Magikvw
-
Posts
63 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by Magikvw
-
OTL logfile created on: 11/18/2012 12:53:12 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jeff\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.92 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 57.91% Memory free 7.83 Gb Paging File | 6.02 Gb Available in Paging File | 76.87% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 276.60 Gb Total Space | 165.12 Gb Free Space | 59.69% Space Free | Partition Type: NTFS Computer Name: OSCAR | User Name: Jeff | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Jeff\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\MediaMall\MediaMallServer.exe (MediaMall Technologies, Inc.) PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Intel Corporation) PRC - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () PRC - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe () PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll () MOD - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () MOD - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe () MOD - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () ========== Services (SafeList) ========== SRV:64bit: - (ZuneWlanCfgSvc) -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation) SRV:64bit: - (WMZuneComm) -- C:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation) SRV:64bit: - (ZuneNetworkSvc) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation) SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation) SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (DpHost) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.) SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation) SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe () SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation) SRV:64bit: - (vcsFPService) -- C:\Windows\SysNative\vcsFPService.exe (Validity Sensors, Inc.) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MediaMall Server) -- C:\Program Files (x86)\MediaMall\MediaMallServer.exe (MediaMall Technologies, Inc.) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation) SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions) SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions) SRV - (vcsFPService) -- C:\Windows\SysWOW64\vcsFPService.exe (Validity Sensors, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (iBtFltCoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation) DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation) DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation) DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation) DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation) DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation) DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc60.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (SynthVid) -- C:\Windows\SysNative\drivers\VMBusVideoM.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation) DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Accelern.sys (ST Microelectronics) DRV:64bit: - (stdcfltn) -- C:\Windows\SysNative\drivers\stdcfltn.sys (ST Microelectronics) DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.) DRV:64bit: - (msvad_simple) -- C:\Windows\SysNative\drivers\povrtdev.sys (MediaMall Technologies, Inc.) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{BCB0CD10-D839-47F7-8C72-A5FDF3FB98C8}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{BCB0CD10-D839-47F7-8C72-A5FDF3FB98C8}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2926821782-996902761-1434136602-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/ IE - HKU\S-1-5-21-2926821782-996902761-1434136602-1000\..\SearchScopes,DefaultScope = {2DDBCA37-95C6-4B23-B1A8-7D6A4E36CF86} IE - HKU\S-1-5-21-2926821782-996902761-1434136602-1000\..\SearchScopes\{2DDBCA37-95C6-4B23-B1A8-7D6A4E36CF86}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7GGHP_enUS450 IE - HKU\S-1-5-21-2926821782-996902761-1434136602-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-2926821782-996902761-1434136602-1000\..\SearchScopes\{BC364A77-1EA2-BC9C-F6F5-CC73E1D83A10}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z133&form=ZGAIDF&install_date=20110919&iesrc={referrer:source} IE - HKU\S-1-5-21-2926821782-996902761-1434136602-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2926821782-996902761-1434136602-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.11 FF - prefs.js..extensions.enabledAddons: artur.dubovoy@gmail.com:3.7.6 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2011/06/11 18:11:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/06 00:18:27 | 000,000,000 | ---D | M] [2012/06/17 08:19:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeff\AppData\Roaming\Mozilla\Extensions [2012/11/06 00:36:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\rxl3x3w9.default\extensions [2012/11/06 00:24:59 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\rxl3x3w9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012/11/06 00:36:57 | 000,221,098 | ---- | M] () (No name found) -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\rxl3x3w9.default\extensions\artur.dubovoy@gmail.com.xpi [2012/11/14 18:45:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/11/14 18:45:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012/10/24 12:50:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/10/24 12:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/10/24 12:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== O1 HOSTS File: ([2012/11/17 20:50:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (Shop to Win) - {00B48AB6-399B-4E4E-B07E-DA47C34C453A} - C:\Program Files (x86)\Shop to Win 17\Shop to Win 17.dll (Shop To Win, LLC) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No CLSID value found. O2 - BHO: (Somoto Toolbar) - {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll File not found O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O3 - HKLM\..\Toolbar: (Somoto Toolbar) - {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll File not found O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKU\S-1-5-21-2926821782-996902761-1434136602-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\S-1-5-21-2926821782-996902761-1434136602-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [bTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Dell Computer Corporation) O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [intelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2926821782-996902761-1434136602-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2926821782-996902761-1434136602-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2926821782-996902761-1434136602-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-2926821782-996902761-1434136602-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-2926821782-996902761-1434136602-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} https://secure.logmein.com/activex/RACtrl.cab (Remote Access ActiveX Client) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=928 (Performance Viewer Activex Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E98D5AA-4D87-4F81-826B-0145F7D98F72}: DhcpNameServer = 192.128.101.2 216.171.129.13 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72C6EF6D-CD8F-4A1A-9DAD-43138956A305}: DhcpNameServer = 192.168.1.254 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\tmpx - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/11/18 12:52:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jeff\Desktop\OTL.exe [2012/11/17 21:04:11 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/11/17 20:50:48 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012/11/17 10:55:07 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/11/17 08:46:22 | 000,000,000 | ---D | C] -- C:\Users\Jeff\Desktop\desktop clutter [2012/11/16 22:35:05 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll [2012/11/16 22:35:05 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll [2012/11/16 22:35:05 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe [2012/11/16 22:35:04 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2012/11/16 22:35:04 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2012/11/16 22:35:04 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll [2012/11/16 22:35:04 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll [2012/11/16 22:35:04 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe [2012/11/16 22:35:04 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys [2012/11/16 22:35:04 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll [2012/11/16 22:35:04 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll [2012/11/16 22:35:04 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2012/11/16 22:35:04 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll [2012/11/16 22:35:04 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2012/11/16 22:35:04 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys [2012/11/16 22:35:04 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys [2012/11/16 22:35:04 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll [2012/11/16 22:35:04 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll [2012/11/16 22:35:03 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2012/11/16 22:35:03 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2012/11/16 22:35:03 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll [2012/11/16 22:35:03 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2012/11/16 22:35:03 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2012/11/16 22:35:03 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe [2012/11/16 22:35:03 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll [2012/11/16 22:30:51 | 000,385,024 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMLMA5.DLL [2012/11/16 22:30:01 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2012/11/16 22:30:01 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012/11/15 03:06:35 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2012/11/15 03:06:35 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2012/11/15 03:02:54 | 000,000,000 | ---D | C] -- C:\Config.Msi [2012/11/15 03:01:45 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/11/15 03:01:45 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/11/15 03:01:44 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/11/15 03:01:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/11/15 03:01:44 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/11/15 03:01:44 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/11/15 03:01:43 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/11/15 03:01:43 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/11/15 03:01:43 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/11/15 03:01:43 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012/11/15 03:01:43 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/11/15 03:01:43 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/11/15 03:01:42 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/11/15 03:01:42 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/11/15 03:01:42 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012/11/15 03:01:16 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2012/11/15 03:01:16 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2012/11/15 03:01:16 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2012/11/15 03:01:16 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2012/11/14 18:46:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012/11/14 18:45:46 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll [2012/11/14 18:45:46 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2012/11/14 18:45:46 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2012/11/14 18:45:46 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2012/11/14 18:45:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012/11/14 06:09:29 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2012/11/14 06:09:29 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2012/11/14 06:09:29 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2012/11/14 06:09:23 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2012/11/14 06:09:23 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2012/11/14 06:09:23 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2012/11/14 06:09:23 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2012/11/14 06:09:23 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2012/11/14 06:09:23 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2012/11/14 06:08:41 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2012/11/14 06:08:41 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2012/11/06 00:18:37 | 000,000,000 | ---D | C] -- C:\Users\Jeff\AppData\Local\Mozilla [2012/11/06 00:18:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012/11/06 00:18:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012/11/06 00:18:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/11/18 12:52:51 | 000,797,014 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/11/18 12:52:51 | 000,675,052 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/11/18 12:52:51 | 000,126,326 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/11/18 12:52:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jeff\Desktop\OTL.exe [2012/11/18 12:51:32 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/11/18 12:51:32 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/11/18 12:51:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/11/18 09:37:10 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/11/18 09:37:10 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/11/18 09:30:07 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/11/18 09:29:42 | 3153,727,488 | -HS- | M] () -- C:\hiberfil.sys [2012/11/18 03:45:39 | 000,000,512 | ---- | M] () -- C:\Users\Jeff\Desktop\MBR.dat [2012/11/17 20:50:42 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/11/17 08:49:49 | 000,000,000 | ---- | M] () -- C:\Users\Jeff\defogger_reenable [2012/11/17 08:44:44 | 000,881,833 | ---- | M] () -- C:\Users\Jeff\Desktop\SecurityCheck.exe [2012/11/16 22:24:09 | 000,000,155 | ---- | M] () -- C:\Windows\SysWow64\91207717.sys [2012/11/15 03:27:46 | 000,467,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/11/14 18:45:42 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll [2012/11/14 18:45:42 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2012/11/14 18:45:42 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2012/11/14 18:45:42 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2012/11/14 18:45:42 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2012/10/24 22:35:36 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/11/18 03:45:39 | 000,000,512 | ---- | C] () -- C:\Users\Jeff\Desktop\MBR.dat [2012/11/17 08:49:49 | 000,000,000 | ---- | C] () -- C:\Users\Jeff\defogger_reenable [2012/11/17 08:44:44 | 000,881,833 | ---- | C] () -- C:\Users\Jeff\Desktop\SecurityCheck.exe [2012/11/15 03:06:37 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012/11/15 03:01:15 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012/11/06 00:18:31 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012/10/07 22:18:09 | 000,000,590 | ---- | C] () -- C:\Windows\eReg.dat [2012/03/28 21:15:02 | 000,000,155 | ---- | C] () -- C:\Windows\SysWow64\91207717.sys [2012/01/30 01:48:08 | 000,001,990 | ---- | C] () -- C:\Windows\tabled32.ini [2012/01/04 21:57:22 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI [2011/12/25 18:41:59 | 000,697,690 | ---- | C] () -- C:\Windows\unins000.exe [2011/12/25 18:41:59 | 000,004,783 | ---- | C] () -- C:\Windows\unins000.dat [2011/09/19 17:39:30 | 000,000,632 | RHS- | C] () -- C:\Users\Jeff\ntuser.pol [2011/06/11 18:52:58 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011/06/11 18:52:56 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011/06/11 18:52:54 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011/06/11 17:26:58 | 000,017,776 | ---- | C] () -- C:\Windows\EvtMessage.dll [2011/02/10 09:33:46 | 000,793,484 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/01/11 17:05:18 | 000,008,592 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll ========== ZeroAccess Check ========== [2011/11/17 01:41:18 | 000,002,048 | -HS- | M] () -- C:\Users\Jeff\AppData\Local\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\@ [2012/07/04 02:22:20 | 000,000,000 | -HSD | M] -- C:\Users\Jeff\AppData\Local\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\L [2012/08/10 01:09:33 | 000,000,000 | -HSD | M] -- C:\Users\Jeff\AppData\Local\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U [2012/07/13 23:03:25 | 000,000,804 | ---- | M] () -- C:\Users\Jeff\AppData\Local\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\L\00000004.@ [2012/07/04 02:12:10 | 000,002,048 | ---- | M] () -- C:\Users\Jeff\AppData\Local\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U\00000004.@ [2012/07/04 02:12:11 | 000,016,896 | ---- | M] () -- C:\Users\Jeff\AppData\Local\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U\80000000.@ [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "ThreadingModel" = Both "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 240 bytes -> C:\ProgramData\Temp:0BACBDD9 @Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:DE875C30 @Alternate Data Stream - 161 bytes -> C:\ProgramData\Temp:8E5EA40F @Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:922DA2DB @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:FC70A22A @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:70BDB805 @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:79875988 @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:6ED8B881 @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:BD0A043E @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:4E79C4F8 @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:10B970A9 @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:5164A01F @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:2D133896 @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:E87AB4E3 @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:5E73E1C2 @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:F2B81C2E @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:C37283B5 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:1416AAA6 @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:5A9F1AE5 @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:5080697C @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:1B389835 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:71612023 @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:B6E6C4EA @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:BCFEA004 @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:13CDB0E0 < End of report >
-
Ok, I downloaded OTL and set the settings as you specified - I ran it. It told me it needed to reboot - so I rebooted. When the computer came back up OTL and all of the other things you've had me download (with the exception of Security Check) are gone from my desk top. I cannot send the OTL log because there isn't one to send. All previous PC issues the same.
