12 13:58 -------- d-----w- C:\_OTL 2012-09-10 17:28 . 2012-09-10 17:28 -------- d-----w- C:\FRST 2012-09-10 17:03 . 2012-09-10 17:03 -------- d-----w- C:\TDSSKiller_Quarantine 2012-09-10 16:49 . 2012-09-10 16:49 -------- d-----w- c:\program files\ERUNT 2012-09-06 19:08 . 2012-09-06 19:08 -------- d-----w- C:\found.001 2012-09-06 18:45 . 2012-09-06 18:46 -------- d-----w- c:\users\ParkPlace 2012-09-06 17:50 . 2012-09-06 17:50 -------- d-----w- c:\users\MJ\AppData\Roaming\Malwarebytes 2012-09-06 17:49 . 2012-09-06 17:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-09-06 17:49 . 2012-09-06 17:49 -------- d-----w- c:\programdata\Malwarebytes 2012-09-06 17:49 . 2012-07-03 18:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-24 17:26 . 2012-08-24 17:26 -------- d-----w- c:\programdata\Carbonite 2012-08-24 17:26 . 2012-08-24 17:26 -------- d-----w- c:\program files\Carbonite 2012-08-24 15:52 . 2012-08-24 15:52 -------- d-----w- C:\found.000 2012-08-22 20:48 . 2012-08-22 20:48 -------- d-----w- c:\users\MJ\jagexcache1 2012-08-16 21:05 . 2012-08-16 21:05 -------- d-----w- c:\windows\en 2012-08-16 21:03 . 2012-08-16 21:03 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-08-16 20:59 . 2012-08-16 20:59 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\3f995a91cd7bf206\DSETUP.dll 2012-08-16 20:59 . 2012-08-16 20:59 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\3f995a91cd7bf206\DXSETUP.exe 2012-08-16 20:59 . 2012-08-16 20:59 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\3f995a91cd7bf206\dsetup32.dll 2012-08-15 18:29 . 2012-08-15 18:29 -------- d-----w- c:\program files\Oracle 2012-08-15 18:27 . 2012-07-06 03:06 772544 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-08-15 14:33 . 2012-08-16 14:36 -------- d-----w- c:\windows\system32\drivers\NIS\1308000.00E . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-11 14:14 . 2010-02-11 15:31 83392 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2012-07-11 14:14 . 2010-02-11 15:31 52128 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll 2012-07-11 14:14 . 2010-02-11 15:31 30624 ----a-w- c:\windows\system32\LMIport.dll 2012-07-11 14:14 . 2010-02-11 15:31 87456 ----a-w- c:\windows\system32\LMIinit.dll 2012-07-06 03:06 . 2010-11-15 15:30 687544 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-25 21:04 . 2012-06-25 21:04 1394248 ----a-w- c:\windows\system32\msxml4.dll 2012-07-14 00:17 . 2012-08-10 14:42 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green] @="{95A27763-F62A-4114-9072-E81D87DE3B68}" [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}] 2012-07-26 15:03 1014344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] 2012-07-26 15:03 1014344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow] @="{5E529433-B50E-4bef-A63B-16A6B71B071A}" [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}] 2012-07-26 15:03 1014344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2012-01-03 1243040] "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-05-23 7514656] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-01-03 36760] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-01-03 815512] "IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368] "PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984] "PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992] "PDFHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192] "PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-06 62752] "ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2010-10-26 139264] "BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440] "Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-07-26 1061960] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Canon PC1200 iC D600 iR1200G Status Window.LNK - c:\windows\System32\spool\drivers\w32x86\3\CAPM1LAK.EXE [2007-3-12 38464] Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864] WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2057536] WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-13 9117504] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x] R2 RapidPortM1;RapidPortM1;c:\windows\system32\Drivers\CAPM1LP.SYS [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1308000.00E\SYMDS.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1308000.00E\SYMEFA.SYS [x] S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120905.001\BHDrvx86.sys [x] S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1308000.00E\ccSetx86.sys [x] S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120907.001\IDSvix86.sys [x] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1308000.00E\Ironx86.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NIS\1308000.00E\SYMNETS.SYS [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [x] S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [x] S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe [x] S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [x] S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [x] S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [x] S3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x] S3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x] S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . Contents of the 'Scheduled Tasks' folder . 2012-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-22 18:12] . 2012-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-22 18:12] . 2012-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-84075024-2080030355-1644607755-1000Core1cd869e3049515f.job - c:\users\MJ\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-15 14:59] . 2012-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-84075024-2080030355-1644607755-1000UA.job - c:\users\MJ\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-15 14:59] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.bing.com/ IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\OFFICE11\EXCEL.EXE/3000 Trusted Zone: advanceddiscovery.com\relativity5 Trusted Zone: kcura.com\relativity TCP: DhcpNameServer = 68.94.156.1 TCP: Interfaces\{51F4D2AB-899D-4E15-A5ED-5FC988182DD8}: NameServer = 4.2.2.2 DPF: {A6AD2813-EDAC-4CAA-B7A3-431EC0758C2D} - hxxps://relativity5.advanceddiscovery.com/Relativity/ActiveX/webclientmanager.cab FF - ProfilePath - c:\users\MJ\AppData\Roaming\Mozilla\Firefox\Profiles\8k026ig1.default\ . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) SafeBoot-34049968.sys . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.8.0.14\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(3148) c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . Completion time: 2012-09-12 09:36:16 ComboFix-quarantined-files.txt 2012-09-12 14:36 . Pre-Run: 142,051,225,600 bytes free Post-Run: 141,404,086,272 bytes free . - - End Of File - - 519482EB28B1CFC84F39354BE0CEFB26
  5. Roguekiller RogueKiller V8.0.2 [08/31/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : MJ [Admin rights] Mode : Scan -- Date : 09/10/2012 12:12:36 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤ [TASK][sUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} : "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ SSDT[13] : NtAlertResumeThread @ 0x8332DA55 -> HOOKED (Unknown @ 0x874CEC30) SSDT[14] : NtAlertThread @ 0x83280B00 -> HOOKED (Unknown @ 0x874CED10) SSDT[19] : NtAllocateVirtualMemory @ 0x83279B0C -> HOOKED (Unknown @ 0x874CF678) SSDT[22] : NtAlpcConnectPort @ 0x832C52BE -> HOOKED (Unknown @ 0x86D6F4E8) SSDT[43] : NtAssignProcessToJobObject @ 0x8324EF4E -> HOOKED (Unknown @ 0x874CE3D8) SSDT[74] : NtCreateMutant @ 0x83260212 -> HOOKED (Unknown @ 0x874CE980) SSDT[86] : NtCreateSymbolicLinkObject @ 0x83251871 -> HOOKED (Unknown @ 0x874CE0F8) SSDT[87] : NtCreateThread @ 0x8332BCEE -> HOOKED (Unknown @ 0x874CFB80) SSDT[88] : NtCreateThreadEx @ 0x832C01E4 -> HOOKED (Unknown @ 0x874CE1E8) SSDT[96] : NtDebugActiveProcess @ 0x832FDC00 -> HOOKED (Unknown @ 0x874CE4B8) SSDT[111] : NtDuplicateObject @ 0x8328159A -> HOOKED (Unknown @ 0x874CF848) SSDT[131] : NtFreeVirtualMemory @ 0x831094BB -> HOOKED (Unknown @ 0x874CF430) SSDT[145] : NtImpersonateAnonymousToken @ 0x83245840 -> HOOKED (Unknown @ 0x874CEA70) SSDT[147] : NtImpersonateThread @ 0x832C96BC -> HOOKED (Unknown @ 0x874CEB50) SSDT[155] : NtLoadDriver @ 0x83215B80 -> HOOKED (Unknown @ 0x86D6F470) SSDT[168] : NtMapViewOfSection @ 0x83296452 -> HOOKED (Unknown @ 0x874CF330) SSDT[177] : NtOpenEvent @ 0x8325FC0E -> HOOKED (Unknown @ 0x874CE8A0) SSDT[190] : NtOpenProcess @ 0x83261A58 -> HOOKED (Unknown @ 0x874CFA28) SSDT[191] : NtOpenProcessToken @ 0x832B40BF -> HOOKED (Unknown @ 0x874CF768) SSDT[194] : NtOpenSection @ 0x832B9734 -> HOOKED (Unknown @ 0x874CE6E0) SSDT[198] : NtOpenThread @ 0x832ADE45 -> HOOKED (Unknown @ 0x874CF938) SSDT[215] : NtProtectVirtualMemory @ 0x832924C1 -> HOOKED (Unknown @ 0x874CE2E8) SSDT[304] : NtResumeThread @ 0x832C040B -> HOOKED (Unknown @ 0x874CEDF0) SSDT[316] : NtSetContextThread @ 0x8332CDEF -> HOOKED (Unknown @ 0x874CF080) SSDT[333] : NtSetInformationProcess @ 0x832886AD -> HOOKED (Unknown @ 0x874CF160) SSDT[350] : NtSetSystemInformation @ 0x8329E1AC -> HOOKED (Unknown @ 0x874CE598) SSDT[366] : NtSuspendProcess @ 0x8332D98F -> HOOKED (Unknown @ 0x874CE7C0) SSDT[367] : NtSuspendThread @ 0x832E4EF5 -> HOOKED (Unknown @ 0x874CEED0) SSDT[370] : NtTerminateProcess @ 0x832AAA7D -> HOOKED (Unknown @ 0x874CFC80) SSDT[371] : NtTerminateThread @ 0x832C83F4 -> HOOKED (Unknown @ 0x874CEF90) SSDT[385] : NtUnmapViewOfSection @ 0x832B46FA -> HOOKED (Unknown @ 0x874CF250) SSDT[399] : NtWriteVirtualMemory @ 0x832AF7DA -> HOOKED (Unknown @ 0x874CF520) S_SSDT[318] : Unknown -> HOOKED (Unknown @ 0x887B4D88) S_SSDT[402] : Unknown -> HOOKED (Unknown @ 0x8864A8C0) S_SSDT[434] : Unknown -> HOOKED (Unknown @ 0x875559E8) S_SSDT[436] : Unknown -> HOOKED (Unknown @ 0x869442B0) S_SSDT[448] : Unknown -> HOOKED (Unknown @ 0x8838FE68) S_SSDT[490] : Unknown -> HOOKED (Unknown @ 0x8838FA60) S_SSDT[508] : Unknown -> HOOKED (Unknown @ 0x8838FC00) S_SSDT[509] : Unknown -> HOOKED (Unknown @ 0x8838FB30) S_SSDT[585] : Unknown -> HOOKED (Unknown @ 0x8838FFC0) S_SSDT[588] : Unknown -> HOOKED (Unknown @ 0x88390008) ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD2500AAJS-75M0A0 +++++ --- User --- [MBR] 3a1ed7ebb3d0a9214baeb524b3ac1850 [bSP] 7599e6e61e4129e184d4051f55323357 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 8118 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 16707584 | Size: 230259 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt Checkup Results of screen317's Security Check version 0.99.50 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Norton Internet Security WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.62.0.1300 JavaFX 2.1.1 Java 6 Update 31 Java 7 Update 5 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 10.3.183.20 Flash Player out of Date! Adobe Reader X (10.1.4) Mozilla Firefox (14.0.1) Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log`````````````````````` OTL OTL logfile created on: 9/10/2012 12:25:20 PM - Run 1 OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\MJ\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.97 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 49.46% Memory free 3.93 Gb Paging File | 2.75 Gb Available in Paging File | 69.84% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 224.86 Gb Total Space | 89.08 Gb Free Space | 39.62% Space Free | Partition Type: NTFS Computer Name: MJ-PC | User Name: MJ | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/09/10 12:23:32 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\MJ\Desktop\OTL.exe PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/07/26 10:03:58 | 004,637,768 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe PRC - [2012/07/26 10:03:58 | 001,061,960 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe PRC - [2012/07/11 09:14:53 | 000,136,616 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe PRC - [2012/07/11 09:14:13 | 000,374,184 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccsvchst.exe PRC - [2012/01/03 08:10:50 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/12/08 09:43:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010/10/26 17:20:52 | 001,196,032 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\ControlCenter4\BrCcUxSys.exe PRC - [2010/10/26 17:16:06 | 000,331,776 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\ControlCenter4\BrCtrlCntr.exe PRC - [2010/06/10 13:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\Brother\BrStMonW.exe PRC - [2010/03/09 00:42:02 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\pptd40nt.exe PRC - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe PRC - [2010/03/05 20:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe PRC - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe PRC - [2009/11/13 11:29:42 | 009,117,504 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe PRC - [2009/11/13 11:29:40 | 002,057,536 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe PRC - [2009/11/13 11:28:04 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe PRC - [2009/08/07 06:29:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009/08/07 06:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2009/06/24 21:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe PRC - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe PRC - [2009/05/05 16:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe PRC - [2009/03/31 17:01:42 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe PRC - [2008/08/11 13:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe PRC - [2007/05/31 16:21:28 | 000,648,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdcBase.exe PRC - [2007/03/12 17:55:56 | 000,038,464 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\drivers\w32x86\3\CAPM1LAK.EXE PRC - [2007/03/12 17:02:16 | 000,038,024 | ---- | M] (CANON INC.) -- C:\Windows\System32\CAPM1RSK.EXE PRC - [2007/03/12 16:29:16 | 000,106,128 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\drivers\w32x86\3\CAPM1SWK.EXE ========== Modules (No Company Name) ========== MOD - [2012/02/22 11:14:48 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\659bc287f3b51e5e604208ce93d983ec\Microsoft.VisualBasic.ni.dll MOD - [2012/02/22 11:14:20 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll MOD - [2012/02/16 11:43:48 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\075d9c27aa02085fef8983b5f5f85834\System.ServiceProcess.ni.dll MOD - [2012/02/16 11:43:41 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll MOD - [2012/02/16 11:43:20 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll MOD - [2012/02/16 11:43:17 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\eedf95f16a7e81ca43dd8accf11498a3\System.Data.ni.dll MOD - [2012/02/16 11:43:11 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll MOD - [2012/02/16 11:42:53 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll MOD - [2012/02/16 11:42:48 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll MOD - [2012/02/16 11:42:44 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll MOD - [2012/02/16 11:42:33 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll MOD - [2012/02/16 11:42:21 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2010/11/04 20:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2009/08/19 15:49:08 | 000,049,152 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll MOD - [2009/07/29 15:24:14 | 000,504,293 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\sqlite3.dll MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll ========== Services (SafeList) ========== SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/07/26 10:03:58 | 004,637,768 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService) SRV - [2012/07/13 19:17:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/07/11 09:14:53 | 000,136,616 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint) SRV - [2012/07/11 09:14:13 | 000,374,184 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc) SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe -- (NIS) SRV - [2010/12/08 09:43:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn) SRV - [2010/05/05 03:00:30 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP) SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc) SRV - [2009/11/13 11:28:04 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService) SRV - [2009/08/07 06:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService) SRV - [2009/03/31 17:01:42 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe -- (AERTFilters) SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV - [2012/08/31 19:27:25 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120907.001\IDSvix86.sys -- (IDSVix86) DRV - [2012/08/31 17:09:14 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120905.001\BHDrvx86.sys -- (BHDrvx86) DRV - [2012/08/24 17:09:18 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120910.002\NAVEX15.SYS -- (NAVEX15) DRV - [2012/08/24 17:09:18 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012/08/24 17:09:18 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120910.002\NAVENG.SYS -- (NAVENG) DRV - [2012/08/08 22:08:31 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2012/07/11 09:14:14 | 000,083,392 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP) DRV - [2012/07/05 21:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\srtsp.sys -- (SRTSP) DRV - [2012/07/05 21:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\srtspx.sys -- (SRTSPX) DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012/06/06 23:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\ccsetx86.sys -- (ccSet_NIS) DRV - [2012/05/21 20:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\symefa.sys -- (SymEFA) DRV - [2012/04/17 21:13:32 | 000,318,584 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\symnets.sys -- (SymNetS) DRV - [2012/04/17 20:42:14 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\ironx86.sys -- (SymIRON) DRV - [2012/03/23 09:30:00 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2011/08/16 01:51:40 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\symds.sys -- (SymDS) DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009/11/02 22:06:12 | 000,011,520 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbSib.sys -- (BrUsbSIb) DRV - [2009/11/02 22:06:11 | 000,071,424 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerIb.sys -- (BrSerIb) DRV - [2009/05/21 14:18:54 | 000,089,048 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID) DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM) DRV - [2008/08/11 13:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver) DRV - [2008/08/11 13:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo) DRV - [2001/12/07 01:00:00 | 000,022,912 | ---- | M] (CANON INC.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CAPM1LP.SYS -- (RapidPortM1) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {ED7B8E17-0B0C-4674-B720-4837F6B5BE99} IE - HKLM\..\SearchScopes\{ED7B8E17-0B0C-4674-B720-4837F6B5BE99}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox'>http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/ IE - HKCU\..\SearchScopes,DefaultScope = {703B686C-157E-4261-A00B-3142D0D4EE4B} IE - HKCU\..