mlamphier

OK, rebuilt Windows 7 system from System Restore CD I had made 2 years ago. Pain in the neck to re-install all the programs etc, on the other hand it is good opportunity to clean out a lot of stuff I never use. All of my docs etc were backed up on Carbonite. Once I get the system up to a state that I am happy with I will clone the entire system drive, as you suggest. Thanks for all of your help Maurice.

Yes, I there is a recovery partition on the main drive. ************************************************* ListParts by Farbar Version: 17-04-2013 Ran by Marc (administrator) on 17-04-2013 at 16:12:22 Windows 7 (X64) Running From: C:\Users\Marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2T8DSP9K Language: 0409 ************************************************************ ========================= Memory info ====================== Percentage of memory in use: 36% Total physical RAM: 8182.99 MB Available physical RAM: 5185.05 MB Total Pagefile: 16364.16 MB Available Pagefile: 12277.59 MB Total Virtual: 8192 MB Available Virtual: 8191.88 MB ======================= Partitions ========================= 1 Drive c: (OS) (Fixed) (Total:689.47 GB) (Free:229.63 GB) NTFS 3 Drive e: (New Volume) (Fixed) (Total:931.51 GB) (Free:147.6 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 698 GB 0 B Disk 1 Online 931 GB 0 B Partitions of Disk 0: =============== Disk ID: 8A427EA7 Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 39 MB 31 KB Partition 2 Primary 9 GB 40 MB Partition 3 Primary 689 GB 9 GB ====================================================================================================== Disk: 0 Partition 1 Type : DE Hidden: Yes Active: No There is no volume associated with this partition. ====================================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 RECOVERY NTFS Partition 9 GB Healthy System (partition with boot components) ====================================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C OS NTFS Partition 689 GB Healthy Boot ====================================================================================================== Partitions of Disk 1: =============== Disk ID: E0EBC281 Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 931 GB 31 KB ====================================================================================================== Disk: 1 Partition 1 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E New Volume NTFS Partition 931 GB Healthy ====================================================================================================== ============================== MBR Partition Table ================== ============================== Partitions of Disk 0: =============== Disk ID: 8A427EA7 Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=9 GB) - (Type=07) (NTFS) Partition 3: (Not Active) - (Size=689 GB) - (Type=07) (NTFS) ============================== Partitions of Disk 1: =============== Disk ID: E0EBC281 Partition 1: (Not Active) - (Size=932 GB) - (Type=07) (NTFS) ****** End Of Log ******

OK, I am ready to do a re-install of the system. I have a Dell PC, which means the Windows 7 operating system was installed by Dell, I do not have the original Windows 7 disc. However, I have 2 systems restore discs and 1 PC repair disc, which I made several years ago when the computer was new. If a Windows 7 system install disc is required, Dell will provide a "Re-installation disc" by mail. I was able to download the Fabar Recovery Scan Tool on a clean (new) USB flash drive. Thanks for your help, Marc

I was thinking the same thing myself. Let me sleep on this. I can do a system re-install and I have almost everything of importance backed up. thanks, Marc

Ran Combofix OK. Rebooted computer. Could not restart anti-viral programs (still get "program blocked by group policy" message"). Combofix.txt log is pasted below ************************************** ComboFix 13-04-15.01 - Marc 04/16/2013 18:36:54.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.6193 [GMT -4:00] Running from: c:\users\Marc\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Resident AV is active . . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\F03DAFFE0F.sys c:\programdata\PCDr\6032\AddOnDownloaded\07287f2e-4f82-4848-8132-7055ef322318.dll c:\programdata\PCDr\6032\AddOnDownloaded\330761e0-2594-472d-8455-796592cf88dc.dll c:\programdata\PCDr\6032\AddOnDownloaded\3d9332d1-0b48-40cc-9189-068cf64600b6.dll c:\programdata\PCDr\6032\AddOnDownloaded\75609d46-7fbb-40a8-a578-eec234c38e9a.dll c:\programdata\PCDr\6032\AddOnDownloaded\827ed839-f1a1-460d-82db-7790aaf0bceb.dll c:\programdata\PCDr\6032\AddOnDownloaded\c870b857-9ba2-408a-b058-928ff7135168.dll c:\programdata\PCDr\6032\AddOnDownloaded\ca39d363-7f7b-442f-9d1a-7cf8e06b7b08.dll c:\programdata\wneehh.dat . . ((((((((((((((((((((((((( Files Created from 2013-03-16 to 2013-04-16 ))))))))))))))))))))))))))))))) . . 2013-04-16 22:47 . 2013-04-16 22:47 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-16 19:48 . 2013-04-16 19:48 -------- d-----w- C:\_OTL 2013-04-16 01:47 . 2013-04-16 01:47 -------- d-----w- c:\users\Marc\AppData\Roaming\GraphPad Software 2013-04-16 01:47 . 2013-04-16 01:47 -------- d-----w- c:\programdata\GraphPad Software 2013-04-16 01:47 . 2013-04-16 01:47 -------- d-----w- c:\program files (x86)\GraphPad 2013-04-10 07:06 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-04-10 07:06 . 2013-03-02 06:04 1655656 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-10 07:06 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys 2013-04-10 07:06 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-04-10 07:06 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-04-10 07:06 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-04-10 07:06 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-04-10 07:06 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-04-10 07:06 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe 2013-04-02 00:57 . 2013-04-02 00:57 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-04-01 23:16 . 2006-10-10 20:47 36921 ------w- c:\windows\SysWow64\hcwutl32_priv.dll 2013-04-01 22:49 . 2005-07-16 06:35 245408 ----a-w- c:\windows\SysWow64\unicows.dll 2013-04-01 22:49 . 2007-04-19 13:39 256768 ----a-w- c:\windows\SysWow64\MSLURT.dll 2013-04-01 22:49 . 2006-01-24 14:20 1645320 ----a-w- c:\windows\SysWow64\gdiplus.dll 2013-04-01 22:49 . 2005-05-28 10:58 393216 ----a-w- c:\windows\SysWow64\MSLUP60.dll 2013-04-01 22:48 . 2006-05-08 12:54 244232 ----a-w- c:\windows\SysWow64\MsFlxGrd.ocx 2013-04-01 22:31 . 2012-03-26 11:46 330568 ----a-w- c:\windows\SysWow64\hcwhdpvr.ax 2013-04-01 22:31 . 2012-03-26 11:46 192072 ----a-w- c:\windows\system32\drivers\hcwhdpvr.sys 2013-03-29 07:02 . 2013-03-29 07:02 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-03-29 01:50 . 2013-03-29 01:50 -------- d-----w- c:\users\Marc\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 2013-03-29 01:50 . 2013-03-29 01:50 -------- d-----w- c:\users\Marc\AppData\Roaming\PDAppFlex 2013-03-29 01:28 . 2013-03-29 01:28 -------- d-----w- c:\programdata\ALM 2013-03-29 01:27 . 2013-03-29 01:27 -------- d-----w- c:\program files\Adobe 2013-03-29 01:25 . 2013-03-29 01:28 -------- d-----w- c:\program files\Common Files\Adobe 2013-03-29 00:36 . 2013-03-29 00:36 -------- d-----w- c:\users\Marc\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant 2013-03-29 00:36 . 2013-03-29 00:36 -------- d-----w- c:\program files (x86)\Adobe Download Assistant 2013-03-20 20:30 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-11 07:02 . 2010-09-13 12:28 72702784 ----a-w- c:\windows\system32\MRT.exe 2013-04-02 00:57 . 2012-08-01 00:46 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2013-04-02 00:57 . 2010-05-06 00:32 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-03-12 21:12 . 2012-04-05 23:09 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-12 21:12 . 2011-06-18 15:53 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-19 18:59 . 2013-02-25 06:23 70112 ----a-w- c:\windows\system32\drivers\cfwids.sys 2013-02-19 18:56 . 2012-07-17 19:52 340216 ----a-w- c:\windows\system32\drivers\mfewfpk.sys 2013-02-19 18:56 . 2013-02-25 06:18 182752 ----a-w- c:\windows\system32\mfevtps.exe 2013-02-19 18:55 . 2013-02-25 06:23 10728 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2013-02-19 18:55 . 2013-02-25 06:23 106552 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2013-02-19 18:54 . 