-
Update: Computer still the same. Opening browser get warning "You are about to view information over a secure connection. Any information you exchange with this site cannot be seen by anyone else on the web" and a option to click OK (which I have not done) Then the pop up webhp warning.
-
TDS Killer 23:20:33.0875 2588 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 23:20:34.0431 2588 ============================================================ 23:20:34.0431 2588 Current date / time: 2012/11/17 23:20:34.0431 23:20:34.0431 2588 SystemInfo: 23:20:34.0431 2588 23:20:34.0446 2588 OS Version: 6.1.7601 ServicePack: 1.0 23:20:34.0446 2588 Product type: Workstation 23:20:34.0446 2588 ComputerName: OSCAR 23:20:34.0446 2588 UserName: Jeff 23:20:34.0446 2588 Windows directory: C:\Windows 23:20:34.0446 2588 System windows directory: C:\Windows 23:20:34.0446 2588 Running under WOW64 23:20:34.0446 2588 Processor architecture: Intel x64 23:20:34.0446 2588 Number of processors: 4 23:20:34.0446 2588 Page size: 0x1000 23:20:34.0446 2588 Boot type: Normal boot 23:20:34.0446 2588 ============================================================ 23:20:34.0927 2588 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 23:20:34.0942 2588 ============================================================ 23:20:34.0942 2588 \Device\Harddisk0\DR0: 23:20:34.0942 2588 MBR partitions: 23:20:34.0942 2588 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x33000, BlocksNum 0x2AC6000 23:20:34.0942 2588 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2AF9000, BlocksNum 0x229352B0 23:20:34.0942 2588 ============================================================ 23:20:34.0974 2588 C: <-> \Device\Harddisk0\DR0\Partition2 23:20:34.0974 2588 ============================================================ 23:20:34.0974 2588 Initialize success 23:20:34.0974 2588 ============================================================ 23:20:42.0978 4796 ============================================================ 23:20:42.0978 4796 Scan started 23:20:42.0978 4796 Mode: Manual; 23:20:42.0978 4796 ============================================================ 23:20:43.0347 4796 ================ Scan system memory ======================== 23:20:43.0347 4796 System memory - ok 23:20:43.0347 4796 ================ Scan services ============================= 23:20:43.0519 4796 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 23:20:43.0534 4796 1394ohci - ok 23:20:43.0566 4796 [ AEDB94A49236F5FF060C90E09E70281F ] Acceler C:\Windows\system32\DRIVERS\Accelern.sys 23:20:43.0566 4796 Acceler - ok 23:20:43.0597 4796 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 23:20:43.0612 4796 ACPI - ok 23:20:43.0628 4796 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 23:20:43.0628 4796 AcpiPmi - ok 23:20:43.0737 4796 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 23:20:43.0737 4796 AdobeARMservice - ok 23:20:43.0878 4796 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 23:20:43.0893 4796 AdobeFlashPlayerUpdateSvc - ok 23:20:43.0940 4796 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 23:20:43.0971 4796 adp94xx - ok 23:20:44.0002 4796 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 23:20:44.0034 4796 adpahci - ok 23:20:44.0057 4796 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 23:20:44.0057 4796 adpu320 - ok 23:20:44.0088 4796 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 23:20:44.0088 4796 AeLookupSvc - ok 23:20:44.0166 4796 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe 23:20:44.0166 4796 AERTFilters - ok 23:20:44.0228 4796 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 23:20:44.0262 4796 AFD - ok 23:20:44.0280 4796 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 23:20:44.0280 4796 agp440 - ok 23:20:44.0296 4796 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 23:20:44.0311 4796 ALG - ok 23:20:44.0343 4796 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 23:20:44.0343 4796 aliide - ok 23:20:44.0343 4796 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 23:20:44.0358 4796 amdide - ok 23:20:44.0358 4796 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 23:20:44.0358 4796 AmdK8 - ok 23:20:44.0374 4796 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 23:20:44.0374 4796 AmdPPM - ok 23:20:44.0405 4796 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 23:20:44.0405 4796 amdsata - ok 23:20:44.0421 4796 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 23:20:44.0436 4796 amdsbs - ok 23:20:44.0452 4796 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 23:20:44.0452 4796 amdxata - ok 23:20:44.0499 4796 [ 6690E42CED5D067233ABAD42DA141213 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys 23:20:44.0499 4796 ApfiltrService - ok 23:20:44.0530 4796 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 23:20:44.0545 4796 AppID - ok 23:20:44.0561 4796 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 23:20:44.0577 4796 AppIDSvc - ok 23:20:44.0577 4796 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 23:20:44.0592 4796 Appinfo - ok 23:20:44.0655 4796 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 23:20:44.0655 4796 Apple Mobile Device - ok 23:20:44.0701 4796 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll 23:20:44.0717 4796 AppMgmt - ok 23:20:44.0733 4796 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 23:20:44.0733 4796 arc - ok 23:20:44.0748 4796 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 23:20:44.0748 4796 arcsas - ok 23:20:44.0873 4796 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 23:20:44.0873 4796 aspnet_state - ok 23:20:44.0904 4796 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 23:20:44.0920 4796 AsyncMac - ok 23:20:44.0951 4796 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 23:20:44.0951 4796 atapi - ok 23:20:45.0013 4796 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 23:20:45.0029 4796 AudioEndpointBuilder - ok 23:20:45.0065 4796 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 23:20:45.0065 4796 AudioSrv - ok 23:20:45.0096 4796 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 23:20:45.0096 4796 AxInstSV - ok 23:20:45.0143 4796 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 23:20:45.0159 4796 b06bdrv - ok 23:20:45.0190 4796 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 23:20:45.0206 4796 b57nd60a - ok 23:20:45.0221 4796 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 23:20:45.0221 4796 BDESVC - ok 23:20:45.0237 4796 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 23:20:45.0237 4796 Beep - ok 23:20:45.0304 4796 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 23:20:45.0335 4796 BFE - ok 23:20:45.0382 4796 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll 23:20:45.0413 4796 BITS - ok 23:20:45.0445 4796 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 23:20:45.0445 4796 blbdrive - ok 23:20:45.0507 4796 [ C620C59D46F43BEECC556F65E801312B ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe 23:20:45.0523 4796 Bluetooth Device Monitor - ok 23:20:45.0601 4796 [ 5E5EDCCEEA4FA3FDF3A907AC204B5828 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe 23:20:45.0616 4796 Bluetooth Media Service - ok 23:20:45.0663 4796 [ 826E65C945738CBD64F89EAE4406687F ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe 23:20:45.0679 4796 Bluetooth OBEX Service - ok 23:20:45.0694 4796 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 23:20:45.0694 4796 Bonjour Service - ok 23:20:45.0741 4796 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 23:20:45.0741 4796 bowser - ok 23:20:45.0772 4796 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 23:20:45.0772 4796 BrFiltLo - ok 23:20:45.0788 4796 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 23:20:45.0788 4796 BrFiltUp - ok 23:20:45.0835 4796 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 23:20:45.0850 4796 BridgeMP - ok 23:20:45.0881 4796 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 23:20:45.0881 4796 Browser - ok 23:20:45.0897 4796 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 23:20:45.0928 4796 Brserid - ok 23:20:45.0944 4796 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 23:20:45.0944 4796 BrSerWdm - ok 23:20:45.0959 4796 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 23:20:45.0959 4796 BrUsbMdm - ok 23:20:45.0975 4796 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 23:20:45.0975 4796 BrUsbSer - ok 23:20:46.0037 4796 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys 23:20:46.0037 4796 BthEnum - ok 23:20:46.0053 4796 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 23:20:46.0053 4796 BTHMODEM - ok 23:20:46.0074 4796 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 23:20:46.0074 4796 BthPan - ok 23:20:46.0105 4796 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys 23:20:46.0120 4796 BTHPORT - ok 23:20:46.0167 4796 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 23:20:46.0167 4796 bthserv - ok 23:20:46.0183 4796 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys 23:20:46.0183 4796 BTHUSB - ok 23:20:46.0214 4796 [ 962BD3689E2C85F0BA97F3D7E7BA540B ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys 23:20:46.0214 4796 btmaux - ok 23:20:46.0245 4796 [ 40C6FEC49D1CC4D112368A2BCD2BCBB7 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys 23:20:46.0261 4796 btmhsf - ok 23:20:46.0294 4796 catchme - ok 23:20:46.0313 4796 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 23:20:46.0313 4796 cdfs - ok 23:20:46.0344 4796 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 23:20:46.0344 4796 cdrom - ok 23:20:46.0375 4796 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 23:20:46.0375 4796 CertPropSvc - ok 23:20:46.0391 4796 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 23:20:46.0391 4796 circlass - ok 23:20:46.0422 4796 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 23:20:46.0422 4796 CLFS - ok 23:20:46.0500 4796 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 23:20:46.0500 4796 clr_optimization_v2.0.50727_32 - ok 23:20:46.0531 4796 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 23:20:46.0531 4796 clr_optimization_v2.0.50727_64 - ok 23:20:46.0593 4796 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 23:20:46.0609 4796 clr_optimization_v4.0.30319_32 - ok 23:20:46.0625 4796 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 23:20:46.0625 4796 clr_optimization_v4.0.30319_64 - ok 23:20:46.0656 4796 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 23:20:46.0656 4796 CmBatt - ok 23:20:46.0671 4796 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 23:20:46.0671 4796 cmdide - ok 23:20:46.0734 4796 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys 23:20:46.0749 4796 CNG - ok 23:20:46.0781 4796 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 23:20:46.0781 4796 Compbatt - ok 23:20:46.0796 4796 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 23:20:46.0796 4796 CompositeBus - ok 23:20:46.0796 4796 COMSysApp - ok 23:20:46.0827 4796 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 23:20:46.0827 4796 crcdisk - ok 23:20:46.0874 4796 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 23:20:46.0890 4796 CryptSvc - ok 23:20:46.0937 4796 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys 23:20:46.0952 4796 CSC - ok 23:20:46.0983 4796 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll 23:20:47.0015 4796 CscService - ok 23:20:47.0061 4796 [ FBE228ABEAB2BE13B9C3A3A112D4D8DC ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys 23:20:47.0061 4796 CtClsFlt - ok 23:20:47.0098 4796 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 23:20:47.0113 4796 DcomLaunch - ok 23:20:47.0144 4796 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 23:20:47.0160 4796 defragsvc - ok 23:20:47.0176 4796 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 23:20:47.0176 4796 DfsC - ok 23:20:47.0207 4796 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 23:20:47.0222 4796 Dhcp - ok 23:20:47.0254 4796 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 23:20:47.0254 4796 discache - ok 23:20:47.0285 4796 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 23:20:47.0285 4796 Disk - ok 23:20:47.0321 4796 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys 23:20:47.0321 4796 dmvsc - ok 23:20:47.0352 4796 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 23:20:47.0352 4796 Dnscache - ok 23:20:47.0368 4796 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 23:20:47.0383 4796 dot3svc - ok 23:20:47.0446 4796 [ C43618154FC0C8480F53B04BA7A2F371 ] DpHost C:\Program Files\DigitalPersona\Bin\DpHostW.exe 23:20:47.0446 4796 DpHost - ok 23:20:47.0461 4796 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 23:20:47.0477 4796 DPS - ok 23:20:47.0508 4796 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 23:20:47.0508 4796 drmkaud - ok 23:20:47.0555 4796 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 23:20:47.0571 4796 DXGKrnl - ok 23:20:47.0602 4796 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 23:20:47.0602 4796 EapHost - ok 23:20:47.0680 4796 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 23:20:47.0758 4796 ebdrv - ok 23:20:47.0789 4796 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 23:20:47.0789 4796 EFS - ok 23:20:47.0851 4796 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 23:20:47.0867 4796 ehRecvr - ok 23:20:47.0883 4796 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 23:20:47.0898 4796 ehSched - ok 23:20:47.0929 4796 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 23:20:47.0945 4796 elxstor - ok 23:20:47.0976 4796 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 23:20:47.0976 4796 ErrDev - ok 23:20:48.0007 4796 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 23:20:48.0039 4796 EventSystem - ok 23:20:48.0137 4796 [ 8B6C9924B0D333DBF76086B8258A0891 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe 23:20:48.0184 4796 EvtEng - ok 23:20:48.0231 4796 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 23:20:48.0231 4796 exfat - ok 23:20:48.0262 4796 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 23:20:48.0262 