BigKev

Thanks for all the help gringo. This was my parents' PC so they appreciate the help too. It's an ongoing effort to educate them on internet security. Hopefully this will be the last time that I will need to enlist in your help. Have a nice holiday. Kevin

Here is what ESET found: C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application C:\Users\Olsons\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\2cc07e61-280b96ed a variant of Java/TrojanDownloader.OpenStream.NCE trojan C:\Users\Olsons\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\2cc07e61-2ad7b80a a variant of Java/TrojanDownloader.OpenStream.NCE trojan C:\Users\Olsons\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\2cc07e61-4871892c a variant of Java/TrojanDownloader.OpenStream.NCE trojan C:\Users\Olsons\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\2cc07e61-61330240 a variant of Java/TrojanDownloader.OpenStream.NCE trojan C:\Users\Olsons\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\2cc07e61-62653b50 a variant of Java/TrojanDownloader.OpenStream.NCE trojan C:\Users\Olsons\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\2cc07e61-71ae2730 a variant of Java/TrojanDownloader.OpenStream.NCE trojan

Mbam log: Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.14.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Olsons :: OLSONS-PC [administrator] 11/14/2012 7:59:43 AM mbam-log-2012-11-14 (07-59-43).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 205986 Time elapsed: 2 minute(s), 13 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Hijack This log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:12:52 AM, on 11/14/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16450) Boot mode: Normal Running processes: C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Olsons\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll O2 - BHO: Browser Guard BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe O4 - HKLM\..\Run: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" O4 - HKLM\..\Run: [iSTray] "C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI O4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe -update activex O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: intu-help-qb5 - {867FCB77-9823-4CD6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing) O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ZoneAlarm LTD Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - Unknown owner - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (file missing) O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: QBCFMonitorService - Intuit - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe O23 - Service: QBIDPService (QBVSS) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: ThreatFire - PC Tools - C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12575 bytes No problems. Everything installed and ran smooth.