\SearchScopes\{703B686C-157E-4261-A00B-3142D0D4EE4B}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:10.1.0.68 - 2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\MJ\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\MJ\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\IPSFFPlgn\ [2012/03/19 09:12:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\coFFPlgn\ [2012/09/10 12:10:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/03/02 10:12:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/10 09:42:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/20 08:17:56 | 000,000,000 | ---D | M] [2010/06/21 14:56:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MJ\AppData\Roaming\Mozilla\Extensions [2012/09/07 15:48:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MJ\AppData\Roaming\Mozilla\Firefox\Profiles\8k026ig1.default\extensions [2011/01/10 12:52:12 | 000,002,470 | ---- | M] () -- C:\Users\MJ\AppData\Roaming\Mozilla\Firefox\Profiles\8k026ig1.default\searchplugins\safesearch.xml [2012/08/10 09:54:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/07/13 19:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/07/13 19:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/07/13 19:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Bing (Enabled) CHR - default_search_provider: search_url = http://www.bing.com/search?setmkt=en-US&q={searchTerms} CHR - default_search_provider: suggest_url = http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}, CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Users\MJ\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\MJ\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\MJ\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\MJ\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll CHR - plugin: Norton Confidential (Enabled) = C:\Users\MJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - Extension: YouTube = C:\Users\MJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\MJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Norton Identity Protection = C:\Users\MJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\ CHR - Extension: Gmail = C:\Users\MJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2011/12/22 16:11:00 | 000,000,833 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [brStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.) O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [indexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation) O4 - HKCU..\Run: [Adobe Acrobat Synchronizer] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: advanceddiscovery.com ([relativity5] https in Trusted sites) O15 - HKCU\..Trusted Domains: kcura.com ([relativity] https in Trusted sites) O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {A6AD2813-EDAC-4CAA-B7A3-431EC0758C2D} https://relativity5.advanceddiscovery.com/Relativity/ActiveX/webclientmanager.cab (kCura.EDDS.WebClientManager.WebClientManager) O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} http://simcity.ea.com/play/classic/SimCityX.cab (SimCityX Control) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://lexisnexiscenters.webex.com/client/T27L10NSP11EP5/event/ieatgpc1.cab (GpcContainer Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51F4D2AB-899D-4E15-A5ED-5FC988182DD8}: DhcpNameServer = 68.94.156.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51F4D2AB-899D-4E15-A5ED-5FC988182DD8}: NameServer = 4.2.2.2 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0dc087c2-7d6e-11df-8d6b-002564ec136d}\Shell - "" = AutoRun O33 - MountPoints2\{0dc087c2-7d6e-11df-8d6b-002564ec136d}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{3ac18984-1585-11df-8517-002564ec136d}\Shell - "" = AutoRun O33 - MountPoints2\{3ac18984-1585-11df-8517-002564ec136d}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{4a32a1cf-673a-11df-847f-002564ec136d}\Shell - "" = AutoRun O33 - MountPoints2\{4a32a1cf-673a-11df-847f-002564ec136d}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{774e842f-bc3f-11df-9e54-002564ec136d}\Shell - "" = AutoRun O33 - MountPoints2\{774e842f-bc3f-11df-9e54-002564ec136d}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{aa3db801-9691-11df-a812-002564ec136d}\Shell - "" = AutoRun O33 - MountPoints2\{aa3db801-9691-11df-a812-002564ec136d}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{eb2c3ca2-5137-11df-a710-002564ec136d}\Shell - "" = AutoRun O33 - MountPoints2\{eb2c3ca2-5137-11df-a710-002564ec136d}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: 34049968.sys - Driver SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: 34049968.sys - Driver SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/09/10 12:28:25 | 000,000,000 | ---D | C] -- C:\FRST [2012/09/10 12:23:36 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\MJ\Desktop\OTL.exe [2012/09/10 12:11:24 | 000,000,000 | ---D | C] -- C:\Users\MJ\Desktop\RK_Quarantine [2012/09/10 12:03:39 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012/09/10 12:01:05 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\MJ\Desktop\tdsskiller.exe [2012/09/10 11:56:14 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\MJ\Desktop\aswMBR.exe [2012/09/10 11:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2012/09/10 11:49:20 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2012/09/10 11:47:20 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\MJ\Desktop\erunt-setup.exe [2012/09/10 11:40:16 | 001,629,088 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\MJ\Desktop\rkill.com [2012/09/07 09:26:40 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\MJ\Desktop\dds.scr [2012/09/06 14:08:25 | 000,000,000 | -HSD | C] -- C:\found.001 [2012/09/06 12:50:08 | 000,000,000 | ---D | C] -- C:\Users\MJ\AppData\Roaming\Malwarebytes [2012/09/06 12:50:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/09/06 12:49:59 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/09/06 12:49:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/09/06 12:49:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/09/06 12:20:04 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\MJ\Desktop\mbam-setup-1.62.0.1300.exe [2012/08/24 12:27:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite [2012/08/24 12:26:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Carbonite [2012/08/24 12:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\Carbonite [2012/08/24 10:52:59 | 000,000,000 | -HSD | C] -- C:\found.000 [2012/08/22 15:48:45 | 000,000,000 | ---D | C] -- C:\Users\MJ\jagexcache1 [2012/08/16 16:05:34 | 000,000,000 | ---D | C] -- C:\Windows\en [2012/08/16 15:58:28 | 000,000,000 | ---D | C] -- C:\Users\MJ\AppData\Local\{54AF5CBF-5B61-48FD-AD5F-9DBD4A77655E} [2012/08/16 15:58:18 | 000,000,000 | ---D | C] -- C:\Users\MJ\AppData\Local\{27958AFA-33EF-44FC-9214-C12C96379B71} [2012/08/16 15:57:59 | 000,000,000 | ---D | C] -- C:\Users\MJ\AppData\Local\{03B31BD4-EFDD-4046-BFEE-86AFEE3AA771} [2012/08/16 15:57:48 | 000,000,000 | ---D | C] -- C:\Users\MJ\AppData\Local\{2A4F3DD4-7242-4259-8F62-DF5F5FA9B102} [2012/08/16 15:57:13 | 000,000,000 | ---D | C] -- C:\Users\MJ\AppData\Local\{788BDA24-56B7-4446-B0CE-1F0290D2C4D2} [2012/08/16 15:57:02 | 000,000,000 | ---D | C] -- C:\Users\MJ\AppData\Local\{7005D15B-1355-4D42-832C-C2B0C0A420F4} [2012/08/16 15:56:28 | 000,000,000 | ---D | C] -- C:\Users\MJ\AppData\Local\{1491FF06-6627-4E33-A0F0-C9BDB697B48E} [2012/08/16 15:56:08 | 000,000,000 | ---D | C] -- C:\Users\MJ\AppData\Local\{BA9055CD-206C-45D4-AED8-22425D128222} [2012/08/16 14:55:06 | 000,000,000 | ---D | C] -- C:\Users\MJ\AppData\Local\{91447190-21A3-46C2-BCB1-CC82B8A7FB6E} [2012/08/16 14:54:45 | 000,000,000 | ---D | C] -- C:\Users\MJ\AppData\Local\{F0AB2D87-E08E-4FD8-8003-6F2338107790} [2012/08/15 13:30:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012/08/15 13:29:29 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2012/08/15 13:27:59 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2012/08/15 13:27:59 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012/08/15 13:26:23 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012/08/15 13:26:23 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012/08/15 10:01:12 | 000,000,000 | ---D | C] -- C:\Users\MJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [1 C:\Users\MJ\*.tmp files -> C:\Users\MJ\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/09/10 12:23:32 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\MJ\Desktop\OTL.exe [2012/09/10 12:15:13 | 000,854,156 | ---- | M] () -- C:\Users\MJ\Desktop\SecurityCheck.exe [2012/09/10 12:14:18 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/09/10 12:14:18 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/09/10 12:12:10 | 000,662,690 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/09/10 12:12:10 | 000,121,558 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/09/10 12:10:24 | 001,378,816 | ---- | M] () -- C:\Users\MJ\Desktop\RogueKiller.exe [2012/09/10 12:10:05 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-84075024-2080030355-1644607755-1000UA.job [2012/09/10 12:07:00 | 000,000,874 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/09/10 12:06:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/09/10 12:06:36 | 1583,075,328 | -HS- | M] () -- C:\hiberfil.sys [2012/09/10 12:01:35 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\MJ\Desktop\tdsskiller.exe [2012/09/10 12:00:45 | 000,000,512 | ---- | M] () -- C:\Users\MJ\Desktop\MBR.dat [2012/09/10 11:58:00 | 000,164,971 | ---- | M] () -- C:\Users\MJ\Desktop\Screen Shot.png [2012/09/10 11:57:55 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\MJ\Desktop\aswMBR.exe [2012/09/10 11:49:20 | 000,000,896 | ---- | M] () -- C:\Users\MJ\Desktop\NTREGOPT.lnk [2012/09/10 11:49:20 | 000,000,877 | ---- | M] () -- C:\Users\MJ\Desktop\ERUNT.lnk [2012/09/10 11:47:23 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\MJ\Desktop\erunt-setup.exe [2012/09/10 11:44:04 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/09/10 11:40:16 | 001,629,088 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\MJ\Desktop\rkill.com [2012/09/10 11:38:46 | 377,687,870 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012/09/10 11:19:04 | 000,136,282 | ---- | M] () -- C:\Users\MJ\Desktop\Daubenspeck FINRA Form MC-400.pdf [2012/09/10 11:18:17 | 000,126,953 | ---- | M] () -- C:\Users\MJ\Desktop\AEI FINRA Form MC-400A.pdf [2012/09/07 09:26:48 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\MJ\Desktop\dds.scr [2012/09/06 12:50:00 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/09/06 12:48:44 | 001,353,103 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1308000.00E\Cat.DB [2012/09/06 12:20:31 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\MJ\Desktop\mbam-setup-1.62.0.1300.exe [2012/09/06 11:19:31 | 000,006,576 | ---- | M] () -- C:\bootsqm.dat [2012/09/06 09:38:35 | 000,000,032 | ---- | M] () -- C:\Users\MJ\jagex_cl_runescape_LIVE.dat [2012/09/05 10:28:36 | 000,002,398 | ---- | M] () -- C:\Users\MJ\Desktop\Google Chrome.lnk [2012/08/30 05:57:03 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-84075024-2080030355-1644607755-1000Core1cd869e3049515f.job [2012/08/24 12:27:11 | 000,002,104 | ---- | M] () -- C:\Users\Public\Desktop\Carbonite InfoCenter.lnk [2012/08/22 15:51:18 | 000,000,129 | ---- | M] () -- C:\Users\MJ\jagex_runescape_preferences2.dat [2012/08/22 15:48:47 | 000,000,035 | ---- | M] () -- C:\Users\MJ\jagex_runescape_preferences.dat [2012/08/22 15:48:45 | 000,000,042 | ---- | M] () -- C:\Users\MJ\jagex_cl_runescape_LIVE1.dat [2012/08/17 14:53:37 | 000,102,843 | ---- | M] () -- C:\Users\MJ\Desktop\Cutler 2012 Part 2B Revised 8-17-2012.pdf [2012/08/16 09:35:46 | 000,008,942 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1308000.00E\VT20120731.038 [2012/08/16 09:13:37 | 000,002,425 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2012/08/15 13:25:28 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012/08/15 13:25:28 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [1 C:\Users\MJ\*.tmp files -> C:\Users\MJ\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/09/10 12:15:10 | 000,854,156 | ---- | C] () -- C:\Users\MJ\Desktop\SecurityCheck.exe [2012/09/10 12:10:20 | 001,378,816 | ---- | C] () -- C:\Users\MJ\Desktop\RogueKiller.exe [2012/09/10 12:00:45 | 000,000,512 | ---- | C] () -- C:\Users\MJ\Desktop\MBR.dat [2012/09/10 11:57:59 | 000,164,971 | ---- | C] () -- C:\Users\MJ\Desktop\Screen Shot.png [2012/09/10 11:49:20 | 000,000,896 | ---- | C] () -- C:\Users\MJ\Desktop\NTREGOPT.lnk [2012/09/10 11:49:20 | 000,000,877 | ---- | C] () -- C:\Users\MJ\Desktop\ERUNT.lnk [2012/09/06 12:50:00 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/09/06 11:19:31 | 000,006,576 | ---- | C] () -- C:\bootsqm.dat [2012/08/30 05:57:03 | 000,000,844 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-84075024-2080030355-1644607755-1000Core1cd869e3049515f.job [2012/08/24 12:27:11 | 000,002,104 | ---- | C] () -- C:\Users\Public\Desktop\Carbonite InfoCenter.lnk [2012/08/22 15:48:45 | 000,000,042 | ---- | C] () -- C:\Users\MJ\jagex_cl_runescape_LIVE1.dat [2012/08/17 14:53:37 | 000,102,843 | ---- | C] () -- C:\Users\MJ\Desktop\Cutler 2012 Part 2B Revised 8-17-2012.pdf [2012/08/15 10:01:24 | 000,002,398 | ---- | C] () -- C:\Users\MJ\Desktop\Google Chrome.lnk [2012/08/15 09:59:16 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-84075024-2080030355-1644607755-1000UA.job [2011/11/23 12:54:41 | 000,000,000 | ---- | C] () -- C:\Users\MJ\.gtk-bookmarks [2011/11/04 09:19:46 | 000,000,032 | ---- | C] () -- C:\Users\MJ\jagex_cl_runescape_LIVE.dat [2011/10/07 15:48:11 | 000,000,246 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2011/10/07 15:48:11 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini [2011/10/07 15:41:23 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2011/10/07 15:41:23 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2011/10/07 15:41:07 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL [2011/10/07 15:40:58 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI [2011/10/07 15:40:56 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM10A.DAT [2011/04/06 08:55:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2010/12/17 15:16:11 | 000,000,129 | ---- | C] () -- C:\Users\MJ\jagex_runescape_preferences2.dat [2010/12/17 15:14:46 | 000,000,035 | ---- | C] () -- C:\Users\MJ\jagex_runescape_preferences.dat [2010/05/17 10:16:23 | 000,004,096 | -H-- | C] () -- C:\Users\MJ\AppData\Local\keyfile3.drm [2010/04/06 10:50:47 | 000,003,584 | ---- | C] () -- C:\Users\MJ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %ALLUSERSPROFILE%\Application Data\*.dll /s > < %APPDATA%\*. > [2012/06/07 16:27:36 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\.oit [2011/04/06 15:16:13 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\Adobe [2012/07/11 16:32:12 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\Audacity [2011/12/02 15:43:18 | 000,000,000 | R--D | M] -- C:\Users\MJ\AppData\Roaming\Brother [2011/10/07 16:29:26 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\ControlCenter4 [2010/02/03 15:00:13 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\CyberLink [2011/02/23 17:42:12 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\Download Manager [2011/10/07 16:29:20 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\FLEXnet [2010/02/03 13:04:24 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\Identities [2011/10/07 15:33:17 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\InstallShield [2010/02/03 13:08:24 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\Macromedia [2012/09/06 12:50:08 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\Malwarebytes [2009/07/14 02:49:10 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\Media Center Programs [2012/09/06 13:37:38 | 000,000,000 | --SD | M] -- C:\Users\MJ\AppData\Roaming\Microsoft [2010/06/21 14:56:47 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\Mozilla [2011/10/12 09:41:57 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\Nuance [2012/09/06 13:29:55 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\TeamViewer [2010/04/30 15:35:04 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\U3 [2011/06/15 11:45:52 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\webex [2010/06/23 14:05:22 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\Western Digital [2010/11/15 15:39:50 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\Windows Live Writer [2011/10/12 09:42:06 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\Zeon < %APPDATA%\*.exe /s > [2007/10/23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Users\MJ\AppData\Roaming\U3\temp\cleanup.exe [2007/10/23 09:22:56 | 003,350,528 | -H-- | M] (SanDisk Corporation) -- C:\Users\MJ\AppData\Roaming\U3\temp\Launchpad Removal.exe < %APPDATA%\*.dll /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: BEEP.SYS > [2009/07/13 18:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\System32\drivers\beep.sys [2009/07/13 18:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys < MD5 for: CNGAUDIT.DLL > [2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTOR.SYS > [2009/08/07 08:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Drivers\storage\R236453\IaStor.sys [2009/08/07 06:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2009/08/07 08:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Windows\System32\drivers\iaStor.sys [2009/08/07 06:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_1f2a8fa4448bd5bf\iaStor.sys [2009/08/07 08:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_e0df85a86191e9fe\iaStor.sys [2009/08/07 06:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys < MD5 for: IASTORV.SYS > [2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010/11/20 07:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\drivers\iaStorV.sys [2010/11/20 07:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010/11/20 07:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010/11/20 07:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010/11/20 07:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2010/11/20 07:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\drivers\nvstor.sys [2010/11/20 07:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010/11/20 07:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010/11/20 07:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010/11/20 07:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: SERVICES.EXE > [2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe [2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe < MD5 for: THEMEUI.DLL > [2010/11/20 07:21:30 | 002,755,072 | ---- | M] (Microsoft Corporation) MD5=5992A9DF57FD5E6960FDCC2DB69867F7 -- C:\Windows\System32\themeui.dll [2010/11/20 07:21:30 | 002,755,072 | ---- | M] (Microsoft Corporation) MD5=5992A9DF57FD5E6960FDCC2DB69867F7 -- C:\Windows\winsxs\x86_microsoft-windows-themeui_31bf3856ad364e35_6.1.7601.17514_none_8706005e79c34246\themeui.dll [2009/07/13 20:16:16 | 002,755,072 | ---- | M] (Microsoft Corporation) MD5=BA25800813148F910A600B6DE1F78B2B -- C:\Windows\winsxs\x86_microsoft-windows-themeui_31bf3856ad364e35_6.1.7600.16385_none_84d4ec967cd4beac\themeui.dll < MD5 for: USERINIT.EXE > [2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < c:|services;true;true;true; /FP > [2009/07/27 10:16:05 | 000,000,000 | ---D | M] -- c:\dell\DBRM\osmedia\sources\dlmanifests\microsoft-activedirectory-webservices-dl [2009/07/27 10:16:07 | 000,000,000 | ---D | M] -- c:\dell\DBRM\osmedia\sources\dlmanifests\microsoft-windows-directoryservices-adam-dl [2009/07/27 10:16:21 | 000,000,000 | ---D | M] -- c:\dell\DBRM\osmedia\sources\dlmanifests\microsoft-windows-terminalservices-licenseserver [2009/07/27 10:16:22 | 000,000,000 | ---D | M] -- c:\dell\DBRM\osmedia\sources\dlmanifests\microsoft-windows-textservicesframework-migration-dl [2009/07/27 10:37:02 | 000,000,000 | ---D | M] -- c:\dell\DBRM\osmedia\sources\replacementmanifests\microsoft-activedirectory-webservices [2009/07/27 10:37:03 | 000,000,000 | ---D | M] -- c:\dell\DBRM\osmedia\sources\replacementmanifests\microsoft-windows-terminalservices-appserver-licensing [2009/07/27 10:37:03 | 000,000,000 | ---D | M] -- c:\dell\DBRM\osmedia\sources\replacementmanifests\microsoft-windows-terminalservices-licenseserver [2011/02/24 10:50:34 | 000,000,000 | ---D | M] -- c:\Program Files\Adobe\Acrobat 10.0\Acrobat\HostedServicesTemplates [2011/02/24 10:50:34 | 000,000,000 | ---D | M] -- c:\Program Files\Adobe\Acrobat 10.0\Acrobat\HostedServicesTemplates\DEU [2011/02/24 10:50:34 | 000,000,000 | ---D | M] -- c:\Program Files\Adobe\Acrobat 10.0\Acrobat\HostedServicesTemplates\ENU [2011/02/24 10:50:34 | 000,000,000 | ---D | M] -- c:\Program Files\Adobe\Acrobat 10.0\Acrobat\HostedServicesTemplates\FRA [2012/03/02 10:12:45 | 000,000,000 | ---D | M] -- c:\Program Files\Adobe\Acrobat 10.0\Acrobat\Services [2012/03/02 10:12:49 | 000,000,000 | ---D | M] -- c:\Program Files\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\Services [2012/03/02 10:12:49 | 000,000,000 | ---D | M] -- c:\Program Files\Adobe\Acrobat 10.0\Acrobat\Locale\fr_FR\Services [2012/08/20 08:17:54 | 000,000,000 | ---D | M] -- c:\Program Files\Adobe\Reader 10.0\Reader\Services [2009/07/13 21:37:05 | 000,000,000 | ---D | M] -- c:\Program Files\Common Files\Services [2010/02/03 15:27:39 | 000,000,000 | ---D | M] -- c:\Program Files\Microsoft Office\OFFICE11\1033\DataServices [2010/05/04 14:12:26 | 000,000,000 | ---D | M] -- c:\Users\MJ\AppData\LocalLow\Microsoft\Internet Explorer\Services [2009/07/13 21:37:06 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_32\System.EnterpriseServices [2011/04/06 09:11:18 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a [2009/07/13 23:52:33 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_MSIL\System.Data.Services [2011/04/06 09:11:17 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089 [2009/07/13 23:52:33 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_MSIL\System.Data.Services.Client [2011/04/06 09:11:17 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089 [2009/07/13 23:52:33 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_MSIL\System.Data.Services.Design [2011/04/06 09:11:17 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089 [2009/07/13 21:37:06 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_MSIL\System.DirectoryServices [2011/04/06 09:11:17 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a [2009/07/13 23:52:33 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement [2011/04/06 09:11:17 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089 [2009/07/13 21:37:06 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols [2009/07/13 21:37:06 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a [2009/07/13 21:37:06 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_MSIL\System.Web.Services [2011/04/06 09:11:18 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a [2009/07/13 23:52:33 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_MSIL\System.WorkflowServices [2011/04/06 09:11:18 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35 [2012/02/22 11:15:31 | 000,000,000 | ---D | M] -- c:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services [2012/02/22 11:15:31 | 000,000,000 | ---D | M] -- c:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\47c2a93f42a371ac1b3756d098ac18a5 [2012/02/16 11:43:22 | 000,000,000 | ---D | M] -- c:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services [2012/02/16 11:43:22 | 000,000,000 | ---D | M] -- c:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\a595aa31f93ed043fd02ec9d8ff40b32 [2012/02/22 17:12:12 | 000,000,000 | ---D | M] -- c:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Services [2012/02/22 17:12:12 | 000,000,000 | ---D | M] -- c:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Services\546dc84f7a98dd07602ebe6dca6fda7f [2012/02/22 11:16:49 | 000,000,000 | ---D | M] -- c:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services [2012/02/22 11:16:49 | 000,000,000 | ---D | M] -- c:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\b6139cfbdbdc57c3ff421204292f4041 [2012/02/16 10:48:28 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices [2012/02/16 10:48:28 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a [2012/02/16 10:50:04 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services [2012/02/16 10:50:04 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services\v4.0_4.0.0.0__b77a5c561934e089 [2012/02/16 10:48:36 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client [2012/02/16 10:48:36 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089 [2012/02/16 10:50:04 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Design [2012/02/16 10:50:04 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Design\v4.0_4.0.0.0__b77a5c561934e089 [2012/02/16 10:48:32 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices [2012/02/16 10:48:32 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a [2012/02/16 10:48:32 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement [2012/02/16 10:48:32 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089 [2012/02/16 10:48:33 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols [2012/02/16 10:48:33 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a [2012/02/16 10:48:36 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices [2012/02/16 10:48:36 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35 [2012/02/16 10:48:41 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services [2012/02/16 10:48:40 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a [2012/02/16 10:50:11 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.WorkflowServices [2012/02/16 10:50:11 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.WorkflowServices\v4.0_4.0.0.0__31bf3856ad364e35 [2012/09/07 10:27:55 | 000,000,000 | ---D | M] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RLG2APYJ\media.mtvnservices.com [2012/08/08 09:13:05 | 000,000,000 | ---D | M] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RLG2APYJ\media.mtvnservices.com\player [2012/08/08 09:13:05 | 000,000,000 | ---D | M] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#media.mtvnservices.com [2009/07/13 23:52:31 | 000,000,000 | ---D | M] -- C:\Windows\System32\migwiz\dlmanifests\Microsoft-ActiveDirectory-WebServices-DL [2009/07/13 23:52:31 | 000,000,000 | ---D | M] -- C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-DirectoryServices-ADAM-DL [2009/07/13 23:52:31 | 000,000,000 | ---D | M] -- C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL [2009/07/13 23:52:31 | 000,000,000 | ---D | M] -- C:\Windows\System32\migwiz\replacementmanifests\microsoft-activedirectory-webservices [2009/07/13 23:52:31 | 000,000,000 | ---D | M] -- C:\Windows\System32\migwiz\replacementmanifests\Microsoft-Windows-TerminalServices-AppServer-Licensing [2009/07/13 23:52:31 | 000,000,000 | ---D | M] -- C:\Windows\System32\migwiz\replacementmanifests\Microsoft-Windows-TerminalServices-LicenseServer [2009/07/13 23:41:15 | 000,000,000 | ---D | M] -- C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client [2009/07/13 23:41:10 | 000,000,000 | ---D | M] -- C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient [2009/07/13 23:41:29 | 000,000,000 | ---D | M] -- C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework [2009/07/13 23:49:56 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\msil_system.data.services.client_b77a5c561934e089_6.1.7600.16385_none_ef59273eec19d069 [2011/04/06 09:02:42 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\msil_system.data.services.client_b77a5c561934e089_6.1.7601.17514_none_f18a3b06e9085403 [2009/07/13 23:49:56 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\msil_system.data.services.design_b77a5c561934e089_6.1.7600.16385_none_1b0f635f58dfc09e [2011/04/06 09:02:42 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\msil_system.data.services.design_b77a5c561934e089_6.1.7601.17514_none_1d40772755ce4438 [2009/07/13 23:49:56 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\msil_system.data.services_b77a5c561934e089_6.1.7600.16385_none_fdadd025d6080082 [2011/04/06 09:02:42 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\msil_system.data.services_b77a5c561934e089_6.1.7601.17514_none_ffdee3edd2f6841c [2009/07/13 21:37:25 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\msil_system.directoryservices.protocols_b03f5f7f11d50a3a_6.1.7600.16385_none_83a19ecc10aa89e7 [2009/07/13 21:37:25 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\msil_system.directoryservices_b03f5f7f11d50a3a_6.1.7600.16385_none_2b25936fedbeb29c [2011/04/06 09:02:02 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\msil_system.directoryservices_b03f5f7f11d50a3a_6.1.7601.17514_none_2afaa0f3ee15f952 [2009/07/13 21:37:25 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\msil_system.web.services_b03f5f7f11d50a3a_6.1.7600.16385_none_c74cebec6e652ac7 [2011/04/06 09:01:49 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\msil_system.web.services_b03f5f7f11d50a3a_6.1.7601.17514_none_c721f9706ebc717d [2009/07/13 23:49:56 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\msil_system.workflowservices_31bf3856ad364e35_6.1.7600.16385_none_e3c597b829f3bac9 [2011/04/06 09:02:42 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\msil_system.workflowservices_31bf3856ad364e35_6.1.7601.17514_none_e5f6ab8026e23e63 [2009/07/13 21:37:25 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-commonlogservicesapi_31bf3856ad364e35_6.1.7600.16385_none_6e8b7c84e12ac48e [2009/07/13 21:37:25 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-d..oryservices-ntdsapi_31bf3856ad364e35_6.1.7600.16385_none_ceb39c895289e648 [2009/07/13 21:37:25 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-d..services-sam-netapi_31bf3856ad364e35_6.1.7600.16385_none_869896ad277eaa53 [2011/04/06 09:01:35 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-d..services-sam-netapi_31bf3856ad364e35_6.1.7601.17514_none_88c9aa75246d2ded [2009/07/13 21:37:25 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-d..t-services-unattend_31bf3856ad364e35_6.1.7600.16385_none_c8f1afea060b932f [2009/07/13 21:37:25 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.1.7600.16385_none_b1c4af81024823d5 [2011/04/06 09:02:13 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.1.7601.17514_none_b3f5c348ff36a76f [2009/07/13 23:49:41 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-ehome-services-ehrecvr_31bf3856ad364e35_6.1.7600.16385_none_bd3fd42782f1ef9a [2010/06/24 03:00:46 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-ehome-services-ehrecvr_31bf3856ad364e35_6.1.7600.16590_none_bd30069582fe8726 [2010/11/15 10:37:39 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-ehome-services-ehrecvr_31bf3856ad364e35_6.1.7600.16648_none_bd6e1a6782cec350 [2010/06/24 03:00:46 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-ehome-services-ehrecvr_31bf3856ad364e35_6.1.7600.20710_none_be1024a69bdb448f [2010/11/15 10:37:39 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-ehome-services-ehrecvr_31bf3856ad364e35_6.1.7600.20771_none_bdd045689c0b058c [2011/04/06 09:02:25 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-ehome-services-ehrecvr_31bf3856ad364e35_6.1.7601.17514_none_bf70e7ef7fe07334 [2009/07/13 23:49:41 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-ehome-services-ehsched_31bf3856ad364e35_6.1.7600.16385_none_a54954fd9d61ab4b [2009/07/13 23:49:53 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-live-services_31bf3856ad364e35_6.1.7600.16385_none_d581da42ed22b22e [2009/07/13 21:37:29 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54 [2009/07/13 21:37:29 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356 [2009/07/13 21:37:30 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-t..alservices-lsmproxy_31bf3856ad364e35_6.1.7600.16385_none_0b628b5e2cb0f0d2 [2011/04/06 09:01:35 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-t..alservices-lsmproxy_31bf3856ad364e35_6.1.7601.17514_none_0d939f26299f746c [2009/07/13 21:37:30 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-t..alservices-webproxy_31bf3856ad364e35_6.1.7600.16385_none_314e00fcb9a31524 [2009/07/13 23:49:41 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-t..andinkinputservices_31bf3856ad364e35_6.1.7600.16385_none_1c8380f77a665893 [2009/07/13 21:37:30 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-t..inalservices-drprov_31bf3856ad364e35_6.1.7600.16385_none_cdaf1d9e7a96897f [2009/07/13 21:37:30 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-t..lservices-workspace_31bf3856ad364e35_6.1.7600.16385_none_d0c5568dbb725fc3 [2011/04/06 09:02:01 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-t..lservices-workspace_31bf3856ad364e35_6.1.7601.17514_none_d2f66a55b860e35d [2009/07/13 21:37:30 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.1.7600.16385_none_4db2a3b8826b256f [2011/03/25 08:37:55 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.1.7600.16722_none_4df089fa823d2660 [2011/03/25 08:37:55 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.1.7600.20861_none_4e4de6cb9b7c1c97 [2011/04/06 09:01:49 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.1.7601.17514_none_4fe3b7807f59a909 [2009/07/13 21:37:30 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-t..nalservices-drivers_31bf3856ad364e35_6.1.7600.16385_none_51266e6957cddf7f [2011/04/06 09:01:36 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-t..nalservices-drivers_31bf3856ad364e35_6.1.7601.17514_none_5357823154bc6319 [2009/07/13 21:37:30 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-t..nalservices-runtime_31bf3856ad364e35_6.1.7600.16385_none_dcb645882d547b6c [2011/04/06 09:01:35 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-t..nalservices-runtime_31bf3856ad364e35_6.1.7601.17514_none_dee759502a42ff06 [2009/07/13 21:37:30 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-t..nalservices-sysprep_31bf3856ad364e35_6.1.7600.16385_none_316fec74a99530ea [2009/07/13 21:37:30 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-t..nalservices-utildll_31bf3856ad364e35_6.1.7600.16385_none_11544008f2925cb8 [2011/04/06 09:02:02 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-t..nalservices-utildll_31bf3856ad364e35_6.1.7601.17514_none_138553d0ef80e052 [2009/07/13 21:37:30 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-t..services-publicapis_31bf3856ad364e35_6.1.7600.16385_none_c707418127a8d18c [2011/04/06 09:01:35 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-t..services-publicapis_31bf3856ad364e35_6.1.7601.17514_none_c938554924975526 [2009/07/13 21:37:30 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-t..services-remotepage_31bf3856ad364e35_6.1.7600.16385_none_04cce7d70ecd1ba7 [2011/04/06 09:01:22 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-t..services-remotepage_31bf3856ad364e35_6.1.7601.17514_none_06fdfb9f0bbb9f41 [2009/07/13 23:56:31 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-t..tservices.resources_31bf3856ad364e35_6.1.7600.16385_en-us_113848e0a990a9e4 [2009/07/13 23:50:00 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-terminalservices-rdpdr_31bf3856ad364e35_6.1.7600.16385_none_011065d1aa5ad954 [2011/04/06 09:02:46 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-terminalservices-rdpdr_31bf3856ad364e35_6.1.7601.17514_none_03417999a7495cee [2009/07/13 21:37:30 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-terminalservices-theme_31bf3856ad364e35_6.1.7600.16385_none_d5bc65ffdc22ec35 [2009/07/13 23:56:26 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-w..eservices.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d92dea821b79a3bd [2009/07/13 23:49:49 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.1.7600.16385_none_326a913514a6f178 [2011/04/06 09:02:41 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.1.7601.17514_none_349ba4fd11957512 [2009/07/13 23:56:14 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-webservices.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0e8d75c5d7938376 [2009/07/13 21:37:30 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-webservices_31bf3856ad364e35_6.1.7600.16385_none_0e52ae5c9005d543 [2011/04/06 09:01:49 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-webservices_31bf3856ad364e35_6.1.7601.17514_none_1083c2248cf458dd [2009/07/13 23:49:56 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_netfx35cdf-system.workflowservices_31bf3856ad364e35_6.1.7600.16385_none_67bcc28149ee1baf [2011/04/06 09:02:42 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_netfx35cdf-system.workflowservices_31bf3856ad364e35_6.1.7601.17514_none_69edd64946dc9f49 [2009/07/13 23:49:56 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_netfx35linq-system.data.services.client_31bf3856ad364e35_6.1.7600.16385_none_cdf05c9ca29b39cc [2011/04/06 09:02:42 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_netfx35linq-system.data.services.client_31bf3856ad364e35_6.1.7601.17514_none_d02170649f89bd66 [2009/07/13 23:49:56 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_netfx35linq-system.data.services.design_31bf3856ad364e35_6.1.7600.16385_none_f9a698bd0f612a01 [2011/04/06 09:02:41 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_netfx35linq-system.data.services.design_31bf3856ad364e35_6.1.7601.17514_none_fbd7ac850c4fad9b [2009/07/13 23:49:56 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_netfx35linq-system.data.services_31bf3856ad364e35_6.1.7600.16385_none_ef308440251eb997 [2011/04/06 09:02:41 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_netfx35linq-system.data.services_31bf3856ad364e35_6.1.7601.17514_none_f1619808220d3d31 [2009/07/13 21:37:31 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_netfx-sys_enterpriseservices_tlb_b03f5f7f11d50a3a_6.1.7600.16385_none_f0513a301e5d7705 [2009/07/13 21:37:32 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_system.enterpriseservices_b03f5f7f11d50a3a_6.1.7600.16385_none_aa2ded886a639c17 [2011/04/06 09:01:49 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_system.enterpriseservices_b03f5f7f11d50a3a_6.1.7601.17514_none_aa02fb0c6abae2cd < %USERPROFILE%\..|smtmp;true;true;true /FP > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report >