4796 fastfat - ok 23:20:48.0293 4796 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 23:20:48.0327 4796 Fax - ok 23:20:48.0345 4796 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 23:20:48.0345 4796 fdc - ok 23:20:48.0361 4796 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 23:20:48.0361 4796 fdPHost - ok 23:20:48.0376 4796 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 23:20:48.0376 4796 FDResPub - ok 23:20:48.0392 4796 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 23:20:48.0392 4796 FileInfo - ok 23:20:48.0407 4796 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 23:20:48.0407 4796 Filetrace - ok 23:20:48.0407 4796 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 23:20:48.0423 4796 flpydisk - ok 23:20:48.0439 4796 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 23:20:48.0439 4796 FltMgr - ok 23:20:48.0501 4796 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 23:20:48.0532 4796 FontCache - ok 23:20:48.0579 4796 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 23:20:48.0579 4796 FontCache3.0.0.0 - ok 23:20:48.0595 4796 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 23:20:48.0610 4796 FsDepends - ok 23:20:48.0641 4796 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 23:20:48.0641 4796 Fs_Rec - ok 23:20:48.0673 4796 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 23:20:48.0688 4796 fvevol - ok 23:20:48.0704 4796 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 23:20:48.0719 4796 gagp30kx - ok 23:20:48.0766 4796 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 23:20:48.0766 4796 GEARAspiWDM - ok 23:20:48.0797 4796 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 23:20:48.0829 4796 gpsvc - ok 23:20:48.0907 4796 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 23:20:48.0907 4796 gupdate - ok 23:20:48.0922 4796 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 23:20:48.0922 4796 gupdatem - ok 23:20:48.0969 4796 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 23:20:48.0969 4796 gusvc - ok 23:20:48.0985 4796 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 23:20:48.0985 4796 hcw85cir - ok 23:20:49.0016 4796 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 23:20:49.0016 4796 HDAudBus - ok 23:20:49.0031 4796 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 23:20:49.0031 4796 HidBatt - ok 23:20:49.0063 4796 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 23:20:49.0063 4796 HidBth - ok 23:20:49.0063 4796 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 23:20:49.0078 4796 HidIr - ok 23:20:49.0094 4796 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll 23:20:49.0094 4796 hidserv - ok 23:20:49.0114 4796 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 23:20:49.0130 4796 HidUsb - ok 23:20:49.0146 4796 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 23:20:49.0146 4796 hkmsvc - ok 23:20:49.0177 4796 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 23:20:49.0177 4796 HomeGroupListener - ok 23:20:49.0208 4796 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 23:20:49.0208 4796 HomeGroupProvider - ok 23:20:49.0224 4796 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 23:20:49.0239 4796 HpSAMD - ok 23:20:49.0255 4796 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 23:20:49.0286 4796 HTTP - ok 23:20:49.0317 4796 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 23:20:49.0317 4796 hwpolicy - ok 23:20:49.0338 4796 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 23:20:49.0338 4796 i8042prt - ok 23:20:49.0416 4796 [ D469B77687E12FE43E344806740B624D ] iaStor C:\Windows\system32\drivers\iaStor.sys 23:20:49.0416 4796 iaStor - ok 23:20:49.0447 4796 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 23:20:49.0463 4796 iaStorV - ok 23:20:49.0494 4796 [ FC47F5CF561BF0FD897EFD1A9604DCCF ] iBtFltCoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys 23:20:49.0509 4796 iBtFltCoex - ok 23:20:49.0556 4796 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 23:20:49.0603 4796 idsvc - ok 23:20:49.0837 4796 [ 795C99DC4F574C97C03D0BB39CF099EE ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 23:20:50.0071 4796 igfx - ok 23:20:50.0133 4796 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 23:20:50.0136 4796 iirsp - ok 23:20:50.0170 4796 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 23:20:50.0216 4796 IKEEXT - ok 23:20:50.0248 4796 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\drivers\Impcd.sys 23:20:50.0263 4796 Impcd - ok 23:20:50.0362 4796 [ A9853214CC97796579D75B1F59C51DCD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 23:20:50.0377 4796 IntcAzAudAddService - ok 23:20:50.0409 4796 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys 23:20:50.0424 4796 IntcDAud - ok 23:20:50.0440 4796 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 23:20:50.0440 4796 intelide - ok 23:20:50.0471 4796 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 23:20:50.0471 4796 intelppm - ok 23:20:50.0487 4796 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 23:20:50.0502 4796 IPBusEnum - ok 23:20:50.0518 4796 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 23:20:50.0518 4796 IpFilterDriver - ok 23:20:50.0611 4796 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 23:20:50.0627 4796 iphlpsvc - ok 23:20:50.0658 4796 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 23:20:50.0658 4796 IPMIDRV - ok 23:20:50.0658 4796 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 23:20:50.0674 4796 IPNAT - ok 23:20:50.0752 4796 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 23:20:50.0767 4796 iPod Service - ok 23:20:50.0783 4796 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 23:20:50.0783 4796 IRENUM - ok 23:20:50.0799 4796 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 23:20:50.0799 4796 isapnp - ok 23:20:50.0814 4796 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 23:20:50.0830 4796 iScsiPrt - ok 23:20:50.0845 4796 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 23:20:50.0861 4796 kbdclass - ok 23:20:50.0877 4796 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 23:20:50.0877 4796 kbdhid - ok 23:20:50.0892 4796 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 23:20:50.0892 4796 KeyIso - ok 23:20:50.0939 4796 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 23:20:50.0939 4796 KSecDD - ok 23:20:50.0970 4796 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 23:20:50.0986 4796 KSecPkg - ok 23:20:51.0001 4796 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 23:20:51.0001 4796 ksthunk - ok 23:20:51.0033 4796 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 23:20:51.0033 4796 KtmRm - ok 23:20:51.0082 4796 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll 23:20:51.0097 4796 LanmanServer - ok 23:20:51.0097 4796 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 23:20:51.0113 4796 LanmanWorkstation - ok 23:20:51.0149 4796 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 23:20:51.0149 4796 lltdio - ok 23:20:51.0165 4796 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 23:20:51.0180 4796 lltdsvc - ok 23:20:51.0196 4796 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 23:20:51.0196 4796 lmhosts - ok 23:20:51.0243 4796 [ 7F32D4C47A50E7223491E8FB9359907D ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe 23:20:51.0258 4796 LMS - ok 23:20:51.0290 4796 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 23:20:51.0290 4796 LSI_FC - ok 23:20:51.0290 4796 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 23:20:51.0290 4796 LSI_SAS - ok 23:20:51.0305 4796 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 23:20:51.0305 4796 LSI_SAS2 - ok 23:20:51.0305 4796 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 23:20:51.0321 4796 LSI_SCSI - ok 23:20:51.0321 4796 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 23:20:51.0336 4796 luafv - ok 23:20:51.0352 4796 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 23:20:51.0368 4796 Mcx2Svc - ok 23:20:51.0481 4796 [ 165C8881EFC3AE4EA01CCCE7735BE68E ] MediaMall Server C:\Program Files (x86)\MediaMall\MediaMallServer.exe 23:20:51.0497 4796 MediaMall Server - ok 23:20:51.0544 4796 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 23:20:51.0544 4796 megasas - ok 23:20:51.0559 4796 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 23:20:51.0559 4796 MegaSR - ok 23:20:51.0590 4796 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 23:20:51.0590 4796 MEIx64 - ok 23:20:51.0622 4796 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 23:20:51.0622 4796 MMCSS - ok 23:20:51.0653 4796 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 23:20:51.0653 4796 Modem - ok 23:20:51.0668 4796 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 23:20:51.0668 4796 monitor - ok 23:20:51.0684 4796 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 23:20:51.0700 4796 mouclass - ok 23:20:51.0715 4796 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 23:20:51.0715 4796 mouhid - ok 23:20:51.0731 4796 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 23:20:51.0731 4796 mountmgr - ok 23:20:51.0793 4796 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 23:20:51.0793 4796 MozillaMaintenance - ok 23:20:51.0840 4796 [ C177A7EBF5E8A0B596F618870516CAB8 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys 23:20:51.0840 4796 MpFilter - ok 23:20:51.0856 4796 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 23:20:51.0871 4796 mpio - ok 23:20:51.0887 4796 [ 8FBF6B31FE8AF1833D93C5913D5B4D55 ] MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys 23:20:51.0887 4796 MpNWMon - ok 23:20:51.0902 4796 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 23:20:51.0918 4796 mpsdrv - ok 23:20:51.0996 4796 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 23:20:52.0027 4796 MpsSvc - ok 23:20:52.0058 4796 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 23:20:52.0058 4796 MRxDAV - ok 23:20:52.0090 4796 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 23:20:52.0090 4796 mrxsmb - ok 23:20:52.0121 4796 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 23:20:52.0121 4796 mrxsmb10 - ok 23:20:52.0136 4796 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 23:20:52.0136 4796 mrxsmb20 - ok 23:20:52.0182 4796 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 23:20:52.0185 4796 msahci - ok 23:20:52.0190 4796 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 23:20:52.0190 4796 msdsm - ok 23:20:52.0205 4796 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 23:20:52.0221 4796 MSDTC - ok 23:20:52.0252 4796 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 23:20:52.0252 4796 Msfs - ok 23:20:52.0268 4796 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 23:20:52.0268 4796 mshidkmdf - ok 23:20:52.0283 4796 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 23:20:52.0283 4796 msisadrv - ok 23:20:52.0314 4796 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 23:20:52.0314 4796 MSiSCSI - ok 23:20:52.0330 4796 msiserver - ok 23:20:52.0361 4796 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 23:20:52.0361 4796 MSKSSRV - ok 23:20:52.0397 4796 [ 157E9E498206A3366BAA7E4697BDD947 ] MsMpSvc c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe 23:20:52.0397 4796 MsMpSvc - ok 23:20:52.0413 4796 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 23:20:52.0413 4796 MSPCLOCK - ok 23:20:52.0429 4796 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 23:20:52.0444 4796 MSPQM - ok 23:20:52.0460 4796 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 23:20:52.0475 4796 MsRPC - ok 23:20:52.0507 4796 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 23:20:52.0507 4796 mssmbios - ok 23:20:52.0522 4796 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 23:20:52.0522 4796 MSTEE - ok 23:20:52.0538 4796 [ C83829C280F0207677B7AAA151EF9C4D ] msvad_simple C:\Windows\system32\drivers\povrtdev.sys 23:20:52.0538 4796 msvad_simple - ok 23:20:52.0553 4796 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 23:20:52.0569 4796 MTConfig - ok 23:20:52.0585 4796 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 23:20:52.0585 4796 Mup - ok 23:20:52.0631 4796 [ 6ED8935257672F4CD04A88A0F3DE093D ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe 23:20:52.0631 4796 MyWiFiDHCPDNS - ok 23:20:52.0663 4796 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 23:20:52.0694 4796 napagent - ok 23:20:52.0725 4796 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 23:20:52.0741 4796 NativeWifiP - ok 23:20:52.0803 4796 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 23:20:52.0850 4796 NDIS - ok 23:20:52.0865 4796 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 23:20:52.0865 4796 NdisCap - ok 23:20:52.0881 4796 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 23:20:52.0881 4796 NdisTapi - ok 23:20:52.0897 4796 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 23:20:52.0897 4796 Ndisuio - ok 23:20:52.0928 4796 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 23:20:52.0928 4796 NdisWan - ok 23:20:52.0943 4796 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 23:20:52.0943 4796 NDProxy - ok 23:20:52.0975 4796 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 23:20:52.0975 4796 NetBIOS - ok 23:20:52.0990 4796 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 23:20:53.0006 4796 NetBT - ok 23:20:53.0021 4796 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 23:20:53.0021 4796 Netlogon - ok 23:20:53.0068 4796 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 23:20:53.0084 4796 Netman - ok 23:20:53.0131 4796 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 23:20:53.0131 4796 NetMsmqActivator - ok 23:20:53.0146 4796 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 23:20:53.0146 4796 NetPipeActivator - ok 23:20:53.0182 4796 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 23:20:53.0198 4796 netprofm - ok 23:20:53.0214 4796 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 23:20:53.0214 4796 NetTcpActivator - ok 23:20:53.0229 4796 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 23:20:53.0229 4796 NetTcpPortSharing - ok 23:20:53.0260 