BigKev
-
Posts
21 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by BigKev
-
-
Here is what ESET found:
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application
C:\Users\Olsons\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\2cc07e61-280b96ed a variant of Java/TrojanDownloader.OpenStream.NCE trojan
C:\Users\Olsons\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\2cc07e61-2ad7b80a a variant of Java/TrojanDownloader.OpenStream.NCE trojan
C:\Users\Olsons\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\2cc07e61-4871892c a variant of Java/TrojanDownloader.OpenStream.NCE trojan
C:\Users\Olsons\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\2cc07e61-61330240 a variant of Java/TrojanDownloader.OpenStream.NCE trojan
C:\Users\Olsons\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\2cc07e61-62653b50 a variant of Java/TrojanDownloader.OpenStream.NCE trojan
C:\Users\Olsons\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\2cc07e61-71ae2730 a variant of Java/TrojanDownloader.OpenStream.NCE trojan
-
Mbam log:
Malwarebytes Anti-Malware 1.65.1.1000
Database version: v2012.11.14.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Olsons :: OLSONS-PC [administrator]
11/14/2012 7:59:43 AM
mbam-log-2012-11-14 (07-59-43).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205986
Time elapsed: 2 minute(s), 13 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Hijack This log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:12:52 AM, on 11/14/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Olsons\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: Browser Guard BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKLM\..\Run: [iSTray] "C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI
O4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe -update activex
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: intu-help-qb5 - {867FCB77-9823-4CD6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ZoneAlarm LTD Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - Unknown owner - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (file missing)
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QBIDPService (QBVSS) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: ThreatFire - PC Tools - C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12575 bytes
No problems. Everything installed and ran smooth.
-
This time TDSSKiller worked. Here is the log.
So far things are looking good.
11:17:10.0886 2228 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:17:11.0763 2228 ============================================================
11:17:11.0763 2228 Current date / time: 2012/11/13 11:17:11.0763
11:17:11.0763 2228 SystemInfo:
11:17:11.0763 2228
11:17:11.0763 2228 OS Version: 6.1.7601 ServicePack: 1.0
11:17:11.0763 2228 Product type: Workstation
11:17:11.0763 2228 ComputerName: OLSONS-PC
11:17:11.0764 2228 UserName: Olsons
11:17:11.0764 2228 Windows directory: C:\Windows
11:17:11.0765 2228 System windows directory: C:\Windows
11:17:11.0765 2228 Running under WOW64
11:17:11.0765 2228 Processor architecture: Intel x64
11:17:11.0765 2228 Number of processors: 2
11:17:11.0765 2228 Page size: 0x1000
11:17:11.0765 2228 Boot type: Normal boot
11:17:11.0765 2228 ============================================================
11:17:14.0759 2228 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:17:14.0789 2228 ============================================================
11:17:14.0789 2228 \Device\Harddisk0\DR0:
11:17:14.0789 2228 MBR partitions:
11:17:14.0790 2228 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x13C3000
11:17:14.0790 2228 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13D7000, BlocksNum 0x49479AB0
11:17:14.0790 2228 ============================================================
11:17:14.0841 2228 C: <-> \Device\Harddisk0\DR0\Partition2
11:17:14.0842 2228 ============================================================
11:17:14.0842 2228 Initialize success
11:17:14.0842 2228 ============================================================
11:17:20.0533 4564 ============================================================
11:17:20.0533 4564 Scan started
11:17:20.0533 4564 Mode: Manual;
11:17:20.0533 4564 ============================================================
11:17:22.0285 4564 ================ Scan system memory ========================
11:17:22.0285 4564 System memory - ok
11:17:22.0287 4564 ================ Scan services =============================
11:17:22.0495 4564 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
11:17:22.0507 4564 1394ohci - ok
11:17:22.0548 4564 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:17:22.0552 4564 ACPI - ok
11:17:22.0619 4564 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:17:22.0620 4564 AcpiPmi - ok
11:17:22.0815 4564 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:17:22.0831 4564 AdobeFlashPlayerUpdateSvc - ok
11:17:22.0916 4564 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
11:17:22.0928 4564 adp94xx - ok
11:17:22.0990 4564 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
11:17:23.0010 4564 adpahci - ok
11:17:23.0036 4564 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
11:17:23.0044 4564 adpu320 - ok
11:17:23.0114 4564 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:17:23.0116 4564 AeLookupSvc - ok
11:17:23.0254 4564 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
11:17:23.0267 4564 AFD - ok
11:17:23.0333 4564 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
11:17:23.0338 4564 agp440 - ok
11:17:23.0353 4564 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
11:17:23.0355 4564 ALG - ok
11:17:23.0379 4564 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
11:17:23.0381 4564 aliide - ok
11:17:23.0416 4564 [ E2934A5F82E010D8783544536384B035 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
11:17:23.0420 4564 AMD External Events Utility - ok
11:17:23.0430 4564 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
11:17:23.0433 4564 amdide - ok
11:17:23.0465 4564 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
11:17:23.0470 4564 AmdK8 - ok
11:17:23.0531 4564 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
11:17:23.0534 4564 AmdPPM - ok
11:17:23.0665 4564 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:17:23.0670 4564 amdsata - ok
11:17:23.0755 4564 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
11:17:23.0759 4564 amdsbs - ok
11:17:23.0800 4564 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:17:23.0801 4564 amdxata - ok
11:17:23.0872 4564 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
11:17:23.0877 4564 AppID - ok
11:17:23.0903 4564 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:17:23.0903 4564 AppIDSvc - ok
11:17:23.0990 4564 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
11:17:23.0994 4564 Appinfo - ok
11:17:24.0134 4564 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:17:24.0135 4564 Apple Mobile Device - ok
11:17:24.0254 4564 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
11:17:24.0259 4564 arc - ok
11:17:24.0305 4564 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
11:17:24.0307 4564 arcsas - ok
11:17:24.0544 4564 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:17:24.0570 4564 aspnet_state - ok
11:17:24.0607 4564 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:17:24.0608 4564 AsyncMac - ok
11:17:24.0661 4564 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
11:17:24.0662 4564 atapi - ok
11:17:24.0692 4564 [ FB7602C5C508BE281368AAE0B61B51C6 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
11:17:24.0695 4564 AtiHdmiService - ok
11:17:24.0884 4564 [ ADF81052D94BCD3FF7DB2FE59E3ED6F4 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
11:17:24.0983 4564 atikmdag - ok
11:17:25.0016 4564 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
11:17:25.0017 4564 AtiPcie - ok
11:17:25.0065 4564 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:17:25.0069 4564 AudioEndpointBuilder - ok
11:17:25.0090 4564 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:17:25.0093 4564 AudioSrv - ok
11:17:25.0126 4564 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:17:25.0130 4564 AxInstSV - ok
11:17:25.0168 4564 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
11:17:25.0177 4564 b06bdrv - ok
11:17:25.0209 4564 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
11:17:25.0214 4564 b57nd60a - ok
11:17:25.0250 4564 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
11:17:25.0253 4564 BDESVC - ok
11:17:25.0387 4564 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
11:17:25.0388 4564 Beep - ok
11:17:25.0536 4564 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
11:17:25.0540 4564 BFE - ok
11:17:25.0678 4564 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
11:17:25.0687 4564 BITS - ok
11:17:25.0715 4564 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
11:17:25.0719 4564 blbdrive - ok
11:17:25.0814 4564 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:17:25.0817 4564 Bonjour Service - ok
11:17:25.0855 4564 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:17:25.0857 4564 bowser - ok
11:17:25.0889 4564 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:17:25.0890 4564 BrFiltLo - ok
11:17:25.0927 4564 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:17:25.0929 4564 BrFiltUp - ok
11:17:26.0003 4564 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
11:17:26.0005 4564 BridgeMP - ok
11:17:26.0060 4564 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
11:17:26.0062 4564 Browser - ok
11:17:26.0250 4564 [ 7229B58039D5A9338AD633E8AB60619C ] Browser Defender Update Service C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
11:17:26.0260 4564 Browser Defender Update Service - ok
11:17:26.0285 4564 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:17:26.0291 4564 Brserid - ok
11:17:26.0327 4564 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:17:26.0330 4564 BrSerWdm - ok
11:17:26.0354 4564 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:17:26.0356 4564 BrUsbMdm - ok
11:17:26.0380 4564 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:17:26.0383 4564 BrUsbSer - ok
11:17:26.0409 4564 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
11:17:26.0412 4564 BTHMODEM - ok
11:17:26.0806 4564 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
11:17:26.0823 4564 bthserv - ok
11:17:26.0968 4564 [ 59704E6F028C5B9207F023C75E262C69 ] CarboniteService C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
11:17:26.0998 4564 CarboniteService - ok
11:17:27.0038 4564 catchme - ok
11:17:27.0062 4564 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:17:27.0064 4564 cdfs - ok
11:17:27.0111 4564 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
11:17:27.0114 4564 cdrom - ok
11:17:27.0173 4564 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
11:17:27.0176 4564 CertPropSvc - ok
11:17:27.0209 4564 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
11:17:27.0213 4564 circlass - ok
11:17:27.0254 4564 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
11:17:27.0259 4564 CLFS - ok
11:17:27.0327 4564 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:17:27.0329 4564 clr_optimization_v2.0.50727_32 - ok
11:17:27.0398 4564 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:17:27.0411 4564 clr_optimization_v2.0.50727_64 - ok
11:17:27.0591 4564 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:17:27.0680 4564 clr_optimization_v4.0.30319_32 - ok
11:17:27.0704 4564 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:17:27.0738 4564 clr_optimization_v4.0.30319_64 - ok
11:17:27.0785 4564 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
11:17:27.0787 4564 CmBatt - ok
11:17:27.0936 4564 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:17:27.0940 4564 cmdide - ok
11:17:27.0978 4564 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
11:17:27.0984 4564 CNG - ok
11:17:28.0035 4564 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
11:17:28.0038 4564 Compbatt - ok
11:17:28.0094 4564 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
11:17:28.0097 4564 CompositeBus - ok
11:17:28.0109 4564 COMSysApp - ok
11:17:28.0129 4564 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
11:17:28.0130 4564 crcdisk - ok
11:17:28.0189 4564 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:17:28.0190 4564 CryptSvc - ok
11:17:28.0650 4564 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:17:28.0661 4564 DcomLaunch - ok
11:17:29.0141 4564 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
11:17:29.0160 4564 defragsvc - ok
11:17:29.0691 4564 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:17:29.0696 4564 DfsC - ok
11:17:29.0823 4564 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
11:17:29.0825 4564 Dhcp - ok
11:17:29.0882 4564 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
11:17:29.0883 4564 discache - ok
11:17:29.0965 4564 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
11:17:29.0970 4564 Disk - ok
11:17:30.0062 4564 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:17:30.0066 4564 Dnscache - ok
11:17:30.0429 4564 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
11:17:30.0433 4564 DockLoginService - ok
11:17:30.0493 4564 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
11:17:30.0499 4564 dot3svc - ok
11:17:30.0601 4564 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
11:17:30.0602 4564 DPS - ok
11:17:30.0802 4564 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:17:30.0804 4564 drmkaud - ok
11:17:30.0878 4564 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:17:30.0939 4564 DXGKrnl - ok
11:17:30.0966 4564 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
11:17:30.0969 4564 EapHost - ok
11:17:31.0238 4564 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
11:17:31.0306 4564 ebdrv - ok
11:17:31.0343 4564 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
11:17:31.0344 4564 EFS - ok
11:17:31.0443 4564 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:17:31.0486 4564 ehRecvr - ok
11:17:31.0524 4564 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
11:17:31.0526 4564 ehSched - ok
11:17:31.0591 4564 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
11:17:31.0819 4564 elxstor - ok
11:17:31.0917 4564 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:17:31.0920 4564 ErrDev - ok
11:17:32.0062 4564 esgiguard - ok
11:17:32.0131 4564 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
11:17:32.0139 4564 EventSystem - ok
11:17:32.0164 4564 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
11:17:32.0168 4564 exfat - ok
11:17:32.0217 4564 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:17:32.0220 4564 fastfat - ok
11:17:32.0280 4564 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
11:17:32.0346 4564 Fax - ok
11:17:32.0367 4564 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
11:17:32.0368 4564 fdc - ok
11:17:32.0395 4564 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
11:17:32.0397 4564 fdPHost - ok