This time TDSSKiller worked. Here is the log. So far things are looking good. 11:17:10.0886 2228 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 11:17:11.0763 2228 ============================================================ 11:17:11.0763 2228 Current date / time: 2012/11/13 11:17:11.0763 11:17:11.0763 2228 SystemInfo: 11:17:11.0763 2228 11:17:11.0763 2228 OS Version: 6.1.7601 ServicePack: 1.0 11:17:11.0763 2228 Product type: Workstation 11:17:11.0763 2228 ComputerName: OLSONS-PC 11:17:11.0764 2228 UserName: Olsons 11:17:11.0764 2228 Windows directory: C:\Windows 11:17:11.0765 2228 System windows directory: C:\Windows 11:17:11.0765 2228 Running under WOW64 11:17:11.0765 2228 Processor architecture: Intel x64 11:17:11.0765 2228 Number of processors: 2 11:17:11.0765 2228 Page size: 0x1000 11:17:11.0765 2228 Boot type: Normal boot 11:17:11.0765 2228 ============================================================ 11:17:14.0759 2228 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 11:17:14.0789 2228 ============================================================ 11:17:14.0789 2228 \Device\Harddisk0\DR0: 11:17:14.0789 2228 MBR partitions: 11:17:14.0790 2228 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x13C3000 11:17:14.0790 2228 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13D7000, BlocksNum 0x49479AB0 11:17:14.0790 2228 ============================================================ 11:17:14.0841 2228 C: <-> \Device\Harddisk0\DR0\Partition2 11:17:14.0842 2228 ============================================================ 11:17:14.0842 2228 Initialize success 11:17:14.0842 2228 ============================================================ 11:17:20.0533 4564 ============================================================ 11:17:20.0533 4564 Scan started 11:17:20.0533 4564 Mode: Manual; 11:17:20.0533 4564 ============================================================ 11:17:22.0285 4564 ================ Scan system memory ======================== 11:17:22.0285 4564 System memory - ok 11:17:22.0287 4564 ================ Scan services ============================= 11:17:22.0495 4564 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 11:17:22.0507 4564 1394ohci - ok 11:17:22.0548 4564 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 11:17:22.0552 4564 ACPI - ok 11:17:22.0619 4564 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 11:17:22.0620 4564 AcpiPmi - ok 11:17:22.0815 4564 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 11:17:22.0831 4564 AdobeFlashPlayerUpdateSvc - ok 11:17:22.0916 4564 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 11:17:22.0928 4564 adp94xx - ok 11:17:22.0990 4564 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 11:17:23.0010 4564 adpahci - ok 11:17:23.0036 4564 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 11:17:23.0044 4564 adpu320 - ok 11:17:23.0114 4564 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 11:17:23.0116 4564 AeLookupSvc - ok 11:17:23.0254 4564 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 11:17:23.0267 4564 AFD - ok 11:17:23.0333 4564 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 11:17:23.0338 4564 agp440 - ok 11:17:23.0353 4564 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 11:17:23.0355 4564 ALG - ok 11:17:23.0379 4564 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 11:17:23.0381 4564 aliide - ok 11:17:23.0416 4564 [ E2934A5F82E010D8783544536384B035 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 11:17:23.0420 4564 AMD External Events Utility - ok 11:17:23.0430 4564 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 11:17:23.0433 4564 amdide - ok 11:17:23.0465 4564 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 11:17:23.0470 4564 AmdK8 - ok 11:17:23.0531 4564 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 11:17:23.0534 4564 AmdPPM - ok 11:17:23.0665 4564 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 11:17:23.0670 4564 amdsata - ok 11:17:23.0755 4564 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 11:17:23.0759 4564 amdsbs - ok 11:17:23.0800 4564 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 11:17:23.0801 4564 amdxata - ok 11:17:23.0872 4564 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 11:17:23.0877 4564 AppID - ok 11:17:23.0903 4564 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 11:17:23.0903 4564 AppIDSvc - ok 11:17:23.0990 4564 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 11:17:23.0994 4564 Appinfo - ok 11:17:24.0134 4564 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 11:17:24.0135 4564 Apple Mobile Device - ok 11:17:24.0254 4564 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 11:17:24.0259 4564 arc - ok 11:17:24.0305 4564 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 11:17:24.0307 4564 arcsas - ok 11:17:24.0544 4564 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 11:17:24.0570 4564 aspnet_state - ok 11:17:24.0607 4564 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 11:17:24.0608 4564 AsyncMac - ok 11:17:24.0661 4564 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 11:17:24.0662 4564 atapi - ok 11:17:24.0692 4564 [ FB7602C5C508BE281368AAE0B61B51C6 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys 11:17:24.0695 4564 AtiHdmiService - ok 11:17:24.0884 4564 [ ADF81052D94BCD3FF7DB2FE59E3ED6F4 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys 11:17:24.0983 4564 atikmdag - ok 11:17:25.0016 4564 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys 11:17:25.0017 4564 AtiPcie - ok 11:17:25.0065 4564 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 11:17:25.0069 4564 AudioEndpointBuilder - ok 11:17:25.0090 4564 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 11:17:25.0093 4564 AudioSrv - ok 11:17:25.0126 4564 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 11:17:25.0130 4564 AxInstSV - ok 11:17:25.0168 4564 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 11:17:25.0177 4564 b06bdrv - ok 11:17:25.0209 4564 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 11:17:25.0214 4564 b57nd60a - ok 11:17:25.0250 4564 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 11:17:25.0253 4564 BDESVC - ok 11:17:25.0387 4564 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 11:17:25.0388 4564 Beep - ok 11:17:25.0536 4564 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 11:17:25.0540 4564 BFE - ok 11:17:25.0678 4564 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll 11:17:25.0687 4564 BITS - ok 11:17:25.0715 4564 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 11:17:25.0719 4564 blbdrive - ok 11:17:25.0814 4564 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 11:17:25.0817 4564 Bonjour Service - ok 11:17:25.0855 4564 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 11:17:25.0857 4564 bowser - ok 11:17:25.0889 4564 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 11:17:25.0890 4564 BrFiltLo - ok 11:17:25.0927 4564 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 11:17:25.0929 4564 BrFiltUp - ok 11:17:26.0003 4564 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 11:17:26.0005 4564 BridgeMP - ok 11:17:26.0060 4564 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 11:17:26.0062 4564 Browser - ok 11:17:26.0250 4564 [ 7229B58039D5A9338AD633E8AB60619C ] Browser Defender Update Service C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe 11:17:26.0260 4564 Browser Defender Update Service - ok 11:17:26.0285 4564 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 11:17:26.0291 4564 Brserid - ok 11:17:26.0327 4564 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 11:17:26.0330 4564 BrSerWdm - ok 11:17:26.0354 4564 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 11:17:26.0356 4564 BrUsbMdm - ok 11:17:26.0380 4564 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 11:17:26.0383 4564 BrUsbSer - ok 11:17:26.0409 4564 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 11:17:26.0412 4564 BTHMODEM - ok 11:17:26.0806 4564 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 11:17:26.0823 4564 bthserv - ok 11:17:26.0968 4564 [ 59704E6F028C5B9207F023C75E262C69 ] CarboniteService C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe 11:17:26.0998 4564 CarboniteService - ok 11:17:27.0038 4564 catchme - ok 11:17:27.0062 4564 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 11:17:27.0064 4564 cdfs - ok 11:17:27.0111 4564 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys 11:17:27.0114 4564 cdrom - ok 11:17:27.0173 4564 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 11:17:27.0176 4564 CertPropSvc - ok 11:17:27.0209 4564 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 11:17:27.0213 4564 circlass - ok 11:17:27.0254 4564 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 11:17:27.0259 4564 CLFS - ok 11:17:27.0327 4564 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 11:17:27.0329 4564 clr_optimization_v2.0.50727_32 - ok 11:17:27.0398 4564 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 11:17:27.0411 4564 clr_optimization_v2.0.50727_64 - ok 11:17:27.0591 4564 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 11:17:27.0680 4564 clr_optimization_v4.0.30319_32 - ok 11:17:27.0704 4564 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 11:17:27.0738 4564 clr_optimization_v4.0.30319_64 - ok 11:17:27.0785 4564 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 11:17:27.0787 4564 CmBatt - ok 11:17:27.0936 4564 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 11:17:27.0940 4564 cmdide - ok 11:17:27.0978 4564 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 11:17:27.0984 4564 CNG - ok 11:17:28.0035 4564 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 11:17:28.0038 4564 Compbatt - ok 11:17:28.0094 4564 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 11:17:28.0097 4564 CompositeBus - ok 11:17:28.0109 4564 COMSysApp - ok 11:17:28.0129 4564 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 11:17:28.0130 4564 crcdisk - ok 11:17:28.0189 4564 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 11:17:28.0190 4564 CryptSvc - ok 11:17:28.0650 4564 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 11:17:28.0661 4564 DcomLaunch - ok 11:17:29.0141 4564 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 11:17:29.0160 4564 defragsvc - ok 11:17:29.0691 4564 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 11:17:29.0696 4564 DfsC - ok 11:17:29.0823 4564 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 11:17:29.0825 4564 Dhcp - ok 11:17:29.0882 4564 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 11:17:29.0883 4564 discache - ok 11:17:29.0965 4564 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 11:17:29.0970 4564 Disk - ok 11:17:30.0062 4564 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 11:17:30.0066 4564 Dnscache - ok 11:17:30.0429 4564 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe 11:17:30.0433 4564 DockLoginService - ok 11:17:30.0493 4564 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 11:17:30.0499 4564 dot3svc - ok 11:17:30.0601 4564 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 11:17:30.0602 4564 DPS - ok 11:17:30.0802 4564 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 11:17:30.0804 4564 drmkaud - ok 11:17:30.0878 4564 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 11:17:30.0939 4564 DXGKrnl - ok 11:17:30.0966 4564 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 11:17:30.0969 4564 EapHost - ok 11:17:31.0238 4564 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 11:17:31.0306 4564 ebdrv - ok 11:17:31.0343 4564 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 11:17:31.0344 4564 EFS - ok 11:17:31.0443 4564 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 11:17:31.0486 4564 ehRecvr - ok 11:17:31.0524 4564 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 11:17:31.0526 4564 ehSched - ok 11:17:31.0591 4564 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 11:17:31.0819 4564 elxstor - ok 11:17:31.0917 4564 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 11:17:31.0920 4564 ErrDev - ok 11:17:32.0062 4564 esgiguard - ok 11:17:32.0131 4564 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 11:17:32.0139 4564 EventSystem - ok 11:17:32.0164 4564 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 11:17:32.0168 4564 exfat - ok 11:17:32.0217 4564 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 11:17:32.0220 4564 fastfat - ok 11:17:32.0280 4564 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 11:17:32.0346 4564 Fax - ok 11:17:32.0367 4564 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 11:17:32.0368 4564 fdc - ok 11:17:32.0395 4564 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 11:17:32.0397 4564 fdPHost - ok 11:17:32.0445 4564 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 11:17:32.0447 4564 FDResPub - ok 11:17:32.0481 4564 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 11:17:32.0484 4564 FileInfo - ok 11:17:32.0490 4564 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 11:17:32.0491 4564 Filetrace - ok 11:17:32.0506 4564 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 11:17:32.0508 4564 flpydisk - ok 11:17:32.0549 4564 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 11:17:32.0554 4564 FltMgr - ok 11:17:32.0633 4564 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 11:17:32.0639 4564 FontCache - ok 11:17:32.0685 4564 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 11:17:32.0687 4564 FontCache3.0.0.0 - ok 11:17:32.0700 4564 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 11:17:32.0702 4564 FsDepends - ok 11:17:32.0734 4564 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 11:17:32.0735 4564 Fs_Rec - ok 11:17:32.0773 4564 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 11:17:32.0777 4564 fvevol - ok 11:17:32.0802 4564 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 11:17:32.0804 4564 gagp30kx - ok 11:17:32.0837 4564 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 11:17:32.0838 4564 GEARAspiWDM - ok 11:17:32.0884 4564 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe 11:17:32.0885 4564 GoToAssist - ok 11:17:32.0999 4564 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 11:17:33.0012 4564 gpsvc - ok 11:17:33.0048 4564 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 11:17:33.0050 4564 hcw85cir - ok 11:17:33.0218 4564 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 11:17:33.0221 4564 HDAudBus - ok 11:17:33.0265 4564 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 11:17:33.0268 4564 HidBatt - ok 11:17:33.0312 4564 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 11:17:33.0317 4564 HidBth - ok 11:17:33.0363 4564 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 11:17:33.0367 4564 HidIr - ok 11:17:33.0433 4564 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll 11:17:33.0436 4564 hidserv - ok 11:17:33.0513 4564 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 11:17:33.0515 4564 HidUsb - ok 11:17:33.0595 4564 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 11:17:33.0603 4564 hkmsvc - ok 11:17:33.0682 4564 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 11:17:33.0688 4564 HomeGroupListener - ok 11:17:33.0766 4564 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 11:17:33.0772 4564 HomeGroupProvider - ok 11:17:33.0935 4564 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 11:17:33.0940 4564 HpSAMD - ok 11:17:34.0069 4564 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 11:17:34.0119 4564 HTTP - ok 11:17:34.0191 4564 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 11:17:34.0194 4564 hwpolicy - ok 11:17:34.0264 4564 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 11:17:34.0267 4564 i8042prt - ok 11:17:34.0313 4564 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 11:17:34.0322 4564 iaStorV - ok 11:17:34.0379 4564 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 11:17:34.0397 4564 idsvc - ok 11:17:34.0427 4564 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 11:17:34.0429 4564 iirsp - ok 11:17:34.0478 4564 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 11:17:34.0483 4564 IKEEXT - ok 11:17:34.0553 4564 [ 9526F32B8A76F8DC25A1587400E30084 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 11:17:34.0631 4564 IntcAzAudAddService - ok 11:17:34.0651 4564 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 11:17:34.0652 4564 intelide - ok 11:17:34.0685 4564 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 11:17:34.0687 4564 intelppm - ok 11:17:34.0715 4564 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 11:17:34.0716 4564 IPBusEnum - ok 11:17:34.0746 4564 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 11:17:34.0748 4564 IpFilterDriver - ok 11:17:34.0813 4564 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 11:17:34.0817 4564 iphlpsvc - ok 11:17:34.0845 4564 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 11:17:34.0848 4564 IPMIDRV - ok 11:17:34.0869 4564 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 11:17:34.0872 4564 IPNAT - ok 11:17:34.0933 4564 [ EE4C2A137C7088911A8919EFFC9812E7 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 11:17:34.0951 4564 iPod Service - ok 11:17:34.0971 4564 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 11:17:34.0973 4564 IRENUM - ok 11:17:34.0985 4564 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 11:17:34.0987 4564 isapnp - ok 11:17:35.0019 4564 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 11:17:35.0023 4564 iScsiPrt - ok 11:17:35.0083 4564 [ BA8C6135E6E632139DAC5B34861FCB03 ] ISWKL C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys 11:17:35.0085 4564 ISWKL - ok 11:17:35.0105 4564 [ EEF0D7308C247294389B566A7830B211 ] IswSvc C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe 11:17:35.0109 4564 IswSvc - ok 11:17:35.0139 4564 [ D85F3F18E44F7447B5F1BA5C85BAEB7C ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys 11:17:35.0144 4564 k57nd60a - ok 11:17:35.0183 4564 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 11:17:35.0187 4564 kbdclass - ok 11:17:35.0282 4564 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 11:17:35.0284 4564 kbdhid - ok 11:17:35.0293 4564 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 11:17:35.0294 4564 KeyIso - ok 11:17:35.0334 4564 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 11:17:35.0336 4564 KSecDD - ok 11:17:35.0362 4564 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 11:17:35.0365 4564 KSecPkg - ok 11:17:35.0392 4564 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 11:17:35.0393 4564 ksthunk - ok 11:17:35.0432 4564 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 11:17:35.0439 4564 KtmRm - ok 11:17:35.0473 4564 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll 11:17:35.0475 4564 LanmanServer - ok 11:17:35.0515 4564 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 11:17:35.0516 4564 LanmanWorkstation - ok 11:17:35.0552 4564 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 11:17:35.0554 4564 lltdio - ok 11:17:35.0576 4564 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 11:17:35.0582 4564 lltdsvc - ok 11:17:35.0603 4564 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 11:17:35.0604 4564 lmhosts - ok 11:17:35.0636 4564 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 11:17:35.0639 4564 LSI_FC - ok 11:17:35.0651 4564 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 11:17:35.0654 4564 LSI_SAS - ok 11:17:35.0669 4564 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 11:17:35.0671 4564 LSI_SAS2 - ok 11:17:35.0686 4564 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 11:17:35.0689 4564 LSI_SCSI - ok 11:17:35.0705 4564 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 11:17:35.0707 4564 luafv - ok 11:17:35.0718 4564 MBAMProtector - ok 11:17:35.0783 4564 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe 11:17:35.0785 4564 MBAMScheduler - ok 11:17:35.0825 4564 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 11:17:35.0844 4564 MBAMService - ok 11:17:35.0889 4564 McMPFSvc - ok 11:17:35.0928 4564 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 11:17:35.0931 4564 Mcx2Svc - ok 11:17:35.0940 4564 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 11:17:35.0942 4564 megasas - ok 11:17:35.0957 4564 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 11:17:35.0962 4564 MegaSR - ok 11:17:35.0991 4564 [ 60CF67458DD29CD17E77F2327B1A9A54 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys 11:17:36.0009 4564 mfehidk - ok 11:17:36.0058 4564 [ 723A5EB6CEF7F408C3D0F15A82A6BFF8 ] mfevtp C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe 11:17:36.0059 4564 mfevtp - ok 11:17:36.0086 4564 [ 919C56DB14A0E1E2AB6DA5D2821DC26E ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys 11:17:36.0091 4564 mfewfpk - ok 11:17:36.0120 4564 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 11:17:36.0122 4564 MMCSS - ok 11:17:36.0142 4564 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 11:17:36.0144 4564 Modem - ok 11:17:36.0168 4564 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 11:17:36.0169 4564 monitor - ok 11:17:36.0194 4564 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 11:17:36.0196 4564 mouclass - ok 11:17:36.0226 4564 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 11:17:36.0227 4564 mouhid - ok 11:17:36.0261 4564 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 11:17:36.0264 4564 mountmgr - ok 11:17:36.0280 4564 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 11:17:36.0283 4564 mpio - ok 11:17:36.0295 4564 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 11:17:36.0298 4564 mpsdrv - ok 11:17:36.0364 4564 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 11:17:36.0370 4564 MpsSvc - ok 11:17:36.0410 4564 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 11:17:36.0413 4564 MRxDAV - ok 11:17:36.0450 4564 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 11:17:36.0453 4564 mrxsmb - ok 11:17:36.0490 4564 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 11:17:36.0495 4564 mrxsmb10 - ok 11:17:36.0547 4564 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 11:17:36.0553 4564 mrxsmb20 - ok 11:17:36.0645 4564 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 11:17:36.0648 4564 msahci - ok 11:17:36.0687 4564 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 11:17:36.0690 4564 msdsm - ok 11:17:36.0705 4564 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 11:17:36.0708 4564 MSDTC - ok 11:17:36.0732 4564 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 11:17:36.0733 4564 Msfs - ok 11:17:36.0797 4564 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 11:17:36.0800 4564 mshidkmdf - ok 11:17:36.0872 4564 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 11:17:36.0874 4564 msisadrv - ok 11:17:36.0990 4564 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 11:17:36.0997 4564 MSiSCSI - ok 11:17:37.0001 4564 msiserver - ok 11:17:37.0044 4564 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 11:17:37.0046 4564 MSKSSRV - ok 11:17:37.0049 4564 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 11:17:37.0051 4564 MSPCLOCK - ok 11:17:37.0074 4564 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 11:17:37.0076 4564 MSPQM - ok 11:17:37.0120 4564 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 11:17:37.0140 4564 MsRPC - ok 11:17:37.0855 4564 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 11:17:37.0855 4564 mssmbios - ok 11:17:37.0867 4564 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 11:17:37.0869 4564 MSTEE - ok 11:17:37.0882 4564 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 11:17:37.0883 4564 MTConfig - ok 11:17:37.0901 4564 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 11:17:37.0903 4564 Mup - ok 11:17:37.0941 4564 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 11:17:37.0945 4564 napagent - ok 11:17:37.0967 4564 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 11:17:37.0973 4564 NativeWifiP - ok 11:17:38.0036 4564 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 11:17:38.0042 4564 NDIS - ok 11:17:38.0078 4564 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 11:17:38.0080 4564 NdisCap - ok 11:17:38.0107 4564 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 11:17:38.0110 4564 NdisTapi - ok 11:17:38.0146 4564 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 11:17:38.0148 4564 Ndisuio - ok 11:17:38.0217 4564 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 11:17:38.0221 4564 NdisWan - ok 11:17:38.0290 4564 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 11:17:38.0292 4564 NDProxy - ok 11:17:38.0302 4564 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 