4796 [ 73CE12B8BDD747B0063CB0A7EF44CEA7 ] netvsc C:\Windows\system32\DRIVERS\netvsc60.sys 23:20:53.0276 4796 netvsc - ok 23:20:53.0484 4796 [ 5D262402B0634C998F8CBCEAD7DD8676 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys 23:20:53.0687 4796 NETwNs64 - ok 23:20:53.0749 4796 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 23:20:53.0765 4796 nfrd960 - ok 23:20:53.0796 4796 [ 5F7D72CBCDD025AF1F38FDEEE5646968 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys 23:20:53.0796 4796 NisDrv - ok 23:20:53.0811 4796 [ 566DDD5D82520DA01D75F81428AC4C38 ] NisSrv c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe 23:20:53.0827 4796 NisSrv - ok 23:20:53.0858 4796 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 23:20:53.0874 4796 NlaSvc - ok 23:20:53.0889 4796 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 23:20:53.0905 4796 Npfs - ok 23:20:53.0921 4796 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 23:20:53.0921 4796 nsi - ok 23:20:53.0921 4796 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 23:20:53.0921 4796 nsiproxy - ok 23:20:54.0014 4796 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 23:20:54.0077 4796 Ntfs - ok 23:20:54.0092 4796 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 23:20:54.0092 4796 Null - ok 23:20:54.0108 4796 [ 0EBC9D13CD96C15B1B18D8678A609E4B ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys 23:20:54.0123 4796 nusb3hub - ok 23:20:54.0139 4796 [ 7BDEC000D56D485021D9C1E63C2F81CA ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys 23:20:54.0155 4796 nusb3xhc - ok 23:20:54.0188 4796 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 23:20:54.0191 4796 nvraid - ok 23:20:54.0222 4796 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 23:20:54.0222 4796 nvstor - ok 23:20:54.0253 4796 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 23:20:54.0253 4796 nv_agp - ok 23:20:54.0269 4796 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 23:20:54.0284 4796 ohci1394 - ok 23:20:54.0331 4796 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 23:20:54.0331 4796 ose - ok 23:20:54.0492 4796 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 23:20:54.0601 4796 osppsvc - ok 23:20:54.0633 4796 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 23:20:54.0648 4796 p2pimsvc - ok 23:20:54.0679 4796 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 23:20:54.0711 4796 p2psvc - ok 23:20:54.0742 4796 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 23:20:54.0742 4796 Parport - ok 23:20:54.0773 4796 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 23:20:54.0773 4796 partmgr - ok 23:20:54.0804 4796 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 23:20:54.0804 4796 PcaSvc - ok 23:20:54.0851 4796 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 23:20:54.0851 4796 pci - ok 23:20:54.0867 4796 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 23:20:54.0882 4796 pciide - ok 23:20:54.0898 4796 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 23:20:54.0898 4796 pcmcia - ok 23:20:54.0929 4796 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 23:20:54.0929 4796 pcw - ok 23:20:54.0945 4796 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 23:20:54.0960 4796 PEAUTH - ok 23:20:55.0023 4796 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 23:20:55.0085 4796 PeerDistSvc - ok 23:20:55.0179 4796 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 23:20:55.0179 4796 PerfHost - ok 23:20:55.0230 4796 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 23:20:55.0277 4796 pla - ok 23:20:55.0308 4796 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 23:20:55.0340 4796 PlugPlay - ok 23:20:55.0355 4796 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 23:20:55.0355 4796 PNRPAutoReg - ok 23:20:55.0371 4796 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 23:20:55.0371 4796 PNRPsvc - ok 23:20:55.0418 4796 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 23:20:55.0438 4796 PolicyAgent - ok 23:20:55.0469 4796 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 23:20:55.0469 4796 Power - ok 23:20:55.0501 4796 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 23:20:55.0516 4796 PptpMiniport - ok 23:20:55.0532 4796 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 23:20:55.0532 4796 Processor - ok 23:20:55.0579 4796 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 23:20:55.0579 4796 ProfSvc - ok 23:20:55.0594 4796 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 23:20:55.0610 4796 ProtectedStorage - ok 23:20:55.0625 4796 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 23:20:55.0625 4796 Psched - ok 23:20:55.0657 4796 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys 23:20:55.0672 4796 PxHlpa64 - ok 23:20:55.0735 4796 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 23:20:55.0797 4796 ql2300 - ok 23:20:55.0797 4796 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 23:20:55.0797 4796 ql40xx - ok 23:20:55.0828 4796 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 23:20:55.0828 4796 QWAVE - ok 23:20:55.0844 4796 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 23:20:55.0844 4796 QWAVEdrv - ok 23:20:55.0859 4796 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 23:20:55.0859 4796 RasAcd - ok 23:20:55.0875 4796 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 23:20:55.0875 4796 RasAgileVpn - ok 23:20:55.0891 4796 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 23:20:55.0891 4796 RasAuto - ok 23:20:55.0922 4796 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 23:20:55.0922 4796 Rasl2tp - ok 23:20:55.0953 4796 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 23:20:55.0969 4796 RasMan - ok 23:20:55.0984 4796 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 23:20:55.0984 4796 RasPppoe - ok 23:20:56.0000 4796 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 23:20:56.0015 4796 RasSstp - ok 23:20:56.0031 4796 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 23:20:56.0031 4796 rdbss - ok 23:20:56.0047 4796 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 23:20:56.0047 4796 rdpbus - ok 23:20:56.0062 4796 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 23:20:56.0062 4796 RDPCDD - ok 23:20:56.0093 4796 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 23:20:56.0093 4796 RDPDR - ok 23:20:56.0125 4796 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 23:20:56.0125 4796 RDPENCDD - ok 23:20:56.0125 4796 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 23:20:56.0140 4796 RDPREFMP - ok 23:20:56.0187 4796 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 23:20:56.0223 4796 RdpVideoMiniport - ok 23:20:56.0254 4796 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 23:20:56.0270 4796 RDPWD - ok 23:20:56.0286 4796 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 23:20:56.0301 4796 rdyboost - ok 23:20:56.0379 4796 [ 189C5A8D2098E0AA14FD157A954B34FC ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 23:20:56.0395 4796 RegSrvc - ok 23:20:56.0410 4796 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 23:20:56.0410 4796 RemoteAccess - ok 23:20:56.0452 4796 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 23:20:56.0452 4796 RemoteRegistry - ok 23:20:56.0467 4796 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 23:20:56.0483 4796 RFCOMM - ok 23:20:56.0561 4796 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe 23:20:56.0608 4796 RoxMediaDB12OEM - ok 23:20:56.0654 4796 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe 23:20:56.0654 4796 RoxWatch12 - ok 23:20:56.0670 4796 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 23:20:56.0686 4796 RpcEptMapper - ok 23:20:56.0701 4796 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 23:20:56.0717 4796 RpcLocator - ok 23:20:56.0732 4796 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 23:20:56.0748 4796 RpcSs - ok 23:20:56.0779 4796 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 23:20:56.0779 4796 rspndr - ok 23:20:56.0810 4796 [ 135A64530D7699AD48F29D73A658DD11 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys 23:20:56.0810 4796 RSUSBSTOR - ok 23:20:56.0842 4796 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 23:20:56.0842 4796 RTL8167 - ok 23:20:56.0873 4796 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 23:20:56.0873 4796 s3cap - ok 23:20:56.0888 4796 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 23:20:56.0888 4796 SamSs - ok 23:20:56.0920 4796 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 23:20:56.0920 4796 sbp2port - ok 23:20:56.0951 4796 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 23:20:56.0966 4796 SCardSvr - ok 23:20:56.0982 4796 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 23:20:56.0982 4796 scfilter - ok 23:20:57.0013 4796 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 23:20:57.0044 4796 Schedule - ok 23:20:57.0076 4796 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 23:20:57.0076 4796 SCPolicySvc - ok 23:20:57.0076 4796 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 23:20:57.0091 4796 SDRSVC - ok 23:20:57.0091 4796 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 23:20:57.0107 4796 secdrv - ok 23:20:57.0122 4796 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 23:20:57.0122 4796 seclogon - ok 23:20:57.0154 4796 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll 23:20:57.0154 4796 SENS - ok 23:20:57.0169 4796 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 23:20:57.0185 4796 SensrSvc - ok 23:20:57.0200 4796 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys 23:20:57.0216 4796 Serenum - ok 23:20:57.0216 4796 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys 23:20:57.0216 4796 Serial - ok 23:20:57.0234 4796 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 23:20:57.0234 4796 sermouse - ok 23:20:57.0273 4796 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 23:20:57.0273 4796 SessionEnv - ok 23:20:57.0288 4796 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 23:20:57.0288 4796 sffdisk - ok 23:20:57.0304 4796 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 23:20:57.0304 4796 sffp_mmc - ok 23:20:57.0320 4796 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 23:20:57.0320 4796 sffp_sd - ok 23:20:57.0335 4796 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 23:20:57.0335 4796 sfloppy - ok 23:20:57.0382 4796 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 23:20:57.0413 4796 SharedAccess - ok 23:20:57.0429 4796 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 23:20:57.0449 4796 ShellHWDetection - ok 23:20:57.0465 4796 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 23:20:57.0481 4796 SiSRaid2 - ok 23:20:57.0496 4796 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 23:20:57.0496 4796 SiSRaid4 - ok 23:20:57.0527 4796 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 23:20:57.0543 4796 SkypeUpdate - ok 23:20:57.0559 4796 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 23:20:57.0559 4796 Smb - ok 23:20:57.0590 4796 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 23:20:57.0605 4796 SNMPTRAP - ok 23:20:57.0605 4796 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 23:20:57.0621 4796 spldr - ok 23:20:57.0668 4796 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 23:20:57.0683 4796 Spooler - ok 23:20:57.0777 4796 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 23:20:57.0855 4796 sppsvc - ok 23:20:57.0871 4796 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 23:20:57.0871 4796 sppuinotify - ok 23:20:57.0902 4796 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 23:20:57.0902 4796 srv - ok 23:20:57.0933 4796 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 23:20:57.0949 4796 srv2 - ok 23:20:57.0980 4796 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 23:20:57.0980 4796 srvnet - ok 23:20:57.0995 4796 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 23:20:58.0011 4796 SSDPSRV - ok 23:20:58.0011 4796 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 23:20:58.0011 4796 SstpSvc - ok 23:20:58.0042 4796 [ 92E7F6666633D2DD91D527503DAA7BE0 ] stdcfltn C:\Windows\system32\DRIVERS\stdcfltn.sys 23:20:58.0042 4796 stdcfltn - ok 23:20:58.0058 4796 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 23:20:58.0073 4796 stexstor - ok 23:20:58.0120 4796 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 23:20:58.0136 4796 stisvc - ok 23:20:58.0167 4796 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe 23:20:58.0183 4796 stllssvr - ok 23:20:58.0198 4796 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll 23:20:58.0198 4796 StorSvc - ok 23:20:58.0229 4796 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys 23:20:58.0229 4796 storvsc - ok 23:20:58.0250 4796 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 23:20:58.0250 4796 swenum - ok 23:20:58.0266 4796 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 23:20:58.0281 4796 swprv - ok 23:20:58.0297 4796 [ 4CDD7DF58730D23BA9CB5829A6E2ECEA ] SynthVid C:\Windows\system32\DRIVERS\VMBusVideoM.sys 23:20:58.0297 4796 SynthVid - ok 23:20:58.0359 4796 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 23:20:58.0422 4796 SysMain - ok 23:20:58.0455 4796 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 23:20:58.0463 4796 TabletInputService - ok 23:20:58.0478 4796 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 23:20:58.0494 4796 TapiSrv - ok 23:20:58.0510 4796 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 23:20:58.0525 4796 TBS - ok 23:20:58.0603 4796 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 23:20:58.0666 4796 Tcpip - ok 23:20:58.0712 4796 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 23:20:58.0728 4796 TCPIP6 - ok 23:20:58.0759 4796 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 23:20:58.0759 4796 tcpipreg - ok 23:20:58.0775 4796 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 23:20:58.0790 4796 TDPIPE - ok 23:20:58.0806 4796 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 23:20:58.0822 4796 TDTCP - ok 23:20:58.0837 4796 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 23:20:58.0837 4796 tdx - ok 