2012-07-17 19:50 771536 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2013-02-19 18:53 . 2013-02-25 06:23 515968 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2013-02-19 18:53 . 2013-02-25 06:23 309840 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2013-02-19 18:52 . 2012-07-17 19:48 179280 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2013-02-12 05:45 . 2013-03-13 07:50 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45 . 2013-03-13 07:50 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45 . 2013-03-13 07:50 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45 . 2013-03-13 07:50 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48 . 2013-03-13 07:50 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-13 07:50 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-02-08 00:28 . 2013-02-22 09:11 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F24C8625-440F-4246-B0AE-37F8292C4510}\mpengine.dll 2013-01-17 06:28 . 2010-09-06 02:20 273840 ------w- c:\windows\system32\MpSigStub.exe 2010-05-07 06:55 . 2010-02-14 20:35 4411392 ----a-w- c:\program files (x86)\mplayerc.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green] @="{95A27763-F62A-4114-9072-E81D87DE3B68}" [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}] 2012-08-29 18:51 1014344 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] 2012-08-29 18:51 1014344 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow] @="{5E529433-B50E-4bef-A63B-16A6B71B071A}" [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}] 2012-08-29 18:51 1014344 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ClickClock"="c:\program files (x86)\clickclock\clickclock.exe" [2009-11-23 2388992] "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-12-17 59872] "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-03-07 19357112] "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-12-17 59872] "OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-21 719672] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600] "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520] "BCWipeTM Startup"="c:\program files (x86)\Jetico\BestCrypt\BCWipeTM.exe" [2011-05-20 1271096] "VERIZONDM"="c:\program files (x86)\VERIZONDM\bin\sprtcmd.exe" [2010-07-20 206120] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-08-29 1061960] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "TkBellExe"="c:\program files (x86)\real\realplayer\update\realsched.exe" [2012-12-28 295072] "EaseUS EPM tray"="c:\program files (x86)\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe" [2012-11-29 2086984] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-18 152392] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-01-14 1534504] "DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-01-30 450560] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952] "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312] "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-11-14 559616] . c:\users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Marc\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe [2011-3-14 2125472] AutoStart IR.lnk - c:\program files (x86)\WinTV\Ir.exe [2013-4-1 117344] BestCrypt Auto Open.lnk - c:\program files (x86)\Jetico\BestCrypt\BestCrypt.exe [2011-2-21 1564472] McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536] Sonic CinePlayer Quick Launch.lnk - c:\program files (x86)\Common Files\Sonic Shared\CineTray.exe [2004-12-17 110592] Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2013-2-24 666992] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R1 archlp;archlp;SysWOW64\drivers\archlp.sys [x] R2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x] R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2010-07-07 51600] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2012-12-21 17480] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2012-12-21 9800] R3 hcwhdpvr;Hauppauge HD PVR Capture Service;c:\windows\system32\DRIVERS\hcwhdpvr.sys [2012-03-26 192072] R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440] R3 MediaCollectorService;MediaCollectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe [2009-08-11 83968] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2013-02-19 106552] R3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-08-17 25584] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-07-21 45456] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-05 216064] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-13 1255736] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464] R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] R4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-09-03 227232] S0 bcfnt;bcfnt; [x] S0 fsh;fsh; [x] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-02-19 340216] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-08-12 55856] S1 BC_3DES;BC_3DES; [x] S1 BC_BF128;BC_BF128; [x] S1 BC_BF448;BC_BF448; [x] S1 BC_BFish;BC_BFish; [x] S1 BC_CAST;BC_CAST; [x] S1 BC_DES;BC_DES; [x] S1 BC_Gost;BC_Gost; [x] S1 BC_IDEA;BC_IDEA; [x] S1 BC_RC6;BC_RC6; [x] S1 BC_RIJN;BC_RIJN; [x] S1 BC_SERP;BC_SERP; [x] S1 BC_TFISH;BC_TFISH; [x] S1 bcbus;BestCrypt bus driver;c:\windows\system32\DRIVERS\bcbus.sys [2011-03-28 81984] S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616] S2 APCPBEAgent;APC PBE Agent;c:\progra~2\APC\POWERC~1\agent\pbeagent.exe [2008-12-01 34104] S2 BCWipeSvc;BCWipe service;c:\program files (x86)\Jetico\BestCrypt\BCWipeSvc.exe [2011-03-28 95544] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] S2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe [2009-08-11 20480] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2013-02-19 218760] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-02-19 182752] S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-30 38608] S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480] S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe [2010-07-20 206120] S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe [2010-07-20 185640] S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-02-11 603896] S2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [2011-01-10 489840] S3 ALSysIO;ALSysIO;c:\users\Marc\AppData\Local\Temp\ALSysIO64.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896] S3 BackupReader;BackupReader;c:\windows\system32\DRIVERS\BackupReader.sys [2009-10-07 53096] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-02-19 70112] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-02-19 515968] S3 mhk;mhk; [x] S3 moh;moh; [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040] S4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - ALSYSIO *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-04-10 11:03 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-04-16 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 21:12] . 2013-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-07 01:53] . 2013-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-07 01:53] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green] @="{95A27763-F62A-4114-9072-E81D87DE3B68}" [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}] 2012-08-29 18:43 1284168 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] 2012-08-29 18:43 1284168 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow] @="{5E529433-B50E-4bef-A63B-16A6B71B071A}" [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}] 2012-08-29 18:43 1284168 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2013-03-07 20:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2013-03-07 20:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2013-03-07 20:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2013-03-07 20:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-03 8158240] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-03-21 472992] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 2306448] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: {{334C4A3A-7B0F-4C55-B73F-63B37865E8FA} - c:\program files (x86)\No More Cookies\No More Cookies.exe Trusted Zone: cinemanow.com Trusted Zone: dell.com TCP: DhcpNameServer = 192.168.1.1 DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-Organize MP3 Music - c:\program files (x86)\Organize MP3 Music\OrganizeMp3Music.exe Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe Wow6432Node-HKCU-Run-AdobeBridge - (no file) Wow6432Node-HKCU-Run-wneehh - c:\programdata\wneehh.dat Wow6432Node-HKLM-Run-StartCCC - c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe Wow6432Node-HKLM-Run-UnlockerAssistant - c:\program files (x86)\Unlocker\UnlockerAssistant.exe HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Marc\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020200}_0] "ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-04-16 18:51:06 ComboFix-quarantined-files.txt 2013-04-16 22:51 . Pre-Run: 241,624,354,816 bytes free Post-Run: 248,166,658,048 bytes free . - - End Of File - - AF3AAE00762373AE4ED9BA8F56F16D48