11:17:38.0304 4564 NetBIOS - ok 11:17:38.0363 4564 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 11:17:38.0383 4564 NetBT - ok 11:17:38.0401 4564 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 11:17:38.0404 4564 Netlogon - ok 11:17:38.0434 4564 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 11:17:38.0437 4564 Netman - ok 11:17:38.0510 4564 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 11:17:38.0597 4564 NetMsmqActivator - ok 11:17:38.0606 4564 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 11:17:38.0609 4564 NetPipeActivator - ok 11:17:38.0636 4564 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 11:17:38.0639 4564 netprofm - ok 11:17:38.0655 4564 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 11:17:38.0656 4564 NetTcpActivator - ok 11:17:38.0661 4564 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 11:17:38.0662 4564 NetTcpPortSharing - ok 11:17:38.0718 4564 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 11:17:38.0724 4564 nfrd960 - ok 11:17:38.0807 4564 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll 11:17:38.0810 4564 NlaSvc - ok 11:17:38.0836 4564 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 11:17:38.0837 4564 Npfs - ok 11:17:38.0872 4564 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 11:17:38.0876 4564 nsi - ok 11:17:38.0887 4564 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 11:17:38.0889 4564 nsiproxy - ok 11:17:38.0967 4564 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 11:17:38.0997 4564 Ntfs - ok 11:17:39.0012 4564 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 11:17:39.0014 4564 Null - ok 11:17:39.0052 4564 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 11:17:39.0058 4564 nvraid - ok 11:17:39.0157 4564 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 11:17:39.0164 4564 nvstor - ok 11:17:39.0186 4564 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 11:17:39.0188 4564 nv_agp - ok 11:17:39.0217 4564 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 11:17:39.0219 4564 ohci1394 - ok 11:17:39.0396 4564 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 11:17:39.0399 4564 ose - ok 11:17:39.0549 4564 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 11:17:39.0637 4564 osppsvc - ok 11:17:39.0666 4564 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 11:17:39.0671 4564 p2pimsvc - ok 11:17:39.0737 4564 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 11:17:39.0759 4564 p2psvc - ok 11:17:39.0796 4564 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 11:17:39.0799 4564 Parport - ok 11:17:39.0859 4564 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 11:17:39.0863 4564 partmgr - ok 11:17:39.0896 4564 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 11:17:39.0898 4564 PcaSvc - ok 11:17:39.0946 4564 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 11:17:39.0953 4564 pci - ok 11:17:39.0984 4564 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 11:17:39.0985 4564 pciide - ok 11:17:40.0016 4564 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 11:17:40.0020 4564 pcmcia - ok 11:17:40.0113 4564 [ 8FE3547A6A4669817BD01ABD46F0CEE5 ] PCTBD C:\Windows\system32\Drivers\PCTBD64.sys 11:17:40.0116 4564 PCTBD - ok 11:17:40.0179 4564 [ 876FD95B7A3B7FE6179FBD16E7A6486C ] PCTCore C:\Windows\system32\drivers\PCTCore64.sys 11:17:40.0213 4564 PCTCore - ok 11:17:40.0258 4564 [ BA1F42A42F405F62CEFF6B69A2797F7C ] pctDS C:\Windows\system32\drivers\pctDS64.sys 11:17:40.0264 4564 pctDS - ok 11:17:40.0316 4564 [ 814ACBA180FB7AD3856D5CCAA857C97D ] pctgntdi C:\Windows\System32\drivers\pctgntdi64.sys 11:17:40.0335 4564 pctgntdi - ok 11:17:40.0369 4564 [ ABC87B90C4D20B0F76DA00FF24B8826A ] pctplsg C:\Windows\System32\drivers\pctplsg64.sys 11:17:40.0370 4564 pctplsg - ok 11:17:40.0436 4564 [ 577F20EBF1E42BEBB238E2412B99C7EE ] PCTSD C:\Windows\system32\Drivers\PCTSD64.sys 11:17:40.0442 4564 PCTSD - ok 11:17:40.0469 4564 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 11:17:40.0471 4564 pcw - ok 11:17:40.0506 4564 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 11:17:40.0525 4564 PEAUTH - ok 11:17:40.0656 4564 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 11:17:40.0667 4564 PerfHost - ok 11:17:40.0733 4564 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 11:17:40.0741 4564 pla - ok 11:17:40.0780 4564 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 11:17:40.0790 4564 PlugPlay - ok 11:17:40.0823 4564 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 11:17:40.0825 4564 PNRPAutoReg - ok 11:17:40.0840 4564 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 11:17:40.0844 4564 PNRPsvc - ok 11:17:40.0864 4564 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 11:17:40.0867 4564 PolicyAgent - ok 11:17:40.0916 4564 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 11:17:40.0918 4564 Power - ok 11:17:40.0940 4564 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 11:17:40.0943 4564 PptpMiniport - ok 11:17:40.0998 4564 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 11:17:41.0002 4564 Processor - ok 11:17:41.0047 4564 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 11:17:41.0087 4564 ProfSvc - ok 11:17:41.0092 4564 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 11:17:41.0094 4564 ProtectedStorage - ok 11:17:41.0135 4564 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 11:17:41.0138 4564 Psched - ok 11:17:41.0153 4564 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys 11:17:41.0156 4564 PxHlpa64 - ok 11:17:41.0253 4564 [ 291E76C02C0994E4E6F1F97A4BCF6C0E ] QBCFMonitorService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe 11:17:41.0254 4564 QBCFMonitorService - ok 11:17:41.0340 4564 [ 6BEE1814470DC12FA20C53DFC3C97EBB ] QBFCService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe 11:17:41.0342 4564 QBFCService - ok 11:17:41.0398 4564 [ 556EF21A96D296357D7BA075095E0A0A ] QBVSS C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe 11:17:41.0405 4564 QBVSS - ok 11:17:41.0450 4564 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 11:17:41.0478 4564 ql2300 - ok 11:17:41.0504 4564 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 11:17:41.0506 4564 ql40xx - ok 11:17:41.0533 4564 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 11:17:41.0538 4564 QWAVE - ok 11:17:41.0542 4564 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 11:17:41.0544 4564 QWAVEdrv - ok 11:17:41.0558 4564 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 11:17:41.0560 4564 RasAcd - ok 11:17:41.0592 4564 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 11:17:41.0595 4564 RasAgileVpn - ok 11:17:41.0609 4564 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 11:17:41.0610 4564 RasAuto - ok 11:17:41.0657 4564 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 11:17:41.0660 4564 Rasl2tp - ok 11:17:41.0695 4564 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 11:17:41.0698 4564 RasMan - ok 11:17:41.0724 4564 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 11:17:41.0726 4564 RasPppoe - ok 11:17:41.0739 4564 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 11:17:41.0741 4564 RasSstp - ok 11:17:41.0781 4564 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 11:17:41.0786 4564 rdbss - ok 11:17:41.0790 4564 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 11:17:41.0792 4564 rdpbus - ok 11:17:41.0811 4564 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 11:17:41.0812 4564 RDPCDD - ok 11:17:41.0828 4564 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 11:17:41.0829 4564 RDPENCDD - ok 11:17:41.0845 4564 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 11:17:41.0846 4564 RDPREFMP - ok 11:17:41.0875 4564 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 11:17:41.0879 4564 RDPWD - ok 11:17:41.0912 4564 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 11:17:41.0916 4564 rdyboost - ok 11:17:41.0941 4564 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 11:17:41.0942 4564 RemoteAccess - ok 11:17:41.0966 4564 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 11:17:41.0968 4564 RemoteRegistry - ok 11:17:42.0002 4564 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 11:17:42.0003 4564 RpcEptMapper - ok 11:17:42.0033 4564 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 11:17:42.0035 4564 RpcLocator - ok 11:17:42.0070 4564 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 11:17:42.0073 4564 RpcSs - ok 11:17:42.0088 4564 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 11:17:42.0091 4564 rspndr - ok 11:17:42.0101 4564 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 11:17:42.0102 4564 SamSs - ok 11:17:42.0127 4564 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 11:17:42.0130 4564 sbp2port - ok 11:17:42.0148 4564 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 11:17:42.0151 4564 SCardSvr - ok 11:17:42.0205 4564 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 11:17:42.0207 4564 scfilter - ok 11:17:42.0253 4564 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 11:17:42.0273 4564 Schedule - ok 11:17:42.0321 4564 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 11:17:42.0321 4564 SCPolicySvc - ok 11:17:42.0523 4564 [ 17D6A03103586D7954BA74C2219CE1BB ] sdAuxService C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe 11:17:42.0530 4564 sdAuxService - ok 11:17:42.0595 4564 [ 44323C0BCBFFA66A7A90E93F5D027999 ] sdCoreService C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe 11:17:42.0601 4564 sdCoreService - ok 11:17:42.0673 4564 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 11:17:42.0677 4564 SDRSVC - ok 11:17:42.0705 4564 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 11:17:42.0706 4564 secdrv - ok 11:17:42.0737 4564 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 11:17:42.0739 4564 seclogon - ok 11:17:42.0759 4564 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll 11:17:42.0761 4564 SENS - ok 11:17:42.0774 4564 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 11:17:42.0777 4564 SensrSvc - ok 11:17:42.0792 4564 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 11:17:42.0793 4564 Serenum - ok 11:17:42.0815 4564 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 11:17:42.0818 4564 Serial - ok 11:17:42.0851 4564 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 11:17:42.0853 4564 sermouse - ok 11:17:42.0911 4564 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 11:17:42.0914 4564 SessionEnv - ok 11:17:42.0943 4564 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 11:17:42.0945 4564 sffdisk - ok 11:17:42.0955 4564 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 11:17:42.0956 4564 sffp_mmc - ok 11:17:42.0960 4564 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 11:17:42.0962 4564 sffp_sd - ok 11:17:43.0034 4564 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 11:17:43.0035 4564 sfloppy - ok 11:17:43.0078 4564 [ 38F88F0DF46C4D42125EF721ABD7F6B9 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE 11:17:43.0083 4564 SftService - ok 11:17:43.0165 4564 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 11:17:43.0168 4564 SharedAccess - ok 11:17:43.0206 4564 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 11:17:43.0208 4564 ShellHWDetection - ok 11:17:43.0244 4564 [ 7799106FEE728B907A86D9C9751E02D5 ] silabenm C:\Windows\system32\DRIVERS\silabenm.sys 11:17:43.0246 4564 silabenm - ok 11:17:43.0316 4564 [ 3C356BEAA55339D7CE7A9509E22166CC ] silabser C:\Windows\system32\DRIVERS\silabser.sys 11:17:43.0319 4564 silabser - ok 11:17:43.0353 4564 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 11:17:43.0357 4564 SiSRaid2 - ok 11:17:43.0519 4564 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 11:17:43.0524 4564 SiSRaid4 - ok 11:17:43.0634 4564 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 11:17:43.0635 4564 SkypeUpdate - ok 11:17:43.0656 4564 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 11:17:43.0658 4564 Smb - ok 11:17:43.0738 4564 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 11:17:43.0744 4564 SNMPTRAP - ok 11:17:43.0770 4564 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 11:17:43.0774 4564 spldr - ok 11:17:43.0844 4564 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 11:17:43.0855 4564 Spooler - ok 11:17:43.0959 4564 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 11:17:43.0979 4564 sppsvc - ok 11:17:43.0997 4564 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 11:17:44.0000 4564 sppuinotify - ok 11:17:44.0036 4564 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 11:17:44.0040 4564 srv - ok 11:17:44.0123 4564 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 11:17:44.0128 4564 srv2 - ok 11:17:44.0168 4564 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 11:17:44.0175 4564 srvnet - ok 11:17:44.0256 4564 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 11:17:44.0258 4564 SSDPSRV - ok 11:17:44.0271 4564 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 11:17:44.0274 4564 SstpSvc - ok 11:17:44.0292 4564 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 11:17:44.0294 4564 stexstor - ok 11:17:44.0328 4564 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 11:17:44.0333 4564 stisvc - ok 11:17:44.0364 4564 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 11:17:44.0366 4564 swenum - ok 11:17:44.0385 4564 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 11:17:44.0401 4564 swprv - ok 11:17:44.0475 4564 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 11:17:44.0485 4564 SysMain - ok 11:17:44.0516 4564 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 11:17:44.0517 4564 TabletInputService - ok 11:17:44.0578 4564 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 11:17:44.0585 4564 TapiSrv - ok 11:17:44.0619 4564 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 11:17:44.0621 4564 TBS - ok 11:17:44.0686 4564 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys 11:17:44.0715 4564 Tcpip - ok 11:17:44.0785 4564 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 11:17:44.0795 4564 TCPIP6 - ok 11:17:44.0837 4564 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 11:17:44.0839 4564 tcpipreg - ok 11:17:44.0854 4564 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 11:17:44.0856 4564 TDPIPE - ok 11:17:44.0888 4564 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 11:17:44.0890 4564 TDTCP - ok 11:17:44.0920 4564 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 11:17:44.0923 4564 tdx - ok 11:17:44.0958 4564 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 11:17:44.0961 4564 TermDD - ok 11:17:45.0000 4564 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 11:17:45.0006 4564 TermService - ok 11:17:45.0054 4564 [ 9CD5C339754E2310790CA27DBBD31F88 ] TfFsMon C:\Windows\system32\drivers\TfFsMon.sys 11:17:45.0056 4564 TfFsMon - ok 11:17:45.0063 4564 [ 00809507FAFA1BE93DBBACE5029F27BB ] TfNetMon C:\Windows\system32\drivers\TfNetMon.sys 11:17:45.0065 4564 TfNetMon - ok 11:17:45.0112 4564 [ 3593A7B1264FBA24FE9E097A99B3E848 ] TFSysMon C:\Windows\system32\drivers\TfSysMon.sys 11:17:45.0129 4564 TFSysMon - ok 11:17:45.0137 4564 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 11:17:45.0141 4564 Themes - ok 11:17:45.0170 4564 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 11:17:45.0172 4564 THREADORDER - ok 11:17:45.0199 4564 ThreatFire - ok 11:17:45.0220 4564 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 11:17:45.0223 4564 TrkWks - ok 11:17:45.0275 4564 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 11:17:45.0277 4564 TrustedInstaller - ok 11:17:45.0310 4564 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 11:17:45.0312 4564 tssecsrv - ok 11:17:45.0349 4564 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 11:17:45.0351 4564 TsUsbFlt - ok 11:17:45.0399 4564 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 11:17:45.0401 4564 tunnel - ok 11:17:45.0429 4564 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 11:17:45.0432 4564 uagp35 - ok 11:17:45.0461 4564 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 11:17:45.0466 4564 udfs - ok 11:17:45.0488 4564 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 11:17:45.0491 4564 UI0Detect - ok 11:17:45.0508 4564 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 11:17:45.0510 4564 uliagpkx - ok 11:17:45.0553 4564 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 11:17:45.0555 4564 umbus - ok 11:17:45.0568 4564 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 11:17:45.0571 4564 UmPass - ok 11:17:45.0588 4564 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 11:17:45.0591 4564 upnphost - ok 11:17:45.0635 4564 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 11:17:45.0637 4564 USBAAPL64 - ok 11:17:45.0647 4564 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 11:17:45.0649 4564 usbccgp - ok 11:17:45.0692 4564 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 11:17:45.0695 4564 usbcir - ok 11:17:45.0709 4564 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 11:17:45.0711 4564 usbehci - ok 11:17:45.0722 4564 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 11:17:45.0728 4564 usbhub - ok 11:17:45.0761 4564 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 11:17:45.0763 4564 usbohci - ok 11:17:45.0786 4564 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 11:17:45.0788 4564 usbprint - ok 11:17:45.0810 4564 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 11:17:45.0811 4564 usbscan - ok 11:17:45.0819 4564 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 11:17:45.0822 4564 USBSTOR - ok 11:17:45.0839 4564 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 11:17:45.0842 4564 usbuhci - ok 11:17:45.0859 4564 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 11:17:45.0860 4564 UxSms - ok 11:17:45.0876 4564 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 11:17:45.0877 4564 VaultSvc - ok 11:17:45.0891 4564 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 11:17:45.0893 4564 vdrvroot - ok 11:17:45.0933 4564 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 11:17:45.0937 4564 vds - ok 11:17:45.0951 4564 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 11:17:45.0953 4564 vga - ok 11:17:45.0966 4564 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 11:17:45.0967 4564 VgaSave - ok 11:17:45.0980 4564 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 11:17:45.0984 4564 vhdmp - ok 11:17:46.0013 4564 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 11:17:46.0015 4564 viaide - ok 11:17:46.0027 4564 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 11:17:46.0030 4564 volmgr - ok 11:17:46.0068 4564 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 11:17:46.0073 4564 volmgrx - ok 11:17:46.0083 4564 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 11:17:46.0088 4564 volsnap - ok 11:17:46.0128 4564 [ 239D8D72730226CD460BDC8CA0A23D43 ] Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys 11:17:46.0131 4564 Vsdatant - ok 11:17:46.0156 4564 vsmon - ok 11:17:46.0187 4564 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 11:17:46.0191 4564 vsmraid - ok 11:17:46.0245 4564 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 11:17:46.0271 4564 VSS - ok 11:17:46.0285 4564 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 11:17:46.0287 4564 vwifibus - ok 11:17:46.0312 4564 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 11:17:46.0316 4564 W32Time - ok 11:17:46.0330 4564 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 11:17:46.0331 4564 WacomPen - ok 11:17:46.0349 4564 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 11:17:46.0352 4564 WANARP - ok 11:17:46.0366 4564 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 11:17:46.0367 4564 Wanarpv6 - ok 11:17:46.0536 4564 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 11:17:46.0566 4564 WatAdminSvc - ok 11:17:46.0633 4564 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 11:17:46.0662 4564 wbengine - ok 11:17:46.0706 4564 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 11:17:46.0711 4564 WbioSrvc - ok 11:17:46.0745 4564 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 11:17:46.0753 4564 wcncsvc - ok 11:17:46.0766 4564 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 11:17:46.0768 4564 WcsPlugInService - ok 11:17:46.0786 4564 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 11:17:46.0787 4564 Wd - ok 11:17:46.0804 4564 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 11:17:46.0822 4564 Wdf01000 - ok 11:17:46.0839 4564 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 11:17:46.0841 4564 WdiServiceHost - ok 11:17:46.0845 4564 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 11:17:46.0847 4564 WdiSystemHost - ok 11:17:46.0883 4564 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 11:17:46.0889 4564 WebClient - ok 11:17:46.0901 4564 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 11:17:46.0903 4564 Wecsvc - ok 11:17:46.0917 4564 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 11:17:46.0920 4564 wercplsupport - ok 11:17:46.0940 4564 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 11:17:46.0943 4564 WerSvc - ok 11:17:46.0970 4564 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 11:17:46.0972 4564 WfpLwf - ok 11:17:46.0995 4564 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys 11:17:47.0000 4564 WimFltr - ok 11:17:47.0015 4564 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 11:17:47.0017 4564 WIMMount - ok 11:17:47.0037 4564 WinDefend - ok 11:17:47.0044 4564 WinHttpAutoProxySvc - ok 11:17:47.0081 4564 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 11:17:47.0085 4564 Winmgmt - ok 11:17:47.0142 4564 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 11:17:47.0155 4564 WinRM - ok 11:17:47.0206 4564 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 11:17:47.0208 4564 WinUsb - ok 11:17:47.0234 4564 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 11:17:47.0240 4564 Wlansvc - ok 11:17:47.0328 4564 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 11:17:47.0341 4564 wlidsvc - ok 11:17:47.0357 4564 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 11:17:47.0358 4564 WmiAcpi - ok 11:17:47.0375 4564 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 11:17:47.0379 4564 wmiApSrv - ok 11:17:47.0395 4564 WMPNetworkSvc - ok 11:17:47.0412 4564 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 11:17:47.0413 4564 WPCSvc - ok 11:17:47.0444 4564 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 11:17:47.0446 4564 WPDBusEnum - ok 11:17:47.0471 4564 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 11:17:47.0472 4564 ws2ifsl - ok 11:17:47.0512 4564 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll 11:17:47.0514 4564 wscsvc - ok 11:17:47.0517 4564 WSearch - ok 11:17:47.0590 4564 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 11:17:47.0603 4564 wuauserv - ok 11:17:47.0628 4564 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 11:17:47.0631 4564 WudfPf - ok 11:17:47.0823 4564 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 11:17:47.0829 4564 WUDFRd - ok 11:17:47.0885 4564 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 11:17:47.0887 4564 wudfsvc - ok 11:17:47.0904 4564 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 11:17:47.0907 4564 WwanSvc - ok 11:17:47.0931 4564 ================ Scan global =============================== 11:17:47.0959 4564 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 11:17:47.0998 4564 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 11:17:48.0014 4564 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 11:17:48.0044 4564 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 11:17:48.0063 4564 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 11:17:48.0066 4564 [Global] - ok 11:17:48.0069 4564 ================ Scan MBR ================================== 11:17:48.0083 4564 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 11:17:48.0344 4564 \Device\Harddisk0\DR0 - ok 11:17:48.0344 4564 ================ Scan VBR ================================== 11:17:48.0347 4564 [ 93CEC7A19B7CB9C36012DA72C5E473FF ] \Device\Harddisk0\DR0\Partition1 11:17:48.0348 4564 \Device\Harddisk0\DR0\Partition1 - ok 11:17:48.0361 4564 [ A6B3D72CFB8DAEC8C59E9263186C8202 ] \Device\Harddisk0\DR0\Partition2 11:17:48.0363 4564 \Device\Harddisk0\DR0\Partition2 - ok 11:17:48.0363 4564 ============================================================ 11:17:48.0363 4564 Scan finished 11:17:48.0363 4564 ============================================================ 11:17:48.0374 4784 Detected object count: 0 11:17:48.0374 4784 Actual detected object count: 0 11:18:16.0491 2876 Deinitialize success