23:20:58.0853 4796 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 23:20:58.0853 4796 TermDD - ok 23:20:58.0884 4796 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 23:20:58.0915 4796 TermService - ok 23:20:58.0931 4796 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 23:20:58.0931 4796 Themes - ok 23:20:58.0962 4796 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 23:20:58.0962 4796 THREADORDER - ok 23:20:58.0993 4796 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 23:20:58.0993 4796 TrkWks - ok 23:20:59.0056 4796 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 23:20:59.0056 4796 TrustedInstaller - ok 23:20:59.0071 4796 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 23:20:59.0071 4796 tssecsrv - ok 23:20:59.0118 4796 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 23:20:59.0118 4796 TsUsbFlt - ok 23:20:59.0149 4796 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 23:20:59.0165 4796 TsUsbGD - ok 23:20:59.0196 4796 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 23:20:59.0196 4796 tunnel - ok 23:20:59.0212 4796 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 23:20:59.0212 4796 uagp35 - ok 23:20:59.0243 4796 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 23:20:59.0263 4796 udfs - ok 23:20:59.0295 4796 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 23:20:59.0295 4796 UI0Detect - ok 23:20:59.0326 4796 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 23:20:59.0326 4796 uliagpkx - ok 23:20:59.0341 4796 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 23:20:59.0341 4796 umbus - ok 23:20:59.0357 4796 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 23:20:59.0373 4796 UmPass - ok 23:20:59.0388 4796 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll 23:20:59.0404 4796 UmRdpService - ok 23:20:59.0534 4796 [ 2C16648A12999AE69A9EBF41974B0BA2 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe 23:20:59.0580 4796 UNS - ok 23:20:59.0596 4796 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 23:20:59.0612 4796 upnphost - ok 23:20:59.0627 4796 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 23:20:59.0627 4796 USBAAPL64 - ok 23:20:59.0658 4796 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 23:20:59.0658 4796 usbccgp - ok 23:20:59.0674 4796 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 23:20:59.0690 4796 usbcir - ok 23:20:59.0705 4796 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys 23:20:59.0705 4796 usbehci - ok 23:20:59.0752 4796 [ 8B892002D7B79312821169A14317AB86 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 23:20:59.0768 4796 usbhub - ok 23:20:59.0814 4796 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 23:20:59.0814 4796 usbohci - ok 23:20:59.0846 4796 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 23:20:59.0846 4796 usbprint - ok 23:20:59.0892 4796 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 23:20:59.0892 4796 usbscan - ok 23:20:59.0924 4796 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 23:20:59.0924 4796 USBSTOR - ok 23:20:59.0955 4796 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 23:20:59.0955 4796 usbuhci - ok 23:20:59.0986 4796 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 23:20:59.0986 4796 usbvideo - ok 23:21:00.0002 4796 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 23:21:00.0002 4796 UxSms - ok 23:21:00.0017 4796 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 23:21:00.0017 4796 VaultSvc - ok 23:21:00.0126 4796 [ 20BF96C13DB4BA085D98F4700F3B05FE ] vcsFPService C:\Windows\system32\vcsFPService.exe 23:21:00.0220 4796 vcsFPService - ok 23:21:00.0236 4796 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 23:21:00.0236 4796 vdrvroot - ok 23:21:00.0267 4796 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 23:21:00.0274 4796 vds - ok 23:21:00.0305 4796 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 23:21:00.0305 4796 vga - ok 23:21:00.0321 4796 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 23:21:00.0321 4796 VgaSave - ok 23:21:00.0337 4796 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 23:21:00.0352 4796 vhdmp - ok 23:21:00.0352 4796 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 23:21:00.0368 4796 viaide - ok 23:21:00.0383 4796 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 23:21:00.0383 4796 VMBusHID - ok 23:21:00.0415 4796 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 23:21:00.0415 4796 volmgr - ok 23:21:00.0446 4796 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 23:21:00.0461 4796 volmgrx - ok 23:21:00.0477 4796 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 23:21:00.0477 4796 volsnap - ok 23:21:00.0503 4796 [ ABD9B4A7E2D0AE51A3B8DF1AF3152D61 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys 23:21:00.0503 4796 vpcbus - ok 23:21:00.0534 4796 [ 8ACDA395841538CE9713A67FE8B2A3EB ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys 23:21:00.0534 4796 vpcnfltr - ok 23:21:00.0565 4796 [ 31924E31BC315773E6D149B157DB46D5 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys 23:21:00.0565 4796 vpcusb - ok 23:21:00.0596 4796 [ C5B651E52540E6F46DA66574C74B4898 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys 23:21:00.0612 4796 vpcvmm - ok 23:21:00.0643 4796 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 23:21:00.0643 4796 vsmraid - ok 23:21:00.0705 4796 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 23:21:00.0737 4796 VSS - ok 23:21:00.0752 4796 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 23:21:00.0752 4796 vwifibus - ok 23:21:00.0768 4796 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 23:21:00.0768 4796 vwififlt - ok 23:21:00.0799 4796 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 23:21:00.0799 4796 vwifimp - ok 23:21:00.0815 4796 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 23:21:00.0846 4796 W32Time - ok 23:21:00.0846 4796 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 23:21:00.0861 4796 WacomPen - ok 23:21:00.0877 4796 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 23:21:00.0893 4796 WANARP - ok 23:21:00.0893 4796 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 23:21:00.0893 4796 Wanarpv6 - ok 23:21:00.0971 4796 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 23:21:01.0002 4796 WatAdminSvc - ok 23:21:01.0064 4796 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 23:21:01.0095 4796 wbengine - ok 23:21:01.0127 4796 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 23:21:01.0127 4796 WbioSrvc - ok 23:21:01.0158 4796 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 23:21:01.0173 4796 wcncsvc - ok 23:21:01.0189 4796 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 23:21:01.0189 4796 WcsPlugInService - ok 23:21:01.0205 4796 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 23:21:01.0205 4796 Wd - ok 23:21:01.0251 4796 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 23:21:01.0288 4796 Wdf01000 - ok 23:21:01.0303 4796 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 23:21:01.0303 4796 WdiServiceHost - ok 23:21:01.0319 4796 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 23:21:01.0319 4796 WdiSystemHost - ok 23:21:01.0334 4796 [ 94DC2BF6CBAAA95E369C3756D3115A76 ] wdkmd C:\Windows\system32\DRIVERS\WDKMD.sys 23:21:01.0334 4796 wdkmd - ok 23:21:01.0350 4796 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 23:21:01.0366 4796 WebClient - ok 23:21:01.0381 4796 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 23:21:01.0412 4796 Wecsvc - ok 23:21:01.0428 4796 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 23:21:01.0428 4796 wercplsupport - ok 23:21:01.0444 4796 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 23:21:01.0459 4796 WerSvc - ok 23:21:01.0475 4796 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 23:21:01.0475 4796 WfpLwf - ok 23:21:01.0490 4796 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 23:21:01.0490 4796 WIMMount - ok 23:21:01.0542 4796 WinDefend - ok 23:21:01.0558 4796 WinHttpAutoProxySvc - ok 23:21:01.0605 4796 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 23:21:01.0620 4796 Winmgmt - ok 23:21:01.0683 4796 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 23:21:01.0714 4796 WinRM - ok 23:21:01.0761 4796 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys 23:21:01.0761 4796 WinUSB - ok 23:21:01.0792 4796 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 23:21:01.0839 4796 Wlansvc - ok 23:21:01.0885 4796 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 23:21:01.0885 4796 wlcrasvc - ok 23:21:01.0979 4796 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 23:21:02.0010 4796 wlidsvc - ok 23:21:02.0041 4796 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 23:21:02.0041 4796 WmiAcpi - ok 23:21:02.0073 4796 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 23:21:02.0073 4796 wmiApSrv - ok 23:21:02.0088 4796 WMPNetworkSvc - ok 23:21:02.0213 4796 [ 83B6CA03C846FCD47F9883D77D1EB27B ] WMZuneComm C:\Program Files\Zune\WMZuneComm.exe 23:21:02.0229 4796 WMZuneComm - ok 23:21:02.0260 4796 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 23:21:02.0260 4796 WPCSvc - ok 23:21:02.0275 4796 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 23:21:02.0294 4796 WPDBusEnum - ok 23:21:02.0312 4796 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 23:21:02.0312 4796 ws2ifsl - ok 23:21:02.0374 4796 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll 23:21:02.0374 4796 wscsvc - ok 23:21:02.0405 4796 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys 23:21:02.0405 4796 WSDPrintDevice - ok 23:21:02.0436 4796 [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys 23:21:02.0436 4796 WSDScan - ok 23:21:02.0452 4796 WSearch - ok 23:21:02.0553 4796 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 23:21:02.0631 4796 wuauserv - ok 23:21:02.0678 4796 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 23:21:02.0678 4796 WudfPf - ok 23:21:02.0709 4796 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 23:21:02.0725 4796 WUDFRd - ok 23:21:02.0772 4796 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 23:21:02.0772 4796 wudfsvc - ok 23:21:02.0803 4796 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 23:21:02.0818 4796 WwanSvc - ok 23:21:03.0037 4796 [ 67B787C34FB2888D01B130AE007042D8 ] ZuneNetworkSvc C:\Program Files\Zune\ZuneNss.exe 23:21:03.0193 4796 ZuneNetworkSvc - ok 23:21:03.0240 4796 [ 4D89FC1C20CF655739EFAC5DA81A67BC ] ZuneWlanCfgSvc C:\Program Files\Zune\ZuneWlanCfgSvc.exe 23:21:03.0255 4796 ZuneWlanCfgSvc - ok 23:21:03.0286 4796 ================ Scan global =============================== 23:21:03.0302 4796 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 23:21:03.0354 4796 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 23:21:03.0369 4796 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 23:21:03.0401 4796 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 23:21:03.0447 4796 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 23:21:03.0463 4796 [Global] - ok 23:21:03.0463 4796 ================ Scan MBR ================================== 23:21:03.0479 4796 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0 23:21:03.0718 4796 \Device\Harddisk0\DR0 - ok 23:21:03.0718 4796 ================ Scan VBR ================================== 23:21:03.0733 4796 [ E864180918F2317D9F5DFD366E5A080F ] \Device\Harddisk0\DR0\Partition1 23:21:03.0733 4796 \Device\Harddisk0\DR0\Partition1 - ok 23:21:03.0749 4796 [ E4A3D06F99E279D0E8B6D7A4FDCBC53D ] \Device\Harddisk0\DR0\Partition2 23:21:03.0749 4796 \Device\Harddisk0\DR0\Partition2 - ok 23:21:03.0749 4796 ============================================================ 23:21:03.0749 4796 Scan finished 23:21:03.0749 4796 ============================================================ 23:21:03.0764 3532 Detected object count: 0 23:21:03.0764 3532 Actual detected object count: 0 aswMBR aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2012-11-17 23:23:45 ----------------------------- 23:23:45.001 OS Version: Windows x64 6.1.7601 Service Pack 1 23:23:45.001 Number of processors: 4 586 0x2A07 23:23:45.001 ComputerName: OSCAR UserName: Jeff 23:23:45.776 Initialize success 23:48:42.384 AVAST engine defs: 12111701 23:48:57.073 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 23:48:57.073 Disk 0 Vendor: ST320LT0 0001 Size: 305245MB BusType: 3 23:48:57.104 Disk 0 MBR read successfully 23:48:57.104 Disk 0 MBR scan 23:48:57.120 Disk 0 Windows VISTA default MBR code 23:48:57.120 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63 23:48:57.135 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 21900 MB offset 208896 23:48:57.167 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 283242 MB offset 45060096 23:48:57.182 Disk 0 scanning C:\Windows\system32\drivers 23:49:10.183 Service scanning 23:49:33.572 Modules scanning 23:49:33.588 Disk 0 trace - called modules: 23:49:33.603 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll 23:49:34.123 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006621060] 23:49:34.123 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa80064b7cb0] 23:49:34.139 5 stdcfltn.sys[fffff88001b24c52] -> nt!IofCallDriver -> [0xfffffa80047bf800] 23:49:34.157 7 ACPI.sys[fffff88000fa47a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004879050] 23:49:38.336 AVAST engine scan C:\Windows 23:49:41.259 AVAST engine scan C:\Windows\system32 23:53:05.659 AVAST engine scan C:\Windows\system32\drivers 23:53:23.109 AVAST engine scan C:\Users\Jeff 23:55:19.595 File: C:\Users\Jeff\AppData\Local\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U\00000004.@ **INFECTED** Win32:Malware-gen 23:55:19.626 File: C:\Users\Jeff\AppData\Local\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U\80000000.@ **INFECTED** Win32:Malware-gen 00:00:20.411 AVAST engine scan C:\ProgramData 00:02:28.666 Scan finished successfully 03:45:39.079 Disk 0 MBR has been saved successfully to "C:\Users\Jeff\Desktop\MBR.dat" 03:45:39.079 The log file has been saved successfully to "C:\Users\Jeff\Desktop\aswMBR.txt"
-
I was able to try facebook and my work website too and they did the same thing.