11:17:32.0445 4564 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
11:17:32.0447 4564 FDResPub - ok
11:17:32.0481 4564 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:17:32.0484 4564 FileInfo - ok
11:17:32.0490 4564 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:17:32.0491 4564 Filetrace - ok
11:17:32.0506 4564 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
11:17:32.0508 4564 flpydisk - ok
11:17:32.0549 4564 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:17:32.0554 4564 FltMgr - ok
11:17:32.0633 4564 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
11:17:32.0639 4564 FontCache - ok
11:17:32.0685 4564 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:17:32.0687 4564 FontCache3.0.0.0 - ok
11:17:32.0700 4564 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:17:32.0702 4564 FsDepends - ok
11:17:32.0734 4564 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:17:32.0735 4564 Fs_Rec - ok
11:17:32.0773 4564 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:17:32.0777 4564 fvevol - ok
11:17:32.0802 4564 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
11:17:32.0804 4564 gagp30kx - ok
11:17:32.0837 4564 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:17:32.0838 4564 GEARAspiWDM - ok
11:17:32.0884 4564 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
11:17:32.0885 4564 GoToAssist - ok
11:17:32.0999 4564 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
11:17:33.0012 4564 gpsvc - ok
11:17:33.0048 4564 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:17:33.0050 4564 hcw85cir - ok
11:17:33.0218 4564 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
11:17:33.0221 4564 HDAudBus - ok
11:17:33.0265 4564 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
11:17:33.0268 4564 HidBatt - ok
11:17:33.0312 4564 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
11:17:33.0317 4564 HidBth - ok
11:17:33.0363 4564 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
11:17:33.0367 4564 HidIr - ok
11:17:33.0433 4564 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
11:17:33.0436 4564 hidserv - ok
11:17:33.0513 4564 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:17:33.0515 4564 HidUsb - ok
11:17:33.0595 4564 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:17:33.0603 4564 hkmsvc - ok
11:17:33.0682 4564 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:17:33.0688 4564 HomeGroupListener - ok
11:17:33.0766 4564 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:17:33.0772 4564 HomeGroupProvider - ok
11:17:33.0935 4564 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:17:33.0940 4564 HpSAMD - ok
11:17:34.0069 4564 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:17:34.0119 4564 HTTP - ok
11:17:34.0191 4564 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:17:34.0194 4564 hwpolicy - ok
11:17:34.0264 4564 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
11:17:34.0267 4564 i8042prt - ok
11:17:34.0313 4564 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:17:34.0322 4564 iaStorV - ok
11:17:34.0379 4564 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:17:34.0397 4564 idsvc - ok
11:17:34.0427 4564 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
11:17:34.0429 4564 iirsp - ok
11:17:34.0478 4564 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
11:17:34.0483 4564 IKEEXT - ok
11:17:34.0553 4564 [ 9526F32B8A76F8DC25A1587400E30084 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
11:17:34.0631 4564 IntcAzAudAddService - ok
11:17:34.0651 4564 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
11:17:34.0652 4564 intelide - ok
11:17:34.0685 4564 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:17:34.0687 4564 intelppm - ok
11:17:34.0715 4564 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:17:34.0716 4564 IPBusEnum - ok
11:17:34.0746 4564 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:17:34.0748 4564 IpFilterDriver - ok
11:17:34.0813 4564 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:17:34.0817 4564 iphlpsvc - ok
11:17:34.0845 4564 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
11:17:34.0848 4564 IPMIDRV - ok
11:17:34.0869 4564 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:17:34.0872 4564 IPNAT - ok
11:17:34.0933 4564 [ EE4C2A137C7088911A8919EFFC9812E7 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
11:17:34.0951 4564 iPod Service - ok
11:17:34.0971 4564 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:17:34.0973 4564 IRENUM - ok
11:17:34.0985 4564 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:17:34.0987 4564 isapnp - ok
11:17:35.0019 4564 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
11:17:35.0023 4564 iScsiPrt - ok
11:17:35.0083 4564 [ BA8C6135E6E632139DAC5B34861FCB03 ] ISWKL C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
11:17:35.0085 4564 ISWKL - ok
11:17:35.0105 4564 [ EEF0D7308C247294389B566A7830B211 ] IswSvc C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
11:17:35.0109 4564 IswSvc - ok
11:17:35.0139 4564 [ D85F3F18E44F7447B5F1BA5C85BAEB7C ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
11:17:35.0144 4564 k57nd60a - ok
11:17:35.0183 4564 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:17:35.0187 4564 kbdclass - ok
11:17:35.0282 4564 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
11:17:35.0284 4564 kbdhid - ok
11:17:35.0293 4564 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
11:17:35.0294 4564 KeyIso - ok
11:17:35.0334 4564 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:17:35.0336 4564 KSecDD - ok
11:17:35.0362 4564 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:17:35.0365 4564 KSecPkg - ok
11:17:35.0392 4564 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
11:17:35.0393 4564 ksthunk - ok
11:17:35.0432 4564 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
11:17:35.0439 4564 KtmRm - ok
11:17:35.0473 4564 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
11:17:35.0475 4564 LanmanServer - ok
11:17:35.0515 4564 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:17:35.0516 4564 LanmanWorkstation - ok
11:17:35.0552 4564 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:17:35.0554 4564 lltdio - ok
11:17:35.0576 4564 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:17:35.0582 4564 lltdsvc - ok
11:17:35.0603 4564 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:17:35.0604 4564 lmhosts - ok
11:17:35.0636 4564 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
11:17:35.0639 4564 LSI_FC - ok
11:17:35.0651 4564 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
11:17:35.0654 4564 LSI_SAS - ok
11:17:35.0669 4564 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:17:35.0671 4564 LSI_SAS2 - ok
11:17:35.0686 4564 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:17:35.0689 4564 LSI_SCSI - ok
11:17:35.0705 4564 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
11:17:35.0707 4564 luafv - ok
11:17:35.0718 4564 MBAMProtector - ok
11:17:35.0783 4564 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
11:17:35.0785 4564 MBAMScheduler - ok
11:17:35.0825 4564 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:17:35.0844 4564 MBAMService - ok
11:17:35.0889 4564 McMPFSvc - ok
11:17:35.0928 4564 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:17:35.0931 4564 Mcx2Svc - ok
11:17:35.0940 4564 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
11:17:35.0942 4564 megasas - ok
11:17:35.0957 4564 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
11:17:35.0962 4564 MegaSR - ok
11:17:35.0991 4564 [ 60CF67458DD29CD17E77F2327B1A9A54 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
11:17:36.0009 4564 mfehidk - ok
11:17:36.0058 4564 [ 723A5EB6CEF7F408C3D0F15A82A6BFF8 ] mfevtp C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
11:17:36.0059 4564 mfevtp - ok
11:17:36.0086 4564 [ 919C56DB14A0E1E2AB6DA5D2821DC26E ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
11:17:36.0091 4564 mfewfpk - ok
11:17:36.0120 4564 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
11:17:36.0122 4564 MMCSS - ok
11:17:36.0142 4564 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
11:17:36.0144 4564 Modem - ok
11:17:36.0168 4564 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:17:36.0169 4564 monitor - ok
11:17:36.0194 4564 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:17:36.0196 4564 mouclass - ok
11:17:36.0226 4564 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:17:36.0227 4564 mouhid - ok
11:17:36.0261 4564 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:17:36.0264 4564 mountmgr - ok
11:17:36.0280 4564 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
11:17:36.0283 4564 mpio - ok
11:17:36.0295 4564 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:17:36.0298 4564 mpsdrv - ok
11:17:36.0364 4564 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:17:36.0370 4564 MpsSvc - ok
11:17:36.0410 4564 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:17:36.0413 4564 MRxDAV - ok
11:17:36.0450 4564 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:17:36.0453 4564 mrxsmb - ok
11:17:36.0490 4564 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:17:36.0495 4564 mrxsmb10 - ok
11:17:36.0547 4564 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:17:36.0553 4564 mrxsmb20 - ok
11:17:36.0645 4564 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
11:17:36.0648 4564 msahci - ok
11:17:36.0687 4564 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:17:36.0690 4564 msdsm - ok
11:17:36.0705 4564 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
11:17:36.0708 4564 MSDTC - ok
11:17:36.0732 4564 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:17:36.0733 4564 Msfs - ok
11:17:36.0797 4564 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:17:36.0800 4564 mshidkmdf - ok
11:17:36.0872 4564 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:17:36.0874 4564 msisadrv - ok
11:17:36.0990 4564 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:17:36.0997 4564 MSiSCSI - ok
11:17:37.0001 4564 msiserver - ok
11:17:37.0044 4564 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:17:37.0046 4564 MSKSSRV - ok
11:17:37.0049 4564 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:17:37.0051 4564 MSPCLOCK - ok
11:17:37.0074 4564 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:17:37.0076 4564 MSPQM - ok
11:17:37.0120 4564 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:17:37.0140 4564 MsRPC - ok
11:17:37.0855 4564 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
11:17:37.0855 4564 mssmbios - ok
11:17:37.0867 4564 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:17:37.0869 4564 MSTEE - ok
11:17:37.0882 4564 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
11:17:37.0883 4564 MTConfig - ok
11:17:37.0901 4564 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
11:17:37.0903 4564 Mup - ok
11:17:37.0941 4564 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
11:17:37.0945 4564 napagent - ok
11:17:37.0967 4564 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:17:37.0973 4564 NativeWifiP - ok
11:17:38.0036 4564 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
11:17:38.0042 4564 NDIS - ok
11:17:38.0078 4564 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:17:38.0080 4564 NdisCap - ok
11:17:38.0107 4564 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:17:38.0110 4564 NdisTapi - ok
11:17:38.0146 4564 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:17:38.0148 4564 Ndisuio - ok
11:17:38.0217 4564 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:17:38.0221 4564 NdisWan - ok
11:17:38.0290 4564 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:17:38.0292 4564 NDProxy - ok
11:17:38.0302 4564 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:17:38.0304 4564 NetBIOS - ok
11:17:38.0363 4564 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:17:38.0383 4564 NetBT - ok
11:17:38.0401 4564 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
11:17:38.0404 4564 Netlogon - ok
11:17:38.0434 4564 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
11:17:38.0437 4564 Netman - ok
11:17:38.0510 4564 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:17:38.0597 4564 NetMsmqActivator - ok
11:17:38.0606 4564 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:17:38.0609 4564 NetPipeActivator - ok
11:17:38.0636 4564 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
11:17:38.0639 4564 netprofm - ok
11:17:38.0655 4564 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:17:38.0656 4564 NetTcpActivator - ok
11:17:38.0661 4564 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:17:38.0662 4564 NetTcpPortSharing - ok
11:17:38.0718 4564 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
11:17:38.0724 4564 nfrd960 - ok
11:17:38.0807 4564 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:17:38.0810 4564 NlaSvc - ok
11:17:38.0836 4564 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:17:38.0837 4564 Npfs - ok
11:17:38.0872 4564 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
11:17:38.0876 4564 nsi - ok
11:17:38.0887 4564 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:17:38.0889 4564 nsiproxy - ok
11:17:38.0967 4564 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:17:38.0997 4564 Ntfs - ok
11:17:39.0012 4564 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
11:17:39.0014 4564 Null - ok
11:17:39.0052 4564 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:17:39.0058 4564 nvraid - ok
11:17:39.0157 4564 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:17:39.0164 4564 nvstor - ok
11:17:39.0186 4564 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:17:39.0188 4564 nv_agp - ok
11:17:39.0217 4564 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
11:17:39.0219 4564 ohci1394 - ok
11:17:39.0396 4564 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:17:39.0399 4564 ose - ok
11:17:39.0549 4564 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:17:39.0637 4564 osppsvc - ok
11:17:39.0666 4564 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:17:39.0671 4564 p2pimsvc - ok
11:17:39.0737 4564 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
11:17:39.0759 4564 p2psvc - ok
11:17:39.0796 4564 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
11:17:39.0799 4564 Parport - ok
11:17:39.0859 4564 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:17:39.0863 4564 partmgr - ok
11:17:39.0896 4564 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:17:39.0898 4564 PcaSvc - ok
11:17:39.0946 4564 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
11:17:39.0953 4564 pci - ok
11:17:39.0984 4564 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
11:17:39.0985 4564 pciide - ok
11:17:40.0016 4564 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
11:17:40.0020 4564 pcmcia - ok
11:17:40.0113 4564 [ 8FE3547A6A4669817BD01ABD46F0CEE5 ] PCTBD C:\Windows\system32\Drivers\PCTBD64.sys
11:17:40.0116 4564 PCTBD - ok
11:17:40.0179 4564 [ 876FD95B7A3B7FE6179FBD16E7A6486C ] PCTCore C:\Windows\system32\drivers\PCTCore64.sys
11:17:40.0213 4564 PCTCore - ok