Here is the latest combofix log. All in all it seems to be running solid. No issues with IE9 re-directing Google searches. No false pop-ups, etc. OS seems to be running slow, but that could be my imagination. ComboFix 12-11-13.02 - Olsons 11/13/2012 10:02:17.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.1553 [GMT -8:00] Running from: c:\users\Olsons\Desktop\ComboFix.exe AV: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2} FW: ZoneAlarm Free Firewall Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B} SP: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-10-13 to 2012-11-13 ))))))))))))))))))))))))))))))) . . 2012-11-13 18:10 . 2012-11-13 18:10 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-13 12:16 . 2012-11-13 12:16 -------- d-----w- C:\FRST 2012-11-08 22:28 . 2012-11-08 22:28 -------- d-----w- c:\program files\Enigma Software Group 2012-11-08 22:27 . 2012-11-08 23:19 -------- d-----w- c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP 2012-11-08 22:26 . 2012-11-08 22:26 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard 2012-11-08 20:17 . 2012-11-08 23:16 -------- d-----w- c:\program files (x86)\RegistryNuke 2012 2012-11-07 23:42 . 2012-11-08 23:17 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-11-07 23:42 . 2012-11-08 23:16 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-11-07 21:35 . 2012-11-07 22:08 -------- d-----w- c:\programdata\bgxmlvkivhwfpqg 2012-11-07 19:31 . 2012-11-07 19:31 -------- d-----w- c:\users\Olsons\AppData\Roaming\CheckPoint 2012-11-07 19:31 . 2012-11-07 19:31 -------- d-----w- c:\program files\CheckPoint 2012-11-07 19:22 . 2012-11-07 19:30 -------- d-----w- c:\program files (x86)\CheckPoint 2012-11-07 19:22 . 2012-11-07 19:22 -------- d-----w- c:\programdata\CheckPoint 2012-11-07 17:58 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-11-07 17:51 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-11-07 17:51 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-11-07 17:51 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-11-07 17:49 . 2012-08-20 18:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-11-07 17:49 . 2012-08-20 17:32 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll 2012-11-07 17:49 . 2012-08-20 17:32 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll 2012-11-07 17:49 . 2012-08-20 18:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2012-11-07 17:49 . 2012-08-20 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2012-11-07 17:49 . 2012-08-20 15:38 2048 ----a-w- c:\windows\SysWow64\user.exe 2012-11-07 17:28 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-11-07 17:28 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-11-07 17:27 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-07 17:27 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-11-07 17:26 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll 2012-11-07 17:26 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll 2012-11-07 00:43 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll 2012-11-07 00:43 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-11-07 00:43 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-11-07 00:43 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-11-07 00:43 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-11-07 00:43 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-07 20:04 . 2010-11-10 15:48 65309168 ----a-w- c:\windows\system32\MRT.exe 2012-11-07 19:52 . 2012-06-13 15:09 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-11-07 19:52 . 2011-05-18 00:07 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-22 18:12 . 2012-09-13 05:51 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-08-22 18:12 . 2012-09-13 05:51 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 18:12 . 2012-09-13 05:51 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 18:12 . 2012-09-13 05:51 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-21 21:01 . 2012-09-26 23:39 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-08-20 17:38 . 2012-11-07 17:50 44032 ----a-w- c:\windows\apppatch\acwow64.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green] @="{95A27763-F62A-4114-9072-E81D87DE3B68}" [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}] 2011-03-02 04:07 750736 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] 2011-03-02 04:07 750736 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow] @="{5E529433-B50E-4bef-A63B-16A6B71B071A}" [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}] 2011-03-02 04:07 750736 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-02 931472] "Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2012-06-05 2215768] "ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2012-10-09 73392] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-09-22 560128] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdAuxService] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdCoreService] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936] R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [2012-05-11 92896] R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-05-11 402336] R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [2010-07-28 27336] R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [2010-07-28 67584] R3 ThreatFire;ThreatFire;c:\program files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-03 51712] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-07 1255736] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664] S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2012-04-23 426616] S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2012-02-28 453896] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280] S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-05-11 65664] S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-05-11 706776] S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [2012-05-11 341168] S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [2012-05-11 251528] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-15 202752] S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-05-09 575416] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2012-08-30 33712] S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2012-08-30 827560] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432] S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2012-03-20 162192] S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2012-06-05 1248256] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-08-06 320040] S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [2012-05-09 85192] S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-05-11 41968] . . --- Other Services/Drivers In Memory --- . *Deregistered* - PCTSDInjDriver64 . Contents of the 'Scheduled Tasks' folder . 2012-11-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 19:52] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green] @="{95A27763-F62A-4114-9072-E81D87DE3B68}" [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}] 2011-03-02 03:52 1142928 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] 2011-03-02 03:52 1142928 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow] @="{5E529433-B50E-4bef-A63B-16A6B71B071A}" [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}] 2011-03-02 03:52 1142928 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-10 8321568] "ISW"="" [bU] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105 LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll TCP: DhcpNameServer = 192.168.1.178 192.168.1.179 Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) AddRemove-SLABCOMM&10C4&EA60 - c:\program files (x86)\Silabs\MCU\CP210x\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60 . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-237684633-2471800293-1906079666-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-237684633-2471800293-1906079666-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-11-13 10:13:40 ComboFix-quarantined-files.txt 2012-11-13 18:13 ComboFix2.txt 2012-11-12 17:45 . Pre-Run: 531,197,517,824 bytes free Post-Run: 530,762,108,928 bytes free . - - End Of File - - 1A06536FAAA0321A9D870E8A2502F661