-
Combofix log is below. Right after it finished I tried to open IE so I could post the log and I got an error saying the program couldn't be opened because it was marked to be deleted - same for chrome. So I reboted. I can get IE to work now but I did get a warning saying I was going to connect over an unsecured connection when I click x to close it I get a small pop up that says Message from webhp and contains an icon of the yellow tragle warning sign in it. I was going to try another page that isn't google owned but it's getting difficult to stop the pop ups. They come in multiples of 4-5 Combofix ComboFix 12-11-16.02 - Jeff 11/17/2012 20:38:15.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4010.2559 [GMT -5:00] Running from: c:\users\Jeff\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\somototoolbar\vmNTemplatex.dll c:\programdata\Roaming c:\users\Public\AlexaNSISPlugin.8548.dll . . ((((((((((((((((((((((((( Files Created from 2012-10-18 to 2012-11-18 ))))))))))))))))))))))))))))))) . . 2012-11-18 01:48 . 2012-11-18 01:48 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-18 01:48 . 2012-11-18 01:48 -------- d-----w- c:\users\Patty\AppData\Local\temp 2012-11-18 01:48 . 2012-11-18 01:48 -------- d-----w- c:\users\Jake\AppData\Local\temp 2012-11-18 01:48 . 2012-11-18 01:48 -------- d-----w- c:\users\Jackson\AppData\Local\temp 2012-11-17 03:30 . 2012-03-14 10:00 385024 ----a-w- c:\windows\system32\CNMLMA5.DLL 2012-11-17 03:30 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-11-17 03:30 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys 2012-11-17 03:30 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll 2012-11-17 03:30 . 2012-08-24 18:04 307200 ----a-w- c:\windows\system32\ncrypt.dll 2012-11-17 03:30 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll 2012-11-17 03:30 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll 2012-11-17 03:30 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2012-11-17 03:30 . 2012-08-24 16:57 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll 2012-11-17 03:30 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2012-11-15 08:06 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-15 08:06 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-15 08:06 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-11-15 08:06 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-14 23:46 . 2012-11-14 23:46 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-11-14 23:45 . 2012-11-14 23:45 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-11-14 23:45 . 2012-11-14 23:45 -------- d-----w- c:\program files (x86)\Java 2012-11-14 20:36 . 2012-11-14 20:36 -------- d-----w- c:\users\Jackson\AppData\Local\Adobe 2012-11-14 11:08 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll 2012-11-14 11:08 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll 2012-11-06 05:18 . 2012-11-06 05:18 -------- d-----w- c:\users\Jeff\AppData\Local\Mozilla 2012-11-06 05:18 . 2012-11-06 05:18 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-17 03:32 . 2011-09-19 18:48 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-11-14 23:45 . 2011-06-11 22:24 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-10-14 18:37 . 2012-04-18 01:08 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-14 18:37 . 2012-03-01 03:44 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-29 23:54 . 2012-01-25 07:37 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-14 19:19 . 2012-10-11 00:43 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-11 00:43 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-08-31 18:19 . 2012-10-11 00:43 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-30 18:03 . 2012-10-11 00:44 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-11 00:43 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12 . 2012-10-11 00:43 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-08-24 18:05 . 2012-10-11 00:43 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-08-24 16:57 . 2012-10-11 00:43 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-08-22 18:12 . 2012-09-12 01:51 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 18:12 . 2012-09-12 01:51 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 18:12 . 2012-09-12 01:51 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-21 21:01 . 2012-09-26 00:47 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-08-20 18:48 . 2012-10-11 00:44 362496 ----a-w- c:\windows\system32\wow64win.dll 2012-08-20 18:48 . 2012-10-11 00:44 243200 ----a-w- c:\windows\system32\wow64.dll 2012-08-20 18:48 . 2012-10-11 00:44 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2012-08-20 18:48 . 2012-10-11 00:44 215040 ----a-w- c:\windows\system32\winsrv.dll 2012-08-20 18:48 . 2012-10-11 00:44 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2012-08-20 18:48 . 2012-10-11 00:44 424448 ----a-w- c:\windows\system32\KernelBase.dll 2012-08-20 18:48 . 2012-10-11 00:44 1162240 ----a-w- c:\windows\system32\kernel32.dll 2012-08-20 18:46 . 2012-10-11 00:44 338432 ----a-w- c:\windows\system32\conhost.exe 2012-08-20 18:38 . 2012-10-11 00:44 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 00:44 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 00:44 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 00:44 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 00:44 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 00:44 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 00:44 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 00:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 00:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 00:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 00:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 00:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 00:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 00:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 00:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 00:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 00:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 00:44 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 00:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 00:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 00:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 00:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 00:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 00:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 00:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 00:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 00:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2012-08-20 18:38 . 2012-10-11 00:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2012-08-20 17:40 . 2012-10-11 00:44 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2012-08-20 17:38 . 2012-10-11 00:44 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-08-20 17:38 . 2012-10-11 00:44 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2012-08-20 17:37 . 2012-10-11 00:44 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2012-08-20 17:37 . 2012-10-11 00:44 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll 2012-08-20 17:32 . 2012-10-11 00:44 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll 2012-08-20 17:32 . 2012-10-11 00:44 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll 2012-08-20 17:32 . 2012-10-11 00:44 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll 2012-08-20 17:32 . 2012-10-11 00:44 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll 2012-08-20 17:32 . 2012-10-11 00:44 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll 2012-08-20 17:32 . 2012-10-11 00:44 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll 2012-08-20 17:32 . 2012-10-11 00:44 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll 2012-08-20 17:32 . 2012-10-11 00:44 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll 2012-08-20 17:32 . 2012-10-11 00:44 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll 2012-08-20 17:32 . 2012-10-11 00:44 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll 2012-08-20 17:32 . 2012-10-11 00:44 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll 2012-08-20 17:32 . 2012-10-11 00:44 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll 2012-08-20 17:32 . 2012-10-11 00:44 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll 2012-08-20 17:32 . 2012-10-11 00:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll 2012-08-20 17:32 . 2012-10-11 00:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-08-20 17:32 . 2012-10-11 00:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll 2012-08-20 17:32 . 2012-10-11 00:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll 2012-08-20 17:32 . 2012-10-11 00:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll 2012-08-20 17:32 . 2012-10-11 00:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll 2012-08-20 17:32 . 2012-10-11 00:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll 2012-08-20 17:32 . 2012-10-11 00:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll 2012-08-20 17:32 . 2012-10-11 00:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll 2012-08-20 17:32 . 2012-10-11 00:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll 2012-08-20 17:32 . 2012-10-11 00:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll 2012-08-20 15:38 . 2012-10-11 00:44 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2012-08-20 15:38 . 2012-10-11 00:44 2048 ----a-w- c:\windows\SysWow64\user.exe 2012-08-20 15:33 . 2012-10-11 00:44 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-08-20 15:33 . 2012-10-11 00:44 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 15:33 . 2012-10-11 00:44 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 15:33 . 2012-10-11 00:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{00B48AB6-399B-4E4E-B07E-DA47C34C453A}] 2010-12-29 18:20 14432 ----a-w- c:\program files (x86)\Shop to Win 17\Shop to Win 17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-19 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336] "PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-19 487562] "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112] "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - c:\program files (x86)\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ DPPassFilter scecli . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2010-12-14 1298496] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240] R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-21 168448] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984] R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-21 22528] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-19 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856] S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208] S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-12-14 901184] S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2010-12-14 974912] S2 MediaMall Server;MediaMall Server;c:\program files (x86)\MediaMall\MediaMallServer.exe [2012-09-10 3057528] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280] S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-10-07 3137840] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-09-29 27760] S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2010-12-14 58128] S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-15 327168] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 175168] S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-10 60416] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392] S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 18:37] . 2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-19 19:57] . 2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-19 19:57] . 2012-02-10 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-12-14 6561384] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112] "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-10-01 727664] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584] "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2010-12-14 10222080] "DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2011-03-08 227328] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\rxl3x3w9.default\ FF - ExtSQL: 2012-11-06 00:21; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\rxl3x3w9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF - ExtSQL: 2012-11-06 00:36; artur.dubovoy@gmail.com; c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\rxl3x3w9.default\extensions\artur.dubovoy@gmail.com.xpi . - - - - ORPHANS REMOVED - - - - . BHO-{652853ad-5592-4231-88c6-706613a52e61} - c:\program files (x86)\somototoolbar\vmntemplateX.dll Toolbar-Locked - (no file) Toolbar-{652853ad-5592-4231-88c6-706613a52e61} - c:\program files (x86)\somototoolbar\vmntemplateX.dll Toolbar-10 - (no file) Toolbar-Locked - (no file) Toolbar-10 - (no file) AddRemove-{86AE8BCB-259D-46E0-9624-4AB2025348B4}_is1 - c:\program files (x86)\Shop To Win\unins000.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2012-11-17 21:04:00 - machine was rebooted ComboFix-quarantined-files.txt 2012-11-18 02:03 . Pre-Run: 176,545,345,536 bytes free Post-Run: 178,206,105,600 bytes free . - - End Of File - - D96022BEB92147592D789E32F6054522
-
o be more clear - I thought since MSE wasn't working properly maybe the active scan wasn't working - so I started ComboFix and it did find that it is still running. So I don't want to continue with ComboFix but I can't disable MSE
-
Microsoft security esentials has something wrong with it - I can't even open it to disable it - I thought about just uninstalling it but I didn't want to do that without asking you and also I can't find it on the uninstall software list.