11:17:40.0258 4564 [ BA1F42A42F405F62CEFF6B69A2797F7C ] pctDS C:\Windows\system32\drivers\pctDS64.sys
11:17:40.0264 4564 pctDS - ok
11:17:40.0316 4564 [ 814ACBA180FB7AD3856D5CCAA857C97D ] pctgntdi C:\Windows\System32\drivers\pctgntdi64.sys
11:17:40.0335 4564 pctgntdi - ok
11:17:40.0369 4564 [ ABC87B90C4D20B0F76DA00FF24B8826A ] pctplsg C:\Windows\System32\drivers\pctplsg64.sys
11:17:40.0370 4564 pctplsg - ok
11:17:40.0436 4564 [ 577F20EBF1E42BEBB238E2412B99C7EE ] PCTSD C:\Windows\system32\Drivers\PCTSD64.sys
11:17:40.0442 4564 PCTSD - ok
11:17:40.0469 4564 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
11:17:40.0471 4564 pcw - ok
11:17:40.0506 4564 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:17:40.0525 4564 PEAUTH - ok
11:17:40.0656 4564 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
11:17:40.0667 4564 PerfHost - ok
11:17:40.0733 4564 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
11:17:40.0741 4564 pla - ok
11:17:40.0780 4564 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:17:40.0790 4564 PlugPlay - ok
11:17:40.0823 4564 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:17:40.0825 4564 PNRPAutoReg - ok
11:17:40.0840 4564 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:17:40.0844 4564 PNRPsvc - ok
11:17:40.0864 4564 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:17:40.0867 4564 PolicyAgent - ok
11:17:40.0916 4564 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
11:17:40.0918 4564 Power - ok
11:17:40.0940 4564 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:17:40.0943 4564 PptpMiniport - ok
11:17:40.0998 4564 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
11:17:41.0002 4564 Processor - ok
11:17:41.0047 4564 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
11:17:41.0087 4564 ProfSvc - ok
11:17:41.0092 4564 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:17:41.0094 4564 ProtectedStorage - ok
11:17:41.0135 4564 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:17:41.0138 4564 Psched - ok
11:17:41.0153 4564 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
11:17:41.0156 4564 PxHlpa64 - ok
11:17:41.0253 4564 [ 291E76C02C0994E4E6F1F97A4BCF6C0E ] QBCFMonitorService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
11:17:41.0254 4564 QBCFMonitorService - ok
11:17:41.0340 4564 [ 6BEE1814470DC12FA20C53DFC3C97EBB ] QBFCService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
11:17:41.0342 4564 QBFCService - ok
11:17:41.0398 4564 [ 556EF21A96D296357D7BA075095E0A0A ] QBVSS C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
11:17:41.0405 4564 QBVSS - ok
11:17:41.0450 4564 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
11:17:41.0478 4564 ql2300 - ok
11:17:41.0504 4564 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
11:17:41.0506 4564 ql40xx - ok
11:17:41.0533 4564 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
11:17:41.0538 4564 QWAVE - ok
11:17:41.0542 4564 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:17:41.0544 4564 QWAVEdrv - ok
11:17:41.0558 4564 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:17:41.0560 4564 RasAcd - ok
11:17:41.0592 4564 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:17:41.0595 4564 RasAgileVpn - ok
11:17:41.0609 4564 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
11:17:41.0610 4564 RasAuto - ok
11:17:41.0657 4564 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:17:41.0660 4564 Rasl2tp - ok
11:17:41.0695 4564 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
11:17:41.0698 4564 RasMan - ok
11:17:41.0724 4564 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:17:41.0726 4564 RasPppoe - ok
11:17:41.0739 4564 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:17:41.0741 4564 RasSstp - ok
11:17:41.0781 4564 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:17:41.0786 4564 rdbss - ok
11:17:41.0790 4564 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
11:17:41.0792 4564 rdpbus - ok
11:17:41.0811 4564 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:17:41.0812 4564 RDPCDD - ok
11:17:41.0828 4564 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:17:41.0829 4564 RDPENCDD - ok
11:17:41.0845 4564 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:17:41.0846 4564 RDPREFMP - ok
11:17:41.0875 4564 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:17:41.0879 4564 RDPWD - ok
11:17:41.0912 4564 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:17:41.0916 4564 rdyboost - ok
11:17:41.0941 4564 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:17:41.0942 4564 RemoteAccess - ok
11:17:41.0966 4564 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:17:41.0968 4564 RemoteRegistry - ok
11:17:42.0002 4564 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:17:42.0003 4564 RpcEptMapper - ok
11:17:42.0033 4564 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
11:17:42.0035 4564 RpcLocator - ok
11:17:42.0070 4564 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
11:17:42.0073 4564 RpcSs - ok
11:17:42.0088 4564 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:17:42.0091 4564 rspndr - ok
11:17:42.0101 4564 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
11:17:42.0102 4564 SamSs - ok
11:17:42.0127 4564 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:17:42.0130 4564 sbp2port - ok
11:17:42.0148 4564 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:17:42.0151 4564 SCardSvr - ok
11:17:42.0205 4564 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:17:42.0207 4564 scfilter - ok
11:17:42.0253 4564 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
11:17:42.0273 4564 Schedule - ok
11:17:42.0321 4564 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
11:17:42.0321 4564 SCPolicySvc - ok
11:17:42.0523 4564 [ 17D6A03103586D7954BA74C2219CE1BB ] sdAuxService C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe
11:17:42.0530 4564 sdAuxService - ok
11:17:42.0595 4564 [ 44323C0BCBFFA66A7A90E93F5D027999 ] sdCoreService C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe
11:17:42.0601 4564 sdCoreService - ok
11:17:42.0673 4564 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:17:42.0677 4564 SDRSVC - ok
11:17:42.0705 4564 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:17:42.0706 4564 secdrv - ok
11:17:42.0737 4564 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
11:17:42.0739 4564 seclogon - ok
11:17:42.0759 4564 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
11:17:42.0761 4564 SENS - ok
11:17:42.0774 4564 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:17:42.0777 4564 SensrSvc - ok
11:17:42.0792 4564 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
11:17:42.0793 4564 Serenum - ok
11:17:42.0815 4564 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
11:17:42.0818 4564 Serial - ok
11:17:42.0851 4564 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
11:17:42.0853 4564 sermouse - ok
11:17:42.0911 4564 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
11:17:42.0914 4564 SessionEnv - ok
11:17:42.0943 4564 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:17:42.0945 4564 sffdisk - ok
11:17:42.0955 4564 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:17:42.0956 4564 sffp_mmc - ok
11:17:42.0960 4564 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:17:42.0962 4564 sffp_sd - ok
11:17:43.0034 4564 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
11:17:43.0035 4564 sfloppy - ok
11:17:43.0078 4564 [ 38F88F0DF46C4D42125EF721ABD7F6B9 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
11:17:43.0083 4564 SftService - ok
11:17:43.0165 4564 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:17:43.0168 4564 SharedAccess - ok
11:17:43.0206 4564 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:17:43.0208 4564 ShellHWDetection - ok
11:17:43.0244 4564 [ 7799106FEE728B907A86D9C9751E02D5 ] silabenm C:\Windows\system32\DRIVERS\silabenm.sys
11:17:43.0246 4564 silabenm - ok
11:17:43.0316 4564 [ 3C356BEAA55339D7CE7A9509E22166CC ] silabser C:\Windows\system32\DRIVERS\silabser.sys
11:17:43.0319 4564 silabser - ok
11:17:43.0353 4564 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:17:43.0357 4564 SiSRaid2 - ok
11:17:43.0519 4564 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
11:17:43.0524 4564 SiSRaid4 - ok
11:17:43.0634 4564 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
11:17:43.0635 4564 SkypeUpdate - ok
11:17:43.0656 4564 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:17:43.0658 4564 Smb - ok
11:17:43.0738 4564 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:17:43.0744 4564 SNMPTRAP - ok
11:17:43.0770 4564 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
11:17:43.0774 4564 spldr - ok
11:17:43.0844 4564 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
11:17:43.0855 4564 Spooler - ok
11:17:43.0959 4564 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
11:17:43.0979 4564 sppsvc - ok
11:17:43.0997 4564 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:17:44.0000 4564 sppuinotify - ok
11:17:44.0036 4564 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
11:17:44.0040 4564 srv - ok
11:17:44.0123 4564 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:17:44.0128 4564 srv2 - ok
11:17:44.0168 4564 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:17:44.0175 4564 srvnet - ok
11:17:44.0256 4564 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:17:44.0258 4564 SSDPSRV - ok
11:17:44.0271 4564 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:17:44.0274 4564 SstpSvc - ok
11:17:44.0292 4564 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
11:17:44.0294 4564 stexstor - ok
11:17:44.0328 4564 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
11:17:44.0333 4564 stisvc - ok
11:17:44.0364 4564 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
11:17:44.0366 4564 swenum - ok
11:17:44.0385 4564 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
11:17:44.0401 4564 swprv - ok
11:17:44.0475 4564 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
11:17:44.0485 4564 SysMain - ok
11:17:44.0516 4564 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:17:44.0517 4564 TabletInputService - ok
11:17:44.0578 4564 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
11:17:44.0585 4564 TapiSrv - ok
11:17:44.0619 4564 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
11:17:44.0621 4564 TBS - ok
11:17:44.0686 4564 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:17:44.0715 4564 Tcpip - ok
11:17:44.0785 4564 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:17:44.0795 4564 TCPIP6 - ok
11:17:44.0837 4564 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:17:44.0839 4564 tcpipreg - ok
11:17:44.0854 4564 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:17:44.0856 4564 TDPIPE - ok
11:17:44.0888 4564 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:17:44.0890 4564 TDTCP - ok
11:17:44.0920 4564 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:17:44.0923 4564 tdx - ok
11:17:44.0958 4564 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
11:17:44.0961 4564 TermDD - ok
11:17:45.0000 4564 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
11:17:45.0006 4564 TermService - ok
11:17:45.0054 4564 [ 9CD5C339754E2310790CA27DBBD31F88 ] TfFsMon C:\Windows\system32\drivers\TfFsMon.sys
11:17:45.0056 4564 TfFsMon - ok
11:17:45.0063 4564 [ 00809507FAFA1BE93DBBACE5029F27BB ] TfNetMon C:\Windows\system32\drivers\TfNetMon.sys
11:17:45.0065 4564 TfNetMon - ok
11:17:45.0112 4564 [ 3593A7B1264FBA24FE9E097A99B3E848 ] TFSysMon C:\Windows\system32\drivers\TfSysMon.sys
11:17:45.0129 4564 TFSysMon - ok
11:17:45.0137 4564 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
11:17:45.0141 4564 Themes - ok
11:17:45.0170 4564 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
11:17:45.0172 4564 THREADORDER - ok
11:17:45.0199 4564 ThreatFire - ok
11:17:45.0220 4564 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
11:17:45.0223 4564 TrkWks - ok
11:17:45.0275 4564 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:17:45.0277 4564 TrustedInstaller - ok
11:17:45.0310 4564 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:17:45.0312 4564 tssecsrv - ok
11:17:45.0349 4564 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
11:17:45.0351 4564 TsUsbFlt - ok
11:17:45.0399 4564 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:17:45.0401 4564 tunnel - ok
11:17:45.0429 4564 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
11:17:45.0432 4564 uagp35 - ok
11:17:45.0461 4564 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:17:45.0466 4564 udfs - ok
11:17:45.0488 4564 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:17:45.0491 4564 UI0Detect - ok
11:17:45.0508 4564 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:17:45.0510 4564 uliagpkx - ok
11:17:45.0553 4564 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
11:17:45.0555 4564 umbus - ok
11:17:45.0568 4564 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
11:17:45.0571 4564 UmPass - ok
11:17:45.0588 4564 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
11:17:45.0591 4564 upnphost - ok
11:17:45.0635 4564 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
11:17:45.0637 4564 USBAAPL64 - ok
11:17:45.0647 4564 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:17:45.0649 4564 usbccgp - ok
11:17:45.0692 4564 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:17:45.0695 4564 usbcir - ok
11:17:45.0709 4564 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
11:17:45.0711 4564 usbehci - ok
11:17:45.0722 4564 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:17:45.0728 4564 usbhub - ok
11:17:45.0761 4564 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
11:17:45.0763 4564 usbohci - ok
11:17:45.0786 4564 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:17:45.0788 4564 usbprint - ok
11:17:45.0810 4564 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
11:17:45.0811 4564 usbscan - ok
11:17:45.0819 4564 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:17:45.0822 4564 USBSTOR - ok
11:17:45.0839 4564 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
11:17:45.0842 4564 usbuhci - ok
11:17:45.0859 4564 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
11:17:45.0860 4564 UxSms - ok
11:17:45.0876 4564 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
11:17:45.0877 4564 VaultSvc - ok
11:17:45.0891 4564 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
11:17:45.0893 4564 vdrvroot - ok
11:17:45.0933 4564 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
11:17:45.0937 4564 vds - ok
11:17:45.0951 4564 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:17:45.0953 4564 vga - ok
11:17:45.0966 4564 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
11:17:45.0967 4564 VgaSave - ok
11:17:45.0980 4564 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
11:17:45.0984 4564 vhdmp - ok
11:17:46.0013 4564 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
11:17:46.0015 4564 viaide - ok
11:17:46.0027 4564 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:17:46.0030 4564 volmgr - ok