I guess the best answer is that it depends on which partition is flagged to boot. When this all started, sda4 was the boot partition. This is the hidden partition. Windows would boot normally, but then I had the re-direct issues. When I flagged sda2 as the boot, it brought up the Windows Error Recovery screen. From there I can select "Start Windows Normally" and Windows will start. It runs slow, but no more Google re-direct problems. When I flag sda3 as the boot, it gives me the BOOTMGR missing error and won't load Windows. So it depends on which partition is booting I guess. Under normal circumstances which partition should be the boot drive?

RIght now if I boot it with sda2 set as the boot drive, I get the Windows Error Recovery screen that I posted yesterday. If I select "Start Windows Normally" then Windows starts and I can navigate IE without any Google re-directs. On a whole, the OS is running slow though. I have not tried booting to sda3 today yet. Yesterday I received the BOOTMGR Missing error. Should I try booting with sda3 or leave it on sda2?

OK. Here is the fixlog results. SDA2 is now set as the boot drive. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-11-2012 Ran by SYSTEM at 2012-11-13 07:40:53 Run:1 Running from J:\ ============================================== The operation completed successfully. The operation completed successfully. ========= bootrec /FixMbr ========= ÿþT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y . ========= End of CMD: ========= ==== End of Fixlog ====

Just to be clear, you want me to run the above script with the sda3 as boot drive, then go back and set sda2 as the boot?