-
Sorry I also noticed that Rouge Killer created 2 reports. Here is the 2nd one RogueKiller V8.3.0 [Nov 17 2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Jeff [Admin rights] Mode : Remove -- Date : 11/17/2012 10:07:35 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 7 ¤¤¤ [TASK][sUSP PATH] FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051.job : C:\Users\Jeff\AppData\Local\Temp\Fixit\DeleteAclKey.bat -> DELETED [TASK][sUSP PATH] FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051 : C:\Users\Jeff\AppData\Local\Temp\Fixit\DeleteAclKey.bat -> DELETED [HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1) [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Jeff\AppData\Local\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\n.) -> REPLACED (C:\Windows\system32\shell32.dll) ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-2926821782-996902761-1434136602-1001\$792f41990b73e2f47b46706eb422a6b8\@ --> REMOVED [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-2926821782-996902761-1434136602-1001\$792f41990b73e2f47b46706eb422a6b8\U --> REMOVED [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-2926821782-996902761-1434136602-1001\$792f41990b73e2f47b46706eb422a6b8\L --> REMOVED ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST320LT007-9ZV142 +++++ --- User --- [MBR] c5bbad98daec81ef35ea1cbe1f8906e6 [bSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 208896 | Size: 21900 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 45060096 | Size: 283242 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_11172012_02d1007.txt >> RKreport[1]_S_11172012_02d1006.txt ; RKreport[2]_D_11172012_02d1007.txt
-
Update: Sorry I forgot to give you and update webhp is still showing in the url when using google - also (and this may not be related) youtube videos will not run in IE - but they will run in Chrome. The youtube thing was happening before but I didn't think about it being a related thing. Thanks
-
AdwCleaner R1 # AdwCleaner v2.007 - Logfile created 11/17/2012 at 09:58:27 # Updated 06/11/2012 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (64 bits) # User : Jeff - OSCAR # Boot Mode : Normal # Running from : C:\Users\Jeff\Downloads\AdwCleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** File Found : C:\Users\Jeff\AppData\Local\Temp\Searchqu.ini File Found : C:\Users\Jeff\AppData\Local\Temp\searchqutoolbar-manifest.xml File Found : C:\Users\Jeff\AppData\Local\Temp\SetupDataMngr_Searchqu.exe File Found : C:\Users\Jeff\AppData\Local\Temp\Uninstall.exe Folder Found : C:\Program Files (x86)\Conduit Folder Found : C:\Program Files (x86)\Free Offers from Freeze.com Folder Found : C:\Program Files (x86)\Shop To Win Folder Found : C:\ProgramData\Ask Folder Found : C:\ProgramData\boost_interprocess Folder Found : C:\Users\Jeff\AppData\Local\Conduit Folder Found : C:\Users\Jeff\AppData\Local\Ilivid Player Folder Found : C:\Users\Jeff\AppData\LocalLow\AskToolbar Folder Found : C:\Users\Jeff\AppData\LocalLow\Conduit Folder Found : C:\Users\Jeff\AppData\LocalLow\PriceGong Folder Found : C:\Users\Jeff\AppData\LocalLow\Translator_3.1 Folder Found : C:\Users\Jeff\Documents\ShopToWin ***** [Registry] ***** Key Found : HKCU\Software\Alexa Internet Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\Freecause Key Found : HKCU\Software\AppDataLow\Software\PriceGong Key Found : HKCU\Software\AppDataLow\Software\SmartBar Key Found : HKCU\Software\AppDataLow\Software\Translator_3.1 Key Found : HKCU\Software\AppDataLow\Toolbar Key Found : HKCU\Software\DataMngr Key Found : HKCU\Software\ShopToWin Key Found : HKCU\Software\Somoto Toolbar Key Found : HKCU\Software\Zugo Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Found : HKLM\SOFTWARE\Classes\AppID\{EB583FE1-9458-4EDA-AC68-24D24F17C70F} Key Found : HKLM\SOFTWARE\Classes\AppID\ShoppingBHO.DLL Key Found : HKLM\SOFTWARE\Classes\FCSB000063449.JSOptionsImpl Key Found : HKLM\SOFTWARE\Classes\FCSB000063449.JSOptionsImpl.1 Key Found : HKLM\SOFTWARE\Classes\FCSB000063449.Shopping Key Found : HKLM\SOFTWARE\Classes\FCSB000063449.Shopping.1 Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3008653 Key Found : HKLM\Software\Conduit Key Found : HKLM\Software\Freeze.com Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4C798D99-2858-48A4-A3CB-AC360F296D3F} Key Found : HKLM\Software\Translator_3.1 Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A8BA8296-3F73-4A23-AA40-DE2225DB9D3B} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B324AA37-53BB-4473-8C63-139AB1DAFC5E} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3EEC3C07-13C6-4B41-87C6-40B425A0B0A2} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Translator_3.1 Toolbar Key Found : HKLM\SOFTWARE\DataMngr Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Found : HKU\S-1-5-21-2926821782-996902761-1434136602-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3EEC3C07-13C6-4B41-87C6-40B425A0B0A2}] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{3EEC3C07-13C6-4B41-87C6-40B425A0B0A2}] Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [shop To Win] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{3EEC3C07-13C6-4B41-87C6-40B425A0B0A2}] Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{3EEC3C07-13C6-4B41-87C6-40B425A0B0A2}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v16.0.2 (en-US) Profile name : default File : C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\rxl3x3w9.default\prefs.js [OK] File is clean. -\\ Google Chrome v [unable to get version] File : C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Preferences Found [l.8] : homepage = "hxxp://www.searchnu.com/406", Found [l.12] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406", "hxxp://www.google.com" ] Found [l.51] : search_url = "hxxp://dts.search-results.com/sr?src=crb&appid=394&systemid=406&sr=0&q={searchTerms}", Found [l.1516] : homepage = "hxxp://www.searchnu.com/406", Found [l.1802] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406", "hxxp://www.google.com" ] File : C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [5442 octets] - [17/11/2012 09:58:27] ########## EOF - C:\AdwCleaner[R1].txt - [5502 octets] ########## AdwCleaner S1 # AdwCleaner v2.007 - Logfile created 11/17/2012 at 09:59:04 # Updated 06/11/2012 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (64 bits) # User : Jeff - OSCAR # Boot Mode : Normal # Running from : C:\Users\Jeff\Downloads\AdwCleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Users\Jeff\AppData\Local\Temp\Searchqu.ini File Deleted : C:\Users\Jeff\AppData\Local\Temp\searchqutoolbar-manifest.xml File Deleted : C:\Users\Jeff\AppData\Local\Temp\SetupDataMngr_Searchqu.exe File Deleted : C:\Users\Jeff\AppData\Local\Temp\Uninstall.exe Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com Folder Deleted : C:\Program Files (x86)\Shop To Win Folder Deleted : C:\ProgramData\Ask Folder Deleted : C:\ProgramData\boost_interprocess Folder Deleted : C:\Users\Jeff\AppData\Local\Conduit Folder Deleted : C:\Users\Jeff\AppData\Local\Ilivid Player Folder Deleted : C:\Users\Jeff\AppData\LocalLow\AskToolbar Folder Deleted : C:\Users\Jeff\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Jeff\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\Jeff\AppData\LocalLow\Translator_3.1 Folder Deleted : C:\Users\Jeff\Documents\ShopToWin ***** [Registry] ***** Key Deleted : HKCU\Software\Alexa Internet Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\Freecause Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\AppDataLow\Software\Translator_3.1 Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\DataMngr Key Deleted : HKCU\Software\ShopToWin Key Deleted : HKCU\Software\Somoto Toolbar Key Deleted : HKCU\Software\Zugo Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EB583FE1-9458-4EDA-AC68-24D24F17C70F} Key Deleted : HKLM\SOFTWARE\Classes\AppID\ShoppingBHO.DLL Key Deleted : HKLM\SOFTWARE\Classes\FCSB000063449.JSOptionsImpl Key Deleted : HKLM\SOFTWARE\Classes\FCSB000063449.JSOptionsImpl.1 Key Deleted : HKLM\SOFTWARE\Classes\FCSB000063449.Shopping Key Deleted : HKLM\SOFTWARE\Classes\FCSB000063449.Shopping.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3008653 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\Freeze.com Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4C798D99-2858-48A4-A3CB-AC360F296D3F} Key Deleted : HKLM\Software\Translator_3.1 Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A8BA8296-3F73-4A23-AA40-DE2225DB9D3B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B324AA37-53BB-4473-8C63-139AB1DAFC5E} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3EEC3C07-13C6-4B41-87C6-40B425A0B0A2} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Translator_3.1 Toolbar Key Deleted : HKLM\SOFTWARE\DataMngr Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3EEC3C07-13C6-4B41-87C6-40B425A0B0A2}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{3EEC3C07-13C6-4B41-87C6-40B425A0B0A2}] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [shop To Win] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{3EEC3C07-13C6-4B41-87C6-40B425A0B0A2}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{3EEC3C07-13C6-4B41-87C6-40B425A0B0A2}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v16.0.2 (en-US) Profile name : default File : C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\rxl3x3w9.default\prefs.js [OK] File is clean. -\\ Google Chrome v [unable to get version] File : C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted [l.8] : homepage = "hxxp://www.searchnu.com/406", Deleted [l.12] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406", "hxxp://www.google.com" ] Deleted [l.51] : search_url = "hxxp://dts.search-results.com/sr?src=crb&appid=394&systemid=406&sr=0&q={searchTerms}", Deleted [l.1516] : homepage = "hxxp://www.searchnu.com/406", Deleted [l.1802] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406", "hxxp://www.google.com" ] File : C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [5565 octets] - [17/11/2012 09:58:27] AdwCleaner[s1].txt - [5472 octets] - [17/11/2012 09:59:04] ########## EOF - C:\AdwCleaner[s1].txt - [5532 octets] ########## Rouge Killer RogueKiller V8.3.0 [Nov 17 2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Jeff [Admin rights] Mode : Scan -- Date : 11/17/2012 10:06:51 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 7 ¤¤¤ [TASK][sUSP PATH] FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051.job : C:\Users\Jeff\AppData\Local\Temp\Fixit\DeleteAclKey.bat -> FOUND [TASK][sUSP PATH] FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051 : C:\Users\Jeff\AppData\Local\Temp\Fixit\DeleteAclKey.bat -> FOUND [HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Jeff\AppData\Local\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\n.) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-2926821782-996902761-1434136602-1001\$792f41990b73e2f47b46706eb422a6b8\@ --> FOUND [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-2926821782-996902761-1434136602-1001\$792f41990b73e2f47b46706eb422a6b8\U --> FOUND [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-2926821782-996902761-1434136602-1001\$792f41990b73e2f47b46706eb422a6b8\L --> FOUND ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST320LT007-9ZV142 +++++ --- User --- [MBR] c5bbad98daec81ef35ea1cbe1f8906e6 [bSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 208896 | Size: 21900 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 45060096 | Size: 283242 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_11172012_02d1006.txt >> RKreport[1]_S_11172012_02d1006.txt
-
Gringo, Thank you. DDS DDS (Ver_2012-11-07.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 1.6.0_37 Run by Jeff at 8:54:23 on 2012-11-17 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4010.1428 [GMT -5:00] . AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\vcsFPService.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Program Files\DigitalPersona\Bin\DpHostW.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files (x86)\MediaMall\MediaMallServer.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\taskhost.exe C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\DigitalPersona\Bin\DPAgent.exe C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\DellTPad\Apoint.exe C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Windows\System32\rundll32.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\dell\DBRM\Reminder\DbrmTrayicon.exe C:\Program Files\Zune\ZuneLauncher.exe C:\Program Files (x86)\Shop To Win\ShopToWin.exe C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Jeff\Desktop\Defogger.exe C:\Windows\system32\svchost.exe -k defragsvc C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uDefault_Page_URL = hxxp://www.dell.com uURLSearchHooks: {3eec3c07-13c6-4b41-87c6-40b425a0b0a2} - <orphaned> mURLSearchHooks: {3eec3c07-13c6-4b41-87c6-40b425a0b0a2} - <orphaned> mWinlogon: Userinit = userinit.exe, BHO: Shop to Win: {00B48AB6-399B-4E4E-B07E-DA47C34C453A} - C:\Program Files (x86)\Shop to Win 17\Shop to Win 17.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - <orphaned> BHO: {3eec3c07-13c6-4b41-87c6-40b425a0b0a2} - <orphaned> BHO: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: AcroIEToolbarHelper Class: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll TB: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll EB: {c585d593-e7f4-4852-a200-561686ee02e4} - <orphaned> EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll uRun: [shop To Win] C:\Program Files (x86)\Shop To Win\ShopToWin.exe uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACROBA~1.LNK - C:\Program Files (x86)\Adobe\Acrobat 6.0\Distillr\acrotray.