11:17:46.0068 4564 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:17:46.0073 4564 volmgrx - ok
11:17:46.0083 4564 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:17:46.0088 4564 volsnap - ok
11:17:46.0128 4564 [ 239D8D72730226CD460BDC8CA0A23D43 ] Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys
11:17:46.0131 4564 Vsdatant - ok
11:17:46.0156 4564 vsmon - ok
11:17:46.0187 4564 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
11:17:46.0191 4564 vsmraid - ok
11:17:46.0245 4564 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
11:17:46.0271 4564 VSS - ok
11:17:46.0285 4564 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
11:17:46.0287 4564 vwifibus - ok
11:17:46.0312 4564 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
11:17:46.0316 4564 W32Time - ok
11:17:46.0330 4564 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
11:17:46.0331 4564 WacomPen - ok
11:17:46.0349 4564 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:17:46.0352 4564 WANARP - ok
11:17:46.0366 4564 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:17:46.0367 4564 Wanarpv6 - ok
11:17:46.0536 4564 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
11:17:46.0566 4564 WatAdminSvc - ok
11:17:46.0633 4564 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
11:17:46.0662 4564 wbengine - ok
11:17:46.0706 4564 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:17:46.0711 4564 WbioSrvc - ok
11:17:46.0745 4564 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:17:46.0753 4564 wcncsvc - ok
11:17:46.0766 4564 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:17:46.0768 4564 WcsPlugInService - ok
11:17:46.0786 4564 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
11:17:46.0787 4564 Wd - ok
11:17:46.0804 4564 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:17:46.0822 4564 Wdf01000 - ok
11:17:46.0839 4564 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:17:46.0841 4564 WdiServiceHost - ok
11:17:46.0845 4564 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:17:46.0847 4564 WdiSystemHost - ok
11:17:46.0883 4564 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
11:17:46.0889 4564 WebClient - ok
11:17:46.0901 4564 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:17:46.0903 4564 Wecsvc - ok
11:17:46.0917 4564 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:17:46.0920 4564 wercplsupport - ok
11:17:46.0940 4564 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
11:17:46.0943 4564 WerSvc - ok
11:17:46.0970 4564 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:17:46.0972 4564 WfpLwf - ok
11:17:46.0995 4564 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
11:17:47.0000 4564 WimFltr - ok
11:17:47.0015 4564 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:17:47.0017 4564 WIMMount - ok
11:17:47.0037 4564 WinDefend - ok
11:17:47.0044 4564 WinHttpAutoProxySvc - ok
11:17:47.0081 4564 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:17:47.0085 4564 Winmgmt - ok
11:17:47.0142 4564 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
11:17:47.0155 4564 WinRM - ok
11:17:47.0206 4564 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
11:17:47.0208 4564 WinUsb - ok
11:17:47.0234 4564 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
11:17:47.0240 4564 Wlansvc - ok
11:17:47.0328 4564 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:17:47.0341 4564 wlidsvc - ok
11:17:47.0357 4564 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
11:17:47.0358 4564 WmiAcpi - ok
11:17:47.0375 4564 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:17:47.0379 4564 wmiApSrv - ok
11:17:47.0395 4564 WMPNetworkSvc - ok
11:17:47.0412 4564 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:17:47.0413 4564 WPCSvc - ok
11:17:47.0444 4564 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:17:47.0446 4564 WPDBusEnum - ok
11:17:47.0471 4564 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:17:47.0472 4564 ws2ifsl - ok
11:17:47.0512 4564 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
11:17:47.0514 4564 wscsvc - ok
11:17:47.0517 4564 WSearch - ok
11:17:47.0590 4564 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
11:17:47.0603 4564 wuauserv - ok
11:17:47.0628 4564 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:17:47.0631 4564 WudfPf - ok
11:17:47.0823 4564 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:17:47.0829 4564 WUDFRd - ok
11:17:47.0885 4564 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:17:47.0887 4564 wudfsvc - ok
11:17:47.0904 4564 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
11:17:47.0907 4564 WwanSvc - ok
11:17:47.0931 4564 ================ Scan global ===============================
11:17:47.0959 4564 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:17:47.0998 4564 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
11:17:48.0014 4564 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
11:17:48.0044 4564 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:17:48.0063 4564 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:17:48.0066 4564 [Global] - ok
11:17:48.0069 4564 ================ Scan MBR ==================================
11:17:48.0083 4564 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:17:48.0344 4564 \Device\Harddisk0\DR0 - ok
11:17:48.0344 4564 ================ Scan VBR ==================================
11:17:48.0347 4564 [ 93CEC7A19B7CB9C36012DA72C5E473FF ] \Device\Harddisk0\DR0\Partition1
11:17:48.0348 4564 \Device\Harddisk0\DR0\Partition1 - ok
11:17:48.0361 4564 [ A6B3D72CFB8DAEC8C59E9263186C8202 ] \Device\Harddisk0\DR0\Partition2
11:17:48.0363 4564 \Device\Harddisk0\DR0\Partition2 - ok
11:17:48.0363 4564 ============================================================
11:17:48.0363 4564 Scan finished
11:17:48.0363 4564 ============================================================
11:17:48.0374 4784 Detected object count: 0
11:17:48.0374 4784 Actual detected object count: 0
11:18:16.0491 2876 Deinitialize success
-
Here is the latest combofix log. All in all it seems to be running solid. No issues with IE9 re-directing Google searches. No false pop-ups, etc. OS seems to be running slow, but that could be my imagination.
ComboFix 12-11-13.02 - Olsons 11/13/2012 10:02:17.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.1553 [GMT -8:00]
Running from: c:\users\Olsons\Desktop\ComboFix.exe
AV: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-13 to 2012-11-13 )))))))))))))))))))))))))))))))
.
.
2012-11-13 18:10 . 2012-11-13 18:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-13 12:16 . 2012-11-13 12:16 -------- d-----w- C:\FRST
2012-11-08 22:28 . 2012-11-08 22:28 -------- d-----w- c:\program files\Enigma Software Group
2012-11-08 22:27 . 2012-11-08 23:19 -------- d-----w- c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
2012-11-08 22:26 . 2012-11-08 22:26 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-11-08 20:17 . 2012-11-08 23:16 -------- d-----w- c:\program files (x86)\RegistryNuke 2012
2012-11-07 23:42 . 2012-11-08 23:17 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-11-07 23:42 . 2012-11-08 23:16 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-11-07 21:35 . 2012-11-07 22:08 -------- d-----w- c:\programdata\bgxmlvkivhwfpqg
2012-11-07 19:31 . 2012-11-07 19:31 -------- d-----w- c:\users\Olsons\AppData\Roaming\CheckPoint
2012-11-07 19:31 . 2012-11-07 19:31 -------- d-----w- c:\program files\CheckPoint
2012-11-07 19:22 . 2012-11-07 19:30 -------- d-----w- c:\program files (x86)\CheckPoint
2012-11-07 19:22 . 2012-11-07 19:22 -------- d-----w- c:\programdata\CheckPoint
2012-11-07 17:58 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-11-07 17:51 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-11-07 17:51 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-11-07 17:51 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-11-07 17:49 . 2012-08-20 18:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-07 17:49 . 2012-08-20 17:32 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-11-07 17:49 . 2012-08-20 17:32 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2012-11-07 17:49 . 2012-08-20 18:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-07 17:49 . 2012-08-20 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-07 17:49 . 2012-08-20 15:38 2048 ----a-w- c:\windows\SysWow64\user.exe
2012-11-07 17:28 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-11-07 17:28 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-11-07 17:27 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-07 17:27 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-07 17:26 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-11-07 17:26 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-11-07 00:43 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-11-07 00:43 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-11-07 00:43 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-11-07 00:43 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-11-07 00:43 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-11-07 00:43 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-07 20:04 . 2010-11-10 15:48 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-11-07 19:52 . 2012-06-13 15:09 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-07 19:52 . 2011-05-18 00:07 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-22 18:12 . 2012-09-13 05:51 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-13 05:51 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-13 05:51 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-13 05:51 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-26 23:39 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 17:38 . 2012-11-07 17:50 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-03-02 04:07 750736 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-03-02 04:07 750736 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-03-02 04:07 750736 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-02 931472]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2012-06-05 2215768]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2012-10-09 73392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-09-22 560128]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdAuxService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdCoreService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [2012-05-11 92896]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-05-11 402336]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [2010-07-28 27336]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [2010-07-28 67584]
R3 ThreatFire;ThreatFire;c:\program files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-03 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-07 1255736]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2012-04-23 426616]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2012-02-28 453896]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-05-11 65664]
S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-05-11 706776]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [2012-05-11 341168]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [2012-05-11 251528]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-15 202752]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-05-09 575416]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2012-08-30 33712]
S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2012-08-30 827560]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2012-03-20 162192]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2012-06-05 1248256]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-08-06 320040]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [2012-05-09 85192]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-05-11 41968]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PCTSDInjDriver64
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 19:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-03-02 03:52 1142928 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-03-02 03:52 1142928 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-03-02 03:52 1142928 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-10 8321568]
"ISW"="" [bU]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 192.168.1.178 192.168.1.179
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-SLABCOMM&10C4&EA60 - c:\program files (x86)\Silabs\MCU\CP210x\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-237684633-2471800293-1906079666-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-237684633-2471800293-1906079666-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-13 10:13:40
ComboFix-quarantined-files.txt 2012-11-13 18:13
ComboFix2.txt 2012-11-12 17:45
.
Pre-Run: 531,197,517,824 bytes free
Post-Run: 530,762,108,928 bytes free
.
- - End Of File - - 1A06536FAAA0321A9D870E8A2502F661
-
I guess the best answer is that it depends on which partition is flagged to boot.
When this all started, sda4 was the boot partition. This is the hidden partition. Windows would boot normally, but then I had the re-direct issues.
When I flagged sda2 as the boot, it brought up the Windows Error Recovery screen. From there I can select "Start Windows Normally" and Windows will start. It runs slow, but no more Google re-direct problems.
When I flag sda3 as the boot, it gives me the BOOTMGR missing error and won't load Windows.
So it depends on which partition is booting I guess. Under normal circumstances which partition should be the boot drive?
-
RIght now if I boot it with sda2 set as the boot drive, I get the Windows Error Recovery screen that I posted yesterday. If I select "Start Windows Normally" then Windows starts and I can navigate IE without any Google re-directs. On a whole, the OS is running slow though.
I have not tried booting to sda3 today yet. Yesterday I received the BOOTMGR Missing error.
Should I try booting with sda3 or leave it on sda2?
-
OK. Here is the fixlog results. SDA2 is now set as the boot drive.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-11-2012
Ran by SYSTEM at 2012-11-13 07:40:53 Run:1
Running from J:\
==============================================
The operation completed successfully.
The operation completed successfully.
========= bootrec /FixMbr =========
ÿþT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .
========= End of CMD: =========
==== End of Fixlog ====
-
Just to be clear, you want me to run the above script with the sda3 as boot drive, then go back and set sda2 as the boot?
-
Here is FRST.TXT
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2012
Ran by SYSTEM at 13-11-2012 06:17:12
Running from J:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8321568 2009-11-09] (Realtek Semiconductor)
HKLM\...\Run: [iSW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden" [1127592 2012-08-30] (Check Point Software Technologies)
HKLM-x32\...\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [931472 2011-03-01] (Carbonite, Inc.)