Here is FRST.TXT Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2012 Ran by SYSTEM at 13-11-2012 06:17:12 Running from J:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8321568 2009-11-09] (Realtek Semiconductor) HKLM\...\Run: [iSW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden" [1127592 2012-08-30] (Check Point Software Technologies) HKLM-x32\...\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [931472 2011-03-01] (Carbonite, Inc.) HKLM-x32\...\Run: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup [2215768 2012-06-05] (Intuit Inc. All rights reserved.) HKLM-x32\...\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [73392 2012-10-09] (Check Point Software Technologies LTD) HKLM-x32\...\Run: [iSTray] "C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI [2670520 2012-05-11] (PC Tools) HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [560128 2011-09-21] (Dell) Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X] Tcpip\Parameters: [DhcpNameServer] 192.168.1.178 192.168.1.179 Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) ==================== Services (Whitelisted) =================== 2 Browser Defender Update Service; "C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe" [575416 2012-05-08] (Threat Expert Ltd.) 2 IswSvc; "C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe" [827560 2012-08-30] (Check Point Software Technologies) 2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation) 2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-29] (Malwarebytes Corporation) 2 mfevtp; "C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe" [162192 2012-03-20] (McAfee, Inc.) 2 sdAuxService; C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [402336 2012-05-11] (PC Tools) 2 sdCoreService; C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe [1118648 2012-05-11] (PC Tools) 3 ThreatFire; C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [71008 2012-05-11] (PC Tools) 2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -service [2447440 2012-10-09] (Check Point Software Technologies LTD) 2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [x] ==================== Drivers (Whitelisted) ===================== 2 ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-08-30] (Check Point Software Technologies) 0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.) 0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [289664 2012-02-22] (McAfee, Inc.) 3 PCTBD; C:\Windows\System32\Drivers\PCTBD64.sys [85192 2012-05-08] (PC Tools) 0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [426616 2012-04-23] (PC Tools) 0 pctDS; C:\Windows\System32\drivers\pctDS64.sys [453896 2012-02-28] (PC Tools) 1 pctgntdi; \??\C:\Windows\System32\drivers\pctgntdi64.sys [341168 2012-05-11] (PC Tools) 3 pctplsg; \??\C:\Windows\System32\drivers\pctplsg64.sys [92896 2012-05-11] (PC Tools) 1 PCTSD; C:\Windows\System32\Drivers\PCTSD64.sys [251528 2012-05-11] (PC Tools) 0 TfFsMon; C:\Windows\System32\Drivers\TfFsMon.sys [65664 2012-05-11] (PC Tools) 3 TfNetMon; C:\Windows\System32\Drivers\TfNetMon.sys [41968 2012-05-11] (PC Tools) 0 TFSysMon; C:\Windows\System32\Drivers\TFSysMon.sys [706776 2012-05-11] (PC Tools) 1 Vsdatant; C:\Windows\System32\Drivers\Vsdatant.sys [454232 2011-05-07] (Check Point Software Technologies LTD) 3 catchme; \??\C:\ComboFix\catchme.sys [x] 3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x] 3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [x] ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2012-11-13 06:16 - 2012-11-13 06:16 - 00000000 ____D C:\FRST 2012-11-12 12:42 - 2012-11-12 12:43 - 04301324 ____A C:\Users\Olsons\Desktop\tdsskiller.zip 2012-11-12 12:29 - 2012-11-12 12:44 - 04732416 ____A (AVAST Software) C:\Users\Olsons\Desktop\aswMBR.exe 2012-11-12 12:28 - 2012-11-12 12:43 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Olsons\Desktop\tdsskiller.exe 2012-11-12 11:46 - 2012-11-12 11:46 - 00022464 ____A C:\Users\Olsons\Desktop\combofix.txt 2012-11-12 11:45 - 2012-11-12 11:45 - 00022464 ____A C:\ComboFix.txt 2012-11-12 10:32 - 2011-06-26 00:45 - 00256000 ____A C:\Windows\PEV.exe 2012-11-12 10:32 - 2010-11-07 11:20 - 00208896 ____A C:\Windows\MBR.exe 2012-11-12 10:32 - 2000-08-30 18:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2012-11-12 10:32 - 2000-08-30 18:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2012-11-12 10:32 - 2000-08-30 18:00 - 00098816 ____A C:\Windows\sed.exe 2012-11-12 10:32 - 2000-08-30 18:00 - 00080412 ____A C:\Windows\grep.exe 2012-11-12 10:32 - 2000-08-30 18:00 - 00068096 ____A C:\Windows\zip.exe 2012-11-12 10:31 - 2012-11-12 11:46 - 00000000 ____D C:\ComboFix 2012-11-12 10:27 - 2012-11-12 10:27 - 04997167 ____A C:\Users\Olsons\Desktop\ComboFix.zip 2012-11-12 10:23 - 2012-11-12 10:28 - 05000730 ____R (Swearware) C:\Users\Olsons\Desktop\ComboFix.exe 2012-11-12 10:21 - 2009-04-19 22:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2012-11-09 17:41 - 2012-11-09 17:41 - 00003586 ____A C:\Users\Olsons\Desktop\RKreport[2]_D_11092012_02d1541.txt 2012-11-09 17:40 - 2012-11-09 17:41 - 00000000 ____D C:\Users\Olsons\Desktop\RK_Quarantine 2012-11-09 17:40 - 2012-11-09 17:40 - 00003730 ____A C:\Users\Olsons\Desktop\RKreport[1]_S_11092012_02d1540.txt 2012-11-09 17:38 - 2012-11-09 17:38 - 00000829 ____A C:\Users\Olsons\Desktop\AdwCleaner[s1].txt 2012-11-09 17:36 - 2012-11-09 17:36 - 00000829 ____A C:\AdwCleaner[s1].txt 2012-11-09 17:33 - 2012-11-09 17:33 - 00001052 ____A C:\Users\Olsons\Desktop\checkup.txt 2012-11-09 17:25 - 2012-11-09 17:25 - 01953636 ____A C:\Users\Olsons\Desktop\adwcleaner.zip 2012-11-09 16:58 - 2012-11-09 17:25 - 00666112 ____A C:\Users\Olsons\Desktop\RogueKiller.exe 2012-11-09 16:57 - 2012-11-09 17:25 - 00881833 ____A C:\Users\Olsons\Desktop\SecurityCheck.exe 2012-11-09 16:57 - 2012-11-09 17:25 - 00541569 ____A C:\Users\Olsons\Desktop\adwcleaner.exe 2012-11-08 16:30 - 2012-11-08 16:30 - 00000000 ____A C:\autoexec.bat 2012-11-08 16:28 - 2012-11-08 16:28 - 00000000 ____D C:\Program Files\Enigma Software Group 2012-11-08 16:27 - 2012-11-08 17:19 - 00000000 ____D C:\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP 2012-11-08 14:17 - 2012-11-08 17:16 - 00000000 ____D C:\Program Files (x86)\RegistryNuke 2012 2012-11-07 18:35 - 2012-11-12 11:46 - 00000000 ____D C:\Qoobox 2012-11-07 18:34 - 2012-11-12 11:29 - 00000000 ____D C:\Windows\erdnt 2012-11-07 17:42 - 2012-11-08 17:17 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy 2012-11-07 17:42 - 2012-11-08 17:17 - 00000000 ____D C:\Users\All Users\Application Data\Spybot - Search & Destroy 2012-11-07 17:42 - 2012-11-08 17:16 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2012-11-07 17:35 - 2012-11-07 17:41 - 16409960 ____A (Safer Networking Limited ) C:\Users\Olsons\Downloads\spybotsd162.exe 2012-11-07 16:03 - 2012-11-07 16:08 - 00097642 ____A C:\Users\All Users\gotleqmnrovyafk 2012-11-07 16:03 - 2012-11-07 16:08 - 00097642 ____A C:\Users\All Users\Application Data\gotleqmnrovyafk 2012-11-07 15:58 - 2012-11-07 15:58 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2012-11-07 15:58 - 2012-11-07 15:58 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat 2012-11-07 15:58 - 2012-11-07 15:58 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-11-07 15:58 - 2012-11-07 15:58 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-11-07 15:58 - 2012-11-07 15:58 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-11-07 15:58 - 2012-11-07 15:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-11-07 15:58 - 2012-11-07 15:58 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec 2012-11-07 15:58 - 2012-11-07 15:58 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2012-11-07 15:58 - 2012-11-07 15:58 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-11-07 15:58 - 2012-11-07 15:58 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe 2012-11-07 15:58 - 2012-11-07 15:58 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe 2012-11-07 15:58 - 2012-11-07 15:58 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2012-11-07 15:58 - 2012-11-07 15:58 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2012-11-07 15:58 - 2012-11-07 15:58 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-11-07 15:58 - 2012-11-07 15:58 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe 2012-11-07 15:58 - 2012-11-07 15:58 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2012-11-07 15:58 - 2012-11-07 15:58 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2012-11-07 15:58 - 2012-11-07 15:58 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2012-11-07 15:58 - 2012-11-07 15:58 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx 2012-11-07 15:58 - 2012-11-07 15:58 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2012-11-07 15:58 - 2012-11-07 15:58 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe 2012-11-07 15:58 - 2012-11-07 15:58 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2012-11-07 15:58 - 2012-11-07 15:58 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe 2012-11-07 15:58 - 2012-11-07 15:58 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2012-11-07 15:58 - 2012-11-07 15:58 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2012-11-07 15:58 - 2012-11-07 15:58 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe 2012-11-07 15:35 - 2012-11-07 16:08 - 00000000 ____D C:\Users\All Users\bgxmlvkivhwfpqg 2012-11-07 15:35 - 2012-11-07 16:08 - 00000000 ____D C:\Users\All Users\Application Data\bgxmlvkivhwfpqg 2012-11-07 13:31 - 2012-11-07 13:39 - 00415877 ____A C:\Windows\System32\Drivers\vsconfig.xml 2012-11-07 13:31 - 2012-11-07 13:31 - 00000000 ____D C:\Users\Olsons\My Documents\ForceField Shared Files 2012-11-07 13:31 - 2012-11-07 13:31 - 00000000 ____D C:\Users\Olsons\Documents\ForceField Shared Files 2012-11-07 13:31 - 2012-11-07 13:31 - 00000000 ____D C:\Users\Olsons\Application Data\CheckPoint 2012-11-07 13:31 - 2012-11-07 13:31 - 00000000 ____D C:\Users\Olsons\AppData\Roaming\CheckPoint 2012-11-07 13:31 - 2012-11-07 13:31 - 00000000 ____D C:\Program Files\CheckPoint 2012-11-07 13:22 - 2012-11-07 13:30 - 00000000 ____D C:\Program Files (x86)\CheckPoint 2012-11-07 13:22 - 2012-11-07 13:22 - 00000000 ____D C:\Users\All Users\CheckPoint 2012-11-07 13:22 - 2012-11-07 13:22 - 00000000 ____D C:\Users\All Users\Application Data\CheckPoint 2012-11-07 12:16 - 2012-11-07 12:16 - 00000000 ____D C:\Windows\pss 2012-11-07 11:58 - 2012-08-31 12:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys 2012-11-07 11:51 - 2012-08-30 12:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-11-07 11:51 - 2012-08-30 11:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2012-11-07 11:51 - 2012-08-30 11:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2012-11-07 11:50 - 2012-08-20 12:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll 2012-11-07 11:50 - 2012-08-20 12:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll 2012-11-07 11:50 - 2012-08-20 12:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll 2012-11-07 11:50 - 2012-08-20 12:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll 2012-11-07 11:50 - 2012-08-20 12:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll 2012-11-07 11:50 - 2012-08-20 12:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll 2012-11-07 11:50 - 2012-08-20 12:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll 2012-11-07 11:50 - 2012-08-20 12:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe 2012-11-07 11:50 - 2012-08-20 12:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll 2012-11-07 11:50 - 2012-08-20 12:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll 2012-11-07 11:50 - 2012-08-20 12:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-07 11:50 - 2012-08-20 12:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll 2012-11-07 11:50 - 2012-08-20 12:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll 2012-11-07 11:50 - 2012-08-20 12:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll 2012-11-07 11:50 - 2012-08-20 12:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-11-07 11:50 - 2012-08-20 12:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-11-07 11:50 - 2012-08-20 12:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-11-07 11:50 - 2012-08-20 12:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll 2012-11-07 11:50 - 2012-08-20 12:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll 2012-11-07 11:50 - 2012-08-20 12:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll 2012-11-07 11:50 - 2012-08-20 12:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll 2012-11-07 11:50 - 2012-08-20 12:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll 2012-11-07 11:50 - 2012-08-20 12:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll 2012-11-07 11:50 - 2012-08-20 12:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll 2012-11-07 11:50 - 2012-08-20 12:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll 2012-11-07 11:50 - 2012-08-20 12:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll 2012-11-07 11:50 - 2012-08-20 12:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll 2012-11-07 11:50 - 2012-08-20 12:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll 2012-11-07 11:50 - 2012-08-20 12:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll 2012-11-07 11:50 - 2012-08-20 12:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll 2012-11-07 11:50 - 2012-08-20 12:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll 2012-11-07 11:50 - 2012-08-20 12:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll 2012-11-07 11:50 - 2012-08-20 12:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll 2012-11-07 11:50 - 2012-08-20 11:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2012-11-07 11:50 - 2012-08-20 11:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2012-11-07 11:50 - 2012-08-20 11:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2012-11-07 11:50 - 2012-08-20 11:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2012-11-07 11:50 - 2012-08-20 11:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2012-11-07 11:50 - 2012-08-20 11:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2012-11-07 11:50 - 2012-08-20 11:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2012-11-07 11:50 - 2012-08-20 11:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2012-11-07 11:50 - 2012-08-20 11:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2012-11-07 11:50 - 2012-08-20 11:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2012-11-07 11:50 - 2012-08-20 11:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2012-11-07 11:50 - 2012-08-20 11:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2012-11-07 11:50 - 2012-08-20 11:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2012-11-07 11:50 - 2012-08-20 11:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2012-11-07 11:50 - 2012-08-20 11:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2012-11-07 11:50 - 2012-08-20 11:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2012-11-07 11:50 - 2012-08-20 11:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2012-11-07 11:50 - 2012-08-20 11:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2012-11-07 11:50 - 2012-08-20 11:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-11-07 11:50 - 2012-08-20 11:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2012-11-07 11:50 - 2012-08-20 11:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2012-11-07 11:50 - 2012-08-20 11:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2012-11-07 11:50 - 2012-08-20 11:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2012-11-07 11:50 - 2012-08-20 11:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2012-11-07 11:50 - 2012-08-20 11:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2012-11-07 11:50 - 2012-08-20 11:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2012-11-07 11:50 - 2012-08-20 11:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2012-11-07 11:50 - 2012-08-20 09:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2012-11-07 11:50 - 2012-08-20 09:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2012-11-07 11:50 - 2012-08-20 09:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-07 11:50 - 2012-08-20 09:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2012-11-07 11:50 - 2012-08-20 09:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2012-11-07 11:49 - 2012-08-20 12:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-11-07 11:49 - 2012-08-20 12:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll 2012-11-07 11:49 - 2012-08-20 12:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll 2012-11-07 11:49 - 2012-08-20 11:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2012-11-07 11:49 - 2012-08-20 11:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2012-11-07 11:49 - 2012-08-20 09:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2012-11-07 11:28 - 2012-08-24 12:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll 2012-11-07 11:28 - 2012-08-24 10:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2012-11-07 11:27 - 2012-09-14 13:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll 2012-11-07 11:27 - 2012-09-14 12:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2012-11-07 11:26 - 2012-08-10 18:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll 2012-11-07 11:26 - 2012-08-10 17:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2012-11-06 18:43 - 2012-06-01 23:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2012-11-06 18:43 - 2012-06-01 23:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2012-11-06 18:43 - 2012-06-01 23:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2012-11-06 18:43 - 2012-06-01 22:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2012-11-06 18:43 - 2012-06-01 22:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2012-11-06 18:43 - 2012-06-01 22:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2012-11-06 18:31 - 2012-07-18 14:17 - 00002113 ____A C:\Users\Public\Desktop\QuickBooks Pro 2012.lnk 2012-11-06 18:31 - 2012-07-18 14:17 - 00002113 ____A C:\Users\All Users\Desktop\QuickBooks Pro 2012.lnk 2012-11-06 18:31 - 2012-07-17 18:04 - 00002183 ____A C:\Users\Public\Desktop\QuickBooks Premier - Accountant Edition 2007.lnk 2012-11-06 18:31 - 2012-07-17 18:04 - 00002183 ____A C:\Users\All Users\Desktop\QuickBooks Premier - Accountant Edition 2007.lnk 2012-11-06 18:31 - 2012-05-27 14:46 - 00002273 ____A C:\Users\Public\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk 2012-11-06 18:31 - 2012-05-27 14:46 - 00002273 ____A C:\Users\All Users\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk 2012-11-06 18:31 - 2012-01-24 16:25 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk 2012-11-06 18:31 - 2012-01-24 16:25 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk 2012-11-06 18:31 - 2012-01-24 16:17 - 00001847 ____A C:\Users\Public\Desktop\QuickTime Player.lnk 2012-11-06 18:31 - 2012-01-24 16:17 - 00001847 ____A C:\Users\All Users\Desktop\QuickTime Player.lnk 2012-11-06 18:31 - 2012-01-20 19:54 - 00002016 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk 2012-11-06 18:31 - 2012-01-20 19:54 - 00002016 ____A C:\Users\All Users\Desktop\Adobe Reader 9.lnk 2012-11-06 18:31 - 2011-04-04 21:09 - 00002134 ____A C:\Users\Public\Desktop\Carbonite InfoCenter.lnk 2012-11-06 18:31 - 2011-04-04 21:09 - 00002134 ____A C:\Users\All Users\Desktop\Carbonite InfoCenter.lnk ==================== One Month Modified Files and Folders ======= 2012-11-13 06:16 - 2012-11-13 06:16 - 00000000 ____D C:\FRST 2012-11-12 15:34 - 2010-10-05 17:05 - 00000000 ____D C:\Users\Olsons\Local Settings\SoftThinks 2012-11-12 15:34 - 2010-10-05 17:05 - 00000000 ____D C:\Users\Olsons\Local Settings\Application Data\SoftThinks 2012-11-12 15:34 - 2010-10-05 17:05 - 00000000 ____D C:\Users\Olsons\AppData\Local\SoftThinks 2012-11-12 15:34 - 2010-09-23 12:48 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup 2012-11-12 15:34 - 2009-07-13 23:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-11-12 15:34 - 2009-07-13 22:51 - 00038479 ____A C:\Windows\setupact.log 2012-11-12 15:27 - 2009-07-13 23:10 - 01108723 ____A C:\Windows\WindowsUpdate.log 2012-11-12 14:46 - 2012-06-13 09:09 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-11-12 13:08 - 2009-07-13 23:13 - 00792890 ____A C:\Windows\System32\PerfStringBackup.INI 2012-11-12 13:00 - 2009-07-13 22:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-11-12 13:00 - 2009-07-13 22:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-11-12 12:44 - 2012-11-12 12:29 - 04732416 ____A (AVAST Software) C:\Users\Olsons\Desktop\aswMBR.exe 2012-11-12 12:43 - 2012-11-12 12:42 - 04301324 ____A C:\Users\Olsons\Desktop\tdsskiller.zip 2012-11-12 12:43 - 2012-11-12 12:28 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Olsons\Desktop\tdsskiller.exe 2012-11-12 11:46 - 2012-11-12 11:46 - 00022464 ____A C:\Users\Olsons\Desktop\combofix.txt 2012-11-12 11:46 - 2012-11-12 10:31 - 00000000 ____D C:\ComboFix 2012-11-12 11:46 - 2012-11-07 18:35 - 00000000 ____D C:\Qoobox 2012-11-12 11:46 - 2009-07-13 21:20 - 00000000 ___RD C:\users\Default 2012-11-12 11:45 - 2012-11-12 11:45 - 00022464 ____A C:\ComboFix.txt 2012-11-12 11:29 - 2012-11-07 18:34 - 00000000 ____D C:\Windows\erdnt 2012-11-12 11:24 - 2009-07-13 20:34 - 00000215 ____A C:\Windows\system.ini 2012-11-12 11:20 - 2010-09-23 14:38 - 00086614 ____A C:\Windows\PFRO.log 2012-11-12 10:28 - 2012-11-12 10:23 - 05000730 ____R (Swearware) C:\Users\Olsons\Desktop\ComboFix.exe 2012-11-12 10:27 - 2012-11-12 10:27 - 04997167 ____A C:\Users\Olsons\Desktop\ComboFix.zip 2012-11-09 17:41 - 2012-11-09 17:41 - 00003586 ____A C:\Users\Olsons\Desktop\RKreport[2]_D_11092012_02d1541.txt 2012-11-09 17:41 - 2012-11-09 17:40 - 00000000 ____D C:\Users\Olsons\Desktop\RK_Quarantine 2012-11-09 17:40 - 2012-11-09 17:40 - 00003730 ____A C:\Users\Olsons\Desktop\RKreport[1]_S_11092012_02d1540.txt 2012-11-09 17:38 - 2012-11-09 17:38 - 00000829 ____A C:\Users\Olsons\Desktop\AdwCleaner[s1].txt 2012-11-09 17:36 - 2012-11-09 17:36 - 00000829 ____A C:\AdwCleaner[s1].txt 2012-11-09 17:33 - 2012-11-09 17:33 - 00001052 ____A C:\Users\Olsons\Desktop\checkup.txt 2012-11-09 17:25 - 2012-11-09 17:25 - 01953636 ____A C:\Users\Olsons\Desktop\adwcleaner.zip 2012-11-09 17:25 - 2012-11-09 16:58 - 00666112 ____A C:\Users\Olsons\Desktop\RogueKiller.exe 2012-11-09 17:25 - 2012-11-09 16:57 - 00881833 ____A C:\Users\Olsons\Desktop\SecurityCheck.exe 2012-11-09 17:25 - 2012-11-09 16:57 - 00541569 ____A C:\Users\Olsons\Desktop\adwcleaner.exe 2012-11-08 17:19 - 2012-11-08 16:27 - 00000000 ____D C:\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP 2012-11-08 17:17 - 2012-11-07 17:42 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy 2012-11-08 17:17 - 2012-11-07 17:42 - 00000000 ____D C:\Users\All Users\Application Data\Spybot - Search & Destroy 2012-11-08 17:16 - 2012-11-08 14:17 - 00000000 ____D C:\Program Files (x86)\RegistryNuke 2012 2012-11-08 17:16 - 2012-11-07 17:42 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2012-11-08 16:30 - 2012-11-08 16:30 - 00000000 ____A C:\autoexec.bat 2012-11-08 16:28 - 2012-11-08 16:28 - 00000000 ____D C:\Program Files\Enigma Software Group 2012-11-08 05:55 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache 2012-11-07 17:41 - 2012-11-07 17:35 - 16409960 ____A (Safer Networking Limited ) C:\Users\Olsons\Downloads\spybotsd162.exe 2012-11-07 16:08 - 2012-11-07 16:03 - 00097642 ____A C:\Users\All Users\gotleqmnrovyafk 2012-11-07 16:08 - 2012-11-07 16:03 - 00097642 ____A C:\Users\All Users\Application Data\gotleqmnrovyafk 2012-11-07 16:08 - 2012-11-07 15:35 - 00000000 ____D C:\Users\All Users\bgxmlvkivhwfpqg 2012-11-07 16:08 - 2012-11-07 15:35 - 00000000 ____D C:\Users\All Users\Application Data\bgxmlvkivhwfpqg 2012-11-07 16:00 - 2012-01-26 11:15 - 00006245 ____A C:\Windows\IE9_main.log 2012-11-07 16:00 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2012-11-07 15:59 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\servicing 2012-11-07 15:58 - 2012-11-07 15:58 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2012-11-07 15:58 - 2012-11-07 15:58 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat 2012-11-07 15:58 - 2012-11-07 15:58 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-11-07 15:58 - 2012-11-07 15:58 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-11-07 15:58 - 2012-11-07 15:58 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-11-07 15:58 - 2012-11-07 15:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-11-07 15:58 - 2012-11-07 15:58 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec 2012-11-07 15:58 - 2012-11-07 15:58 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2012-11-07 15:58 - 2012-11-07 15:58 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-11-07 15:58 - 2012-11-07 15:58 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe 2012-11-07 15:58 - 2012-11-07 15:58 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe 2012-11-07 15:58 - 2012-11-07 15:58 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2012-11-07 15:58 - 2012-11-07 15:58 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2012-11-07 15:58 - 2012-11-07 15:58 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-11-07 15:58 - 2012-11-07 15:58 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe 2012-11-07 15:58 - 2012-11-07 15:58 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2012-11-07 15:58 - 2012-11-07 15:58 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2012-11-07 15:58 - 2012-11-07 15:58 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2012-11-07 15:58 - 2012-11-07 15:58 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx 2012-11-07 15:58 - 2012-11-07 15:58 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2012-11-07 15:58 - 2012-11-07 15:58 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe 2012-11-07 15:58 - 2012-11-07 15:58 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2012-11-07 15:58 - 2012-11-07 15:58 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2012-11-07 15:58 - 2012-11-07 15:58 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe 2012-11-07 15:58 - 2012-11-07 15:58 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2012-11-07 15:58 - 2012-11-07 15:58 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2012-11-07 15:58 - 2012-11-07 15:58 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe 2012-11-07 15:58 - 2012-05-27 17:07 - 02944797 ____A C:\Windows\System32\Drivers\Cat.DB 2012-11-07 15:55 - 2010-10-05 17:04 - 00000000 ____D C:\users\Olsons 2012-11-07 14:04 - 2010-11-10 09:48 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-11-07 14:03 - 2010-10-05 18:53 - 00000000 ____D C:\Users\All Users\Microsoft Help 2012-11-07 14:03 - 2010-10-05 18:53 - 00000000 ____D C:\Users\All Users\Application Data\Microsoft Help 2012-11-07 13:52 - 2012-06-13 09:09 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-11-07 13:52 - 2011-05-17 18:07 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-11-07 13:39 - 2012-11-07 13:31 - 00415877 ____A C:\Windows\System32\Drivers\vsconfig.xml 2012-11-07 13:31 - 2012-11-07 13:31 - 00000000 ____D C:\Users\Olsons\My Documents\ForceField Shared Files 2012-11-07 13:31 - 2012-11-07 13:31 - 00000000 ____D C:\Users\Olsons\Documents\ForceField Shared Files 2012-11-07 13:31 - 2012-11-07 13:31 - 00000000 ____D C:\Users\Olsons\Application Data\CheckPoint 2012-11-07 13:31 - 2012-11-07 13:31 - 00000000 ____D C:\Users\Olsons\AppData\Roaming\CheckPoint 2012-11-07 13:31 - 2012-11-07 13:31 - 00000000 ____D C:\Program Files\CheckPoint 2012-11-07 13:30 - 2012-11-07 13:22 - 00000000 ____D C:\Program Files (x86)\CheckPoint 2012-11-07 13:22 - 2012-11-07 13:22 - 00000000 ____D C:\Users\All Users\CheckPoint 2012-11-07 13:22 - 2012-11-07 13:22 - 00000000 ____D C:\Users\All Users\Application Data\CheckPoint 2012-11-07 12:37 - 2012-05-11 11:09 - 00000000 ____D C:\Program Files (x86)\Google 2012-11-07 12:16 - 2012-11-07 12:16 - 00000000 ____D C:\Windows\pss 2012-11-06 18:38 - 2010-10-05 17:05 - 00090072 ____A C:\Users\Olsons\Local Settings\GDIPFONTCACHEV1.DAT 2012-11-06 18:38 - 2010-10-05 17:05 - 00090072 ____A C:\Users\Olsons\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2012-11-06 18:38 - 2010-10-05 17:05 - 00090072 ____A C:\Users\Olsons\AppData\Local\GDIPFONTCACHEV1.DAT 2012-11-06 17:28 - 2012-09-26 18:00 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-11-06 17:28 - 2012-09-26 18:00 - 00001111 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2012-11-06 17:28 - 2012-09-26 18:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-11-06 17:26 - 2012-05-29 17:40 - 00000361 ____A C:\rkill.log ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit TDL4: custom:26000022 <===== ATTENTION! ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2012-11-07 13:59:54 Restore point made on: 2012-11-07 14:05:50 Restore point made on: 2012-11-07 15:56:39 Restore point made on: 2012-11-07 15:59:08 Restore point made on: 2012-11-07 18:25:37 Restore point made on: 2012-11-07 18:27:35 Restore point made on: 2012-11-08 05:00:25 Restore point made on: 2012-11-08 11:32:00 Restore point made on: 2012-11-08 16:27:47 Restore point made on: 2012-11-08 16:30:18 Restore point made on: 2012-11-08 17:17:52 Restore point made on: 2012-11-08 17:36:06 Restore point made on: 2012-11-09 17:48:00 Restore point made on: 2012-11-12 10:32:53 Restore point made on: 2012-11-12 11:33:05 Restore point made on: 2012-11-12 11:38:05 Restore point made on: 2012-11-12 14:02:13 Restore point made on: 2012-11-12 15:27:20 ==================== Memory info =========================== Percentage of memory in use: 18% Total physical RAM: 2814.98 MB Available physical RAM: 2295.65 MB Total Pagefile: 2813.13 MB Available Pagefile: 2285.52 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ==================== Partitions ============================= 1 Drive c: (OS) (Fixed) (Total:586.24 GB) (Free:494.76 GB) NTFS 7 Drive i: (RECOVERY) (Fixed) (Total:9.88 GB) (Free:4.11 GB) NTFS ==>[system with boot components (obtained from reading drive)] ATTENTION: Malware custom entry on BCD on drive i: detected. Check for MBR/Partition infection. 8 Drive j: () (Removable) (Total:1.91 GB) (Free:1.91 GB) FAT 9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 596 GB 0 B Disk 1 No Media 0 B 0 B Disk 2 No Media 0 B 0 B Disk 3 No Media 0 B 0 B Disk 4 No Media 0 B 0 B Disk 5 Online 1954 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 39 MB 31 KB Partition 2 Primary 9 GB 40 MB Partition 3 Primary 586 GB 9 GB Partition 4 Primary 10 MB 596 GB ================================================================================== Disk: 0 Partition 1 Type : DE Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 8 FAT Partition 39 MB Healthy Hidden ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 I RECOVERY NTFS Partition 9 GB Healthy ========================================================= Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C OS NTFS Partition 586 GB Healthy ========================================================= Disk: 0 Partition 4 Type : 17 (Suspicious Type) Hidden: Yes Active: No There is no volume associated with this partition. ========================================================= Partitions of Disk 5: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 1953 MB 16 KB ================================================================================== Disk: 5 Partition 1 Type : 06 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 7 J FAT Removable 1953 MB Healthy ========================================================= Last Boot: 2012-11-06 20:26 ==================== End Of Log ============================= Here is SEARCH.TXT Farbar Recovery Scan Tool (x64) Version: 12-11-2012 Ran by SYSTEM at 2012-11-13 06:19:26 Running from J:\ ================== Search: "services.exe" =================== C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-13 17:19] - [2009-07-13 19:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe [2009-07-13 17:19] - [2009-07-13 19:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\erdnt\cache64\services.exe [2012-11-12 11:29] - [2009-07-13 19:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB ====== End Of Search ====== Thanks.