  6. All right, I have 7 reports that have been generated from all the various programs. I think you've asked for 5 or 6 of them. RKILL Rkill 2.3.11 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2012 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingc...opic308364.html Program started at: 09/10/2012 11:46:07 AM in x86 mode. Windows Version: Windows 7 Professional Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * Windows Defender Disabled [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware" = dword:00000001 Checking Windows Service Integrity: * Windows Defender (WinDefend) is not Running. Startup Type set to: Manual Searching for Missing Digital Signatures: * No issues found. Program finished at: 09/10/2012 11:46:22 AM Execution time: 0 hours(s), 0 minute(s), and 15 seconds(s) ASWMBR aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-09-10 11:59:28 ----------------------------- 11:59:28.110 OS Version: Windows 6.1.7601 Service Pack 1 11:59:28.110 Number of processors: 2 586 0x170A 11:59:28.110 ComputerName: MJ-PC UserName: MJ 11:59:29.030 Initialize success 11:59:46.748 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 11:59:46.748 Disk 0 Vendor: WDC_WD25 02.0 Size: 238418MB BusType: 3 11:59:46.748 Disk 0 MBR read successfully 11:59:46.748 Disk 0 MBR scan 11:59:46.763 Disk 0 Windows VISTA default MBR code 11:59:46.763 Disk 0 MBR hidden 11:59:46.763 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63 11:59:46.794 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 8118 MB offset 81920 11:59:46.794 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 230259 MB offset 16707584 11:59:46.810 Disk 0 scanning sectors +488278016 11:59:46.904 Disk 0 scanning C:\Windows\system32\drivers 11:59:54.501 Service scanning 12:00:19.461 Modules scanning 12:00:28.181 Scan finished successfully 12:00:45.139 Disk 0 MBR has been saved successfully to "C:\Users\MJ\Desktop\MBR.dat" 12:00:45.139 The log file has been saved successfully to "C:\Users\MJ\Desktop\aswMBR.txt" TDSSKILLER 12:01:58.0728 2916 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48 12:02:00.0756 2916 ============================================================ 12:02:00.0756 2916 Current date / time: 2012/09/10 12:02:00.0756 12:02:00.0756 2916 SystemInfo: 12:02:00.0756 2916 12:02:00.0756 2916 OS Version: 6.1.7601 ServicePack: 1.0 12:02:00.0756 2916 Product type: Workstation 12:02:00.0756 2916 ComputerName: MJ-PC 12:02:00.0756 2916 UserName: MJ 12:02:00.0756 2916 Windows directory: C:\Windows 12:02:00.0756 2916 System windows directory: C:\Windows 12:02:00.0756 2916 Processor architecture: Intel x86 12:02:00.0756 2916 Number of processors: 2 12:02:00.0756 2916 Page size: 0x1000 12:02:00.0756 2916 Boot type: Normal boot 12:02:00.0756 2916 ============================================================ 12:02:01.0489 2916 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 12:02:01.0489 2916 ============================================================ 12:02:01.0489 2916 \Device\Harddisk0\DR0: 12:02:01.0489 2916 MBR partitions: 12:02:01.0489 2916 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0xFDB000 12:02:01.0489 2916 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xFEF000, BlocksNum 0x1C1B9800 12:02:01.0489 2916 ============================================================ 12:02:01.0536 2916 C: <-> \Device\Harddisk0\DR0\Partition2 12:02:01.0536 2916 ============================================================ 12:02:01.0536 2916 Initialize success 12:02:01.0536 2916 ============================================================ 12:02:07.0979 1280 ============================================================ 12:02:07.0979 1280 Scan started 12:02:07.0979 1280 Mode: Manual; 12:02:07.0979 1280 ============================================================ 12:02:09.0164 1280 ================ Scan system memory ======================== 12:02:09.0164 1280 System memory - ok 12:02:09.0164 1280 ================ Scan services ============================= 12:02:09.0429 1280 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 12:02:09.0429 1280 1394ohci - ok 12:02:09.0585 1280 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys 12:02:09.0585 1280 ACPI - ok 12:02:09.0632 1280 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 12:02:09.0632 1280 AcpiPmi - ok 12:02:09.0897 1280 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 12:02:09.0897 1280 AdobeARMservice - ok 12:02:10.0007 1280 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 12:02:10.0022 1280 adp94xx - ok 12:02:10.0053 1280 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 12:02:10.0053 1280 adpahci - ok 12:02:10.0069 1280 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 12:02:10.0069 1280 adpu320 - ok 12:02:10.0116 1280 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 12:02:10.0116 1280 AeLookupSvc - ok 12:02:10.0147 1280 [ 7A841462AD4749F8A07B27AE8E8947B8 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe 12:02:10.0147 1280 AERTFilters - ok 12:02:10.0194 1280 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys 12:02:10.0209 1280 AFD - ok 12:02:10.0256 1280 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys 12:02:10.0256 1280 agp440 - ok 12:02:10.0287 1280 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys 12:02:10.0287 1280 aic78xx - ok 12:02:10.0350 1280 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe 12:02:10.0350 1280 ALG - ok 12:02:10.0412 1280 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys 12:02:10.0412 1280 aliide - ok 12:02:10.0553 1280 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys 12:02:10.0553 1280 amdagp - ok 12:02:10.0599 1280 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys 12:02:10.0599 1280 amdide - ok 12:02:10.0631 1280 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 12:02:10.0646 1280 AmdK8 - ok 12:02:10.0662 1280 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 12:02:10.0677 1280 AmdPPM - ok 12:02:10.0740 1280 [ E7F4D42D8076EC60E21715CD11743A0D ] amdsata C:\Windows\system32\drivers\amdsata.sys 12:02:10.0740 1280 amdsata - ok 12:02:10.0755 1280 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 12:02:10.0755 1280 amdsbs - ok 12:02:10.0802 1280 [ 146459D2B08BFDCBFA856D9947043C81 ] amdxata C:\Windows\system32\drivers\amdxata.sys 12:02:10.0802 1280 amdxata - ok 12:02:10.0849 1280 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys 12:02:10.0865 1280 AppID - ok 12:02:10.0896 1280 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll 12:02:10.0896 1280 AppIDSvc - ok 12:02:10.0958 1280 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll 12:02:10.0958 1280 Appinfo - ok 12:02:11.0036 1280 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll 12:02:11.0036 1280 AppMgmt - ok 12:02:11.0067 1280 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys 12:02:11.0067 1280 arc - ok 12:02:11.0083 1280 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 12:02:11.0083 1280 arcsas - ok 12:02:11.0208 1280 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 12:02:11.0691 1280 aspnet_state - ok 12:02:11.0723 1280 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 12:02:11.0738 1280 AsyncMac - ok 12:02:11.0801 1280 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys 12:02:11.0801 1280 atapi - ok 12:02:11.0879 1280 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 12:02:11.0879 1280 AudioEndpointBuilder - ok 12:02:11.0894 1280 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll 12:02:11.0894 1280 Audiosrv - ok 12:02:12.0019 1280 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll 12:02:12.0019 1280 AxInstSV - ok 12:02:12.0081 1280 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys 12:02:12.0081 1280 b06bdrv - ok 12:02:12.0097 1280 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys 12:02:12.0113 1280 b57nd60x - ok 12:02:12.0144 1280 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll 12:02:12.0144 1280 BDESVC - ok 12:02:12.0284 1280 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys 12:02:12.0284 1280 Beep - ok 12:02:12.0393 1280 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll 12:02:12.0409 1280 BFE - ok 12:02:12.0768 1280 [ C364F02969E9A842321DD91BCFF749D4 ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120905.001\BHDrvx86.sys 12:02:12.0799 1280 BHDrvx86 - ok 12:02:12.0861 1280 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll 12:02:12.0924 1280 BITS - ok 12:02:12.0939 1280 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 12:02:12.0939 1280 blbdrive - ok 12:02:12.0986 1280 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 12:02:12.0986 1280 bowser - ok 12:02:13.0002 1280 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 12:02:13.0002 1280 BrFiltLo - ok 12:02:13.0033 1280 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 12:02:13.0033 1280 BrFiltUp - ok 12:02:13.0064 1280 [ 6E11F33D14D020F58D5E02E4D67DFA19 ] Browser C:\Windows\System32\browser.dll 12:02:13.0064 1280 Browser - ok 12:02:13.0111 1280 [ 9F80879913DC2712FD0C4D734E3F519B ] BrSerIb C:\Windows\system32\DRIVERS\BrSerIb.sys 12:02:13.0111 1280 BrSerIb - ok 12:02:13.0142 1280 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys 12:02:13.0142 1280 Brserid - ok 12:02:13.0158 1280 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 12:02:13.0158 1280 BrSerWdm - ok 12:02:13.0158 1280 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 12:02:13.0158 1280 BrUsbMdm - ok 12:02:13.0173 1280 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 12:02:13.0173 1280 BrUsbSer - ok 12:02:13.0205 1280 [ B67512DA42C0C90BF236D5485226C1C7 ] BrUsbSIb C:\Windows\system32\DRIVERS\BrUsbSIb.sys 12:02:13.0205 1280 BrUsbSIb - ok 12:02:13.0236 1280 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc C:\Program Files\Browny02\BrYNSvc.exe 12:02:13.0236 1280 BrYNSvc - ok 12:02:13.0251 1280 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 12:02:13.0251 1280 BTHMODEM - ok 12:02:13.0283 1280 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll 12:02:13.0283 1280 bthserv - ok 12:02:13.0439 1280 [ 442745BF42053A779AB514C5746DF11B ] CarboniteService C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe 12:02:13.0532 1280 CarboniteService - ok 12:02:13.0641 1280 [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_NIS C:\Windows\system32\drivers\NIS\1308000.00E\ccSetx86.sys 12:02:13.0641 1280 ccSet_NIS - ok 12:02:13.0657 1280 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 12:02:13.0657 1280 cdfs - ok 12:02:13.0704 1280 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys 12:02:13.0719 1280 cdrom - ok 12:02:13.0751 1280 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll 12:02:13.0751 1280 CertPropSvc - ok 12:02:13.0782 1280 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys 12:02:13.0782 1280 circlass - ok 12:02:13.0813 1280 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys 12:02:13.0813 1280 CLFS - ok 12:02:13.0860 1280 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 12:02:13.0860 1280 clr_optimization_v2.0.50727_32 - ok 12:02:13.0907 1280 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 12:02:14.0031 1280 clr_optimization_v4.0.30319_32 - ok 12:02:14.0078 1280 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 12:02:14.0078 1280 CmBatt - ok 12:02:14.0094 1280 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys 12:02:14.0094 1280 cmdide - ok 12:02:14.0125 1280 [ 6427525D76F61D0C519B008D3680E8E7 ] CNG C:\Windows\system32\Drivers\cng.sys 12:02:14.0125 1280 CNG - ok 12:02:14.0141 1280 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 12:02:14.0141 1280 Compbatt - ok 12:02:14.0187 1280 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 12:02:14.0187 1280 CompositeBus - ok 12:02:14.0187 1280 COMSysApp - ok 12:02:14.0203 1280 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 12:02:14.0203 1280 crcdisk - ok 12:02:14.0250 1280 [ A585BEBF7D054BD9618EDA0922D5484A ] CryptSvc C:\Windows\system32\cryptsvc.dll 12:02:14.0250 1280 CryptSvc - ok 12:02:14.0297 1280 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys 12:02:14.0297 1280 CSC - ok 12:02:14.0328 1280 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll 12:02:14.0343 1280 CscService - ok 12:02:14.0359 1280 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll 12:02:14.0375 1280 DcomLaunch - ok 12:02:14.0390 1280 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll 12:02:14.0406 1280 defragsvc - ok 12:02:14.0437 1280 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 12:02:14.0437 1280 DfsC - ok 12:02:14.0484 1280 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll 12:02:14.0484 1280 Dhcp - ok 12:02:14.0499 1280 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys 12:02:14.0499 1280 discache - ok 12:02:14.0515 1280 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys 12:02:14.0531 1280 Disk - ok 12:02:14.0562 1280 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll 12:02:14.0562 1280 Dnscache - ok 12:02:14.0593 1280 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll 12:02:14.0593 1280 dot3svc - ok 12:02:14.0655 1280 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll 12:02:14.0655 1280 DPS - ok 12:02:14.0687 1280 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 12:02:14.0687 1280 drmkaud - ok 12:02:14.0718 1280 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 12:02:14.0733 1280 DXGKrnl - ok 12:02:14.0765 1280 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll 12:02:14.0765 1280 EapHost - ok 12:02:14.0843 1280 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys 12:02:14.0905 1280 ebdrv - ok 12:02:14.0967 1280 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 12:02:14.0967 1280 eeCtrl - ok 12:02:14.0999 1280 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe 12:02:14.0999 1280 EFS - ok 12:02:15.0045 1280 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 12:02:15.0061 1280 ehRecvr - ok 12:02:15.0092 1280 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe 12:02:15.0092 1280 ehSched - ok 12:02:15.0139 1280 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 12:02:15.0155 1280 elxstor - ok 12:02:15.0186 1280 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 12:02:15.0201 1280 EraserUtilRebootDrv - ok 12:02:15.0233 1280 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys 12:02:15.0233 1280 ErrDev - ok 12:02:15.0264 1280 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll 12:02:15.0264 1280 EventSystem - ok 12:02:15.0279 1280 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys 12:02:15.0279 1280 exfat - ok 12:02:15.0295 1280 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys 12:02:15.0295 1280 fastfat - ok 12:02:15.0342 1280 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe 12:02:15.0357 1280 Fax - ok 12:02:15.0373 1280 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys 12:02:15.0373 1280 fdc - ok 12:02:15.0389 1280 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll 12:02:15.0404 1280 fdPHost - ok 12:02:15.0404 1280 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll 12:02:15.0404 1280 FDResPub - ok 12:02:15.0420 1280 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 12:02:15.0420 1280 FileInfo - ok 12:02:15.0435 1280 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 12:02:15.0435 1280 Filetrace - ok 12:02:15.0451 1280 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 12:02:15.0451 1280 flpydisk - ok 12:02:15.0467 1280 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 12:02:15.0467 1280 FltMgr - ok 12:02:15.0513 1280 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll 12:02:15.0529 1280 FontCache - ok 12:02:15.0576 1280 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 12:02:15.0576 1280 FontCache3.0.0.0 - ok 12:02:15.0576 1280 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 12:02:15.0576 1280 FsDepends - ok 12:02:15.0607 1280 [ A574B4360E438977038AAE4BF60D79A2 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 12:02:15.0607 1280 Fs_Rec - ok 12:02:15.0638 1280 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 12:02:15.0638 1280 fvevol - ok 12:02:15.0685 1280 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 12:02:15.0685 1280 gagp30kx - ok 12:02:15.0747 1280 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll 12:02:15.0763 1280 gpsvc - ok 12:02:15.0903 1280 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 12:02:15.0903 1280 gupdate - ok 12:02:15.0919 1280 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 12:02:15.0919 1280 gupdatem - ok 12:02:15.0950 1280 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 12:02:15.0950 1280 hcw85cir - ok 12:02:15.0997 1280 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 12:02:16.0013 1280 HDAudBus - ok 12:02:16.0028 1280 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 12:02:16.0028 1280 HidBatt - ok 12:02:16.0044 1280 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 12:02:16.0044 1280 HidBth - ok 12:02:16.0059 1280 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 12:02:16.0059 1280 HidIr - ok 12:02:16.0091 1280 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll 12:02:16.0091 1280 hidserv - ok 12:02:16.0137 1280 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys 12:02:16.0137 1280 HidUsb - ok 12:02:16.0200 1280 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll 12:02:16.0200 1280 hkmsvc - ok 12:02:16.0247 1280 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 12:02:16.0247 1280 HomeGroupListener - ok 12:02:16.0309 1280 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 12:02:16.0309 1280 HomeGroupProvider - ok 12:02:16.0340 1280 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 12:02:16.0340 1280 HpSAMD - ok 12:02:16.0387 1280 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys 12:02:16.0387 1280 HTTP - ok 12:02:16.0418 1280 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 12:02:16.0418 1280 hwpolicy - ok 12:02:16.0465 1280 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 12:02:16.0465 1280 i8042prt - ok 12:02:16.0527 1280 [ 0E899D0DB39617AA0B2F992E7E95B5EB ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe 12:02:16.0543 1280 IAANTMON - ok 12:02:16.0574 1280 [ 01446278D4563B3013C92830AE6CBB26 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 12:02:16.0574 1280 iaStor - ok 12:02:16.0621 1280 [ A3CAE5D281DB4CFF7CFF8233507EE5AD ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 12:02:16.0621 1280 iaStorV - ok 12:02:16.0668 1280 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 12:02:16.0683 1280 idsvc - ok 12:02:16.0824 1280 [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120906.002\IDSvix86.sys 12:02:16.0824 1280 IDSVix86 - ok 12:02:17.0058 1280 [ 8266AE06DF974E5BA047B3E9E9E70B3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys 12:02:17.0229 1280 igfx - ok 12:02:17.0276 1280 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 12:02:17.0276 1280 iirsp - ok 12:02:17.0339 1280 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll 12:02:17.0370 1280 IKEEXT - ok 12:02:17.0448 1280 [ 8B27C21412AE4404EB0ACFE1D98579EC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys 12:02:17.0526 1280 IntcAzAudAddService - ok 12:02:17.0573 1280 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys 12:02:17.0573 1280 intelide - ok 12:02:17.0604 1280 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 12:02:17.0604 1280 intelppm - ok 12:02:17.0619 1280 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 12:02:17.0619 1280 IPBusEnum - ok 12:02:17.0666 1280 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 12:02:17.0682 1280 IpFilterDriver - ok 12:02:17.0713 1280 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 12:02:17.0713 1280 iphlpsvc - ok 12:02:17.0744 1280 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 12:02:17.0744 1280 IPMIDRV - ok 12:02:17.0760 1280 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys 12:02:17.0760 1280 IPNAT - ok 12:02:17.0791 1280 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys 12:02:17.0791 1280 IRENUM - ok 12:02:17.0807 1280 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys 12:02:17.0807 1280 isapnp - ok 12:02:17.0853 1280 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 12:02:17.0853 1280 iScsiPrt - ok 12:02:17.0869 1280 [ D7B5B5C5130B775EC7E32EDD780D737F ] JRAID C:\Windows\system32\DRIVERS\jraid.sys 12:02:17.0869 1280 JRAID - ok 12:02:17.0900 1280 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 12:02:17.0900 1280 kbdclass - ok 12:02:17.0947 1280 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 12:02:17.0947 1280 kbdhid - ok 12:02:17.0947 1280 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe 12:02:17.0963 1280 KeyIso - ok 12:02:17.0994 1280 [ F4647BB23DB9038A7536CF6B68F4207F ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 12:02:17.0994 1280 KSecDD - ok 12:02:18.0009 1280 [ E73CAE53BBB72BA26918492C6B4C229D ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 12:02:18.0009 1280 KSecPkg - ok 12:02:18.0025 1280 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll 12:02:18.0025 1280 KtmRm - ok 12:02:18.0072 1280 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll 12:02:18.0072 1280 LanmanServer - ok 12:02:18.0087 1280 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 12:02:18.0087 1280 LanmanWorkstation - ok 12:02:18.0119 1280 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 12:02:18.0134 1280 lltdio - ok 12:02:18.0150 1280 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll 12:02:18.0150 1280 lltdsvc - ok 12:02:18.0165 1280 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll 12:02:18.0165 1280 lmhosts - ok 12:02:18.0290 1280 [ 63DAF163D1617DD611BD0AB8E41A43E8 ] LMIGuardianSvc C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe 12:02:18.0290 1280 LMIGuardianSvc - ok 12:02:18.0337 1280 [ 4F69FAAABB7DB0D43E327C0B6AAB40FC ] LMIInfo C:\Program Files\LogMeIn\x86\RaInfo.sys 12:02:18.0337 1280 LMIInfo - ok 12:02:18.0446 1280 [ 175F50F37EEAA1D4D744BCCCBB7CF68C ] LMIMaint C:\Program Files\LogMeIn\x86\RaMaint.exe 12:02:18.0446 1280 LMIMaint - ok 12:02:18.0477 1280 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys 12:02:18.0477 1280 lmimirr - ok 12:02:18.0493 1280 LMIRfsClientNP - ok 12:02:18.0509 1280 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys 12:02:18.0509 1280 LMIRfsDriver - ok 12:02:18.0540 1280 [ 432618FA75B61059D2C57D6A7E55147A ] LogMeIn C:\Program Files\LogMeIn\x86\LogMeIn.exe 12:02:18.0540 1280 LogMeIn - ok 12:02:18.0571 1280 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 12:02:18.0571 1280 LSI_FC - ok 12:02:18.0587 1280 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 12:02:18.0587 1280 LSI_SAS - ok 12:02:18.0602 1280 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 