HKLM-x32\...\Run: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup [2215768 2012-06-05] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [73392 2012-10-09] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [iSTray] "C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI [2670520 2012-05-11] (PC Tools)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [560128 2011-09-21] (Dell)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.178 192.168.1.179
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
==================== Services (Whitelisted) ===================
2 Browser Defender Update Service; "C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe" [575416 2012-05-08] (Threat Expert Ltd.)
2 IswSvc; "C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe" [827560 2012-08-30] (Check Point Software Technologies)
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-29] (Malwarebytes Corporation)
2 mfevtp; "C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe" [162192 2012-03-20] (McAfee, Inc.)
2 sdAuxService; C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [402336 2012-05-11] (PC Tools)
2 sdCoreService; C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe [1118648 2012-05-11] (PC Tools)
3 ThreatFire; C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [71008 2012-05-11] (PC Tools)
2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -service [2447440 2012-10-09] (Check Point Software Technologies LTD)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
==================== Drivers (Whitelisted) =====================
2 ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-08-30] (Check Point Software Technologies)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [289664 2012-02-22] (McAfee, Inc.)
3 PCTBD; C:\Windows\System32\Drivers\PCTBD64.sys [85192 2012-05-08] (PC Tools)
0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [426616 2012-04-23] (PC Tools)
0 pctDS; C:\Windows\System32\drivers\pctDS64.sys [453896 2012-02-28] (PC Tools)
1 pctgntdi; \??\C:\Windows\System32\drivers\pctgntdi64.sys [341168 2012-05-11] (PC Tools)
3 pctplsg; \??\C:\Windows\System32\drivers\pctplsg64.sys [92896 2012-05-11] (PC Tools)
1 PCTSD; C:\Windows\System32\Drivers\PCTSD64.sys [251528 2012-05-11] (PC Tools)
0 TfFsMon; C:\Windows\System32\Drivers\TfFsMon.sys [65664 2012-05-11] (PC Tools)
3 TfNetMon; C:\Windows\System32\Drivers\TfNetMon.sys [41968 2012-05-11] (PC Tools)
0 TFSysMon; C:\Windows\System32\Drivers\TFSysMon.sys [706776 2012-05-11] (PC Tools)
1 Vsdatant; C:\Windows\System32\Drivers\Vsdatant.sys [454232 2011-05-07] (Check Point Software Technologies LTD)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [x]
==================== NetSvcs (Whitelisted) ====================
==================== One Month Created Files and Folders ========
2012-11-13 06:16 - 2012-11-13 06:16 - 00000000 ____D C:\FRST
2012-11-12 12:42 - 2012-11-12 12:43 - 04301324 ____A C:\Users\Olsons\Desktop\tdsskiller.zip
2012-11-12 12:29 - 2012-11-12 12:44 - 04732416 ____A (AVAST Software) C:\Users\Olsons\Desktop\aswMBR.exe
2012-11-12 12:28 - 2012-11-12 12:43 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Olsons\Desktop\tdsskiller.exe
2012-11-12 11:46 - 2012-11-12 11:46 - 00022464 ____A C:\Users\Olsons\Desktop\combofix.txt
2012-11-12 11:45 - 2012-11-12 11:45 - 00022464 ____A C:\ComboFix.txt
2012-11-12 10:32 - 2011-06-26 00:45 - 00256000 ____A C:\Windows\PEV.exe
2012-11-12 10:32 - 2010-11-07 11:20 - 00208896 ____A C:\Windows\MBR.exe
2012-11-12 10:32 - 2000-08-30 18:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-11-12 10:32 - 2000-08-30 18:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-11-12 10:32 - 2000-08-30 18:00 - 00098816 ____A C:\Windows\sed.exe
2012-11-12 10:32 - 2000-08-30 18:00 - 00080412 ____A C:\Windows\grep.exe
2012-11-12 10:32 - 2000-08-30 18:00 - 00068096 ____A C:\Windows\zip.exe
2012-11-12 10:31 - 2012-11-12 11:46 - 00000000 ____D C:\ComboFix
2012-11-12 10:27 - 2012-11-12 10:27 - 04997167 ____A C:\Users\Olsons\Desktop\ComboFix.zip
2012-11-12 10:23 - 2012-11-12 10:28 - 05000730 ____R (Swearware) C:\Users\Olsons\Desktop\ComboFix.exe
2012-11-12 10:21 - 2009-04-19 22:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-11-09 17:41 - 2012-11-09 17:41 - 00003586 ____A C:\Users\Olsons\Desktop\RKreport[2]_D_11092012_02d1541.txt
2012-11-09 17:40 - 2012-11-09 17:41 - 00000000 ____D C:\Users\Olsons\Desktop\RK_Quarantine
2012-11-09 17:40 - 2012-11-09 17:40 - 00003730 ____A C:\Users\Olsons\Desktop\RKreport[1]_S_11092012_02d1540.txt
2012-11-09 17:38 - 2012-11-09 17:38 - 00000829 ____A C:\Users\Olsons\Desktop\AdwCleaner[s1].txt
2012-11-09 17:36 - 2012-11-09 17:36 - 00000829 ____A C:\AdwCleaner[s1].txt
2012-11-09 17:33 - 2012-11-09 17:33 - 00001052 ____A C:\Users\Olsons\Desktop\checkup.txt
2012-11-09 17:25 - 2012-11-09 17:25 - 01953636 ____A C:\Users\Olsons\Desktop\adwcleaner.zip
2012-11-09 16:58 - 2012-11-09 17:25 - 00666112 ____A C:\Users\Olsons\Desktop\RogueKiller.exe
2012-11-09 16:57 - 2012-11-09 17:25 - 00881833 ____A C:\Users\Olsons\Desktop\SecurityCheck.exe
2012-11-09 16:57 - 2012-11-09 17:25 - 00541569 ____A C:\Users\Olsons\Desktop\adwcleaner.exe
2012-11-08 16:30 - 2012-11-08 16:30 - 00000000 ____A C:\autoexec.bat
2012-11-08 16:28 - 2012-11-08 16:28 - 00000000 ____D C:\Program Files\Enigma Software Group
2012-11-08 16:27 - 2012-11-08 17:19 - 00000000 ____D C:\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
2012-11-08 14:17 - 2012-11-08 17:16 - 00000000 ____D C:\Program Files (x86)\RegistryNuke 2012
2012-11-07 18:35 - 2012-11-12 11:46 - 00000000 ____D C:\Qoobox
2012-11-07 18:34 - 2012-11-12 11:29 - 00000000 ____D C:\Windows\erdnt
2012-11-07 17:42 - 2012-11-08 17:17 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-11-07 17:42 - 2012-11-08 17:17 - 00000000 ____D C:\Users\All Users\Application Data\Spybot - Search & Destroy
2012-11-07 17:42 - 2012-11-08 17:16 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-11-07 17:35 - 2012-11-07 17:41 - 16409960 ____A (Safer Networking Limited ) C:\Users\Olsons\Downloads\spybotsd162.exe
2012-11-07 16:03 - 2012-11-07 16:08 - 00097642 ____A C:\Users\All Users\gotleqmnrovyafk
2012-11-07 16:03 - 2012-11-07 16:08 - 00097642 ____A C:\Users\All Users\Application Data\gotleqmnrovyafk
2012-11-07 15:58 - 2012-11-07 15:58 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-11-07 15:58 - 2012-11-07 15:58 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-11-07 15:58 - 2012-11-07 15:58 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-11-07 15:58 - 2012-11-07 15:58 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-11-07 15:58 - 2012-11-07 15:58 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-11-07 15:58 - 2012-11-07 15:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-11-07 15:58 - 2012-11-07 15:58 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-11-07 15:58 - 2012-11-07 15:58 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-11-07 15:58 - 2012-11-07 15:58 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-11-07 15:58 - 2012-11-07 15:58 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-11-07 15:58 - 2012-11-07 15:58 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-11-07 15:58 - 2012-11-07 15:58 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-11-07 15:58 - 2012-11-07 15:58 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-11-07 15:58 - 2012-11-07 15:58 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-11-07 15:58 - 2012-11-07 15:58 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-11-07 15:58 - 2012-11-07 15:58 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-11-07 15:58 - 2012-11-07 15:58 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-11-07 15:58 - 2012-11-07 15:58 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-11-07 15:58 - 2012-11-07 15:58 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-11-07 15:58 - 2012-11-07 15:58 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-11-07 15:58 - 2012-11-07 15:58 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-11-07 15:58 - 2012-11-07 15:58 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-11-07 15:58 - 2012-11-07 15:58 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-11-07 15:58 - 2012-11-07 15:58 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-11-07 15:58 - 2012-11-07 15:58 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-11-07 15:58 - 2012-11-07 15:58 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-11-07 15:35 - 2012-11-07 16:08 - 00000000 ____D C:\Users\All Users\bgxmlvkivhwfpqg
2012-11-07 15:35 - 2012-11-07 16:08 - 00000000 ____D C:\Users\All Users\Application Data\bgxmlvkivhwfpqg
2012-11-07 13:31 - 2012-11-07 13:39 - 00415877 ____A C:\Windows\System32\Drivers\vsconfig.xml
2012-11-07 13:31 - 2012-11-07 13:31 - 00000000 ____D C:\Users\Olsons\My Documents\ForceField Shared Files
2012-11-07 13:31 - 2012-11-07 13:31 - 00000000 ____D C:\Users\Olsons\Documents\ForceField Shared Files
2012-11-07 13:31 - 2012-11-07 13:31 - 00000000 ____D C:\Users\Olsons\Application Data\CheckPoint
2012-11-07 13:31 - 2012-11-07 13:31 - 00000000 ____D C:\Users\Olsons\AppData\Roaming\CheckPoint
2012-11-07 13:31 - 2012-11-07 13:31 - 00000000 ____D C:\Program Files\CheckPoint
2012-11-07 13:22 - 2012-11-07 13:30 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2012-11-07 13:22 - 2012-11-07 13:22 - 00000000 ____D C:\Users\All Users\CheckPoint
2012-11-07 13:22 - 2012-11-07 13:22 - 00000000 ____D C:\Users\All Users\Application Data\CheckPoint
2012-11-07 12:16 - 2012-11-07 12:16 - 00000000 ____D C:\Windows\pss
2012-11-07 11:58 - 2012-08-31 12:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-11-07 11:51 - 2012-08-30 12:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-11-07 11:51 - 2012-08-30 11:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-11-07 11:51 - 2012-08-30 11:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-11-07 11:50 - 2012-08-20 12:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-11-07 11:50 - 2012-08-20 12:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-11-07 11:50 - 2012-08-20 12:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-11-07 11:50 - 2012-08-20 12:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-11-07 11:50 - 2012-08-20 12:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-11-07 11:50 - 2012-08-20 12:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-11-07 11:50 - 2012-08-20 12:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-11-07 11:50 - 2012-08-20 12:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-11-07 11:50 - 2012-08-20 12:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-11-07 11:50 - 2012-08-20 12:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-11-07 11:50 - 2012-08-20 12:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-07 11:50 - 2012-08-20 12:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-07 11:50 - 2012-08-20 12:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-11-07 11:50 - 2012-08-20 12:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-07 11:50 - 2012-08-20 12:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-07 11:50 - 2012-08-20 12:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-07 11:50 - 2012-08-20 12:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-07 11:50 - 2012-08-20 12:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-11-07 11:50 - 2012-08-20 12:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-11-07 11:50 - 2012-08-20 12:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-07 11:50 - 2012-08-20 12:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-11-07 11:50 - 2012-08-20 12:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-07 11:50 - 2012-08-20 12:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-11-07 11:50 - 2012-08-20 12:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-11-07 11:50 - 2012-08-20 12:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-11-07 11:50 - 2012-08-20 12:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-11-07 11:50 - 2012-08-20 12:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-07 11:50 - 2012-08-20 12:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-11-07 11:50 - 2012-08-20 12:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-07 11:50 - 2012-08-20 12:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-07 11:50 - 2012-08-20 12:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-07 11:50 - 2012-08-20 12:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-11-07 11:50 - 2012-08-20 12:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-07 11:50 - 2012-08-20 11:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-11-07 11:50 - 2012-08-20 11:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-11-07 11:50 - 2012-08-20 11:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-11-07 11:50 - 2012-08-20 11:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-11-07 11:50 - 2012-08-20 11:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-11-07 11:50 - 2012-08-20 11:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-11-07 11:50 - 2012-08-20 11:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-07 11:50 - 2012-08-20 11:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-07 11:50 - 2012-08-20 11:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-11-07 11:50 - 2012-08-20 11:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-11-07 11:50 - 2012-08-20 11:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-07 11:50 - 2012-08-20 11:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-07 11:50 - 2012-08-20 11:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-07 11:50 - 2012-08-20 11:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-11-07 