This one is tough. Combo fix indicates that McAfee is running, yet the McAfee tray icon is not available, and I cannot access it or Malwarebytes. Task Manager indicates that indeed McAfee and Malwarebytes are running in the background, and I can stop or disable many of the services, but not all. After disabling as many as I can, Combofix still indicates McAfee is running. If I try to remove the programs completely via control panel I get a message saying I do not have sufficient access, even though I am administrator. MArc

OTL program ran and asked for a re-boot, which I did. The log file found in C:_OTL/MovedFiles folder is shown below: ********************************************** ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\wneehh deleted successfully. C:\ProgramData\wneehh.dat moved successfully. ========== FILES ========== C:\Users\Marc\AppData\Local\Temp\_MEI59962\_elementtree.pyd moved successfully. C:\Users\Marc\AppData\Local\Temp\_MEI59962\windows._cacheinvalidation.pyd moved successfully. C:\Users\Marc\AppData\Local\Temp\_MEI59962\wx._gdi_.pyd moved successfully. C:\Users\Marc\AppData\Local\Temp\_MEI59962\wx._misc_.pyd moved successfully. C:\Users\Marc\AppData\Local\Temp\_MEI59962\pysqlite2._sqlite.pyd moved successfully. C:\Users\Marc\AppData\Local\Temp\_MEI59962\pythoncom27.dll moved successfully. C:\Users\Marc\AppData\Local\Temp\_MEI59962\win32com.shell.shell.pyd moved successfully. C:\Users\Marc\AppData\Local\Temp\_MEI59962\PyWinTypes27.dll moved successfully. C:\Users\Marc\AppData\Local\Temp\_MEI59962\win32security.pyd moved successfully. C:\Users\Marc\AppData\Local\Temp\_MEI59962\win32api.pyd moved successfully. C:\Users\Marc\AppData\Local\Temp\_MEI59962\_ctypes.pyd moved successfully. C:\Users\Marc\AppData\Local\Temp\_MEI59962\wx._html2.pyd moved successfully. C:\Users\Marc\AppData\Local\Temp\_MEI59962\_socket.pyd moved successfully. C:\Users\Marc\AppData\Local\Temp\_MEI59962\win32ts.pyd moved successfully. C:\Users\Marc\AppData\Local\Temp\_MEI59962\win32profile.pyd moved successfully. C:\Users\Marc\AppData\Local\Temp\_MEI59962\win32crypt.pyd moved successfully. C:\Users\Marc\AppData\Local\Temp\_MEI59962\wx._core_.pyd moved successfully. C:\Users\Marc\AppData\Local\Temp\_MEI59962\_ssl.pyd moved successfully. C:\Users\Marc\AppData\Local\Temp\_MEI59962\wx._controls_.pyd moved successfully. C:\Users\Marc\AppData\Local\Temp\_MEI59962\wx._windows_.pyd moved successfully. C:\Users\Marc\AppData\Local\Temp\_MEI59962\_hashlib.pyd moved successfully. C:\Users\Marc\AppData\Local\Temp\_MEI59962\unicodedata.pyd moved successfully. C:\Users\Marc\AppData\Local\Temp\_MEI59962\pyexpat.pyd moved successfully. C:\Users\Marc\AppData\Local\Temp\_MEI59962\wx._wizard.pyd moved successfully. C:\Users\Marc\AppData\Local\Temp\_MEI59962\win32file.pyd moved successfully. C:\Users\Marc\AppData\Local\Temp\_MEI59962\win32inet.pyd moved successfully. C:\Users\Marc\AppData\Local\Temp\_MEI59962\win32process.pyd moved successfully. C:\Users\Marc\AppData\Local\Temp\_MEI59962\win32pdh.pyd moved successfully. C:\Users\Marc\AppData\Local\Temp\_MEI59962\win32event.pyd moved successfully. C:\Users\Marc\AppData\Local\Temp\_MEI59962\select.pyd moved successfully. File\Folder C:\ProgramData\wneehh.dat not found. C:\Windows\SysWow64\temp.041 moved successfully. C:\Windows\SysWow64\temp.03B moved successfully. C:\Windows\SysWow64\temp.040 moved successfully. C:\Windows\SysWow64\temp.03A moved successfully. C:\Windows\SysWow64\temp.03E moved successfully. C:\Windows\SysWow64\temp.038 moved successfully. C:\Windows\SysWow64\temp.03F moved successfully. C:\Windows\SysWow64\temp.039 moved successfully. C:\Windows\SysWow64\temp.03C moved successfully. C:\Windows\SysWow64\temp.036 moved successfully. C:\Windows\SysWow64\temp.03D moved successfully. C:\Windows\SysWow64\temp.037 moved successfully. C:\Windows\SysWow64\temp.034 moved successfully. C:\Windows\SysWow64\temp.032 moved successfully. C:\Windows\SysWow64\temp.035 moved successfully. C:\Windows\SysWow64\temp.033 moved successfully. C:\Windows\SysWow64\temp.030 moved successfully. C:\Windows\SysWow64\temp.031 moved successfully. C:\Windows\SysWow64\temp.02E moved successfully. C:\Windows\SysWow64\temp.02C moved successfully. C:\Windows\SysWow64\temp.02F moved successfully. C:\Windows\SysWow64\temp.02D moved successfully. C:\Windows\SysWow64\temp.02B moved successfully. C:\Windows\SysWow64\temp.02A moved successfully. C:\Users\Marc\AppData\Local\autorun\Autorun folder moved successfully. C:\Users\Marc\AppData\Local\autorun folder moved successfully. C:\Windows\SysWow64\temp.028 moved successfully. C:\Windows\SysWow64\temp.022 moved successfully. C:\Windows\SysWow64\temp.01C moved successfully. C:\Windows\SysWow64\temp.029 moved successfully. C:\Windows\SysWow64\temp.023 moved successfully. C:\Windows\SysWow64\temp.01D moved successfully. C:\Windows\SysWow64\temp.025 moved successfully. C:\Windows\SysWow64\temp.020 moved successfully. C:\Windows\SysWow64\temp.01B moved successfully. C:\Windows\SysWow64\temp.027 moved successfully. C:\Windows\SysWow64\temp.021 moved successfully. C:\Windows\SysWow64\temp.01A moved successfully. C:\Windows\SysWow64\temp.024 moved successfully. C:\Windows\SysWow64\temp.01F moved successfully. C:\Windows\SysWow64\temp.018 moved successfully. C:\Windows\SysWow64\temp.026 moved successfully. C:\Windows\SysWow64\temp.01E moved successfully. C:\Windows\SysWow64\temp.019 moved successfully. C:\Windows\SysWow64\temp.016 moved successfully. C:\Windows\SysWow64\temp.014 moved successfully. C:\Windows\SysWow64\temp.017 moved successfully. C:\Windows\SysWow64\temp.015 moved successfully. C:\Windows\SysWow64\temp.012 moved successfully. C:\Windows\SysWow64\temp.013 moved successfully. C:\Users\Marc\AppData\Roaming\Babylon folder moved successfully. C:\Users\Marc\AppData\Roaming\BitTorrent folder moved successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 56475 bytes User: Default User ->Flash cache emptied: 0 bytes User: Marc ->Flash cache emptied: 1124292 bytes User: Public Total Flash Files Cleaned = 1.00 mb [EMPTYJAVA] User: All Users User: Default User: Default User User: Marc ->Java cache emptied: 30128233 bytes User: Public Total Java Files Cleaned = 29.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 04162013_154815

checkup.txt Results of screen317's Security Check version 0.99.62 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Firewall Disabled! McAfee Anti-Virus and Anti-Spyware WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 Java 6 Update 37 Java 7 Update 17 Adobe Flash Player 10 Flash Player out of Date! Google Chrome 26.0.1410.43 Google Chrome 26.0.1410.64 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````

Extras.txt OTL Extras logfile created on: 4/16/2013 2:00:09 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marc\Desktop\cham 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.99 Gb Total Physical Memory | 6.14 Gb Available Physical Memory | 76.87% Memory free 15.98 Gb Paging File | 13.06 Gb Available in Paging File | 81.74% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 689.47 Gb Total Space | 224.03 Gb Free Space | 32.49% Space Free | Partition Type: NTFS Drive D: | 168.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF Drive E: | 931.51 Gb Total Space | 120.41 Gb Free Space | 12.93% Space Free | Partition Type: NTFS Computer Name: MARC-PC | User Name: Marc | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "UACDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Users\Marc\AppData\Local\Temp\vbc.exe" = C:\Users\Marc\AppData\Local\Temp\vbc.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation) "C:\Users\Marc\AppData\Roaming\local.exe" = C:\Users\Marc\AppData\Roaming\local.exe:*:Enabled:Windows Messanger "C:\Users\Marc\AppData\Local\Temp\vbc.exe" = C:\Users\Marc\AppData\Local\Temp\vbc.