Does it matter which drive partition is set to "boot?" Currently it is set to sda3 but it won't boot normally. Let me know if I need to switch it to another drive. If not I'll leave it on sda3. Thanks.

OK. I set SDA2 to boot and when I rebooted to Windows I got a Windows Error Recovery screen as shown below. It launched a Startup Repair utility that I cancelled. I set SDA3 to boot and when that booted I received an error that "BOOTMGR is missing"

I tried to mount that hidden partition and I received an error message that said Puppy was unable to mount the disk. I went ahead and grabbed the screenshot (attached). Hope this helps. Let me know where to go from here. Thanks.

I have the computer booted with Precise Puppy. When I click on the drives all of them will allow me to mount them and they will show the red cross except for "sda4" (which I assume is the hidden partition). When I select it, I get a window that says: "DO NOT REMOVE MOUNTED MEDIA" Then it lists the 4 drives. Next to 3 of them and "UNMOUNT" button The last one reads "sda4 ntfs 10M" with a MOUNT button nexxt to it. At the bottom of the window are: "preferences" "refresh" "quit" What should I do next? Separate question: How do I post the screenshot to this forum? Thanks.

Got it. I'll get to work on it! Thanks.

What am I trying to get a screenshot of? I'm sorry for asking, but I'm just not sure what you need to see and this looks like a lot of work. Also, every time I insert a thumb drive into the USB slot Windows tells me that it needs to format the disk before I can use it. I know the drive works because I can use it in other PCs just fine so I'm worried that the bootable USB drive won't work. Can you please confirm that you still want me to perform the steps above? Thanks.

I've tried running TDSS killer twice and it doesn't run. The Windows prompt appears asking me if I want to allow TDSS to make changes to the computer, I click "Yes" and then nothing happens. Do I need to disable other anti-virus programs first? Or should I skip TDSS and move on to aswMBR?

Here is the Comofix log: ComboFix 12-11-12.02 - Olsons 11/12/2012 8:39.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.1076 [GMT -8:00] Running from: c:\users\Olsons\Desktop\ComboFix.exe AV: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2} FW: ZoneAlarm Free Firewall Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B} SP: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.dll c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.tmp c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\CLSV.exe c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\delfile.dll c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\dudl.exe c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\dudl.tmp c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\eb.sys c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\energy.drv c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\energy.exe c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\energy.tmp c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\exec.exe c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\fan.dll c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\fix.drv c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\FW.drv c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\gid.tmp c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\grid.tmp c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\hymt.sys c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\pal.sys c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\PE.dll c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\PE.drv c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\ppal.dll c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\ppal.exe c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.drv c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\sld.dll c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\SM.drv c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\std.dll c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\std.tmp c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\tjd.sys c:\users\Olsons\Documents\DPE.DUS c:\windows\security\Database\tmp.edb c:\windows\SysWow64\URTTemp c:\windows\SysWow64\URTTemp\regtlib.exe . . ((((((((((((((((((((((((( Files Created from 2012-10-12 to 2012-11-12 ))))))))))))))))))))))))))))))) . . 2012-11-12 17:16 . 2012-11-12 17:16 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-08 22:28 . 2012-11-08 22:28 -------- d-----w- c:\program files\Enigma Software Group 2012-11-08 22:27 . 2012-11-08 23:19 -------- d-----w- c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP 2012-11-08 22:26 . 2012-11-08 22:26 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard 2012-11-08 20:17 . 2012-11-08 23:16 -------- d-----w- c:\program files (x86)\RegistryNuke 2012 2012-11-07 23:42 . 2012-11-08 23:17 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-11-07 23:42 . 2012-11-08 23:16 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-11-07 21:35 . 2012-11-07 22:08 -------- d-----w- c:\programdata\bgxmlvkivhwfpqg 2012-11-07 19:31 . 2012-11-07 19:31 -------- d-----w- c:\users\Olsons\AppData\Roaming\CheckPoint 2012-11-07 19:31 . 2012-11-07 19:31 -------- d-----w- c:\program files\CheckPoint 2012-11-07 19:22 . 2012-11-07 19:30 -------- d-----w- c:\program files (x86)\CheckPoint 2012-11-07 19:22 . 2012-11-07 19:22 -------- d-----w- c:\programdata\CheckPoint 2012-11-07 17:58 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-11-07 17:51 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-11-07 17:51 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-11-07 17:51 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-11-07 17:49 . 2012-08-20 18:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-11-07 17:49 . 2012-08-20 17:32 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll 2012-11-07 17:49 . 2012-08-20 17:32 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll 2012-11-07 17:49 . 2012-08-20 18:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2012-11-07 17:49 . 2012-08-20 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2012-11-07 17:49 . 2012-08-20 15:38 2048 ----a-w- c:\windows\SysWow64\user.exe 2012-11-07 17:28 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-11-07 17:28 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-11-07 17:27 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-07 17:27 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-11-07 17:26 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll 2012-11-07 17:26 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll 2012-11-07 00:43 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll 2012-11-07 00:43 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-11-07 00:43 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-11-07 00:43 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-11-07 00:43 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-11-07 00:43 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-07 20:04 . 2010-11-10 15:48 65309168 ----a-w- c:\windows\system32\MRT.exe 2012-11-07 19:52 . 2012-06-13 15:09 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-11-07 19:52 . 2011-05-18 00:07 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-22 18:12 . 2012-09-13 05:51 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-08-22 18:12 . 2012-09-13 05:51 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 18:12 . 2012-09-13 05:51 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 18:12 . 2012-09-13 05:51 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-21 21:01 . 2012-09-26 23:39 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-08-20 17:38 . 2012-11-07 17:50 44032 ----a-w- c:\windows\apppatch\acwow64.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green] @="{95A27763-F62A-4114-9072-E81D87DE3B68}" [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}] 2011-03-02 04:07 750736 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] 2011-03-02 04:07 750736 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow] @="{5E529433-B50E-4bef-A63B-16A6B71B071A}" [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}] 2011-03-02 04:07 750736 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-02 931472] "Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2012-06-05 2215768] "ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2012-10-09 73392] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-09-22 560128] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdAuxService] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdCoreService] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936] R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [2012-05-11 92896] R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-05-11 402336] R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [2010-07-28 27336] R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [2010-07-28 67584] R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-05-11 41968] R3 ThreatFire;ThreatFire;c:\program files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-03 51712] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-07 1255736] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664] S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2012-04-23 426616] S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2012-02-28 453896] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280] S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-05-11 65664] S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-05-11 706776] S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [2012-05-11 341168] S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [2012-05-11 251528] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-15 202752] S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-05-09 575416] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2012-08-30 33712] S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2012-08-30 827560] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432] S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2012-03-20 162192] S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2012-06-05 1248256] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-08-06 320040] S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [2012-05-09 85192] . . Contents of the 'Scheduled Tasks' folder . 2012-11-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 19:52] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green] @="{95A27763-F62A-4114-9072-E81D87DE3B68}" [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}] 2011-03-02 03:52 1142928 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] 2011-03-02 03:52 1142928 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow] @="{5E529433-B50E-4bef-A63B-16A6B71B071A}" [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}] 2011-03-02 03:52 1142928 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-10 8321568] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105 LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll TCP: DhcpNameServer = 192.168.1.178 192.168.1.179 Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) HKLM-Run-ISW - (no file) AddRemove-SLABCOMM&10C4&EA60 - c:\program files (x86)\Silabs\MCU\CP210x\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60 . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-237684633-2471800293-1906079666-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-237684633-2471800293-1906079666-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe . ************************************************************************** . Completion time: 2012-11-12 09:45:19 - machine was rebooted ComboFix-quarantined-files.txt 2012-11-12 17:45 . Pre-Run: 530,821,992,448 bytes free Post-Run: 530,589,863,936 bytes free . - - End Of File - - 86A4ED7439CB3EBF682781033A7F5A85 As far as the computer goes, it starts up normally and everything seems to run fine. IE opens normally, but as soon as I start to navigate anywhere, it runs very slow. It take about 30 seconds for Google to return a search query. Then, when I click on any search result it still is re-directing me to malicious sites. I close IE as soon as I see that I am being re-directed. Other programs such as Excel open quickly, but when I attempt to open a file, it takes a long time for the "Open File" dialog box to open. From the time I click the Open File icon, the list of files doesn't open for about 30 seconds. I'm using a different PC to post on this forum. Thanks.

I apologize for not getting back to you for a few days. I had to leave town for the weekend. I will run the latest fix and post the results tomorrow. Thanks.