12:02:18.0602 1280 LSI_SAS2 - ok 12:02:18.0618 1280 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 12:02:18.0618 1280 LSI_SCSI - ok 12:02:18.0633 1280 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys 12:02:18.0633 1280 luafv - ok 12:02:18.0680 1280 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 12:02:18.0680 1280 MBAMProtector - ok 12:02:18.0727 1280 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 12:02:18.0743 1280 MBAMService - ok 12:02:18.0774 1280 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 12:02:18.0774 1280 Mcx2Svc - ok 12:02:18.0789 1280 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 12:02:18.0805 1280 megasas - ok 12:02:18.0836 1280 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 12:02:18.0836 1280 MegaSR - ok 12:02:18.0852 1280 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll 12:02:18.0852 1280 MMCSS - ok 12:02:18.0867 1280 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys 12:02:18.0867 1280 Modem - ok 12:02:18.0899 1280 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 12:02:18.0899 1280 monitor - ok 12:02:18.0945 1280 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys 12:02:18.0945 1280 mouclass - ok 12:02:18.0977 1280 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 12:02:18.0977 1280 mouhid - ok 12:02:19.0008 1280 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 12:02:19.0008 1280 mountmgr - ok 12:02:19.0070 1280 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 12:02:19.0070 1280 MozillaMaintenance - ok 12:02:19.0117 1280 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys 12:02:19.0117 1280 mpio - ok 12:02:19.0133 1280 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 12:02:19.0133 1280 mpsdrv - ok 12:02:19.0164 1280 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll 12:02:19.0179 1280 MpsSvc - ok 12:02:19.0226 1280 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 12:02:19.0226 1280 MRxDAV - ok 12:02:19.0273 1280 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 12:02:19.0289 1280 mrxsmb - ok 12:02:19.0320 1280 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 12:02:19.0320 1280 mrxsmb10 - ok 12:02:19.0335 1280 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 12:02:19.0335 1280 mrxsmb20 - ok 12:02:19.0351 1280 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys 12:02:19.0351 1280 msahci - ok 12:02:19.0382 1280 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys 12:02:19.0382 1280 msdsm - ok 12:02:19.0398 1280 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe 12:02:19.0398 1280 MSDTC - ok 12:02:19.0429 1280 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys 12:02:19.0429 1280 Msfs - ok 12:02:19.0476 1280 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 12:02:19.0476 1280 mshidkmdf - ok 12:02:19.0507 1280 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 12:02:19.0507 1280 msisadrv - ok 12:02:19.0538 1280 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 12:02:19.0538 1280 MSiSCSI - ok 12:02:19.0538 1280 msiserver - ok 12:02:19.0585 1280 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 12:02:19.0585 1280 MSKSSRV - ok 12:02:19.0601 1280 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 12:02:19.0601 1280 MSPCLOCK - ok 12:02:19.0601 1280 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 12:02:19.0601 1280 MSPQM - ok 12:02:19.0647 1280 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 12:02:19.0663 1280 MsRPC - ok 12:02:19.0710 1280 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 12:02:19.0710 1280 mssmbios - ok 12:02:19.0741 1280 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 12:02:19.0741 1280 MSTEE - ok 12:02:19.0757 1280 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 12:02:19.0757 1280 MTConfig - ok 12:02:19.0772 1280 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys 12:02:19.0772 1280 Mup - ok 12:02:19.0803 1280 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll 12:02:19.0819 1280 napagent - ok 12:02:19.0850 1280 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 12:02:19.0850 1280 NativeWifiP - ok 12:02:19.0959 1280 [ FA0B7D801E71CE79B915BAE5A90DE224 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120906.002\NAVENG.SYS 12:02:19.0959 1280 NAVENG - ok 12:02:20.0022 1280 [ 80BB71A7D14CF14B54514A201BF5B985 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120906.002\NAVEX15.SYS 12:02:20.0100 1280 NAVEX15 - ok 12:02:20.0147 1280 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys 12:02:20.0162 1280 NDIS - ok 12:02:20.0193 1280 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 12:02:20.0193 1280 NdisCap - ok 12:02:20.0225 1280 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 12:02:20.0225 1280 NdisTapi - ok 12:02:20.0256 1280 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 12:02:20.0256 1280 Ndisuio - ok 12:02:20.0318 1280 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 12:02:20.0318 1280 NdisWan - ok 12:02:20.0318 1280 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 12:02:20.0318 1280 NDProxy - ok 12:02:20.0349 1280 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 12:02:20.0349 1280 NetBIOS - ok 12:02:20.0381 1280 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 12:02:20.0381 1280 NetBT - ok 12:02:20.0396 1280 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe 12:02:20.0396 1280 Netlogon - ok 12:02:20.0427 1280 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll 12:02:20.0427 1280 Netman - ok 12:02:20.0490 1280 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 12:02:20.0537 1280 NetMsmqActivator - ok 12:02:20.0552 1280 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 12:02:20.0552 1280 NetPipeActivator - ok 12:02:20.0615 1280 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll 12:02:20.0615 1280 netprofm - ok 12:02:20.0646 1280 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 12:02:20.0646 1280 NetTcpActivator - ok 12:02:20.0646 1280 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 12:02:20.0646 1280 NetTcpPortSharing - ok 12:02:20.0677 1280 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 12:02:20.0677 1280 nfrd960 - ok 12:02:20.0755 1280 [ F2840DBFE9322F35557219AE82CC4597 ] NIS C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe 12:02:20.0755 1280 NIS - ok 12:02:20.0786 1280 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll 12:02:20.0802 1280 NlaSvc - ok 12:02:20.0817 1280 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys 12:02:20.0817 1280 Npfs - ok 12:02:20.0833 1280 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll 12:02:20.0833 1280 nsi - ok 12:02:20.0849 1280 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 12:02:20.0849 1280 nsiproxy - ok 12:02:20.0911 1280 [ 33C3093D09017CFE2E219F2472BFF6EB ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 12:02:20.0942 1280 Ntfs - ok 12:02:20.0958 1280 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys 12:02:20.0958 1280 Null - ok 12:02:20.0989 1280 [ AF2EEC9580C1D32FB7EAF105D9784061 ] nvraid C:\Windows\system32\drivers\nvraid.sys 12:02:20.0989 1280 nvraid - ok 12:02:21.0020 1280 [ 9283C58EBAA2618F93482EB5DABCEC82 ] nvstor C:\Windows\system32\drivers\nvstor.sys 12:02:21.0020 1280 nvstor - ok 12:02:21.0051 1280 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 12:02:21.0051 1280 nv_agp - ok 12:02:21.0067 1280 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 12:02:21.0067 1280 ohci1394 - ok 12:02:21.0145 1280 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 12:02:21.0145 1280 ose - ok 12:02:21.0161 1280 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 12:02:21.0176 1280 p2pimsvc - ok 12:02:21.0192 1280 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll 12:02:21.0192 1280 p2psvc - ok 12:02:21.0207 1280 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys 12:02:21.0223 1280 Parport - ok 12:02:21.0223 1280 [ BF8F6AF06DA75B336F07E23AEF97D93B ] partmgr C:\Windows\system32\drivers\partmgr.sys 12:02:21.0223 1280 partmgr - ok 12:02:21.0239 1280 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys 12:02:21.0239 1280 Parvdm - ok 12:02:21.0270 1280 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll 12:02:21.0270 1280 PcaSvc - ok 12:02:21.0285 1280 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys 12:02:21.0285 1280 pci - ok 12:02:21.0332 1280 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys 12:02:21.0332 1280 pciide - ok 12:02:21.0379 1280 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 12:02:21.0379 1280 pcmcia - ok 12:02:21.0395 1280 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys 12:02:21.0395 1280 pcw - ok 12:02:21.0551 1280 [ C1C3BAF078BE5A14384A4BA2D730817D ] PDFProFiltSrvPP C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe 12:02:21.0644 1280 PDFProFiltSrvPP - ok 12:02:21.0691 1280 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys 12:02:21.0707 1280 PEAUTH - ok 12:02:21.0769 1280 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 12:02:21.0785 1280 PeerDistSvc - ok 12:02:21.0863 1280 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll 12:02:21.0894 1280 pla - ok 12:02:22.0003 1280 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll 12:02:22.0003 1280 PlugPlay - ok 12:02:22.0019 1280 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 12:02:22.0019 1280 PNRPAutoReg - ok 12:02:22.0034 1280 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 12:02:22.0050 1280 PNRPsvc - ok 12:02:22.0081 1280 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 12:02:22.0081 1280 PolicyAgent - ok 12:02:22.0143 1280 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll 12:02:22.0143 1280 Power - ok 12:02:22.0175 1280 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 12:02:22.0175 1280 PptpMiniport - ok 12:02:22.0221 1280 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys 12:02:22.0221 1280 Processor - ok 12:02:22.0331 1280 [ 43CA4CCC22D52FB58E8988F0198851D0 ] ProfSvc C:\Windows\system32\profsvc.dll 12:02:22.0331 1280 ProfSvc - ok 12:02:22.0362 1280 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe 12:02:22.0362 1280 ProtectedStorage - ok 12:02:22.0393 1280 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys 12:02:22.0393 1280 Psched - ok 12:02:22.0424 1280 [ 40FEDD328F98245AD201CF5F9F311724 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys 12:02:22.0424 1280 PxHelp20 - ok 12:02:22.0502 1280 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 12:02:22.0658 1280 ql2300 - ok 12:02:22.0845 1280 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 12:02:22.0845 1280 ql40xx - ok 12:02:22.0908 1280 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll 12:02:22.0908 1280 QWAVE - ok 12:02:22.0939 1280 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 12:02:22.0939 1280 QWAVEdrv - ok 12:02:22.0970 1280 [ 7F599E8BCC5EBC78FA711E9E55EEA40C ] RapidPortM1 C:\Windows\system32\Drivers\CAPM1LP.SYS 12:02:22.0970 1280 RapidPortM1 - ok 12:02:23.0079 1280 [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll 12:02:23.0079 1280 RapiMgr - ok 12:02:23.0079 1280 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 12:02:23.0095 1280 RasAcd - ok 12:02:23.0111 1280 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 12:02:23.0111 1280 RasAgileVpn - ok 12:02:23.0157 1280 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll 12:02:23.0173 1280 RasAuto - ok 12:02:23.0189 1280 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 12:02:23.0204 1280 Rasl2tp - ok 12:02:23.0235 1280 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll 12:02:23.0235 1280 RasMan - ok 12:02:23.0251 1280 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 12:02:23.0251 1280 RasPppoe - ok 12:02:23.0298 1280 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 12:02:23.0298 1280 RasSstp - ok 12:02:23.0345 1280 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 12:02:23.0345 1280 rdbss - ok 12:02:23.0360 1280 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 12:02:23.0376 1280 rdpbus - ok 12:02:23.0407 1280 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 12:02:23.0407 1280 RDPCDD - ok 12:02:23.0501 1280 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 12:02:23.0501 1280 RDPDR - ok 12:02:23.0563 1280 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 12:02:23.0563 1280 RDPENCDD - ok 12:02:23.0594 1280 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 12:02:23.0594 1280 RDPREFMP - ok 12:02:23.0672 1280 [ 288B06960D78428FF89E811632684E20 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 12:02:23.0672 1280 RDPWD - ok 12:02:23.0844 1280 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 12:02:23.0844 1280 rdyboost - ok 12:02:23.0875 1280 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll 12:02:23.0875 1280 RemoteAccess - ok 12:02:24.0093 1280 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll 12:02:24.0093 1280 RemoteRegistry - ok 12:02:24.0171 1280 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 12:02:24.0171 1280 RpcEptMapper - ok 12:02:24.0249 1280 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe 12:02:24.0249 1280 RpcLocator - ok 12:02:24.0327 1280 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll 12:02:24.0327 1280 RpcSs - ok 12:02:24.0421 1280 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 12:02:24.0421 1280 rspndr - ok 12:02:24.0546 1280 [ D5EDE44CA85899E0478208C8413C1C31 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys 12:02:24.0561 1280 RTL8167 - ok 12:02:24.0608 1280 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 12:02:24.0608 1280 s3cap - ok 12:02:24.0671 1280 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe 12:02:24.0671 1280 SamSs - ok 12:02:24.0780 1280 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 12:02:24.0780 1280 sbp2port - ok 12:02:24.0827 1280 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll 12:02:24.0827 1280 SCardSvr - ok 12:02:24.0842 1280 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 12:02:24.0842 1280 scfilter - ok 12:02:24.0889 1280 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll 12:02:24.0905 1280 Schedule - ok 12:02:24.0936 1280 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll 12:02:24.0936 1280 SCPolicySvc - ok 12:02:24.0998 1280 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll 12:02:24.0998 1280 SDRSVC - ok 12:02:25.0076 1280 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 12:02:25.0076 1280 secdrv - ok 12:02:25.0092 1280 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll 12:02:25.0107 1280 seclogon - ok 12:02:25.0139 1280 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll 12:02:25.0139 1280 SENS - ok 12:02:25.0154 1280 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll 12:02:25.0154 1280 SensrSvc - ok 12:02:25.0170 1280 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 12:02:25.0170 1280 Serenum - ok 12:02:25.0185 1280 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys 12:02:25.0185 1280 Serial - ok 12:02:25.0263 1280 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 12:02:25.0263 1280 sermouse - ok 12:02:25.0310 1280 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll 12:02:25.0310 1280 SessionEnv - ok 12:02:25.0341 1280 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 12:02:25.0341 1280 sffdisk - ok 12:02:25.0357 1280 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 12:02:25.0357 1280 sffp_mmc - ok 12:02:25.0373 1280 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 12:02:25.0373 1280 sffp_sd - ok 12:02:25.0388 1280 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 12:02:25.0388 1280 sfloppy - ok 12:02:25.0419 1280 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll 12:02:25.0419 1280 SharedAccess - ok 12:02:25.0451 1280 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 12:02:25.0451 1280 ShellHWDetection - ok 12:02:25.0482 1280 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys 12:02:25.0482 1280 sisagp - ok 12:02:25.0513 1280 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 12:02:25.0513 1280 SiSRaid2 - ok 12:02:25.0529 1280 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 12:02:25.0529 1280 SiSRaid4 - ok 12:02:25.0544 1280 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys 12:02:25.0560 1280 Smb - ok 12:02:25.0607 1280 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 12:02:25.0622 1280 SNMPTRAP - ok 12:02:25.0622 1280 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys 12:02:25.0638 1280 spldr - ok 12:02:25.0685 1280 [ 866A43013535DC8587C258E43579C764 ] Spooler C:\Windows\System32\spoolsv.exe 12:02:25.0685 1280 Spooler - ok 12:02:25.0778 1280 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe 12:02:25.0841 1280 sppsvc - ok 12:02:25.0887 1280 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll 12:02:25.0887 1280 sppuinotify - ok 12:02:25.0965 1280 [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP C:\Windows\System32\Drivers\NIS\1308000.00E\SRTSP.SYS 12:02:25.0965 1280 SRTSP - ok 12:02:26.0043 1280 [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX C:\Windows\system32\drivers\NIS\1308000.00E\SRTSPX.SYS 12:02:26.0043 1280 SRTSPX - ok 12:02:26.0090 1280 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys 12:02:26.0090 1280 srv - ok 12:02:26.0106 1280 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 12:02:26.0106 1280 srv2 - ok 12:02:26.0137 1280 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 12:02:26.0137 1280 srvnet - ok 12:02:26.0168 1280 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 12:02:26.0168 1280 SSDPSRV - ok 12:02:26.0184 1280 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll 12:02:26.0184 1280 SstpSvc - ok 12:02:26.0215 1280 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 12:02:26.0215 1280 stexstor - ok 12:02:26.0246 1280 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll 12:02:26.0262 1280 StiSvc - ok 12:02:26.0309 1280 [ E476C66713C842F58E61A95826ED1D57 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe 12:02:26.0309 1280 stllssvr - ok 12:02:26.0324 1280 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys 12:02:26.0324 1280 storflt - ok 12:02:26.0355 1280 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll 12:02:26.0371 1280 StorSvc - ok 12:02:26.0387 1280 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys 12:02:26.0387 1280 storvsc - ok 12:02:26.0402 1280 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys 12:02:26.0402 1280 swenum - ok 12:02:26.0433 1280 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll 12:02:26.0433 1280 swprv - ok 12:02:26.0496 1280 [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS C:\Windows\system32\drivers\NIS\1308000.00E\SYMDS.SYS 12:02:26.0496 1280 SymDS - ok 12:02:26.0543 1280 [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA C:\Windows\system32\drivers\NIS\1308000.00E\SYMEFA.SYS 12:02:26.0558 1280 SymEFA - ok 12:02:26.0621 1280 [ 555FB450FE6908600310E990738B41D6 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS 12:02:26.0621 1280 SymEvent - ok 12:02:26.0699 1280 [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON C:\Windows\system32\drivers\NIS\1308000.00E\Ironx86.SYS 12:02:26.0699 1280 SymIRON - ok 12:02:26.0745 1280 [ 3EE215D6FE821E3EDF0F7134D9AE905A ] SymNetS C:\Windows\System32\Drivers\NIS\1308000.00E\SYMNETS.SYS 12:02:26.0745 1280 SymNetS - ok 12:02:26.0808 1280 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll 12:02:26.0839 1280 SysMain - ok 12:02:26.0870 1280 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll 12:02:26.0870 1280 TabletInputService - ok 12:02:26.0901 1280 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll 12:02:26.0917 1280 TapiSrv - ok 12:02:26.0933 1280 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll 12:02:26.0948 1280 TBS - ok 12:02:26.0995 1280 [ 65D10B191C59C5501A1263FC33F6894B ] Tcpip C:\Windows\system32\drivers\tcpip.sys 12:02:27.0026 1280 Tcpip - ok 12:02:27.0104 1280 [ 65D10B191C59C5501A1263FC33F6894B ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 12:02:27.0104 1280 TCPIP6 - ok 12:02:27.0151 1280 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 12:02:27.0151 1280 tcpipreg - ok 12:02:27.0182 1280 