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation) "C:\Users\Marc\AppData\Roaming\local.exe" = C:\Users\Marc\AppData\Roaming\local.exe:*:Enabled:Windows Messanger ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0537975F-8ED7-4FE2-94D7-C088C97B5CB3}" = rport=445 | protocol=6 | dir=out | app=system | "{141A70DB-433D-4825-B0CD-2B5F91F98C6C}" = rport=10243 | protocol=6 | dir=out | app=system | "{418502A7-55E0-4E01-AAC4-597FB747E420}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{46AA7CC0-3BDE-40B4-B28A-D12E51D9C0A2}" = lport=139 | protocol=6 | dir=in | app=system | "{46D9B379-1D8F-4500-B11F-AEE8D1F3D458}" = rport=137 | protocol=17 | dir=out | app=system | "{4DEF56DC-B281-4D1A-BC08-E6A8EFE8D19F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5904DBF6-7ACD-4614-818E-A049DB060516}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{597AD6B3-CE6E-4ACF-B59B-F374C6B38AB8}" = lport=445 | protocol=6 | dir=in | app=system | "{77A4E670-3F1B-4C24-8526-D75359AC18EA}" = lport=10243 | protocol=6 | dir=in | app=system | "{8ACAABD1-9338-4858-9757-88A2308D346B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{8C03210F-4DF0-4998-9B6F-4237CF4758ED}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{975D5262-A12E-4172-A239-AB530493B46D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{A097BA5F-1CDF-4141-874B-626D19C1D9EB}" = rport=138 | protocol=17 | dir=out | app=system | "{A642A404-9A08-4D6F-954D-B4E344BA08BF}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter | "{BAFE1FAC-87CD-4541-9F11-CA1C36A69069}" = lport=137 | protocol=17 | dir=in | app=system | "{C0C1B45D-A459-4AF8-879A-F07A4A4A756C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D0285203-DED2-4970-A666-182D932B53DD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D5A22B48-A50B-4F36-83C2-FD8BB04D34FE}" = lport=138 | protocol=17 | dir=in | app=system | "{D5D8C048-F51A-44E6-9E31-D3380752493A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E6FF877A-59E3-4407-B74B-35E09C462840}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{EF815E7D-3A16-43C6-B32F-8C028903FFEB}" = rport=139 | protocol=6 | dir=out | app=system | "{F0394A70-BAB1-4CD6-8767-5405729A8652}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F0E80B29-52DA-4FFC-82A4-D66D8AAC7446}" = lport=2869 | protocol=6 | dir=in | app=system | "{F1B8501B-99B1-4AE2-854D-8D6508F7679B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F56E5AD2-7E2D-446C-845F-048C575EF687}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FC57D0AC-2E07-48E8-9441-61DA81C9127D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{FDF2B19E-5257-473F-B794-E345A2B6058A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0B13FE62-C97F-4B2B-AB2A-60DEC919E5DF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{11DEC4F6-9759-4EA1-B248-9B7EC21765BC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{120A1CE9-15BD-48CA-8763-6D32DBBC86A9}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{12D06AA2-3995-40A8-974B-561122F72A3A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{14344D43-5718-4122-A04D-840ACCA6F0F3}" = protocol=6 | dir=in | app=c:\users\marc\appdata\roaming\dropbox\bin\dropbox.exe | "{15F4E49E-BA7F-4F52-8002-795A4583CB5B}" = protocol=6 | dir=in | app=c:\program files (x86)\apc\powerchute business edition\agent\pbeagent.exe | "{17C3B067-7864-4411-83DE-64888C8210C5}" = protocol=6 | dir=in | app=c:\program files\hewlett-packard\hp mediasmart server\mediacollectorclient.exe | "{2196EBFF-4C13-49C3-8E2A-E6D49350E329}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{223C586E-3EAE-4751-A2E7-987104F03267}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe | "{2A45584E-F396-47B2-94D0-BA5B6C96C9DF}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe | "{2C0A32F8-B738-413C-BBE5-1E3746BCE57D}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe | "{2C2AD91A-52BC-4549-B64C-F20BADB686CC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{2C9B4CC2-A711-493D-9245-35ADEECB97F9}" = protocol=17 | dir=in | app=c:\program files\hewlett-packard\hp mediasmart server\mediacollectorclient.exe | "{36623989-1C1F-49A3-A041-164164797887}" = protocol=17 | dir=in | app=c:\program files (x86)\apc\powerchute business edition\agent\pbeagent.exe | "{36FD3A02-7D5C-4AE1-9E8B-C6A1E3C88BA3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{39D2021E-E711-49D5-8E3F-252F40E91EE6}" = protocol=17 | dir=in | app=c:\program files\hewlett-packard\hp mediasmart server\mediacollectorclient.exe | "{3D3E79C8-61C6-4835-A12A-91150D6E053B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{4048EE52-9298-4171-94A2-AE0D892D54B0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{45DBB190-6BF6-45FA-A7EB-AB2B279648E7}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | "{532D9963-3BE9-4FD2-8235-7C3ED41321D2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{55C981D8-2697-49B3-B39E-6D404EFAC105}" = protocol=6 | dir=in | app=c:\program files\hewlett-packard\hp mediasmart server\mediacollectorclient.exe | "{5B6E6A07-5471-4F8B-A046-2C01ED9E745A}" = protocol=6 | dir=out | app=system | "{610FBD04-2269-45F7-9BD9-3575D24AC6FF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{6FC9D31D-D489-431F-9889-C4ACCD3A90B1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{71614BB9-55C1-4A5D-A4FA-E07CE7788AD9}" = protocol=17 | dir=in | app=c:\users\marc\appdata\roaming\dropbox\bin\dropbox.exe | "{7197A738-7433-4C39-BA22-399BCCBA102B}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{8426A419-6D37-4EF2-9E41-426ACBF20057}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{90D2FAED-AA8E-46C8-A843-BEF89FD7E07E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{942A76BC-CA35-421C-86BF-49F6879392F8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{94A42C33-8A80-4AE9-9FB3-AD932F883576}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{98887D00-68DE-4ABA-8EEF-6DA9A2FE0556}" = protocol=17 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe | "{98F64C46-3F32-4BFC-AFE0-378CE02FE811}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{9B1D22F0-70A7-4379-B97F-865D58A25BDF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{9E1ED1B5-3B43-4EB9-83DB-576EB4A9FC3D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe | "{9EBAE162-EF3B-4352-91C5-1435FB4C3D51}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9F5B2877-DEC9-48CF-B219-6D6CA41F2728}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A639E9DD-6D62-43DB-A123-4D5F6E903D2C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A91DEBA5-3C29-4FCE-9490-FEBDA621591F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe | "{AA532CD8-DD89-479D-8F7C-C88AF889A51C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{AC2619DD-BE34-4773-B618-C683456CD17E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{AC8F1DC8-60CB-479E-9B7F-D6104A9DC685}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{AF77025A-D98C-421B-9EAC-B369D4AF03A5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{B7789B55-4C20-4E0B-BA87-BB3B024E6CA7}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{BCAED262-1A0C-40CD-82DB-882720B4DEFE}" = protocol=17 | dir=in | app=c:\program files\windows home server\discovery.exe | "{BE87F6E6-D6A9-401E-A714-A4DFD5A5F460}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | "{D63C772E-EE24-41C0-9D65-64FBF7071C4D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{DA7FEA80-6780-424B-9182-7329AD9F60F9}" = protocol=6 | dir=in | app=c:\program files\windows home server\discovery.exe | "{E1EA7801-8324-481D-90D1-FC1AC507F0C6}" = protocol=6 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe | "{E1EC3952-5FB6-4E5F-B2CC-8ACD9B2444B5}" = protocol=6 | dir=in | app=d:\whsrecovery.exe | "{E5AE3DE6-7AF2-4F7A-8042-AB3D4996638A}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe | "{E5FD0896-0F20-4B02-9D14-28165A4580D4}" = protocol=17 | dir=in | app=c:\users\marc\appdata\local\temp\pxe\hp-tftpd32.exe | "{F39FE3AA-355F-462C-A46A-AD2BB47ED19B}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe | "{FDFE35D5-A5C1-45F3-8B07-C755DCF79D46}" = protocol=6 | dir=in | app=c:\users\marc\appdata\local\temp\pxe\hp-tftpd32.exe | "{FEA503AF-8061-4459-ADBC-1443142581E3}" = protocol=17 | dir=in | app=d:\whsrecovery.