Here are the logs: Results of screen317's Security Check version 0.99.54 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` PC Tools Spyware Doctor with AntiVirus WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` PC Tools Spyware Doctor with AntiVirus 9.0 Malwarebytes Anti-Malware version 1.65.1.1000 Java 6 Update 22 Java version out of Date! Adobe Flash Player 11.4.402.287 Adobe Reader 9 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` Malwarebytes' Anti-Malware mbamscheduler.exe CheckPoint ZoneAlarm vsmon.exe CheckPoint ZoneAlarm zatray.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` # AdwCleaner v2.007 - Logfile created 11/09/2012 at 15:36:23 # Updated 06/11/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Olsons - OLSONS-PC # Boot Mode : Normal # Running from : C:\Users\Olsons\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. ************************* AdwCleaner[s1].txt - [704 octets] - [09/11/2012 15:36:23] ########## EOF - C:\AdwCleaner[s1].txt - [763 octets] ########## RogueKiller V8.2.3 [11/07/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Olsons [Admin rights] Mode : Scan -- Date : 11/09/2012 15:40:38 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 14 ¤¤¤ [TASK][sUSP PATH] Carbonite Upgrade Check : "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" /silent -> FOUND [TASK][sUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} : "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" /silent -> FOUND [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND [HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$42f8b41a722cb0f3e433f2558f879240\n.) -> FOUND [HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$42f8b41a722cb0f3e433f2558f879240\n.) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : Rans.Gendarm|Rans.Gendarm ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost 188.119.151.113 www.google-analytics.com. 188.119.151.113 ad-emea.doubleclick.net. 188.119.151.113 www.statcounter.com. ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD6400AAKS-75A7B2 ATA Device +++++ --- User --- [MBR] c351b0355ec5a2ace005552be9a53e96 [bSP] bd88243ba1753a8780c06e4eb19307c6 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 10118 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 20803584 | Size: 600307 Mo User != LL1 ... KO! --- LL1 --- [MBR] 337d0a0c80dd401b7154f9b94e162d9a [bSP] bd88243ba1753a8780c06e4eb19307c6 : Windows Vista MBR Code [possible maxSST in 3!] Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 10118 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 20803584 | Size: 600307 Mo 3 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 1250234368 | Size: 10 Mo User != LL2 ... KO! --- LL2 --- [MBR] 337d0a0c80dd401b7154f9b94e162d9a [bSP] bd88243ba1753a8780c06e4eb19307c6 : Windows Vista MBR Code [possible maxSST in 3!] Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 10118 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 20803584 | Size: 600307 Mo 3 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 1250234368 | Size: 10 Mo Finished : << RKreport[1]_S_11092012_02d1540.txt >> RKreport[1]_S_11092012_02d1540.txt RogueKiller V8.2.3 [11/07/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Olsons [Admin rights] Mode : Remove -- Date : 11/09/2012 15:41:31 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 11 ¤¤¤ [TASK][sUSP PATH] Carbonite Upgrade Check : "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" /silent -> DELETED [TASK][sUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} : "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" /silent -> DELETED [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED [HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$42f8b41a722cb0f3e433f2558f879240\n.) -> REPLACED (C:\Windows\system32\wbem\fastprox.dll) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : Rans.Gendarm|Rans.Gendarm ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost 188.119.151.113 www.google-analytics.com. 188.119.151.113 ad-emea.doubleclick.net. 188.119.151.113 www.statcounter.com. Thanks. Kevin

My computer was infected with the S.M.A.R.T virus. I ran Malwarebytes and PC Doctor and it seems to have removed the S.M.A.R.T. virus. I was able to unhide all my files and desktop, but my browser runs very slow and when I click on any Google or Yahoo search result I get re-directed to random web pages. Here is dds.txt: DDS (Ver_2012-11-07.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16450 Run by Olsons at 10:45:34 on 2012-11-09 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.1262 [GMT -8:00] . AV: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F} FW: ZoneAlarm Free Firewall Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\WUDFHost.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/ uURLSearchHooks: PC Tools Browser Guard: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll mWinlogon: Userinit = C:\WINDOWS\SYSWOW64\Userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe mRun: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 192.168.1.178 192.168.1.179 TCP: Interfaces\{BEEDD3D7-5BD2-480A-8109-8B616329EAAB} : DHCPNameServer = 192.168.1.178 192.168.1.179 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [iSW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden" x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - <orphaned> x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned> x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll x64-SSODL: WebCheck - <orphaned> Hosts: 188.119.151.113 www.google-analytics.com. Hosts: 188.119.151.113 ad-emea.doubleclick.net. Hosts: 188.119.151.113 www.statcounter.com. . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-1-5 647208] R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2010-1-5 289664] R0 PCTCore;PCTools KDS;C:\Windows\System32\drivers\PCTCore64.sys [2012-5-27 426616] R0 pctDS;PC Tools Data Store;C:\Windows\System32\drivers\pctDS64.sys [2012-5-27 453896] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-9-23 55280] R0 TfFsMon;TfFsMon;C:\Windows\System32\drivers\TfFsMon.sys [2012-5-27 65664] R0 TFSysMon;TFSysMon;C:\Windows\System32\drivers\TfSysMon.sys [2012-5-27 706776] R1 pctgntdi;pctgntdi;C:\Windows\System32\drivers\pctgntdi64.sys [2012-5-27 341168] R1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\System32\drivers\PCTSD64.sys [2012-5-27 251528] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-9-23 202752] R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-5-27 575416] R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648] R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2012-8-30 33712] R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2012-8-30 827560] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-26 399432] R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2010-9-23 162192] R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2012-6-5 1248256] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-9-23 705856] R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-9-23 320040] R3 PCTBD;PC Tools Browser Defender Driver;C:\Windows\System32\drivers\PCTBD64.sys [2012-5-27 85192] R3 TfNetMon;TfNetMon;C:\Windows\System32\drivers\TfNetMon.sys [2012-5-27 41968] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-26 676936] S2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [?] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 pctplsg;pctplsg;C:\Windows\System32\drivers\pctplsg64.sys [2012-5-27 92896] S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-5-27 402336] S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe [2012-5-27 1118648] S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;C:\Windows\System32\drivers\silabenm.sys [2010-10-31 27336] S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;C:\Windows\System32\drivers\silabser.sys [2010-10-31 67584] S3 ThreatFire;ThreatFire;C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service --> C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-12 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-2 51712] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-7 1255736] . =============== Created Last 30 ================ . 2012-11-08 22:28:29 -------- d-----w- C:\Program Files\Enigma Software Group 2012-11-08 22:27:24 -------- d-----w- C:\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP 2012-11-08 22:26:57 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard 2012-11-08 20:17:42 -------- d-----w- C:\Program Files (x86)\RegistryNuke 2012 2012-11-08 11:19:50 -------- d-sh--w- C:\$RECYCLE.BIN 2012-11-07 23:42:50 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2012-11-07 23:42:50 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2012-11-07 21:35:52 -------- d-----w- C:\ProgramData\bgxmlvkivhwfpqg 2012-11-07 19:31:40 -------- d-----w- C:\Users\Olsons\AppData\Roaming\CheckPoint 2012-11-07 19:31:09 -------- d-----w- C:\Program Files\CheckPoint 2012-11-07 19:22:29 -------- d-----w- C:\Program Files (x86)\CheckPoint 2012-11-07 19:22:28 -------- d-----w- C:\ProgramData\CheckPoint 2012-11-07 18:16:28 -------- d-----w- C:\Windows\pss 2012-11-07 17:58:55 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2012-11-07 17:51:14 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-11-07 17:51:00 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-11-07 17:51:00 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-11-07 17:49:59 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-11-07 17:49:58 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll 2012-11-07 17:49:58 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll 2012-11-07 17:49:57 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll 2012-11-07 17:49:57 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll 2012-11-07 17:49:56 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-11-07 17:28:20 220160 ----a-w- C:\Windows\System32\wintrust.dll 2012-11-07 17:28:19 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-11-07 17:27:32 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-11-07 17:27:32 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-11-07 17:26:05 715776 ----a-w- C:\Windows\System32\kerberos.dll 2012-11-07 17:26:05 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll 2012-11-07 00:43:42 1464320 ----a-w- C:\Windows\System32\crypt32.dll 2012-11-07 00:43:41 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-11-07 00:43:40 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-11-07 00:43:40 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-11-07 00:43:40 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-11-07 00:43:39 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll . ==================== Find3M ==================== . 2012-11-07 19:52:00 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-11-07 19:52:00 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys 2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys 2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe 2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll . ============= FINISH: 10:48:54.93 =============== And here is attach.txt: UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-07.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 10/5/2010 4:04:54 PM System Uptime: 11/8/2012 3:20:50 PM (19 hours ago) . Motherboard: Dell Inc. | | 04GJJT Processor: AMD Athlon™ II X2 240 Processor | CPU 1 | 784/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 586 GiB total, 494.831 GiB free. D: is CDROM () E: is Removable F: is Removable G: is Removable H: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP122: 9/21/2012 - Scheduled Checkpoint RP123: 9/27/2012 3:00:12 AM - Windows Update RP124: 10/5/2012 12:00:01 AM - Scheduled Checkpoint RP125: 11/6/2012 6:34:12 PM - Scheduled Checkpoint RP126: 11/7/2012 3:00:37 AM - Windows Update RP127: 11/7/2012 11:59:32 AM - Windows Update RP128: 11/7/2012 1:56:22 PM - Windows Modules Installer RP129: 11/7/2012 4:25:21 PM - Installed Microsoft Fix it 50267 RP130: 11/8/2012 3:00:12 AM - Windows Update RP131: 11/8/2012 2:27:32 PM - Installed SpyHunter RP132: 11/8/2012 3:17:35 PM - Removed SpyHunter . ==== Installed Programs ====================== . Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 9.5.0 Apple Application Support Apple Mobile Device Support Apple Software Update ATI Catalyst Control Center Bing Rewards Client Installer Bonjour Browser Guard 4.0 CaddieSync Express 1.2.9 Carbonite Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Consumer In-Home Service Agreement D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dell DataSafe Local Backup Dell DataSafe Local Backup - Support Software Dell DataSafe Online Dell Dock Dell Edoc Viewer Dell Getting Started Guide GoToAssist 8.0.0.514 iTunes Java Auto Updater Java™ 6 Update 20 (64-bit) Java™ 6 Update 22 Junk Mail filter update Logitech Harmony Remote Software 7 Malwarebytes Anti-Malware version 1.65.1.1000 Microsoft .NET Framework 1.1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Default Manager Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Student 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft UI Engine Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK PC Tools Spyware Doctor with AntiVirus 9.0 QuickBooks QuickBooks Premier: Accountant Edition 2007 QuickBooks Pro 2012 QuickBooks Product Listing Service QuickTime Realtek High Definition Audio Driver Remote Control USB Driver Roxio Burn Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7 Skins SkyCaddie Desktop Skype Toolbars Skype™ 5.10 SupportSoft Assisted Service Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources ZoneAlarm Firewall ZoneAlarm Free Firewall ZoneAlarm LTD Toolbar ZoneAlarm Security . ==== Event Viewer Messages From Past Week ======== . 11/8/2012 3:21:22 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 11/8/2012 3:21:21 PM, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed. 11/8/2012 3:21:21 PM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified. 11/8/2012 3:21:18 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 11/8/2012 3:21:07 PM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified. 11/8/2012 3:02:54 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SoftThinks Agent Service service to connect. 11/8/2012 3:02:54 PM, Error: Service Control Manager [7000] - The SoftThinks Agent Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/8/2012 3:02:24 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the PC Tools Security Service service to connect. 11/8/2012 3:02:24 PM, Error: Service Control Manager [7000] - The PC Tools Security Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/8/2012 12:14:26 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10. 11/7/2012 4:29:13 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 11/7/2012 4:29:12 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 11/7/2012 3:33:38 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. 11/7/2012 12:26:54 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0826: Update for Windows 7 for x64-based Systems (KB2756822). 11/7/2012 12:26:54 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0826: Update for Windows 7 for x64-based Systems (KB2749655). 11/7/2012 12:26:54 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0826: Update for Windows 7 for x64-based Systems (KB2739159). 11/7/2012 12:26:54 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0826: Update for Windows 7 for x64-based Systems (KB2731771). 11/7/2012 12:26:54 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0826: Update for Windows 7 for x64-based Systems (KB2709981). 11/7/2012 12:26:54 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0826: Security Update for Windows 7 for x64-based Systems (KB2743555). 11/7/2012 12:26:54 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0826: Security Update for Windows 7 for x64-based Systems (KB2731847). 11/7/2012 12:26:54 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0826: Security Update for Windows 7 for x64-based Systems (KB2724197). 11/7/2012 12:26:54 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070002: Update for Windows 7 for x64-based Systems (KB2592687). 11/7/2012 12:18:11 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004 11/7/2012 11:31:57 AM, Error: Service Control Manager [7030] - The TrueVector Internet Monitor service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 11/7/2012 10:24:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 11/7/2012 10:22:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 11/7/2012 10:22:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 11/7/2012 10:22:33 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 11/7/2012 10:22:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service CarboniteService with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666} 11/7/2012 10:22:27 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache PCTSD spldr TfFsMon TFSysMon Wanarpv6 11/7/2012 10:22:27 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 11/7/2012 10:22:03 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 11/7/2012 10:19:23 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect. 11/7/2012 10:19:23 AM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/7/2012 10:14:26 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Proxy Service service, but this action failed with the following error: An instance of the service is already running. 11/7/2012 10:13:26 AM, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 11/7/2012 10:13:26 AM, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 11/7/2012 10:13:26 AM, Error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 11/7/2012 10:08:01 AM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. 11/6/2012 3:25:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} . ==== End Of File =========================== Any help is appreciated. I look forward to your response. Kevin