11:50 - 2012-08-20 11:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-07 11:50 - 2012-08-20 11:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-07 11:50 - 2012-08-20 11:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-11-07 11:50 - 2012-08-20 11:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-11-07 11:50 - 2012-08-20 11:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-07 11:50 - 2012-08-20 11:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-11-07 11:50 - 2012-08-20 11:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-11-07 11:50 - 2012-08-20 11:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-11-07 11:50 - 2012-08-20 11:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-11-07 11:50 - 2012-08-20 11:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-07 11:50 - 2012-08-20 11:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-11-07 11:50 - 2012-08-20 11:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-11-07 11:50 - 2012-08-20 11:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-11-07 11:50 - 2012-08-20 09:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-11-07 11:50 - 2012-08-20 09:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-11-07 11:50 - 2012-08-20 09:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-07 11:50 - 2012-08-20 09:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-07 11:50 - 2012-08-20 09:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-11-07 11:49 - 2012-08-20 12:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-07 11:49 - 2012-08-20 12:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-11-07 11:49 - 2012-08-20 12:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-11-07 11:49 - 2012-08-20 11:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-11-07 11:49 - 2012-08-20 11:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-11-07 11:49 - 2012-08-20 09:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-11-07 11:28 - 2012-08-24 12:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-11-07 11:28 - 2012-08-24 10:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-11-07 11:27 - 2012-09-14 13:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-11-07 11:27 - 2012-09-14 12:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-11-07 11:26 - 2012-08-10 18:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-11-07 11:26 - 2012-08-10 17:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-11-06 18:43 - 2012-06-01 23:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-11-06 18:43 - 2012-06-01 23:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-11-06 18:43 - 2012-06-01 23:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-11-06 18:43 - 2012-06-01 22:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-11-06 18:43 - 2012-06-01 22:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-11-06 18:43 - 2012-06-01 22:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-11-06 18:31 - 2012-07-18 14:17 - 00002113 ____A C:\Users\Public\Desktop\QuickBooks Pro 2012.lnk
2012-11-06 18:31 - 2012-07-18 14:17 - 00002113 ____A C:\Users\All Users\Desktop\QuickBooks Pro 2012.lnk
2012-11-06 18:31 - 2012-07-17 18:04 - 00002183 ____A C:\Users\Public\Desktop\QuickBooks Premier - Accountant Edition 2007.lnk
2012-11-06 18:31 - 2012-07-17 18:04 - 00002183 ____A C:\Users\All Users\Desktop\QuickBooks Premier - Accountant Edition 2007.lnk
2012-11-06 18:31 - 2012-05-27 14:46 - 00002273 ____A C:\Users\Public\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk
2012-11-06 18:31 - 2012-05-27 14:46 - 00002273 ____A C:\Users\All Users\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk
2012-11-06 18:31 - 2012-01-24 16:25 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-11-06 18:31 - 2012-01-24 16:25 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk
2012-11-06 18:31 - 2012-01-24 16:17 - 00001847 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-11-06 18:31 - 2012-01-24 16:17 - 00001847 ____A C:\Users\All Users\Desktop\QuickTime Player.lnk
2012-11-06 18:31 - 2012-01-20 19:54 - 00002016 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-11-06 18:31 - 2012-01-20 19:54 - 00002016 ____A C:\Users\All Users\Desktop\Adobe Reader 9.lnk
2012-11-06 18:31 - 2011-04-04 21:09 - 00002134 ____A C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
2012-11-06 18:31 - 2011-04-04 21:09 - 00002134 ____A C:\Users\All Users\Desktop\Carbonite InfoCenter.lnk
==================== One Month Modified Files and Folders =======
2012-11-13 06:16 - 2012-11-13 06:16 - 00000000 ____D C:\FRST
2012-11-12 15:34 - 2010-10-05 17:05 - 00000000 ____D C:\Users\Olsons\Local Settings\SoftThinks
2012-11-12 15:34 - 2010-10-05 17:05 - 00000000 ____D C:\Users\Olsons\Local Settings\Application Data\SoftThinks
2012-11-12 15:34 - 2010-10-05 17:05 - 00000000 ____D C:\Users\Olsons\AppData\Local\SoftThinks
2012-11-12 15:34 - 2010-09-23 12:48 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2012-11-12 15:34 - 2009-07-13 23:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-12 15:34 - 2009-07-13 22:51 - 00038479 ____A C:\Windows\setupact.log
2012-11-12 15:27 - 2009-07-13 23:10 - 01108723 ____A C:\Windows\WindowsUpdate.log
2012-11-12 14:46 - 2012-06-13 09:09 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-12 13:08 - 2009-07-13 23:13 - 00792890 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-12 13:00 - 2009-07-13 22:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-12 13:00 - 2009-07-13 22:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-12 12:44 - 2012-11-12 12:29 - 04732416 ____A (AVAST Software) C:\Users\Olsons\Desktop\aswMBR.exe
2012-11-12 12:43 - 2012-11-12 12:42 - 04301324 ____A C:\Users\Olsons\Desktop\tdsskiller.zip
2012-11-12 12:43 - 2012-11-12 12:28 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Olsons\Desktop\tdsskiller.exe
2012-11-12 11:46 - 2012-11-12 11:46 - 00022464 ____A C:\Users\Olsons\Desktop\combofix.txt
2012-11-12 11:46 - 2012-11-12 10:31 - 00000000 ____D C:\ComboFix
2012-11-12 11:46 - 2012-11-07 18:35 - 00000000 ____D C:\Qoobox
2012-11-12 11:46 - 2009-07-13 21:20 - 00000000 ___RD C:\users\Default
2012-11-12 11:45 - 2012-11-12 11:45 - 00022464 ____A C:\ComboFix.txt
2012-11-12 11:29 - 2012-11-07 18:34 - 00000000 ____D C:\Windows\erdnt
2012-11-12 11:24 - 2009-07-13 20:34 - 00000215 ____A C:\Windows\system.ini
2012-11-12 11:20 - 2010-09-23 14:38 - 00086614 ____A C:\Windows\PFRO.log
2012-11-12 10:28 - 2012-11-12 10:23 - 05000730 ____R (Swearware) C:\Users\Olsons\Desktop\ComboFix.exe
2012-11-12 10:27 - 2012-11-12 10:27 - 04997167 ____A C:\Users\Olsons\Desktop\ComboFix.zip
2012-11-09 17:41 - 2012-11-09 17:41 - 00003586 ____A C:\Users\Olsons\Desktop\RKreport[2]_D_11092012_02d1541.txt
2012-11-09 17:41 - 2012-11-09 17:40 - 00000000 ____D C:\Users\Olsons\Desktop\RK_Quarantine
2012-11-09 17:40 - 2012-11-09 17:40 - 00003730 ____A C:\Users\Olsons\Desktop\RKreport[1]_S_11092012_02d1540.txt
2012-11-09 17:38 - 2012-11-09 17:38 - 00000829 ____A C:\Users\Olsons\Desktop\AdwCleaner[s1].txt
2012-11-09 17:36 - 2012-11-09 17:36 - 00000829 ____A C:\AdwCleaner[s1].txt
2012-11-09 17:33 - 2012-11-09 17:33 - 00001052 ____A C:\Users\Olsons\Desktop\checkup.txt
2012-11-09 17:25 - 2012-11-09 17:25 - 01953636 ____A C:\Users\Olsons\Desktop\adwcleaner.zip
2012-11-09 17:25 - 2012-11-09 16:58 - 00666112 ____A C:\Users\Olsons\Desktop\RogueKiller.exe
2012-11-09 17:25 - 2012-11-09 16:57 - 00881833 ____A C:\Users\Olsons\Desktop\SecurityCheck.exe
2012-11-09 17:25 - 2012-11-09 16:57 - 00541569 ____A C:\Users\Olsons\Desktop\adwcleaner.exe
2012-11-08 17:19 - 2012-11-08 16:27 - 00000000 ____D C:\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
2012-11-08 17:17 - 2012-11-07 17:42 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-11-08 17:17 - 2012-11-07 17:42 - 00000000 ____D C:\Users\All Users\Application Data\Spybot - Search & Destroy
2012-11-08 17:16 - 2012-11-08 14:17 - 00000000 ____D C:\Program Files (x86)\RegistryNuke 2012
2012-11-08 17:16 - 2012-11-07 17:42 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-11-08 16:30 - 2012-11-08 16:30 - 00000000 ____A C:\autoexec.bat
2012-11-08 16:28 - 2012-11-08 16:28 - 00000000 ____D C:\Program Files\Enigma Software Group
2012-11-08 05:55 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2012-11-07 17:41 - 2012-11-07 17:35 - 16409960 ____A (Safer Networking Limited ) C:\Users\Olsons\Downloads\spybotsd162.exe
2012-11-07 16:08 - 2012-11-07 16:03 - 00097642 ____A C:\Users\All Users\gotleqmnrovyafk
2012-11-07 16:08 - 2012-11-07 16:03 - 00097642 ____A C:\Users\All Users\Application Data\gotleqmnrovyafk
2012-11-07 16:08 - 2012-11-07 15:35 - 00000000 ____D C:\Users\All Users\bgxmlvkivhwfpqg
2012-11-07 16:08 - 2012-11-07 15:35 - 00000000 ____D C:\Users\All Users\Application Data\bgxmlvkivhwfpqg
2012-11-07 16:00 - 2012-01-26 11:15 - 00006245 ____A C:\Windows\IE9_main.log
2012-11-07 16:00 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2012-11-07 15:59 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\servicing
2012-11-07 15:58 - 2012-11-07 15:58 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-11-07 15:58 - 2012-11-07 15:58 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-11-07 15:58 - 2012-11-07 15:58 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-11-07 15:58 - 2012-11-07 15:58 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-11-07 15:58 - 2012-11-07 15:58 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-11-07 15:58 - 2012-11-07 15:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-11-07 15:58 - 2012-11-07 15:58 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-11-07 15:58 - 2012-11-07 15:58 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-11-07 15:58 - 2012-11-07 15:58 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-11-07 15:58 - 2012-11-07 15:58 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-11-07 15:58 - 2012-11-07 15:58 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-11-07 15:58 - 2012-11-07 15:58 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-11-07 15:58 - 2012-11-07 15:58 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-11-07 15:58 - 2012-11-07 15:58 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-11-07 15:58 - 2012-11-07 15:58 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-11-07 15:58 - 2012-11-07 15:58 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-11-07 15:58 - 2012-11-07 15:58 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-11-07 15:58 - 2012-11-07 15:58 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-11-07 15:58 - 2012-11-07 15:58 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-11-07 15:58 - 2012-11-07 15:58 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-11-07 15:58 - 2012-11-07 15:58 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-11-07 15:58 - 2012-11-07 15:58 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-11-07 15:58 - 2012-11-07 15:58 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-11-07 15:58 - 2012-11-07 15:58 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-11-07 15:58 - 2012-11-07 15:58 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-11-07 15:58 - 2012-11-07 15:58 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-11-07 15:58 - 2012-11-07 15:58 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-11-07 15:58 - 2012-05-27 17:07 - 02944797 ____A C:\Windows\System32\Drivers\Cat.DB
2012-11-07 15:55 - 2010-10-05 17:04 - 00000000 ____D C:\users\Olsons
2012-11-07 14:04 - 2010-11-10 09:48 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-11-07 14:03 - 2010-10-05 18:53 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-11-07 14:03 - 2010-10-05 18:53 - 00000000 ____D C:\Users\All Users\Application Data\Microsoft Help
2012-11-07 13:52 - 2012-06-13 09:09 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-11-07 13:52 - 2011-05-17 18:07 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-11-07 13:39 - 2012-11-07 13:31 - 00415877 ____A C:\Windows\System32\Drivers\vsconfig.xml
2012-11-07 13:31 - 2012-11-07 13:31 - 00000000 ____D C:\Users\Olsons\My Documents\ForceField Shared Files
2012-11-07 13:31 - 2012-11-07 13:31 - 00000000 ____D C:\Users\Olsons\Documents\ForceField Shared Files
2012-11-07 13:31 - 2012-11-07 13:31 - 00000000 ____D C:\Users\Olsons\Application Data\CheckPoint
2012-11-07 13:31 - 2012-11-07 13:31 - 00000000 ____D C:\Users\Olsons\AppData\Roaming\CheckPoint
2012-11-07 13:31 - 2012-11-07 13:31 - 00000000 ____D C:\Program Files\CheckPoint
2012-11-07 13:30 - 2012-11-07 13:22 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2012-11-07 13:22 - 2012-11-07 13:22 - 00000000 ____D C:\Users\All Users\CheckPoint
2012-11-07 13:22 - 2012-11-07 13:22 - 00000000 ____D C:\Users\All Users\Application Data\CheckPoint
2012-11-07 12:37 - 2012-05-11 11:09 - 00000000 ____D C:\Program Files (x86)\Google
2012-11-07 12:16 - 2012-11-07 12:16 - 00000000 ____D C:\Windows\pss
2012-11-06 18:38 - 2010-10-05 17:05 - 00090072 ____A C:\Users\Olsons\Local Settings\GDIPFONTCACHEV1.DAT
2012-11-06 18:38 - 2010-10-05 17:05 - 00090072 ____A C:\Users\Olsons\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-11-06 18:38 - 2010-10-05 17:05 - 00090072 ____A C:\Users\Olsons\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-06 17:28 - 2012-09-26 18:00 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-06 17:28 - 2012-09-26 18:00 - 00001111 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-06 17:28 - 2012-09-26 18:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-06 17:26 - 2012-05-29 17:40 - 00000361 ____A C:\rkill.log
==================== Known DLLs (Whitelisted) =================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
TDL4: custom:26000022 <===== ATTENTION!