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{02AD9D20-03D2-4DE0-8793-E8253026AD86}" = EMCGadgets64 "{0407893F-352C-B182-E04A-A8C3333DA29B}" = AMD Drag and Drop Transcoding "{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.7 "{0DCAB5DD-CC69-271A-CF03-F2BD6B60BD8A}" = AMD Media Foundation Decoders "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{21E49794-7C13-4E84-8659-55BD378267D5}" = Windows Home Server Connector "{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java 6 Update 17 (64-bit) "{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support "{46DA7FD9-8BC1-7BA8-98D1-27F46647871B}" = AMD Catalyst Install Manager "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{504184A2-1B0E-5D93-603A-517E93E7EDB3}" = AMD Accelerated Video Transcoding "{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{5FE78439-7CAA-45FE-A808-2D7A0FC98643}" = iTunes "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup "{62B883AB-AC37-9127-56D0-2C3FC0AFC724}" = ccc-utility64 "{64A3A4F4-B792-11D6-A78A-00B0D0170090}" = Java SE Development Kit 7 Update 9 (64-bit) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{735A3951-E139-4E4A-AFAE-BA25E9FF5E6A}" = PDFill FREE PDF Tools "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{982B2A0F-7679-41D6-A584-C8E735F4A8CD}" = Windows Home Server Toolkit 1.1 "{98C8DF59-BE5F-4EC2-9B12-FD2A54928EDB}" = Microsoft IntelliType Pro 8.0 "{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock "{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud "{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst "{E4C9F9EF-787C-43EE-9337-D0667498B3BF}" = HP MediaSmart Server 3.0 (x64) "{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "EPSON Printer and Utilities" = EPSON Printer Software "LockHunter_is1" = LockHunter version 1.0 beta 3, 64 bit edition "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "News Rover" = News Rover -- Usenet newsreader "PC-Doctor for Windows" = Dell Support Center "Recuva" = Recuva "VLC media player" = VLC media player 2.0.5 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9 "{03CDDD00-BD57-4326-9480-4C74449AF597}" = PhotoStitch "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data "{097E59B5-CCAB-46B6-6A0B-EDF2CA595C84}" = CCC Help French "{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService "{0ABBF310-94E4-4AE8-A6BD-10345A3F6439}" = Google Drive "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup "{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5 "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{25FAEDD1-3733-86F7-55F5-D7AEAF2D93B0}" = CCC Help Danish "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java 6 Update 37 "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17 "{2746B4DE-A2EE-4B33-A7CE-B33BAD5EF6FE}" = Vz In Home Agent "{280DF415-F2C2-122F-CC52-AA7EAECF3E14}" = CCC Help Czech "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{31B2D73B-4311-4D95-A131-32FB2194D1CB}" = Microsoft UI Engine "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{39C4C6DE-641B-483F-B875-2AEDF0FB85CA}_is1" = Rampant Logic Postscript Viewer 1.1 "{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer "{450AF1B6-E5F9-4211-AE86-FC25CEC3AB89}" = clickclock "{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support "{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth "{46D936B9-DE22-983C-341C-968C3E122CF8}" = CCC Help Dutch "{47416F0B-6589-591E-C6F8-4235D2230B14}" = Catalyst Control Center InstallProxy "{480C0D1B-C42A-FD87-F404-A54D9B1C619C}" = CCC Help Hungarian "{481AB4A0-BB71-F2D9-E155-89F0D773FE9E}" = Catalyst Control Center Localization All "{4869414E-7AEA-4C8E-BE1C-8D40977FD517}" = Adobe Illustrator CS6 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{53447D64-FD9C-B3B9-25B3-47292EE10EBF}" = CCC Help Japanese "{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy CD and DVD Burning "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{58F4D4FD-1814-4068-B316-C28FC776C6DD}" = GoToMyPC "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack "{5E21B617-F52E-BB10-92F9-C8AB2C799A8A}" = Adobe Download Assistant "{612B5D2E-8084-4102-91DE-24281E4EFB2C}" = Roxio Easy CD and DVD Burning "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer "{6262B40D-FAA5-5CCF-6DE3-9FAFB6C7DC89}" = Catalyst Control Center Graphics Previews Common "{63E2EC92-0B96-46A0-B7E9-715D3ECA2546}" = GNS 480 Simulator "{64997420-9AFE-289E-1B7A-E2C59937D973}" = CCC Help Portuguese "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{68658FCB-01BB-4980-A7C3-6ADB1E4E0C66}" = Browntech Image Plugin 2.02 "{6BBC8D43-AA08-8FCD-EDA6-EED2342A4FF0}" = CCC Help Turkish "{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72E5E3F5-5BE3-BA64-49A6-4FA26EF69721}" = Catalyst Control Center InstallProxy "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio "{749FCBB7-D313-CCCA-E2CF-7850A019311F}" = CCC Help Finnish "{74CC9A1B-4A3D-AEEC-3ED6-71F7B42A5EFE}" = CCC Help Chinese Traditional "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{779D8CA1-03DD-4AD4-B21F-3E20BFE7BEDE}" = SketchUp 8 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{86D6FFF0-6772-11E1-5F90-00B69E4E6952}" = GraphPad Prism 6 Viewer "{8BBCF476-7566-9129-F7C0-619087484138}" = CCC Help Norwegian "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8FF50F43-7BB0-4BF4-C67F-F9BF254AC278}" = CCC Help Spanish "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X "{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9DD96558-0E0C-8563-E00D-C970155C5503}" = CCC Help German "{9F185C48-595B-401A-A1D6-AAB324890DC4}" = GiPo@MoveOnBoot 1.9.5 "{A58E067E-2C66-B40A-AF7A-4A82307E671C}" = CCC Help Thai "{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA43D433-3DE8-F2CA-1728-4BA962D9FAE4}" = CCC Help Chinese Standard "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6) "{AC76BA86-7AD7-5760-0000-A00000000003}" = Japanese Fonts Support For Adobe Reader X "{AD17B1DD-9342-F787-92EC-E93441042A23}" = CCC Help English "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{AF1D271B-B122-1707-6707-9E29A96082D2}" = CCC Help Polish "{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager "{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy "{BCE9F441-9027-4911-82E0-5FB28057897D}" = APC PowerChute Business Edition Agent "{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6 "{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9 "{CCD35D5A-7B97-46E0-AB2E-21C59BA253B6}" = Verizon Download Manager "{CDD450A5-9F2E-1D61-5FEB-DDD30E985D23}" = CCC Help Korean "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D4576E0D-2295-4B8E-B663-B68086B00EE5}" = Sonic CinePlayer DVD Pack "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer "{E4382E64-1EB5-09D2-5D29-FEBB46A6F340}" = CCC Help Italian "{E6BF9670-C9E9-461A-9B14-B5ADAC3176CF}" = Cisco AnyConnect VPN Client "{E7A1B94F-A981-49B2-868F-DFEA471AB17D}" = ArcSoft TotalMedia Extreme "{E9E8E4CC-8274-3831-7103-10B2AD73588C}" = CCC Help Russian "{EC8282AB-48DD-91D2-7387-01CD6E100A5D}" = Adobe Photoshop.com Inspiration Browser "{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core "{EF0DD8B7-471C-463B-A298-6066C2FABAF5}" = File Viewer Utility 1.2 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F26A0379-5852-CA4C-0BF6-662AC274A3D8}" = CCC Help Swedish "{F8C87E78-B318-C156-F8B0-427F6D3FC443}" = CCC Help Greek "{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "{FF527B68-2D1D-B15B-0FFC-8BF8487AD194}" = ccc-core-static "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9 "Amazon Kindle" = Amazon Kindle "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15 "AudibleDownloadManager" = Audible Download Manager "BestCrypt" = BestCrypt 8.0 "BitTorrent" = BitTorrent "Carbonite Backup" = Carbonite "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager "clickclock" = clickclock "CoffeeCup HTML Editor" = CoffeeCup HTML Editor "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "Dell Dock" = Dell Dock "DivX Setup" = DivX Setup "DjVu" = LizardTech DjVu Control (autoinstall) "DVD Shrink_is1" = DVD Shrink 3.2 "EaseUS Data Recovery Wizard 5.6.5_is1" = EaseUS Data Recovery Wizard 5.6.5 "EaseUS Partition Master Home Edition_is1" = EaseUS Partition Master 9.2.1 Home Edition "eMule" = eMule "Google Chrome" = Google Chrome "GoToAssist" = GoToAssist 8.0.0.514 "GroundSchool - Instrument Rating (IFR)_is1" = GroundSchool - Instrument Rating (IFR) "Hauppauge HDPVR Scheduler" = Hauppauge HDPVR Scheduler "Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote "Hauppauge WinTV IR Blaster" = Hauppauge WinTV IR Blaster "Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler "HxD Hex Editor_is1" = HxD Hex Editor version 1.7.7.0 "InstallShield_{03CDDD00-BD57-4326-9480-4C74449AF597}" = Canon Utilities PhotoStitch 3.1 "InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X "InstallShield_{EF0DD8B7-471C-463B-A298-6066C2FABAF5}" = Canon Utilities File Viewer Utility 1.2 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100 "McAfee Security Scan" = McAfee Security Scan