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 12:02:27.0182 1280 TDPIPE - ok 12:02:27.0198 1280 [ 2C10395BAA4847F83042813C515CC289 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 12:02:27.0198 1280 TDTCP - ok 12:02:27.0245 1280 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 12:02:27.0245 1280 tdx - ok 12:02:27.0260 1280 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys 12:02:27.0276 1280 TermDD - ok 12:02:27.0307 1280 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll 12:02:27.0323 1280 TermService - ok 12:02:27.0338 1280 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll 12:02:27.0338 1280 Themes - ok 12:02:27.0354 1280 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll 12:02:27.0354 1280 THREADORDER - ok 12:02:27.0385 1280 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll 12:02:27.0385 1280 TrkWks - ok 12:02:27.0432 1280 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 12:02:27.0432 1280 TrustedInstaller - ok 12:02:27.0447 1280 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 12:02:27.0463 1280 tssecsrv - ok 12:02:27.0525 1280 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 12:02:27.0525 1280 TsUsbFlt - ok 12:02:27.0572 1280 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 12:02:27.0572 1280 tunnel - ok 12:02:27.0588 1280 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 12:02:27.0603 1280 uagp35 - ok 12:02:27.0619 1280 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys 12:02:27.0619 1280 udfs - ok 12:02:27.0635 1280 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 12:02:27.0635 1280 UI0Detect - ok 12:02:27.0650 1280 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 12:02:27.0650 1280 uliagpkx - ok 12:02:27.0744 1280 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys 12:02:27.0744 1280 umbus - ok 12:02:27.0775 1280 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 12:02:27.0775 1280 UmPass - ok 12:02:27.0853 1280 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll 12:02:27.0853 1280 UmRdpService - ok 12:02:27.0884 1280 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll 12:02:27.0884 1280 upnphost - ok 12:02:27.0915 1280 [ 7E72E7D7E0757D59481D530FD2B0BFAE ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 12:02:27.0915 1280 usbccgp - ok 12:02:27.0978 1280 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys 12:02:27.0978 1280 usbcir - ok 12:02:27.0993 1280 [ 1C333BFD60F2FED2C7AD5DAF533CB742 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 12:02:27.0993 1280 usbehci - ok 12:02:28.0009 1280 [ 9D22AAD9AC6A07C691A1113E5F860868 ] usbhub C:\Windows\system32\drivers\usbhub.sys 12:02:28.0025 1280 usbhub - ok 12:02:28.0025 1280 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 12:02:28.0025 1280 usbohci - ok 12:02:28.0040 1280 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 12:02:28.0040 1280 usbprint - ok 12:02:28.0118 1280 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 12:02:28.0118 1280 usbscan - ok 12:02:28.0149 1280 [ BF63EBFC6979FEFB2BC03DF7989A0C1A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 12:02:28.0149 1280 USBSTOR - ok 12:02:28.0165 1280 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 12:02:28.0165 1280 usbuhci - ok 12:02:28.0196 1280 [ D82F43D15FDAA666856C0190CB73E7C9 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys 12:02:28.0196 1280 usb_rndisx - ok 12:02:28.0227 1280 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll 12:02:28.0227 1280 UxSms - ok 12:02:28.0243 1280 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe 12:02:28.0243 1280 VaultSvc - ok 12:02:28.0259 1280 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 12:02:28.0259 1280 vdrvroot - ok 12:02:28.0290 1280 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe 12:02:28.0305 1280 vds - ok 12:02:28.0321 1280 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 12:02:28.0337 1280 vga - ok 12:02:28.0337 1280 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys 12:02:28.0337 1280 VgaSave - ok 12:02:28.0352 1280 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 12:02:28.0368 1280 vhdmp - ok 12:02:28.0383 1280 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys 12:02:28.0383 1280 viaagp - ok 12:02:28.0399 1280 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys 12:02:28.0415 1280 ViaC7 - ok 12:02:28.0446 1280 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys 12:02:28.0446 1280 viaide - ok 12:02:28.0477 1280 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys 12:02:28.0477 1280 vmbus - ok 12:02:28.0493 1280 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 12:02:28.0493 1280 VMBusHID - ok 12:02:28.0508 1280 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys 12:02:28.0508 1280 volmgr - ok 12:02:28.0555 1280 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 12:02:28.0555 1280 volmgrx - ok 12:02:28.0571 1280 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys 12:02:28.0571 1280 volsnap - ok 12:02:28.0602 1280 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 12:02:28.0617 1280 vsmraid - ok 12:02:28.0664 1280 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe 12:02:28.0695 1280 VSS - ok 12:02:28.0711 1280 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 12:02:28.0711 1280 vwifibus - ok 12:02:28.0727 1280 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll 12:02:28.0742 1280 W32Time - ok 12:02:28.0758 1280 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 12:02:28.0758 1280 WacomPen - ok 12:02:28.0805 1280 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 12:02:28.0805 1280 WANARP - ok 12:02:28.0805 1280 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 12:02:28.0820 1280 Wanarpv6 - ok 12:02:28.0898 1280 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 12:02:28.0914 1280 WatAdminSvc - ok 12:02:28.0961 1280 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe 12:02:28.0992 1280 wbengine - ok 12:02:29.0023 1280 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 12:02:29.0023 1280 WbioSrvc - ok 12:02:29.0070 1280 [ 59E19BD13C3BDB857646B9E436BA27F7 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll 12:02:29.0070 1280 WcesComm - ok 12:02:29.0101 1280 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll 12:02:29.0117 1280 wcncsvc - ok 12:02:29.0132 1280 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 12:02:29.0132 1280 WcsPlugInService - ok 12:02:29.0148 1280 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys 12:02:29.0148 1280 Wd - ok 12:02:29.0195 1280 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam.sys 12:02:29.0195 1280 WDC_SAM - ok 12:02:29.0257 1280 [ 7D1E301E2EEAF6D3730887DE933413E6 ] WDDMService C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe 12:02:29.0257 1280 WDDMService - ok 12:02:29.0273 1280 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 12:02:29.0288 1280 Wdf01000 - ok 12:02:29.0288 1280 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll 12:02:29.0304 1280 WdiServiceHost - ok 12:02:29.0304 1280 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll 12:02:29.0304 1280 WdiSystemHost - ok 12:02:29.0366 1280 [ 138AB06ADBBF300AA804D7974A5AEC82 ] WDSmartWareBackgroundService C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe 12:02:29.0366 1280 WDSmartWareBackgroundService - ok 12:02:29.0413 1280 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll 12:02:29.0413 1280 WebClient - ok 12:02:29.0429 1280 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll 12:02:29.0429 1280 Wecsvc - ok 12:02:29.0444 1280 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll 12:02:29.0444 1280 wercplsupport - ok 12:02:29.0475 1280 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll 12:02:29.0475 1280 WerSvc - ok 12:02:29.0491 1280 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 12:02:29.0491 1280 WfpLwf - ok 12:02:29.0507 1280 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys 12:02:29.0507 1280 WIMMount - ok 12:02:29.0553 1280 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 12:02:29.0553 1280 WinDefend - ok 12:02:29.0585 1280 WinHttpAutoProxySvc - ok 12:02:29.0631 1280 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 12:02:29.0631 1280 Winmgmt - ok 12:02:29.0678 1280 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll 12:02:29.0741 1280 WinRM - ok 12:02:29.0772 1280 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 12:02:29.0772 1280 WinUsb - ok 12:02:29.0819 1280 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll 12:02:29.0834 1280 Wlansvc - ok 12:02:29.0943 1280 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 12:02:29.0975 1280 wlidsvc - ok 12:02:30.0021 1280 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 12:02:30.0021 1280 WmiAcpi - ok 12:02:30.0053 1280 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 12:02:30.0053 1280 wmiApSrv - ok 12:02:30.0131 1280 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 12:02:30.0302 1280 WMPNetworkSvc - ok 12:02:30.0349 1280 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll 12:02:30.0349 1280 WPCSvc - ok 12:02:30.0380 1280 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 12:02:30.0380 1280 WPDBusEnum - ok 12:02:30.0411 1280 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 12:02:30.0411 1280 ws2ifsl - ok 12:02:30.0427 1280 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll 12:02:30.0427 1280 wscsvc - ok 12:02:30.0427 1280 WSearch - ok 12:02:30.0505 1280 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 12:02:30.0536 1280 wuauserv - ok 12:02:30.0583 1280 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 12:02:30.0583 1280 WudfPf - ok 12:02:30.0645 1280 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 12:02:30.0645 1280 WUDFRd - ok 12:02:30.0692 1280 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 12:02:30.0692 1280 wudfsvc - ok 12:02:30.0708 1280 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll 12:02:30.0708 1280 WwanSvc - ok 12:02:30.0739 1280 ================ Scan global =============================== 12:02:30.0770 1280 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll 12:02:30.0801 1280 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll 12:02:30.0817 1280 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll 12:02:30.0879 1280 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll 12:02:30.0911 1280 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe 12:02:30.0911 1280 [Global] - ok 12:02:30.0911 1280 ================ Scan MBR ================================== 12:02:30.0926 1280 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0 12:02:30.0926 1280 Suspicious mbr (Forged): \Device\Harddisk0\DR0 12:02:30.0989 1280 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected 12:02:30.0989 1280 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0) 12:02:30.0989 1280 ================ Scan VBR ================================== 12:02:30.0989 1280 [ D61E1D2C7246357FB83A88BFADCE46A6 ] \Device\Harddisk0\DR0\Partition1 12:02:30.0989 1280 \Device\Harddisk0\DR0\Partition1 - ok 12:02:30.0989 1280 [ 1F74E35FB1842673672806AB71645793 ] \Device\Harddisk0\DR0\Partition2 12:02:30.0989 1280 \Device\Harddisk0\DR0\Partition2 - ok 12:02:31.0004 1280 ============================================================ 12:02:31.0004 1280 Scan finished 12:02:31.0004 1280 ============================================================ 12:02:31.0004 1268 Detected object count: 1 12:02:31.0004 1268 Actual detected object count: 1 12:03:39.0941 1268 \Device\Harddisk0\DR0\# - copied to quarantine 12:03:39.0972 1268 \Device\Harddisk0\DR0 - copied to quarantine 12:03:39.0987 1268 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine 12:03:40.0050 1268 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine 12:03:40.0050 1268 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine 12:03:40.0112 1268 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine 12:03:40.0143 1268 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine 12:03:40.0237 1268 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine 12:03:40.0268 1268 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine 12:03:40.0284 1268 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine 12:03:40.0284 1268 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine 12:03:40.0299 1268 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine 12:03:40.0424 1268 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine 12:03:40.0424 1268 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine 12:03:40.0455 1268 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine 12:03:40.0471 1268 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine 12:03:40.0549 1268 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine 12:03:40.0689 1268 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot 12:03:40.0689 1268 \Device\Harddisk0\DR0 - ok 12:03:40.0752 1268 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure 12:04:02.0904 5704 Deinitialize success
  7. Here is the requested log: Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) (x86) Version: 08-09-2012 Ran by SYSTEM at 10-09-2012 09:28:30 Running from F:\ Windows 7 Professional (X86) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7514656 2009-05-23] (Realtek Semiconductor) HKLM\...\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-07] (Intel Corporation) HKLM\...\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-06-24] (CyberLink Corp.) HKLM\...\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [63048 2008-08-11] (LogMeIn, Inc.) HKLM\...\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdcBase.exe [x] HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated) HKLM\...\Run: [] [x] HKLM\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2012-01-03] (Adobe Systems Incorporated) HKLM\...\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [815512 2012-01-03] (Adobe Systems Inc.) HKLM\...\Run: [indexSearch] "C:\Program Files\Nuance\PaperPort\IndexSearch.exe" [46368 2010-03-08] (Nuance Communications, Inc.) HKLM\...\Run: [PaperPort PTD] "C:\Program Files\Nuance\PaperPort\pptd40nt.exe" [29984 2010-03-08] (Nuance Communications, Inc.) HKLM\...\Run: [PPort12reminder] "C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini" [375 2012-09-10] () HKLM\...\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.) HKLM\...\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.) HKLM\...\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe /autorun [139264 2010-10-26] (Brother Industries, Ltd.) HKLM\...\Run: [brStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN [2621440 2010-06-10] (Brother Industries, Ltd.) HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.) HKLM\...\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe [1061960 2012-07-26] (Carbonite, Inc.) HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation) HKU\LogMeInRemoteUser\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [x] HKU\LogMeInRemoteUser\...\Run: [Adobe Acrobat Synchronizer] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [1243040 2012-01-03] (Adobe Systems Incorporated) HKU\LogMeInRemoteUser\...\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2009-05-05] (Acresso Corporation) HKU\MJ\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [x] HKU\MJ\...\Run: [Adobe Acrobat Synchronizer] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [1243040 2012-01-03] (Adobe Systems Incorporated) HKU\MJ\...\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2009-05-05] (Acresso Corporation) HKU\MJ\...\Run: [Google Update] "C:\Users\MJ\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-08-15] (Google Inc.) Tcpip\Parameters: [DhcpNameServer] 68.94.156.1 Tcpip\..\Interfaces\{51F4D2AB-899D-4E15-A5ED-5FC988182DD8}: [NameServer]4.2.2.2 Startup: C:\Users\All Users\Start Menu\Programs\Startup\Canon PC1200 iC D600 iR1200G Status Window.LNK ShortcutTarget: Canon PC1200 iC D600 iR1200G Status Window.LNK -> C:\Windows\System32\spool\drivers\w32x86\3\CAPM1LAK.EXE (CANON INC.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk ShortcutTarget: Microsoft Office OneNote 2003 Quick Launch.lnk -> C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC) Startup: C:\Users\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk ShortcutTarget: WDSmartWare.lnk -> C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital) ==================== Services ================================ 2 AERTFilters; C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe [81920 2009-03-31] (Andrea Electronics Corporation) 3 BrYNSvc; "C:\Program Files\Browny02\BrYNSvc.exe" [245760 2010-01-25] (Brother Industries, Ltd.) 2 CarboniteService; "C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe" [4637768 2012-07-26] (Carbonite, Inc. (www.carbonite.com)) 2 LMIGuardianSvc; "C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe" [374184 2012-07-11] (LogMeIn, Inc.) 2 LMIMaint; "C:\Program Files\LogMeIn\x86\RaMaint.exe" [136616 2012-07-11] (LogMeIn, Inc.) 2 LogMeIn; "C:\Program Files\LogMeIn\x86\LogMeIn.exe" [390528 2010-12-08] (LogMeIn, Inc.) 2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation) 3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [113120 2012-07-13] (Mozilla Foundation) 2 NIS; "C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe" /s "NIS" /m "C:\Program Files\Norton Internet Security\Engine\19.8.0.14\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation) 2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.) 2 WDDMService; "C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe" [110592 2009-11-13] (WDC) 2 WDSmartWareBackgroundService; "C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe" [20480 2009-06-16] (Memeo) ==================== Drivers ================================= 1 BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120905.001\BHDrvx86.sys [995488 2012-08-31] (Symantec Corporation) 1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1308000.00E\ccSetx86.sys [132768 2012-06-06] (Symantec Corporation) 1 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-08-08] (Symantec Corporation) 3 EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-08-24] (Symantec Corporation) 1 IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120906.002\IDSvix86.sys [386720 2012-08-31] (Symantec Corporation) 3 JRAID; C:\Windows\system32\DRIVERS\jraid.sys [89048 2009-05-21] (JMicron Technology Corp.) 2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [12856 2008-08-11] (LogMeIn, Inc.) 3 lmimirr; C:\Windows\System32\DRIVERS\lmimirr.sys [10144 2008-08-11] (LogMeIn, Inc.) 2 LMIRfsDriver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys [47640 2008-08-11] (LogMeIn, Inc.) 3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-07-03] (Malwarebytes Corporation) 3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120906.002\NAVENG.SYS [92704 2012-08-24] (Symantec Corporation) 3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120906.002\NAVEX15.SYS [1601184 2012-08-24] (Symantec Corporation) 0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [45200 2009-07-09] (Sonic Solutions) 2 RapidPortM1; \??