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2012-11-07 13:59:54
Restore point made on: 2012-11-07 14:05:50
Restore point made on: 2012-11-07 15:56:39
Restore point made on: 2012-11-07 15:59:08
Restore point made on: 2012-11-07 18:25:37
Restore point made on: 2012-11-07 18:27:35
Restore point made on: 2012-11-08 05:00:25
Restore point made on: 2012-11-08 11:32:00
Restore point made on: 2012-11-08 16:27:47
Restore point made on: 2012-11-08 16:30:18
Restore point made on: 2012-11-08 17:17:52
Restore point made on: 2012-11-08 17:36:06
Restore point made on: 2012-11-09 17:48:00
Restore point made on: 2012-11-12 10:32:53
Restore point made on: 2012-11-12 11:33:05
Restore point made on: 2012-11-12 11:38:05
Restore point made on: 2012-11-12 14:02:13
Restore point made on: 2012-11-12 15:27:20
==================== Memory info ===========================
Percentage of memory in use: 18%
Total physical RAM: 2814.98 MB
Available physical RAM: 2295.65 MB
Total Pagefile: 2813.13 MB
Available Pagefile: 2285.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
==================== Partitions =============================
1 Drive c: (OS) (Fixed) (Total:586.24 GB) (Free:494.76 GB) NTFS
7 Drive i: (RECOVERY) (Fixed) (Total:9.88 GB) (Free:4.11 GB) NTFS ==>[system with boot components (obtained from reading drive)]
ATTENTION: Malware custom entry on BCD on drive i: detected. Check for MBR/Partition infection.
8 Drive j: () (Removable) (Total:1.91 GB) (Free:1.91 GB) FAT
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 Online 1954 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 9 GB 40 MB
Partition 3 Primary 586 GB 9 GB
Partition 4 Primary 10 MB 596 GB
==================================================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 FAT Partition 39 MB Healthy Hidden
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 I RECOVERY NTFS Partition 9 GB Healthy
=========================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 586 GB Healthy
=========================================================
Disk: 0
Partition 4
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No
There is no volume associated with this partition.
=========================================================
Partitions of Disk 5:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1953 MB 16 KB
==================================================================================
Disk: 5
Partition 1
Type : 06
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 J FAT Removable 1953 MB Healthy
=========================================================
Last Boot: 2012-11-06 20:26
==================== End Of Log =============================
Here is SEARCH.TXT
Farbar Recovery Scan Tool (x64) Version: 12-11-2012
Ran by SYSTEM at 2012-11-13 06:19:26
Running from J:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 17:19] - [2009-07-13 19:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-13 17:19] - [2009-07-13 19:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\erdnt\cache64\services.exe
[2012-11-12 11:29] - [2009-07-13 19:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
====== End Of Search ======
Thanks.
-
Does it matter which drive partition is set to "boot?" Currently it is set to sda3 but it won't boot normally. Let me know if I need to switch it to another drive. If not I'll leave it on sda3.
Thanks.
-
OK. I set SDA2 to boot and when I rebooted to Windows I got a Windows Error Recovery screen as shown below. It launched a Startup Repair utility that I cancelled.
I set SDA3 to boot and when that booted I received an error that "BOOTMGR is missing"
-
I tried to mount that hidden partition and I received an error message that said Puppy was unable to mount the disk. I went ahead and grabbed the screenshot (attached). Hope this helps.
Let me know where to go from here.
Thanks.
-
I have the computer booted with Precise Puppy. When I click on the drives all of them will allow me to mount them and they will show the red cross except for "sda4" (which I assume is the hidden partition). When I select it, I get a window that says:
"DO NOT REMOVE MOUNTED MEDIA"
Then it lists the 4 drives.
Next to 3 of them and "UNMOUNT" button
The last one reads "sda4 ntfs 10M" with a MOUNT button nexxt to it.
At the bottom of the window are: "preferences" "refresh" "quit"
What should I do next?
Separate question: How do I post the screenshot to this forum?
Thanks.
-
Got it. I'll get to work on it!
Thanks.
-
What am I trying to get a screenshot of? I'm sorry for asking, but I'm just not sure what you need to see and this looks like a lot of work. Also, every time I insert a thumb drive into the USB slot Windows tells me that it needs to format the disk before I can use it. I know the drive works because I can use it in other PCs just fine so I'm worried that the bootable USB drive won't work. Can you please confirm that you still want me to perform the steps above?
Thanks.
-
I've tried running TDSS killer twice and it doesn't run. The Windows prompt appears asking me if I want to allow TDSS to make changes to the computer, I click "Yes" and then nothing happens. Do I need to disable other anti-virus programs first? Or should I skip TDSS and move on to aswMBR?
-
Here is the Comofix log:
ComboFix 12-11-12.02 - Olsons 11/12/2012 8:39.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.1076 [GMT -8:00]
Running from: c:\users\Olsons\Desktop\ComboFix.exe
AV: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.dll
c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.tmp
c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\CLSV.exe
c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\delfile.dll
c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\dudl.exe
c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\dudl.tmp
c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\eb.sys
c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\energy.drv
c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\energy.exe
c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\energy.tmp
c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\exec.exe
c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\fan.dll
c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\fix.drv
c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\FW.drv
c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\gid.tmp
c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\grid.tmp
c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\hymt.sys
c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv
c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\pal.sys
c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\PE.dll
c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\PE.drv
c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp
c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\ppal.dll
c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\ppal.exe
c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.drv
c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\sld.dll
c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\SM.drv
c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\std.dll
c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\std.tmp
c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv
c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Recent\tjd.sys
c:\users\Olsons\Documents\DPE.DUS
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-12 to 2012-11-12 )))))))))))))))))))))))))))))))
.
.
2012-11-12 17:16 . 2012-11-12 17:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-08 22:28 . 2012-11-08 22:28 -------- d-----w- c:\program files\Enigma Software Group
2012-11-08 22:27 . 2012-11-08 23:19 -------- d-----w- c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
2012-11-08 22:26 . 2012-11-08 22:26 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-11-08 20:17 . 2012-11-08 23:16 -------- d-----w- c:\program files (x86)\RegistryNuke 2012
2012-11-07 23:42 . 2012-11-08 23:17 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-11-07 23:42 . 2012-11-08 23:16 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-11-07 21:35 . 2012-11-07 22:08 -------- d-----w- c:\programdata\bgxmlvkivhwfpqg
2012-11-07 19:31 . 2012-11-07 19:31 -------- d-----w- c:\users\Olsons\AppData\Roaming\CheckPoint
2012-11-07 19:31 . 2012-11-07 19:31 -------- d-----w- c:\program files\CheckPoint
2012-11-07 19:22 . 2012-11-07 19:30 -------- d-----w- c:\program files (x86)\CheckPoint
2012-11-07 19:22 . 2012-11-07 19:22 -------- d-----w- c:\programdata\CheckPoint
2012-11-07 17:58 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-11-07 17:51 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-11-07 17:51 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-11-07 17:51 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-11-07 17:49 . 2012-08-20 18:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-07 17:49 . 2012-08-20 17:32 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-11-07 17:49 . 2012-08-20 17:32 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2012-11-07 17:49 . 2012-08-20 18:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-07 17:49 . 2012-08-20 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-07 17:49 . 2012-08-20 15:38 2048 ----a-w- c:\windows\SysWow64\user.exe
2012-11-07 17:28 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-11-07 17:28 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-11-07 17:27 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-07 17:27 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-07 17:26 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-11-07 17:26 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-11-07 00:43 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-11-07 00:43 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-11-07 00:43 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-11-07 00:43 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-11-07 00:43 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-11-07 00:43 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-07 20:04 . 2010-11-10 15:48 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-11-07 19:52 . 2012-06-13 15:09 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-07 19:52 . 2011-05-18 00:07 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-22 18:12 . 2012-09-13 05:51 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-13 05:51 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-13 05:51 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-13 05:51 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-26 23:39 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 17:38 . 2012-11-07 17:50 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-03-02 04:07 750736 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-03-02 04:07 750736 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-03-02 04:07 750736 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-02 931472]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2012-06-05 2215768]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2012-10-09 73392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-09-22 560128]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdAuxService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdCoreService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [2012-05-11 92896]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-05-11 402336]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [2010-07-28 27336]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [2010-07-28 67584]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-05-11 41968]
R3 ThreatFire;ThreatFire;c:\program files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-03 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-07 1255736]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2012-04-23 426616]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2012-02-28 453896]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-05-11 65664]
S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-05-11 706776]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [2012-05-11 341168]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [2012-05-11 251528]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-15 202752]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-05-09 575416]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2012-08-30 33712]
S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2012-08-30 827560]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2012-03-20 162192]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2012-06-05 1248256]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-08-06 320040]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [2012-05-09 85192]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 19:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-03-02 03:52 1142928 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-03-02 03:52 1142928 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-03-02 03:52 1142928 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-10 8321568]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 192.168.1.178 192.168.1.179
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ISW - (no file)
AddRemove-SLABCOMM&10C4&EA60 - c:\program files (x86)\Silabs\MCU\CP210x\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-237684633-2471800293-1906079666-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-237684633-2471800293-1906079666-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe
.
**************************************************************************
.
Completion time: 2012-11-12 09:45:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-12 17:45
.
Pre-Run: 530,821,992,448 bytes free
Post-Run: 530,589,863,936 bytes free
.
- - End Of File - - 86A4ED7439CB3EBF682781033A7F5A85
As far as the computer goes, it starts up normally and everything seems to run fine. IE opens normally, but as soon as I start to navigate anywhere, it runs very slow. It take about 30 seconds for Google to return a search query. Then, when I click on any search result it still is re-directing me to malicious sites. I close IE as soon as I see that I am being re-directed.
Other programs such as Excel open quickly, but when I attempt to open a file, it takes a long time for the "Open File" dialog box to open. From the time I click the Open File icon, the list of files doesn't open for about 30 seconds.
I'm using a different PC to post on this forum.
Thanks.
-
I apologize for not getting back to you for a few days. I had to leave town for the weekend. I will run the latest fix and post the results tomorrow.
Thanks.