Plus "MSC" = McAfee SecurityCenter "No More Cookies" = No More Cookies 1.1 "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "PandoraRecovery" = PandoraRecovery (Remove Only) "Photo Pos Pro" = Photo Pos Pro "PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser "Picasa 3" = Picasa 3 "RealPlayer 16.0" = RealPlayer "Search and Recover 3_is1" = iolo technologies' Search and Recover 3 "WinAce Archiver" = WinAce Archiver "WinLiveSuite" = Windows Live Essentials "WordZap" = MICA WordZap 7.14.1 "YInstHelper" = Yahoo! Install Manager ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "9204f5692a8faf3b" = Dell System Detect "CopyTrans Suite" = CopyTrans Suite Remove Only "Dropbox" = Dropbox "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 4/16/2013 11:27:35 AM | Computer Name = Marc-PC | Source = MSSConnectorService | ID = 0 Description = Root element is missing. Error - 4/16/2013 11:27:35 AM | Computer Name = Marc-PC | Source = MSSConnectorService | ID = 0 Description = Root element is missing. Error - 4/16/2013 11:27:35 AM | Computer Name = Marc-PC | Source = MSSConnectorService | ID = 0 Description = Root element is missing. Error - 4/16/2013 11:27:35 AM | Computer Name = Marc-PC | Source = MSSConnectorService | ID = 0 Description = Root element is missing. Error - 4/16/2013 11:27:35 AM | Computer Name = Marc-PC | Source = MSSConnectorService | ID = 0 Description = Root element is missing. Error - 4/16/2013 11:27:35 AM | Computer Name = Marc-PC | Source = MSSConnectorService | ID = 0 Description = Root element is missing. Error - 4/16/2013 11:27:35 AM | Computer Name = Marc-PC | Source = MSSConnectorService | ID = 0 Description = Root element is missing. Error - 4/16/2013 11:27:35 AM | Computer Name = Marc-PC | Source = MSSConnectorService | ID = 0 Description = Root element is missing. Error - 4/16/2013 11:27:35 AM | Computer Name = Marc-PC | Source = MSSConnectorService | ID = 0 Description = Root element is missing. Error - 4/16/2013 11:27:35 AM | Computer Name = Marc-PC | Source = MSSConnectorService | ID = 0 Description = Root element is missing. [ Cisco AnyConnect VPN Client Events ] Error - 4/16/2013 12:51:16 PM | Computer Name = Marc-PC | Source = vpnagent | ID = 67108866 Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp Line: 2484 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 4/16/2013 12:51:16 PM | Computer Name = Marc-PC | Source = vpnagent | ID = 67108866 Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 2188 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 4/16/2013 12:51:16 PM | Computer Name = Marc-PC | Source = vpnagent | ID = 67108866 Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp Line: 2484 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 4/16/2013 12:51:16 PM | Computer Name = Marc-PC | Source = vpnagent | ID = 67108866 Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 2188 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 4/16/2013 12:51:16 PM | Computer Name = Marc-PC | Source = vpnagent | ID = 67108866 Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp Line: 7578 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 4/16/2013 12:51:16 PM | Computer Name = Marc-PC | Source = vpnagent | ID = 67108866 Description = Function: CMainThread::genericNoticeHandler File: .\MainThread.cpp Line: 5613 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 4/16/2013 12:51:16 PM | Computer Name = Marc-PC | Source = vpnagent | ID = 67108866 Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 5353 Invoked Function: CMainThread::genericNoticeHandler Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 4/16/2013 12:51:16 PM | Computer Name = Marc-PC | Source = vpnagent | ID = 67108866 Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 5315 Invoked Function: CMainThread::processNotice Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 4/16/2013 12:51:16 PM | Computer Name = Marc-PC | Source = vpnagent | ID = 67108866 Description = Function: CMainThread::internalCallbackHandler File: .\MainThread.cpp Line: 5077 Invoked Function: CMainThread::noticeHandler Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 4/16/2013 12:51:16 PM | Computer Name = Marc-PC | Source = vpnagent | ID = 67108866 Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line: 5003 Invoked Function: internalCallbackHandler Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED [ Dell Events ] Error - 8/20/2011 1:00:12 AM | Computer Name = Marc-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 8/20/2011 1:00:13 AM | Computer Name = Marc-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 8/25/2011 12:27:26 AM | Computer Name = Marc-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 8/25/2011 12:27:26 AM | Computer Name = Marc-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 9/1/2011 7:36:38 AM | Computer Name = Marc-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 9/1/2011 7:36:38 AM | Computer Name = Marc-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 9/8/2011 9:43:35 PM | Computer Name = Marc-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 9/8/2011 9:43:35 PM | Computer Name = Marc-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 9/13/2011 10:58:14 PM | Computer Name = Marc-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 9/13/2011 10:58:14 PM | Computer Name = Marc-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. [ System Events ] Error - 4/16/2013 12:19:57 PM | Computer Name = Marc-PC | Source = DCOM | ID = 10000 Description = Error - 4/16/2013 12:51:27 PM | Computer Name = Marc-PC | Source = DCOM | ID = 10010 Description = Error - 4/16/2013 12:52:25 PM | Computer Name = Marc-PC | Source = Application Popup | ID = 1060 Description = \SystemRoot\SysWow64\Drivers\FileDisk.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 4/16/2013 12:52:25 PM | Computer Name = Marc-PC | Source = Application Popup | ID = 1060 Description = \SystemRoot\SysWow64\Drivers\Cinemsup.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 4/16/2013 12:52:38 PM | Computer Name = Marc-PC | Source = Service Control Manager | ID = 7000 Description = The CinemaNow Service service failed to start due to the following error: %%2 Error - 4/16/2013 12:52:40 PM | Computer Name = Marc-PC | Source = Service Control Manager | ID = 7000 Description = The SessionLauncher service failed to start due to the following error: %%2 Error - 4/16/2013 12:52:50 PM | Computer Name = Marc-PC | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: archlp Cinemsup FileDisk RxFilter Error - 4/16/2013 12:53:40 PM | Computer Name = Marc-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service. Error - 4/16/2013 12:57:19 PM | Computer Name = Marc-PC | Source = DCOM | ID = 10001 Description = Error - 4/16/2013 1:00:21 PM | Computer Name = Marc-PC | Source = DCOM | ID = 10000 Description = < End of report >

2nd part O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found O4 - HKCU..\Run: [Organize MP3 Music] "C:\Program Files (x86)\Organize MP3 Music\OrganizeMp3Music.exe" /minimized File not found O4 - HKCU..\Run: [wneehh] C:\ProgramData\wneehh.dat () O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell) O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\ContentMerger10.exe (Sonic Solutions) O4 - Startup: C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Marc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: No More Cookies - {334C4A3A-7B0F-4C55-B73F-63B37865E8FA} - C:\Program Files (x86)\No More Cookies\No More Cookies.exe (Pronto Internet Solutions Corporation) O9 - Extra 'Tools' menuitem : No More Cookies - {334C4A3A-7B0F-4C55-B73F-63B37865E8FA} - C:\Program Files (x86)\No More Cookies\No More Cookies.exe (Pronto Internet Solutions Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15:64bit: - ..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Domains: cinemanow.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: cinemanow.com ([]https in Trusted sites) O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://biz.