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} - hxxps://secure.logmein.com/activex/RACtrl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=928 TCP: NameServer = 192.168.1.254 TCP: Interfaces\{3E98D5AA-4D87-4F81-826B-0145F7D98F72} : DHCPNameServer = 192.128.101.2 216.171.129.13 TCP: Interfaces\{72C6EF6D-CD8F-4A1A-9DAD-43138956A305} : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{72C6EF6D-CD8F-4A1A-9DAD-43138956A305}\055726C69636 : DHCPNameServer = 207.72.64.130 64.90.129.130 207.72.65.130 TCP: Interfaces\{72C6EF6D-CD8F-4A1A-9DAD-43138956A305}\25146554E434146454 : DHCPNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{72C6EF6D-CD8F-4A1A-9DAD-43138956A305}\2656C6B696E6534376 : DHCPNameServer = 192.168.2.1 192.168.1.254 TCP: Interfaces\{72C6EF6D-CD8F-4A1A-9DAD-43138956A305}\3434D2055726C69636 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{72C6EF6D-CD8F-4A1A-9DAD-43138956A305}\45865605F62747 : DHCPNameServer = 192.168.12.1 68.87.77.134 TCP: Interfaces\{72C6EF6D-CD8F-4A1A-9DAD-43138956A305}\960586F6E656 : DHCPNameServer = 66.211.74.11 66.211.74.12 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - <orphaned> Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> LSA: Notification Packages = DPPassFilter scecli x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe, x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe x64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray x64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp x64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe x64-Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" x64-RunOnce: [DBRMTray] C:\Dell\DBRM\Reminder\TrayApp.exe x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\rxl3x3w9.default\ FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - ExtSQL: 2012-11-06 00:21; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\rxl3x3w9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF - ExtSQL: 2012-11-06 00:36; artur.dubovoy@gmail.com; C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\rxl3x3w9.default\extensions\artur.dubovoy@gmail.com.xpi . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-6-11 55856] R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2011-6-11 21616] R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2011-4-18 189440] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-6-11 98208] R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-12-14 901184] R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2010-12-14 974912] R2 MediaMall Server;MediaMall Server;C:\Program Files (x86)\MediaMall\MediaMallServer.exe [2012-5-30 3057528] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-6-11 2656280] R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-10-7 3137840] R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2011-6-11 27760] R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2010-12-14 1298496] R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2010-12-14 58128] R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-11-15 327168] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-6-11 175168] R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-12-9 60416] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-6-11 317440] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-6-11 82432] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-6-11 181760] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240] R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-12-1 42392] R3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168] S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-6-11 158976] S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2011-4-18 40832] S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 84864] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-16 19456] S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-6-11 250984] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136] S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-16 57856] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-16 30208] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-19 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-11-17 03:30:51 385024 ----a-w- C:\Windows\System32\CNMLMA5.DLL 2012-11-17 03:30:01 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-11-17 03:30:01 458712 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-11-17 03:30:01 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-11-17 03:30:01 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-11-17 03:30:01 247808 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-11-17 03:30:01 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-11-17 03:30:01 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-11-17 03:30:01 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-11-17 03:30:01 1448448 ----a-w- C:\Windows\System32\lsasrv.dll 2012-11-15 08:06:35 9728 ----a-w- C:\Windows\System32\Wdfres.dll 2012-11-15 08:06:35 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys 2012-11-15 08:06:35 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys 2012-11-15 08:06:35 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui 2012-11-14 23:45:46 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2012-11-14 11:08:41 95744 ----a-w- C:\Windows\System32\synceng.dll 2012-11-14 11:08:41 78336 ----a-w- C:\Windows\SysWow64\synceng.dll . ==================== Find3M ==================== . 2012-11-17 03:24:09 155 ----a-w- C:\Windows\SysWow64\91207717.sys 2012-11-14 23:45:42 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-10-14 18:37:29 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-14 18:37:29 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll 2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll 2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll 2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll 2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll 2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll 2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll 2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll 2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll 2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll 2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll 2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll 2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys 2012-09-29 23:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll 2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-08-23 14:13:11 243200 ----a-w- C:\Windows\System32\rdpudd.dll 2012-08-23 14:10:20 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys 2012-08-23 14:08:26 30208 ----a-w- C:\Windows\System32\drivers\TsUsbGD.sys 2012-08-23 14:07:35 57856 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys 2012-08-23 13:47:20 46592 ----a-w- C:\Windows\SysWow64\MsRdpWebAccess.dll 2012-08-23 13:46:20 16896 ----a-w- C:\Windows\SysWow64\wksprtPS.dll 2012-08-23 13:41:52 13312 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe 2012-08-23 13:40:56 13312 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll 2012-08-23 13:24:57 15360 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll 2012-08-23 13:20:40 54272 ----a-w- C:\Windows\System32\MsRdpWebAccess.dll 2012-08-23 13:18:14 37376 ----a-w- C:\Windows\SysWow64\tsgqec.dll 2012-08-23 13:17:54 18432 ----a-w- C:\Windows\System32\wksprtPS.dll 2012-08-23 13:06:58 43520 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll 2012-08-23 12:52:53 44032 ----a-w- C:\Windows\System32\tsgqec.dll 2012-08-23 11:20:06 62976 ----a-w- C:\Windows\System32\TSWbPrxy.exe 2012-08-23 11:15:57 269312 ----a-w- C:\Windows\SysWow64\aaclient.dll 2012-08-23 11:14:09 384000 ----a-w- C:\Windows\System32\wksprt.exe 2012-08-23 11:12:17 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll 2012-08-23 10:54:24 322560 ----a-w- C:\Windows\System32\aaclient.dll 2012-08-23 10:51:14 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll 2012-08-23 10:39:24 1048064 ----a-w- C:\Windows\SysWow64\mstsc.exe 2012-08-23 10:22:22 1123840 ----a-w- C:\Windows\System32\mstsc.exe 2012-08-23 09:51:57 3174912 ----a-w- C:\Windows\System32\rdpcorets.dll 2012-08-23 08:19:01 4916224 ----a-w- C:\Windows\SysWow64\mstscax.dll 2012-08-23 08:13:07 5773824 ----a-w- C:\Windows\System32\mstscax.dll 2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys 2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys 2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe 2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll . ============= FINISH: 8:54:34.40 =============== DDS Attach . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-07.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume2 Install Date: 9/19/2011 1:34:38 PM System Uptime: 11/17/2012 2:13:00 AM (6 hours ago) . Motherboard: Dell Inc. | | 0D7C51 Processor: Intel® Core i3-2310M CPU @ 2.10GHz | CPU | 2100/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 277 GiB total, 159.144 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP147: 10/7/2012 10:58:52 PM - Installed The Sims Deluxe Edition RP148: 10/11/2012 3:00:13 AM - Windows Update RP149: 10/23/2012 11:13:26 PM - Scheduled Checkpoint RP150: 11/2/2012 2:55:17 AM - Scheduled Checkpoint RP151: 11/11/2012 1:28:02 AM - Scheduled Checkpoint RP152: 11/14/2012 6:44:45 PM - Installed Java 6 Update 37 RP153: 11/15/2012 3:00:13 AM - Windows Update RP154: 11/16/2012 10:30:11 PM - Windows Update . ==== Installed Programs ====================== . 7-Zip 9.20 7-Zip 9.20 (x64 edition) AccelerometerP11 ACID Music Studio 8.0 Adobe Acrobat 6.0 Standard Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.4) MUI Advanced Audio FX Engine Age of Empires III Aiseesoft Total Media Converter 6.2.26 Amazon MP3 Downloader 1.0.15 AnswerWorks 5.0 English Runtime Apple Application Support Apple Mobile Device Support Apple Software Update CyberLink PowerDVD 9.5 D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dell Webcam Central DirectX 9 Runtime Family Tree Maker 2012 Google Chrome Google Earth Google Toolbar for Internet Explorer Google Update Helper HandBrake 0.9.8 Inpaint 3.1 InstallAssist Intel® Control Center Intel® Management Engine Components Intel® Processor Graphics Intel® Wireless Display iTunes Java Auto Updater Java 6 Update 37 Junk Mail filter update Malwarebytes Anti-Malware version 1.65.1.1000 Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Business 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Miro Mozilla Firefox 16.0.2 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB973688) PhotoShowExpress Pivot Stickfigure Animator version 2.2.6 Pivot Stickfigure FileBulldog Toolbar PlayOn Pyware 3D Quicken 2011 Realtek High Definition Audio Driver Retouch Pilot Free 3.4.1 Roxio Activation Module Roxio BackOnTrack Roxio Burn Roxio Creator Starter Roxio Express Labeler 3 ScanMyReg 2.02 Scheduling Employees Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition Shop To Win Skype Toolbars Skype™ 5.10 Sonic CinePlayer Decoder Pack Sony Preset Manager 2.0 Star Wars Empire at War Studio Devil BVC 1.1 TablEdit 2.71 The Sims Deluxe Edition The Weather Channel Desktop 6 Translator 3.1 Toolbar TruePianos Amber Lite (ACID Music Studio) 1.5.0 Twisted Lands: Insomniac Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Encoder 9 Series Windows Mobile Device Updater Component WinX DVD Ripper 5.5.8 Zune Zune Language Pack (CHS) Zune Language Pack (CHT) Zune Language Pack (CSY) Zune Language Pack (DAN) Zune Language Pack (DEU) Zune Language Pack (ELL) Zune Language Pack (ESP) Zune Language Pack (FIN) Zune Language Pack (FRA) Zune Language Pack (HUN) Zune Language Pack (IND) Zune Language Pack (ITA) Zune Language Pack (JPN) Zune Language Pack (KOR) Zune Language Pack (MSL) Zune Language Pack (NLD) Zune Language Pack (NOR) Zune Language Pack (PLK) Zune Language Pack (PTB) Zune Language Pack (PTG) Zune Language Pack (RUS) Zune Language Pack (SVE) . ==== Event Viewer Messages From Past Week ======== . 11/16/2012 10:40:06 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 11/16/2012 10:39:45 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143. 11/16/2012 10:38:30 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 11/16/2012 10:38:25 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 11/16/2012 10:38:24 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 11/16/2012 10:38:13 PM, Error: Service Control Manager [7023] - The Microsoft Antimalware Service service terminated with the following error: %%-2147024894 11/15/2012 3:28:51 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 11/13/2012 10:33:30 PM, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 2 time(s). 11/12/2012 7:50:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "109" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69} 11/12/2012 7:50:44 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The pipe has been ended. . ==== End Of File =========================== Checkup Results of screen317's Security Check version 0.99.54 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.1.1000 Java 6 Update 37 Java version out of Date! Adobe Reader X (10.1.4) Mozilla Firefox (16.0.2) Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.92 Google Chrome 22.0.1229.94 Google Chrome 23.0.1271.64 ````````Process Check: objlist.exe by Laurent```````` MediaMall MediaMallServer.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log``````````````````````
-
I have apparently been infected by webhp - I currently have the free version of Malewarbytes (I will purchase when I have the funds - I love this software). I ran Malwarebytes and it found something and deleted it - but the issue persists. I downloaded dds and I have both logs - I am not sure if I should copy and paste them here or attach them as a file. I will wait for instructions. Thanks