\C:\Windows\system32\Drivers\CAPM1LP.SYS [22912 2001-12-06] (CANON INC.) 3 SRTSP; C:\Windows\System32\Drivers\NIS\1308000.00E\SRTSP.SYS [574112 2012-07-05] (Symantec Corporation) 1 SRTSPX; C:\Windows\system32\drivers\NIS\1308000.00E\SRTSPX.SYS [32928 2012-07-05] (Symantec Corporation) 0 SymDS; C:\Windows\System32\drivers\NIS\1308000.00E\SYMDS.SYS [340088 2011-08-15] (Symantec Corporation) 0 SymEFA; C:\Windows\System32\drivers\NIS\1308000.00E\SYMEFA.SYS [924320 2012-05-21] (Symantec Corporation) 3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [141944 2012-03-23] (Symantec Corporation) 1 SymIRON; C:\Windows\system32\drivers\NIS\1308000.00E\Ironx86.SYS [149624 2012-04-17] (Symantec Corporation) 1 SymNetS; C:\Windows\System32\Drivers\NIS\1308000.00E\SYMNETS.SYS [318584 2012-04-17] (Symantec Corporation) 4 LMIRfsClientNP; [x] ==================== NetSvcs (Whitelisted) ================= ============ One Month Created Files and Folders ============== 2012-09-07 06:42 - 2012-09-07 06:42 - 00034847 ____A C:\Users\MJ\Desktop\Attach.txt 2012-09-07 06:42 - 2012-09-07 06:42 - 00017527 ____A C:\Users\MJ\Desktop\DDS.txt 2012-09-07 06:26 - 2012-09-07 06:26 - 00607260 ____R (Swearware) C:\Users\MJ\Desktop\dds.scr 2012-09-07 06:25 - 2012-09-07 06:25 - 00146296 ____A C:\Windows\Minidump\090712-16239-01.dmp 2012-09-07 06:21 - 2012-09-07 06:21 - 00146296 ____A C:\Windows\Minidump\090712-29936-01.dmp 2012-09-07 06:16 - 2012-09-07 06:16 - 00146296 ____A C:\Windows\Minidump\090712-32323-01.dmp 2012-09-06 11:27 - 2012-09-06 11:27 - 00146296 ____A C:\Windows\Minidump\090612-18454-01.dmp 2012-09-06 11:08 - 2012-09-06 11:08 - 00000000 __SHD C:\found.001 2012-09-06 10:49 - 2012-09-06 10:49 - 00000000 ____D C:\Users\ParkPlace\AppData\Roaming\TeamViewer 2012-09-06 10:47 - 2012-09-06 10:47 - 00090616 ____A C:\Users\ParkPlace\AppData\Local\GDIPFONTCACHEV1.DAT 2012-09-06 10:47 - 2012-09-06 10:47 - 00000000 ____D C:\Users\ParkPlace\AppData\Roaming\Western Digital 2012-09-06 10:47 - 2012-09-06 10:47 - 00000000 ____D C:\Users\ParkPlace\AppData\Local\Western_Digital 2012-09-06 10:47 - 2012-09-06 10:47 - 00000000 ____D C:\Users\ParkPlace\AppData\Local\Western Digital 2012-09-06 10:46 - 2012-09-06 10:47 - 00000000 ____D C:\Users\ParkPlace\AppData\Roaming\Adobe 2012-09-06 10:46 - 2012-09-06 10:46 - 00000000 ____D C:\Users\ParkPlace\AppData\Roaming\ControlCenter4 2012-09-06 10:46 - 2012-09-06 10:46 - 00000000 ____D C:\Users\ParkPlace\AppData\Local\LogMeIn 2012-09-06 10:46 - 2012-09-06 10:46 - 00000000 ____D C:\Users\ParkPlace\AppData\Local\Adobe 2012-09-06 10:45 - 2012-09-06 10:46 - 00000000 ____D C:\users\ParkPlace 2012-09-06 10:45 - 2012-09-06 10:45 - 00000020 __ASH C:\Users\ParkPlace\ntuser.ini 2012-09-06 10:45 - 2012-09-06 10:45 - 00000000 ____D C:\Users\ParkPlace\AppData\Local\VirtualStore 2012-09-06 10:45 - 2011-04-06 12:07 - 00000000 ____D C:\Users\ParkPlace\AppData\Roaming\Macromedia 2012-09-06 10:44 - 2012-09-06 10:44 - 00146296 ____A C:\Windows\Minidump\090612-36566-01.dmp 2012-09-06 10:33 - 2012-09-06 10:34 - 00146296 ____A C:\Windows\Minidump\090612-32853-01.dmp 2012-09-06 10:28 - 2012-09-06 10:28 - 00146312 ____A C:\Windows\Minidump\090612-40451-01.dmp 2012-09-06 09:50 - 2012-09-06 09:50 - 00001069 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-09-06 09:50 - 2012-09-06 09:50 - 00000000 ____D C:\Users\MJ\AppData\Roaming\Malwarebytes 2012-09-06 09:49 - 2012-09-06 09:50 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2012-09-06 09:49 - 2012-09-06 09:49 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-09-06 09:49 - 2012-07-03 10:46 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-09-06 09:20 - 2012-09-06 09:20 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\MJ\Desktop\mbam-setup-1.62.0.1300.exe 2012-09-06 09:15 - 2012-09-06 09:15 - 00146296 ____A C:\Windows\Minidump\090612-24024-01.dmp 2012-09-06 08:19 - 2012-09-06 08:19 - 00006576 ____N C:\bootsqm.dat 2012-09-06 07:31 - 2012-09-06 07:31 - 00601088 ____A C:\Users\MJ\Downloads\Ch4.ppt 2012-08-30 02:57 - 2012-08-30 02:57 - 00000844 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-84075024-2080030355-1644607755-1000Core1cd869e3049515f.job 2012-08-29 11:52 - 2012-08-29 11:52 - 00146296 ____A C:\Windows\Minidump\082912-19390-01.dmp 2012-08-27 08:46 - 2012-08-27 08:46 - 00980480 ____A C:\Users\MJ\Downloads\MicrosoftFixit50267.msi 2012-08-24 09:27 - 2012-08-24 09:27 - 00002104 ____A C:\Users\Public\Desktop\Carbonite InfoCenter.lnk 2012-08-24 09:26 - 2012-08-24 09:26 - 00000000 ____D C:\Users\All Users\Carbonite 2012-08-24 09:26 - 2012-08-24 09:26 - 00000000 ____D C:\Program Files\Carbonite 2012-08-24 09:23 - 2012-08-24 09:24 - 09127776 ____A (Carbonite, Inc.) C:\Users\MJ\Downloads\CarboniteSetup-vsb_premium.exe 2012-08-24 08:49 - 2012-08-24 08:50 - 00146296 ____A C:\Windows\Minidump\082412-25053-01.dmp 2012-08-24 07:52 - 2012-08-24 07:52 - 00000000 __SHD C:\found.000 2012-08-22 12:48 - 2012-08-22 12:48 - 00000042 ____A C:\Users\MJ\jagex_cl_runescape_LIVE1.dat 2012-08-22 12:48 - 2012-08-22 12:48 - 00000000 ____D C:\Users\MJ\jagexcache1 2012-08-20 09:43 - 2012-08-20 09:43 - 00146296 ____A C:\Windows\Minidump\082012-35193-01.dmp 2012-08-16 12:58 - 2012-08-16 12:58 - 00000000 ____D C:\Users\MJ\AppData\Local\{54AF5CBF-5B61-48FD-AD5F-9DBD4A77655E} 2012-08-16 12:58 - 2012-08-16 12:58 - 00000000 ____D C:\Users\MJ\AppData\Local\{27958AFA-33EF-44FC-9214-C12C96379B71} 2012-08-16 12:57 - 2012-08-16 12:58 - 00000000 ____D C:\Users\MJ\AppData\Local\{03B31BD4-EFDD-4046-BFEE-86AFEE3AA771} 2012-08-16 12:57 - 2012-08-16 12:57 - 00000000 ____D C:\Users\MJ\AppData\Local\{788BDA24-56B7-4446-B0CE-1F0290D2C4D2} 2012-08-16 12:57 - 2012-08-16 12:57 - 00000000 ____D C:\Users\MJ\AppData\Local\{7005D15B-1355-4D42-832C-C2B0C0A420F4} 2012-08-16 12:57 - 2012-08-16 12:57 - 00000000 ____D C:\Users\MJ\AppData\Local\{2A4F3DD4-7242-4259-8F62-DF5F5FA9B102} 2012-08-16 12:56 - 2012-08-16 12:56 - 00000000 ____D C:\Users\MJ\AppData\Local\{BA9055CD-206C-45D4-AED8-22425D128222} 2012-08-16 12:56 - 2012-08-16 12:56 - 00000000 ____D C:\Users\MJ\AppData\Local\{1491FF06-6627-4E33-A0F0-C9BDB697B48E} 2012-08-16 11:55 - 2012-08-16 11:55 - 00000000 ____D C:\Users\MJ\AppData\Local\{91447190-21A3-46C2-BCB1-CC82B8A7FB6E} 2012-08-16 11:54 - 2012-08-16 11:55 - 00000000 ____D C:\Users\MJ\AppData\Local\{F0AB2D87-E08E-4FD8-8003-6F2338107790} 2012-08-15 10:30 - 2012-08-15 10:30 - 00000000 ____D C:\Program Files\Common Files\Java 2012-08-15 10:29 - 2012-08-15 10:29 - 00000000 ____D C:\Program Files\Oracle 2012-08-15 10:27 - 2012-07-05 19:06 - 00772544 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll 2012-08-15 10:27 - 2012-07-05 19:06 - 00227760 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2012-08-15 10:26 - 2012-08-15 10:25 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2012-08-15 10:26 - 2012-08-15 10:25 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2012-08-15 10:04 - 2012-08-15 10:04 - 00893936 ____A (Oracle Corporation) C:\Users\MJ\Downloads\chromeinstall-7u5.exe 2012-08-15 07:01 - 2012-09-05 07:28 - 00002398 ____A C:\Users\MJ\Desktop\Google Chrome.lnk 2012-08-15 06:59 - 2012-09-06 13:10 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-84075024-2080030355-1644607755-1000UA.job 2012-08-15 06:39 - 2012-08-15 06:40 - 00739808 ____A (Google Inc.) C:\Users\MJ\Downloads\ChromeSetup.exe ============ 3 Months Modified Files ======================== 2012-09-10 06:20 - 2011-09-22 10:12 - 00000874 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-09-10 06:20 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-09-10 06:19 - 2010-01-19 10:11 - 00782242 ____A C:\Windows\System32\PerfStringBackup.INI 2012-09-10 06:19 - 2009-07-13 20:53 - 00032682 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-09-10 06:18 - 2009-07-13 20:34 - 00014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-09-10 06:18 - 2009-07-13 20:34 - 00014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-09-10 06:14 - 2009-07-13 20:55 - 01089714 ____A C:\Windows\WindowsUpdate.log 2012-09-10 06:10 - 2009-07-13 20:39 - 00191054 ____A C:\Windows\setupact.log 2012-09-07 09:26 - 2012-07-05 13:21 - 00000110 ____A C:\Users\MJ\Desktop\New Text Document.txt 2012-09-07 06:42 - 2012-09-07 06:42 - 00034847 ____A C:\Users\MJ\Desktop\Attach.txt 2012-09-07 06:42 - 2012-09-07 06:42 - 00017527 ____A C:\Users\MJ\Desktop\DDS.txt 2012-09-07 06:26 - 2012-09-07 06:26 - 00607260 ____R (Swearware) C:\Users\MJ\Desktop\dds.scr 2012-09-07 06:25 - 2012-09-07 06:25 - 00146296 ____A C:\Windows\Minidump\090712-16239-01.dmp 2012-09-07 06:25 - 2011-12-14 10:09 - 354639678 ____A C:\Windows\MEMORY.DMP 2012-09-07 06:21 - 2012-09-07 06:21 - 00146296 ____A C:\Windows\Minidump\090712-29936-01.dmp 2012-09-07 06:16 - 2012-09-07 06:16 - 00146296 ____A C:\Windows\Minidump\090712-32323-01.dmp 2012-09-06 13:10 - 2012-08-15 06:59 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-84075024-2080030355-1644607755-1000UA.job 2012-09-06 12:44 - 2011-09-22 10:12 - 00000878 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-09-06 11:27 - 2012-09-06 11:27 - 00146296 ____A C:\Windows\Minidump\090612-18454-01.dmp 2012-09-06 10:47 - 2012-09-06 10:47 - 00090616 ____A C:\Users\ParkPlace\AppData\Local\GDIPFONTCACHEV1.DAT 2012-09-06 10:45 - 2012-09-06 10:45 - 00000020 __ASH C:\Users\ParkPlace\ntuser.ini 2012-09-06 10:44 - 2012-09-06 10:44 - 00146296 ____A C:\Windows\Minidump\090612-36566-01.dmp 2012-09-06 10:34 - 2012-09-06 10:33 - 00146296 ____A C:\Windows\Minidump\090612-32853-01.dmp 2012-09-06 10:28 - 2012-09-06 10:28 - 00146312 ____A C:\Windows\Minidump\090612-40451-01.dmp 2012-09-06 09:50 - 2012-09-06 09:50 - 00001069 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-09-06 09:20 - 2012-09-06 09:20 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\MJ\Desktop\mbam-setup-1.62.0.1300.exe 2012-09-06 09:15 - 2012-09-06 09:15 - 00146296 ____A C:\Windows\Minidump\090612-24024-01.dmp 2012-09-06 08:19 - 2012-09-06 08:19 - 00006576 ____N C:\bootsqm.dat 2012-09-06 07:31 - 2012-09-06 07:31 - 00601088 ____A C:\Users\MJ\Downloads\Ch4.ppt 2012-09-06 06:38 - 2011-11-04 06:19 - 00000032 ____A C:\Users\MJ\jagex_cl_runescape_LIVE.dat 2012-09-05 07:28 - 2012-08-15 07:01 - 00002398 ____A C:\Users\MJ\Desktop\Google Chrome.lnk 2012-09-05 06:14 - 2010-01-19 12:02 - 00051908 ____A C:\Windows\PFRO.log 2012-08-30 02:57 - 2012-08-30 02:57 - 00000844 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-84075024-2080030355-1644607755-1000Core1cd869e3049515f.job 2012-08-29 11:52 - 2012-08-29 11:52 - 00146296 ____A C:\Windows\Minidump\082912-19390-01.dmp 2012-08-27 08:46 - 2012-08-27 08:46 - 00980480 ____A C:\Users\MJ\Downloads\MicrosoftFixit50267.msi 2012-08-24 09:27 - 2012-08-24 09:27 - 00002104 ____A C:\Users\Public\Desktop\Carbonite InfoCenter.lnk 2012-08-24 09:24 - 2012-08-24 09:23 - 09127776 ____A (Carbonite, Inc.) C:\Users\MJ\Downloads\CarboniteSetup-vsb_premium.exe 2012-08-24 08:50 - 2012-08-24 08:49 - 00146296 ____A C:\Windows\Minidump\082412-25053-01.dmp 2012-08-22 12:51 - 2010-12-17 12:16 - 00000129 ____A C:\Users\MJ\jagex_runescape_preferences2.dat 2012-08-22 12:48 - 2012-08-22 12:48 - 00000042 ____A C:\Users\MJ\jagex_cl_runescape_LIVE1.dat 2012-08-22 12:48 - 2010-12-17 12:14 - 00000035 ____A C:\Users\MJ\jagex_runescape_preferences.dat 2012-08-20 09:43 - 2012-08-20 09:43 - 00146296 ____A C:\Windows\Minidump\082012-35193-01.dmp 2012-08-16 06:13 - 2010-02-03 11:31 - 00002425 ____A C:\Users\Public\Desktop\Norton Internet Security.lnk 2012-08-15 10:25 - 2012-08-15 10:26 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2012-08-15 10:25 - 2012-08-15 10:26 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2012-08-15 10:04 - 2012-08-15 10:04 - 00893936 ____A (Oracle Corporation) C:\Users\MJ\Downloads\chromeinstall-7u5.exe 2012-08-15 06:40 - 2012-08-15 06:39 - 00739808 ____A (Google Inc.) C:\Users\MJ\Downloads\ChromeSetup.exe 2012-08-10 06:42 - 2010-06-21 11:56 - 00001090 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk 2012-08-10 06:40 - 2012-08-10 06:32 - 16814136 ____A (Mozilla) C:\Users\MJ\Downloads\Firefox Setup 14.0.1.exe 2012-08-06 10:00 - 2012-08-06 10:00 - 00146296 ____A C:\Windows\Minidump\080612-30482-01.dmp 2012-07-31 06:08 - 2012-07-31 06:08 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2012-07-31 06:08 - 2011-12-02 10:48 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2012-07-11 10:29 - 2012-07-11 10:29 - 00000967 ____A C:\Users\MJ\Desktop\Audacity.lnk 2012-07-11 06:14 - 2010-02-11 07:31 - 00087456 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll 2012-07-11 06:14 - 2010-02-11 07:31 - 00083392 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll 2012-07-11 06:14 - 2010-02-11 07:31 - 00030624 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll 2012-07-05 19:06 - 2012-08-15 10:27 - 00772544 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll 2012-07-05 19:06 - 2012-08-15 10:27 - 00227760 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2012-07-05 19:06 - 2010-11-15 07:30 - 00687544 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll 2012-07-03 10:46 - 2012-09-06 09:49 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-06-20 12:18 - 2012-06-20 12:18 - 00027997 ____A C:\Users\MJ\Downloads\game.php 2012-06-15 10:24 - 2012-06-15 10:23 - 36586496 ____A C:\Users\MJ\Desktop\Possibly Privileged Pulled.pst ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2012-08-27 08:47:27 Restore point made on: 2012-08-27 13:46:33 Restore point made on: 2012-08-28 08:12:12 Restore point made on: 2012-08-31 06:08:01 Restore point made on: 2012-09-03 12:07:23 Restore point made on: 2012-09-03 21:00:16 Restore point made on: 2012-09-03 22:20:19 Restore point made on: 2012-09-04 22:30:09 Restore point made on: 2012-09-05 06:09:30 ==================== Memory info =========================== Percentage of memory in use: 21% Total physical RAM: 2012.99 MB Available physical RAM: 1589.05 MB Total Pagefile: 2012.99 MB Available Pagefile: 1592.38 MB Total Virtual: 2047.88 MB Available Virtual: 1968.7 MB ==================== Partitions ============================ 1 Drive c: (OS) (Fixed) (Total:224.86 GB) (Free:88.8 GB) NTFS 3 Drive f: () (Removable) (Total:14.9 GB) (Free:11.87 GB) FAT32 4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 5 Drive y: (RECOVERY) (Fixed) (Total:7.93 GB) (Free:4.77 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 232 GB 0 B Disk 1 Online 14 GB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 39 MB 31 KB Partition 2 Primary 8118 MB 40 MB Partition 3 Primary 224 GB 8158 MB ================================================================================== Disk: 0 Partition 1 Type : DE Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 FAT Partition 39 MB Healthy Hidden ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y RECOVERY NTFS Partition 8118 MB Healthy ================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C OS NTFS Partition 224 GB Healthy ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 14 GB 16 KB ================================================================================== Disk: 1 Partition 1 Type : 0C Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 F FAT32 Removable 14 GB Healthy ================================================================================== Last Boot: 2012-08-27 15:10 ==================== End Of Log =============================
  8. Short version: Computer has become just about worthless. Currently running in safe mode, which is the only thing that keeps the blue screen of death away, which I get within 3 minutes of rebooting without fail now (it had been increasing in frequency, seems to have reached critical mass). I have run an MBAM full scan and a Norton Anti-Virus full scan and neither has found anything. Computer resources are constantly hogged by something, svchost.exe usually, and a lot of data is being sent and received despite not actively using the internet. The two requested logs are below, though these were created while in safe mode, I don't know if that makes a difference: . DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1 Run by MJ at 9:27:29 on 2012-09-07 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2013.456 [GMT -5:00] . AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Windows\helppane.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\conhost.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.bing.com/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.8.0.14\coIEPlg.dll BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.8.0.14\ips\IPSBHO.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.8.0.14\coIEPlg.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [Adobe Acrobat Synchronizer] "c:\program files\adobe\acrobat 10.0\acrobat\AdobeCollabSync.exe" uRun: [iSUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler uRun: [Google Update] "c:\users\mj\appdata\local\google\update\GoogleUpdate.exe" /c mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe" mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdcBase.exe mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [<NO NAME>] mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe" mRun: [indexSearch] "c:\program files\nuance\paperport\IndexSearch.exe" mRun: [PaperPort PTD] "c:\program files\nuance\paperport\pptd40nt.exe" mRun: [PPort12reminder] "c:\program files\nuance\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\12\config\ereg\Ereg.ini" mRun: [PDFHook] c:\program files\nuance\pdf viewer plus\pdfpro5hook.exe mRun: [PDF5 Registry Controller] c:\program files\nuance\pdf viewer plus\RegistryController.exe mRun: [ControlCenter4] c:\program files\controlcenter4\BrCcBoot.exe /autorun mRun: [brStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\canonp~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\CAPM1LAK.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office11\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office11\REFIEBAR.DLL Trusted Zone: advanceddiscovery.com\relativity5 Trusted Zone: kcura.com\relativity DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {A6AD2813-EDAC-4CAA-B7A3-431EC0758C2D} - hxxps://relativity5.advanceddiscovery.com/Relativity/ActiveX/webclientmanager.cab DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} - hxxp://simcity.ea.com/play/classic/SimCityX.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://lexisnexiscenters.webex.com/client/T27L10NSP11EP5/event/ieatgpc1.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 68.94.156.1 TCP: Interfaces\{51F4D2AB-899D-4E15-A5ED-5FC988182DD8} : NameServer = 4.2.2.2 TCP: Interfaces\{51F4D2AB-899D-4E15-A5ED-5FC988182DD8} : DhcpNameServer = 68.94.156.1 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Notify: igfxcui - igfxdev.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\mj\appdata\roaming\mozilla\firefox\profiles\8k026ig1.default\ FF - component: c:\program files\adobe\acrobat 10.0\acrobat\browser\wcfirefoxextn\components\WCFirefox3Extn.dll FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.5.1.2\ipsffplgn\components\IPSFFPl.dll FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\users\mj\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1308000.00e\symds.sys [2012-8-15 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1308000.00e\symefa.sys [2012-8-15 924320] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-6-23 275048] S1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.5.1.2\definitions\bashdefs\20120905.001\BHDrvx86.sys [2012-8-31 995488] S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1308000.00e\ccsetx86.sys [2012-8-15 132768] S1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.5.1.2\definitions\ipsdefs\20120906.002\IDSvix86.sys [2012-9-6 386720] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1308000.00e\ironx86.sys [2012-8-15 149624] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nis\1308000.00e\symnets.sys [2012-8-15 318584] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960] S2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2010-1-19 81920] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-22 136176] S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-20 374184] S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856] S2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-2-11 47640] S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-6 655944] S2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.8.0.14\ccsvchst.exe [2012-8-15 138272] S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\nuance\paperport\PDFProFiltSrvPP.exe [2010-3-9 144672] S2 RapidPortM1;RapidPortM1;c:\windows\system32\drivers\CAPM1LP.SYS [2010-2-5 22912] S2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-11-13 110592] S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [2011-10-7 71424] S3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSib.sys [2011-10-7 11520] S3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2011-10-7 245760] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-9-6 106656] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-22 136176] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-9-6 22344] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-8-10 113120] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-6 52224] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-5 1343400] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520] . =============== Created Last 30 ================ . 