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab (DjVuCtl Class) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} https://erivpn.eisai.com/+CSCOL+/relayp.cab (Cisco Systems WebVPN Relay Loader) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/66.28/uploader2.cab (UploadListView Class) O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://erivpn.eisai.com/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} http://andvmail01.eri.us.eisai.local/dwa8W.cab (Domino Web Access 8 Control) O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9F7DBA4-E2D0-4A08-BD00-F9A16AC2071D}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/04/16 10:50:57 | 000,000,000 | ---D | C] -- C:\Users\Marc\Desktop\cham [2013/04/16 09:53:51 | 000,000,000 | ---D | C] -- C:\Users\Marc\Desktop\RK_Quarantine [2013/04/16 09:50:33 | 000,000,000 | ---D | C] -- C:\Users\Marc\Desktop\rkill [2013/04/16 09:49:18 | 001,752,992 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Marc\Desktop\rkill.com [2013/04/15 21:47:13 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\GraphPad Software [2013/04/15 21:47:13 | 000,000,000 | ---D | C] -- C:\ProgramData\GraphPad Software [2013/04/15 21:47:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GraphPad Software [2013/04/15 21:47:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GraphPad [2013/04/15 20:02:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2013/04/11 03:01:18 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/04/11 03:01:18 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/04/11 03:01:18 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013/04/11 03:01:17 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/04/11 03:01:17 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013/04/11 03:01:17 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013/04/11 03:01:17 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013/04/11 03:01:17 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013/04/11 03:01:17 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013/04/11 03:01:17 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013/04/11 03:01:17 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013/04/11 03:01:17 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013/04/11 03:01:15 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/04/11 03:01:15 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/04/11 03:01:15 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/04/10 03:06:07 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013/04/10 03:06:06 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013/04/10 03:06:06 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013/04/10 03:06:05 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013/04/10 03:06:05 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013/04/10 03:06:05 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013/04/06 00:34:34 | 000,000,000 | ---D | C] -- C:\Users\Marc\Documents\ArcSoft [2013/04/05 23:58:06 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\{051E0407-42A1-44D9-80C5-A6375E5D45C8} [2013/04/02 20:49:36 | 000,000,000 | ---D | C] -- C:\Users\Marc\Documents\Adobe Scripts [2013/04/01 22:21:54 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe [2013/04/01 20:57:04 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013/04/01 19:16:03 | 000,036,921 | ---- | C] (Hauppauge Computer Works) -- C:\Windows\SysWow64\hcwutl32_priv.dll [2013/04/01 19:01:34 | 000,022,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.041 [2013/04/01 19:01:34 | 000,022,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.03B [2013/04/01 19:01:33 | 001,409,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.040 [2013/04/01 19:01:33 | 001,409,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.03A [2013/04/01 19:01:33 | 000,147,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.03E [2013/04/01 19:01:33 | 000,147,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.038 [2013/04/01 19:01:33 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.03F [2013/04/01 19:01:33 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.039 [2013/04/01 19:01:30 | 000,598,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.03C [2013/04/01 19:01:30 | 000,598,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.036 [2013/04/01 19:01:30 | 000,164,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.03D [2013/04/01 19:01:30 | 000,164,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.037 [2013/04/01 19:00:34 | 001,409,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.034 [2013/04/01 19:00:34 | 000,147,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.032 [2013/04/01 19:00:34 | 000,022,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.035 [2013/04/01 19:00:34 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.033 [2013/04/01 19:00:30 | 000,598,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.030 [2013/04/01 19:00:30 | 000,164,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.031 [2013/04/01 18:50:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft TotalMedia Extreme 2 [2013/04/01 18:49:50 | 000,245,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unicows.dll [2013/04/01 18:49:49 | 001,645,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll [2013/04/01 18:49:49 | 000,393,216 | ---- | C] (Sample Corporation) -- C:\Windows\SysWow64\MSLUP60.dll [2013/04/01 18:49:49 | 000,256,768 | ---- | C] (Sample Corporation) -- C:\Windows\SysWow64\MSLURT.dll [2013/04/01 18:48:21 | 000,244,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsFlxGrd.ocx [2013/04/01 18:48:19 | 001,409,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.02E [2013/04/01 18:48:19 | 000,147,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.02C [2013/04/01 18:48:19 | 000,022,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.02F [2013/04/01 18:48:19 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.02D [2013/04/01 18:48:16 | 000,164,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.02B [2013/04/01 18:48:15 | 000,598,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.02A [2013/04/01 18:46:46 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\autorun [2013/04/01 18:33:36 | 001,409,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.028 [2013/04/01 18:33:36 | 001,409,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.022 [2013/04/01 18:33:36 | 001,409,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.01C [2013/04/01 18:33:36 | 000,022,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.029 [2013/04/01 18:33:36 | 000,022,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.023 [2013/04/01 18:33:36 | 000,022,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.01D [2013/04/01 18:33:36 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.025 [2013/04/01 18:33:36 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.020 [2013/04/01 18:33:36 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.01B [2013/04/01 18:33:35 | 000,147,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.027 [2013/04/01 18:33:35 | 000,147,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.021 [2013/04/01 18:33:35 | 000,147,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.01A [2013/04/01 18:33:33 | 000,598,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.024 [2013/04/01 18:33:33 | 000,598,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.01F [2013/04/01 18:33:33 | 000,598,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.018 [2013/04/01 18:33:33 | 000,164,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.026 [2013/04/01 18:33:33 | 000,164,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.01E [2013/04/01 18:33:33 | 000,164,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.019 [2013/04/01 18:33:15 | 001,409,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.016 [2013/04/01 18:33:15 | 000,147,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.014 [2013/04/01 18:33:15 | 000,022,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.017 [2013/04/01 18:33:15 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.015 [2013/04/01 18:33:12 | 000,598,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.012 [2013/04/01 18:33:12 | 000,164,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.013 [2013/04/01 18:31:51 | 000,330,568 | ---- | C] (Hauppauge, Inc.) -- C:\Windows\SysWow64\hcwhdpvr.ax [2013/04/01 18:31:50 | 000,192,072 | ---- | C] (Hauppauge, Inc.) -- C:\Windows\SysNative\drivers\hcwhdpvr.sys [2013/04/01 17:45:18 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\{832E998A-E71A-4B80-8242-91D73ABE72B6} [2013/04/01 13:08:25 | 000,000,000 | ---D | C] -- C:\Users\Marc\Desktop\cabe [2013/03/29 03:03:11 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013/03/29 03:03:11 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013/03/29 03:03:11 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013/03/29 03:03:11 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013/03/29 