-
Here are the logs:
Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
PC Tools Spyware Doctor with AntiVirus
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
PC Tools Spyware Doctor with AntiVirus 9.0
Malwarebytes Anti-Malware version 1.65.1.1000
Java 6 Update 22
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Malwarebytes' Anti-Malware mbamscheduler.exe
CheckPoint ZoneAlarm vsmon.exe
CheckPoint ZoneAlarm zatray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
# AdwCleaner v2.007 - Logfile created 11/09/2012 at 15:36:23
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Olsons - OLSONS-PC
# Boot Mode : Normal
# Running from : C:\Users\Olsons\Desktop\adwcleaner.exe
# Option [Delete]
***** [services] *****
***** [Files / Folders] *****
***** [Registry] *****
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
***** [internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
*************************
AdwCleaner[s1].txt - [704 octets] - [09/11/2012 15:36:23]
########## EOF - C:\AdwCleaner[s1].txt - [763 octets] ##########
RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Olsons [Admin rights]
Mode : Scan -- Date : 11/09/2012 15:40:38
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 14 ¤¤¤
[TASK][sUSP PATH] Carbonite Upgrade Check : "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" /silent -> FOUND
[TASK][sUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} : "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" /silent -> FOUND
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$42f8b41a722cb0f3e433f2558f879240\n.) -> FOUND
[HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$42f8b41a722cb0f3e433f2558f879240\n.) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : Rans.Gendarm|Rans.Gendarm ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
188.119.151.113 www.google-analytics.com.
188.119.151.113 ad-emea.doubleclick.net.
188.119.151.113 www.statcounter.com.
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD6400AAKS-75A7B2 ATA Device +++++
--- User ---
[MBR] c351b0355ec5a2ace005552be9a53e96
[bSP] bd88243ba1753a8780c06e4eb19307c6 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 10118 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 20803584 | Size: 600307 Mo
User != LL1 ... KO!
--- LL1 ---
[MBR] 337d0a0c80dd401b7154f9b94e162d9a
[bSP] bd88243ba1753a8780c06e4eb19307c6 : Windows Vista MBR Code [possible maxSST in 3!]
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 10118 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 20803584 | Size: 600307 Mo
3 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 1250234368 | Size: 10 Mo
User != LL2 ... KO!
--- LL2 ---
[MBR] 337d0a0c80dd401b7154f9b94e162d9a
[bSP] bd88243ba1753a8780c06e4eb19307c6 : Windows Vista MBR Code [possible maxSST in 3!]
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 10118 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 20803584 | Size: 600307 Mo
3 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 1250234368 | Size: 10 Mo
Finished : << RKreport[1]_S_11092012_02d1540.txt >>
RKreport[1]_S_11092012_02d1540.txt
RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Olsons [Admin rights]
Mode : Remove -- Date : 11/09/2012 15:41:31
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 11 ¤¤¤
[TASK][sUSP PATH] Carbonite Upgrade Check : "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" /silent -> DELETED
[TASK][sUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} : "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" /silent -> DELETED
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$42f8b41a722cb0f3e433f2558f879240\n.) -> REPLACED (C:\Windows\system32\wbem\fastprox.dll)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : Rans.Gendarm|Rans.Gendarm ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
188.119.151.113 www.google-analytics.com.
188.119.151.113 ad-emea.doubleclick.net.
188.119.151.113 www.statcounter.com.
Thanks.
Kevin
-
My computer was infected with the S.M.A.R.T virus. I ran Malwarebytes and PC Doctor and it seems to have removed the S.M.A.R.T. virus. I was able to unhide all my files and desktop, but my browser runs very slow and when I click on any Google or Yahoo search result I get re-directed to random web pages.
Here is dds.txt:
DDS (Ver_2012-11-07.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16450
Run by Olsons at 10:45:34 on 2012-11-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.1262 [GMT -8:00]
.
AV: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uURLSearchHooks: PC Tools Browser Guard: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
mWinlogon: Userinit = C:\WINDOWS\SYSWOW64\Userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRun: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.178 192.168.1.179
TCP: Interfaces\{BEEDD3D7-5BD2-480A-8109-8B616329EAAB} : DHCPNameServer = 192.168.1.178 192.168.1.179
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [iSW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 188.119.151.113 www.google-analytics.com.
Hosts: 188.119.151.113 ad-emea.doubleclick.net.
Hosts: 188.119.151.113 www.statcounter.com.
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-1-5 647208]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2010-1-5 289664]
R0 PCTCore;PCTools KDS;C:\Windows\System32\drivers\PCTCore64.sys [2012-5-27 426616]
R0 pctDS;PC Tools Data Store;C:\Windows\System32\drivers\pctDS64.sys [2012-5-27 453896]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-9-23 55280]
R0 TfFsMon;TfFsMon;C:\Windows\System32\drivers\TfFsMon.sys [2012-5-27 65664]
R0 TFSysMon;TFSysMon;C:\Windows\System32\drivers\TfSysMon.sys [2012-5-27 706776]
R1 pctgntdi;pctgntdi;C:\Windows\System32\drivers\pctgntdi64.sys [2012-5-27 341168]
R1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\System32\drivers\PCTSD64.sys [2012-5-27 251528]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-9-23 202752]
R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-5-27 575416]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2012-8-30 33712]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2012-8-30 827560]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-26 399432]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2010-9-23 162192]
R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2012-6-5 1248256]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-9-23 705856]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-9-23 320040]
R3 PCTBD;PC Tools Browser Defender Driver;C:\Windows\System32\drivers\PCTBD64.sys [2012-5-27 85192]
R3 TfNetMon;TfNetMon;C:\Windows\System32\drivers\TfNetMon.sys [2012-5-27 41968]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-26 676936]
S2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 pctplsg;pctplsg;C:\Windows\System32\drivers\pctplsg64.sys [2012-5-27 92896]
S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-5-27 402336]
S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe [2012-5-27 1118648]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;C:\Windows\System32\drivers\silabenm.sys [2010-10-31 27336]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;C:\Windows\System32\drivers\silabser.sys [2010-10-31 67584]
S3 ThreatFire;ThreatFire;C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service --> C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-12 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-2 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-7 1255736]
.
=============== Created Last 30 ================
.
2012-11-08 22:28:29 -------- d-----w- C:\Program Files\Enigma Software Group
2012-11-08 22:27:24 -------- d-----w- C:\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
2012-11-08 22:26:57 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-11-08 20:17:42 -------- d-----w- C:\Program Files (x86)\RegistryNuke 2012
2012-11-08 11:19:50 -------- d-sh--w- C:\$RECYCLE.BIN
2012-11-07 23:42:50 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-11-07 23:42:50 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-11-07 21:35:52 -------- d-----w- C:\ProgramData\bgxmlvkivhwfpqg
2012-11-07 19:31:40 -------- d-----w- C:\Users\Olsons\AppData\Roaming\CheckPoint
2012-11-07 19:31:09 -------- d-----w- C:\Program Files\CheckPoint
2012-11-07 19:22:29 -------- d-----w- C:\Program Files (x86)\CheckPoint
2012-11-07 19:22:28 -------- d-----w- C:\ProgramData\CheckPoint
2012-11-07 18:16:28 -------- d-----w- C:\Windows\pss
2012-11-07 17:58:55 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-11-07 17:51:14 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-11-07 17:51:00 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-11-07 17:51:00 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-11-07 17:49:59 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-07 17:49:58 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-11-07 17:49:58 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2012-11-07 17:49:57 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-11-07 17:49:57 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-11-07 17:49:56 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-11-07 17:28:20 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-11-07 17:28:19 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-11-07 17:27:32 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-07 17:27:32 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-07 17:26:05 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-11-07 17:26:05 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-11-07 00:43:42 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2012-11-07 00:43:41 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-11-07 00:43:40 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-11-07 00:43:40 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-11-07 00:43:40 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-11-07 00:43:39 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
==================== Find3M ====================
.
2012-11-07 19:52:00 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-07 19:52:00 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 10:48:54.93 ===============
And here is attach.txt:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 10/5/2010 4:04:54 PM
System Uptime: 11/8/2012 3:20:50 PM (19 hours ago)
.
Motherboard: Dell Inc. | | 04GJJT
Processor: AMD Athlon™ II X2 240 Processor | CPU 1 | 784/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 586 GiB total, 494.831 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP122: 9/21/2012 - Scheduled Checkpoint
RP123: 9/27/2012 3:00:12 AM - Windows Update
RP124: 10/5/2012 12:00:01 AM - Scheduled Checkpoint
RP125: 11/6/2012 6:34:12 PM - Scheduled Checkpoint
RP126: 11/7/2012 3:00:37 AM - Windows Update
RP127: 11/7/2012 11:59:32 AM - Windows Update
RP128: 11/7/2012 1:56:22 PM - Windows Modules Installer
RP129: 11/7/2012 4:25:21 PM - Installed Microsoft Fix it 50267
RP130: 11/8/2012 3:00:12 AM - Windows Update
RP131: 11/8/2012 2:27:32 PM - Installed SpyHunter
RP132: 11/8/2012 3:17:35 PM - Removed SpyHunter
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Control Center
Bing Rewards Client Installer
Bonjour
Browser Guard 4.0
CaddieSync Express 1.2.9
Carbonite
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Consumer In-Home Service Agreement
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
GoToAssist 8.0.0.514
iTunes
Java Auto Updater
Java™ 6 Update 20 (64-bit)
Java™ 6 Update 22
Junk Mail filter update
Logitech Harmony Remote Software 7
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft UI Engine
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
PC Tools Spyware Doctor with AntiVirus 9.0
QuickBooks
QuickBooks Premier: Accountant Edition 2007
QuickBooks Pro 2012
QuickBooks Product Listing Service
QuickTime
Realtek High Definition Audio Driver
Remote Control USB Driver
Roxio Burn
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7
Skins
SkyCaddie Desktop
Skype Toolbars
Skype™ 5.10
SupportSoft Assisted Service
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
ZoneAlarm Firewall
ZoneAlarm Free Firewall
ZoneAlarm LTD Toolbar
ZoneAlarm Security
.
==== Event Viewer Messages From Past Week ========
.
11/8/2012 3:21:22 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
11/8/2012 3:21:21 PM, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.
11/8/2012 3:21:21 PM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.
11/8/2012 3:21:18 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
11/8/2012 3:21:07 PM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.
11/8/2012 3:02:54 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SoftThinks Agent Service service to connect.
11/8/2012 3:02:54 PM, Error: Service Control Manager [7000] - The SoftThinks Agent Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/8/2012 3:02:24 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the PC Tools Security Service service to connect.
11/8/2012 3:02:24 PM, Error: Service Control Manager [7000] - The PC Tools Security Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/8/2012 12:14:26 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
11/7/2012 4:29:13 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
11/7/2012 4:29:12 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
11/7/2012 3:33:38 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
11/7/2012 12:26:54 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0826: Update for Windows 7 for x64-based Systems (KB2756822).
11/7/2012 12:26:54 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0826: Update for Windows 7 for x64-based Systems (KB2749655).
11/7/2012 12:26:54 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0826: Update for Windows 7 for x64-based Systems (KB2739159).
11/7/2012 12:26:54 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0826: Update for Windows 7 for x64-based Systems (KB2731771).
11/7/2012 12:26:54 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0826: Update for Windows 7 for x64-based Systems (KB2709981).
11/7/2012 12:26:54 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0826: Security Update for Windows 7 for x64-based Systems (KB2743555).
11/7/2012 12:26:54 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0826: Security Update for Windows 7 for x64-based Systems (KB2731847).
11/7/2012 12:26:54 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0826: Security Update for Windows 7 for x64-based Systems (KB2724197).
11/7/2012 12:26:54 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070002: Update for Windows 7 for x64-based Systems (KB2592687).
11/7/2012 12:18:11 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
11/7/2012 11:31:57 AM, Error: Service Control Manager [7030] - The TrueVector Internet Monitor service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/7/2012 10:24:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
11/7/2012 10:22:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/7/2012 10:22:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/7/2012 10:22:33 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/7/2012 10:22:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service CarboniteService with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}
11/7/2012 10:22:27 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache PCTSD spldr TfFsMon TFSysMon Wanarpv6
11/7/2012 10:22:27 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/7/2012 10:22:03 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
11/7/2012 10:19:23 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
11/7/2012 10:19:23 AM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/7/2012 10:14:26 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Proxy Service service, but this action failed with the following error: An instance of the service is already running.
11/7/2012 10:13:26 AM, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/7/2012 10:13:26 AM, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/7/2012 10:13:26 AM, Error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/7/2012 10:08:01 AM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
11/6/2012 3:25:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
.
==== End Of File ===========================
Any help is appreciated. I look forward to your response.
Kevin
Google Search Redirect Virus
in Resolved Malware Removal Logs
Posted
Thanks for all the help gringo. This was my parents' PC so they appreciate the help too. It's an ongoing effort to educate them on internet security. Hopefully this will be the last time that I will need to enlist in your help.
Have a nice holiday.
Kevin