2012-09-06 19:08:25 -------- d-sh--w- C:\found.001 2012-09-06 17:50:08 -------- d-----w- c:\users\mj\appdata\roaming\Malwarebytes 2012-09-06 17:49:59 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-06 17:49:59 -------- d-----w- c:\programdata\Malwarebytes 2012-09-06 17:49:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-08-24 17:26:22 -------- d-----w- c:\programdata\Carbonite 2012-08-24 17:26:22 -------- d-----w- c:\program files\Carbonite 2012-08-24 15:52:59 -------- d-sh--w- C:\found.000 2012-08-22 20:48:45 -------- d-----w- c:\users\mj\jagexcache1 2012-08-16 21:05:34 -------- d-----w- c:\windows\en 2012-08-16 21:03:26 19720 ----a-w- c:\programdata\microsoft\identitycrl\production\ppcrlconfig600.dll 2012-08-16 20:59:24 89944 ----a-w- c:\program files\common files\windows live\.cache\3f995a91cd7bf206\DSETUP.dll 2012-08-16 20:59:24 537432 ----a-w- c:\program files\common files\windows live\.cache\3f995a91cd7bf206\DXSETUP.exe 2012-08-16 20:59:24 1801048 ----a-w- c:\program files\common files\windows live\.cache\3f995a91cd7bf206\dsetup32.dll 2012-08-16 20:58:28 -------- d-----w- c:\users\mj\appdata\local\{54AF5CBF-5B61-48FD-AD5F-9DBD4A77655E} 2012-08-16 20:58:18 -------- d-----w- c:\users\mj\appdata\local\{27958AFA-33EF-44FC-9214-C12C96379B71} 2012-08-16 20:57:59 -------- d-----w- c:\users\mj\appdata\local\{03B31BD4-EFDD-4046-BFEE-86AFEE3AA771} 2012-08-16 20:57:48 -------- d-----w- c:\users\mj\appdata\local\{2A4F3DD4-7242-4259-8F62-DF5F5FA9B102} 2012-08-16 20:57:13 -------- d-----w- c:\users\mj\appdata\local\{788BDA24-56B7-4446-B0CE-1F0290D2C4D2} 2012-08-16 20:57:02 -------- d-----w- c:\users\mj\appdata\local\{7005D15B-1355-4D42-832C-C2B0C0A420F4} 2012-08-16 20:56:28 -------- d-----w- c:\users\mj\appdata\local\{1491FF06-6627-4E33-A0F0-C9BDB697B48E} 2012-08-16 20:56:08 -------- d-----w- c:\users\mj\appdata\local\{BA9055CD-206C-45D4-AED8-22425D128222} 2012-08-16 19:55:06 -------- d-----w- c:\users\mj\appdata\local\{91447190-21A3-46C2-BCB1-CC82B8A7FB6E} 2012-08-16 19:54:45 -------- d-----w- c:\users\mj\appdata\local\{F0AB2D87-E08E-4FD8-8003-6F2338107790} 2012-08-15 18:29:29 -------- d-----w- c:\program files\Oracle 2012-08-15 18:27:59 772544 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-08-15 14:34:15 318584 ----a-w- c:\windows\system32\drivers\nis\1308000.00e\symnets.sys 2012-08-15 14:34:14 924320 ----a-w- c:\windows\system32\drivers\nis\1308000.00e\symefa.sys 2012-08-15 14:34:14 340088 ----a-r- c:\windows\system32\drivers\nis\1308000.00e\symds.sys 2012-08-15 14:34:13 32928 ----a-w- c:\windows\system32\drivers\nis\1308000.00e\srtspx.sys 2012-08-15 14:34:11 574112 ----a-w- c:\windows\system32\drivers\nis\1308000.00e\srtsp.sys 2012-08-15 14:34:11 149624 ----a-w- c:\windows\system32\drivers\nis\1308000.00e\ironx86.sys 2012-08-15 14:34:10 132768 ----a-w- c:\windows\system32\drivers\nis\1308000.00e\ccsetx86.sys 2012-08-15 14:33:10 8942 ----a-w- c:\windows\system32\drivers\nis\1308000.00e\symvtcer.dat 2012-08-15 14:33:10 -------- d-----w- c:\windows\system32\drivers\nis\1308000.00E . ==================== Find3M ==================== . 2012-07-31 14:08:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-31 14:08:51 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-11 14:14:14 83392 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2012-07-11 14:14:13 87456 ----a-w- c:\windows\system32\LMIinit.dll 2012-07-11 14:14:13 52128 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll 2012-07-11 14:14:13 30624 ----a-w- c:\windows\system32\LMIport.dll 2012-07-06 03:06:20 687544 ----a-w- c:\windows\system32\deployJava1.dll . ============= FINISH: 9:30:48.50 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume2 Install Date: 2/3/2010 12:04:04 PM System Uptime: 9/7/2012 9:25:10 AM (0 hours ago) . Motherboard: Dell Inc. | | 0JJW8N Processor: Intel® Core2 Duo CPU E7500 @ 2.93GHz | Socket 775 | 2926/266mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 225 GiB total, 88.893 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Security Processor Loader Driver Device ID: ROOT\LEGACY_SPLDR\0000 Manufacturer: Name: Security Processor Loader Driver PNP Device ID: ROOT\LEGACY_SPLDR\0000 Service: spldr . ==== System Restore Points =================== . RP130: 8/27/2012 11:47:06 AM - Installed Microsoft Fix it 50267 RP131: 9/4/2012 12:00:01 AM - Scheduled Checkpoint . ==== Installed Programs ====================== . Adobe Acrobat X Standard - English, Français, Deutsch Adobe AIR Adobe Flash Player 10 Plugin Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.4) Audacity 2.0 Brother MFL-Pro Suite MFC-7860DW BYOJeopardy 1.2.12 Canon PC1200/iC D600/iR1200G Carbonite Compatibility Pack for the 2007 Office system D3DX10 Dell Backup and Recovery Manager Dell Edoc Viewer Google Chrome Google Earth Google Update Helper Intel® Graphics Media Accelerator Driver Intel® TV Wizard Intel® Matrix Storage Manager Java Auto Updater Java 6 Update 31 Java 7 Update 5 JavaFX 2.1.1 Junk Mail filter update LAME v3.98.3 for Audacity LogMeIn Malwarebytes Anti-Malware version 1.62.0.1300 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Office File Validation Add-In Microsoft Office OneNote 2003 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Professional Edition 2003 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Mozilla Firefox 14.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB973685) Norton Internet Security Nuance PaperPort 12 Nuance PDF Viewer Plus OGA Notifier 2.0.0048.0 PaperPort Image Printer PowerDVD DX Realtek High Definition Audio Driver Relativity Web Client 7.1 Relativity Web Client Manager 7.1 Roxio Creator Audio Roxio Creator Copy Roxio Creator Data Roxio Creator DE 10.3 Roxio Creator Tools Roxio Express Labeler 3 Roxio Update Manager Scansoft PDF Professional Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) WD SmartWare WebEx Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinZip 14.5 YouTube Downloader 3.4 . ==== Event Viewer Messages From Past Week ======== . 9/7/2012 9:27:44 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 9/7/2012 9:25:54 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 9/7/2012 9:25:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 9/7/2012 9:25:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 9/7/2012 9:25:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service CarboniteService with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666} 9/7/2012 9:25:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 9/7/2012 9:25:34 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccSet_NIS discache eeCtrl IDSVix86 spldr SRTSPX SymIRON SymNetS Wanarpv6 9/7/2012 9:25:31 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x83a7ab66, 0xb8c9af6c, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090712-16239-01. 9/7/2012 9:24:06 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Update service, but this action failed with the following error: An instance of the service is already running. 9/7/2012 9:24:06 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running. 9/7/2012 9:24:06 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: An instance of the service is already running. 9/7/2012 9:23:06 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s). 9/7/2012 9:23:06 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/7/2012 9:23:06 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 9/7/2012 9:23:06 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 9/7/2012 9:23:06 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/7/2012 9:23:06 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/7/2012 9:23:06 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 9/7/2012 9:23:06 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/7/2012 9:23:06 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/7/2012 9:23:06 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 9/7/2012 9:23:06 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 9/7/2012 9:23:06 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 9/7/2012 9:23:06 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 9/7/2012 9:23:06 AM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 9/7/2012 9:23:06 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/7/2012 9:23:06 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/7/2012 9:21:12 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x83a6ab66, 0x9c902f6c, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090712-29936-01. 9/7/2012 9:16:46 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x83a5ab66, 0x8a93af6c, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090712-32323-01. 9/7/2012 9:14:22 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Program Compatibility Assistant Service service, but this action failed with the following error: An instance of the service is already running. 9/7/2012 9:13:19 AM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s). 9/7/2012 9:13:19 AM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 9/7/2012 9:13:19 AM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/7/2012 9:13:19 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/7/2012 9:13:19 AM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/7/2012 9:13:19 AM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 9/7/2012 9:13:19 AM, Error: Service Control Manager [7031] - The Offline Files service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 9/7/2012 9:13:19 AM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. 9/7/2012 9:13:19 AM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 9/7/2012 9:13:19 AM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 9/7/2012 9:09:55 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 9/6/2012 9:28:20 AM, Error: Service Control Manager [7000] - The Application Information service failed to start due to the following error: The pipe has been ended. 9/6/2012 9:18:45 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service. 9/6/2012 9:18:45 AM, Error: Service Control Manager [7000] - The IKE and AuthIP IPsec Keying Modules service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 9/6/2012 6:04:53 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Winmgmt service. 9/6/2012 6:04:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820} 9/6/2012 4:52:45 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service. 9/6/2012 4:52:45 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 9/6/2012 4:25:24 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ProfSvc service. 9/6/2012 4:25:24 PM, Error: Service Control Manager [7000] - The User Profile Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 9/6/2012 4:24:54 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service. 9/6/2012 4:24:54 PM, Error: Service Control Manager [7000] - The System Event Notification Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 9/6/2012 4:23:54 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Windows Management Instrumentation service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion. 9/6/2012 4:23:24 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: An instance of the service is already running. 9/6/2012 4:23:24 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running. 9/6/2012 4:23:24 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the gpsvc service. 9/6/2012 4:23:24 PM, Error: Service Control Manager [7000] - The Group Policy Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 9/6/2012 2:28:52 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 9/6/2012 2:27:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 9/6/2012 2:27:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 9/6/2012 2:27:38 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 ccSet_NIS CSC DfsC discache eeCtrl IDSVix86 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx Wanarpv6 WfpLwf 9/6/2012 2:27:38 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x83a72b66, 0xb89c0f6c, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090612-18454-01. 9/6/2012 2:27:37 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 9/6/2012 2:27:37 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 9/6/2012 2:27:37 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 9/6/2012 2:27:37 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 9/6/2012 2:27:37 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 9/6/2012 2:27:36 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 9/6/2012 2:27:36 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 9/6/2012 2:27:36 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 9/6/2012 2:27:36 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 9/6/2012 2:27:36 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 9/6/2012 2:24:27 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Server service to connect. 9/6/2012 2:24:27 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion. 9/6/2012 2:24:27 PM, Error: Service Control Manager [7000] - The Server service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 9/6/2012 2:04:10 PM, Error: Service Control Manager [7001] - The Application Information service depends on the User Profile Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion. 9/6/2012 2:02:40 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service. 9/6/2012 2:02:40 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 9/6/2012 12:22:26 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running. 9/6/2012 12:15:20 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000074, 0x00000002, 0x00000001, 0x830ce92b). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090612-24024-01. 9/6/2012 12:07:42 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Multimedia Class Scheduler service to connect. 9/6/2012 12:07:42 PM, Error: Service Control Manager [7001] - The Windows Audio service depends on the Multimedia Class Scheduler service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion. 9/6/2012 11:11:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service wuauserv with arguments "" in order to run the server: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} 9/6/2012 10:39:01 AM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s). 9/6/2012 10:39:01 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 9/6/2012 10:39:01 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 9/6/2012 10:39:01 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/6/2012 10:39:01 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/6/2012 10:39:01 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 9/6/2012 10:39:01 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 9/6/2012 10:39:01 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 9/6/2012 10:39:01 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 9/6/2012 10:39:01 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 9/6/2012 10:39:01 AM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 9/6/2012 10:39:01 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 9/6/2012 10:39:01 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/6/2012 10:01:47 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service. 9/6/2012 1:59:40 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service. 9/6/2012 1:59:40 PM, Error: Service Control Manager [7000] - The IP Helper service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 9/6/2012 1:58:10 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the seclogon service. 9/6/2012 1:58:10 PM, Error: Service Control Manager [7000] - The Secondary Logon service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 9/6/2012 1:57:10 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running. 9/6/2012 1:55:40 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service. 9/6/2012 1:55:40 PM, Error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 9/6/2012 1:55:10 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service. 9/6/2012 1:55:10 PM, Error: Service Control Manager [7000] - The Task Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 9/6/2012 1:54:40 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Themes service. 9/6/2012 1:54:40 PM, Error: Service Control Manager [7000] - The Themes service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 9/6/2012 1:53:40 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service. 9/6/2012 1:53:40 PM, Error: Service Control Manager [7000] - The Windows Update service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 9/6/2012 1:52:10 PM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 9/6/2012 1:44:40 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x83a65b66, 0x97c9ef6c, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090612-36566-01. 9/6/2012 1:34:03 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x83a4bb66, 0xb5846f6c, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090612-32853-01. 9/6/2012 1:28:18 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x83a63b66, 0xd0aaef6c, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090612-40451-01. 9/6/2012 1:25:44 PM, Error: Service Control Manager [7034] - The Problem Reports and Solutions Control Panel Support service terminated unexpectedly. It has done this 1 time(s). 9/6/2012 1:25:07 PM, Error: Service Control Manager [7031] - The Windows Firewall service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 9/6/2012 1:25:07 PM, Error: Service Control Manager [7031] - The Diagnostic Policy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 9/6/2012 1:25:07 PM, Error: Service Control Manager [7031] - The Base Filtering Engine service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 9/6/2012 1:10:20 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:. 9/5/2012 11:51:58 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IKE and AuthIP IPsec Keying Modules service to connect. 9/5/2012 10:40:43 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. 9/4/2012 4:07:27 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer WS02 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{51F4D2AB-899D-4E15-A5ED-5FC988182DD8}. The master browser is stopping or an election is being forced. 9/1/2012 4:11:20 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 3 time(s). 9/1/2012 4:11:20 AM, Error: Service Control Manager [7034] - The User Profile Service service terminated unexpectedly. It has done this 3 time(s). 9/1/2012 4:11:20 AM, Error: Service Control Manager [7034] - The Themes service terminated unexpectedly. It has done this 3 time(s). 9/1/2012 4:11:20 AM, Error: Service Control Manager [7034] - The Task Scheduler service terminated unexpectedly. It has done this 3 time(s). 9/1/2012 4:11:20 AM, Error: Service Control Manager [7034] - The System Event Notification Service service terminated unexpectedly. It has done this 3 time(s). 9/1/2012 4:11:20 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 3 time(s). 9/1/2012 4:11:20 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 3 time(s). 9/1/2012 4:11:20 AM, Error: Service Control Manager [7034] - The IP Helper service terminated unexpectedly. It has done this 3 time(s). 9/1/2012 4:11:20 AM, Error: Service Control Manager [7034] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 3 time(s). 9/1/2012 4:11:20 AM, Error: Service Control Manager [7034] - The Group Policy Client service terminated unexpectedly. It has done this 3 time(s). 9/1/2012 4:11:20 AM, Error: Service Control Manager [7034] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 3 time(s). 8/31/2012 1:38:01 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 8/31/2012 1:28:35 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: A thread could not be created for the service. . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.