03:03:11 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013/03/29 03:03:11 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013/03/29 03:03:11 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013/03/29 03:03:11 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013/03/29 03:03:11 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013/03/29 03:03:11 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013/03/29 03:03:11 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013/03/29 03:03:11 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013/03/29 03:03:11 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013/03/29 03:03:11 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013/03/29 03:03:11 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/03/29 03:03:11 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/03/29 03:03:11 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013/03/29 03:03:11 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013/03/29 03:03:11 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013/03/29 03:03:11 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013/03/29 03:03:11 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013/03/29 03:03:11 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013/03/29 03:03:11 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013/03/29 03:03:11 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013/03/29 03:03:11 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013/03/29 03:03:11 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013/03/29 03:03:11 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013/03/29 03:03:11 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013/03/29 03:03:11 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013/03/29 03:03:11 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013/03/29 03:03:11 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013/03/29 03:03:11 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013/03/29 03:03:11 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013/03/29 03:03:11 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013/03/29 03:03:11 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/03/29 03:03:11 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013/03/29 03:03:11 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013/03/29 03:03:11 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013/03/29 03:03:11 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/03/29 03:03:11 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013/03/29 03:03:11 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013/03/29 03:03:11 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013/03/29 03:03:11 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013/03/29 03:03:11 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013/03/29 03:03:11 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013/03/29 03:03:11 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013/03/29 03:03:11 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013/03/29 03:03:11 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013/03/29 03:03:11 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013/03/29 03:03:11 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013/03/29 03:03:11 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013/03/29 03:03:11 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013/03/29 03:03:11 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013/03/29 03:02:28 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2013/03/29 03:02:28 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll [2013/03/29 03:02:28 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2013/03/29 03:02:28 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2013/03/29 03:02:28 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013/03/29 03:02:28 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013/03/29 03:02:28 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013/03/29 03:02:28 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013/03/29 03:02:28 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013/03/29 03:02:28 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013/03/29 03:02:28 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013/03/29 03:02:28 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013/03/29 03:02:28 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013/03/29 03:02:28 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013/03/29 03:02:28 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll [2013/03/29 03:02:28 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013/03/29 03:02:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll [2013/03/29 03:02:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013/03/29 03:02:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013/03/29 03:02:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013/03/29 03:02:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll [2013/03/29 03:02:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2013/03/29 03:02:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll [2013/03/29 03:02:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013/03/29 03:02:28 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013/03/29 03:02:28 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013/03/29 03:02:27 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013/03/29 03:02:27 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013/03/29 03:02:27 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013/03/29 03:02:27 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013/03/29 03:02:27 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013/03/29 03:02:27 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013/03/29 03:02:27 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013/03/29 03:02:27 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013/03/29 03:02:27 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2013/03/29 03:02:27 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013/03/29 03:02:27 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013/03/29 03:02:27 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll [2013/03/29 03:02:27 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2013/03/29 03:02:27 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013/03/29 03:02:27 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll [2013/03/28 21:50:40 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2013/03/28 21:50:02 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\PDAppFlex [2013/03/28 21:28:15 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM [2013/03/28 21:27:28 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2013/03/28 21:25:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2013/03/28 20:36:03 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2013/03/28 20:36:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant [2013/03/23 04:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013/03/23 00:44:22 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\{5744CCBF-78CB-4528-8F3B-EC9E41E21320} [2013/03/20 16:30:25 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013/03/20 00:01:33 | 000,000,000 | ---D | C] -- C:\Users\Marc\Desktop\bath [2010/02/14 16:35:58 | 004,411,392 | ---- | C] (Gabest) -- C:\Program Files (x86)\mplayerc.exe ========== Files - Modified Within 30 Days ========== [2013/04/16 14:03:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/04/16 13:12:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/04/16 12:59:58 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/04/16 12:59:58 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/04/16 12:59:43 | 000,730,596 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/04/16 12:59:43 | 000,627,104 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/04/16 12:59:43 | 000,107,420 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/04/16 12:53:22 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/04/16 12:52:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/04/16 12:52:26 | 2140,393,471 | -HS- | M] () -- C:\hiberfil.sys [2013/04/16 12:40:04 | 000,002,228 | -H-- | M] () -- C:\Users\Marc\Documents\Default.rdp [2013/04/16 09:52:19 | 000,816,128 | ---- | M] () -- C:\Users\Marc\Desktop\RogueKiller.exe [2013/04/16 09:49:18 | 001,752,992 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Marc\Desktop\rkill.com [2013/04/16 00:39:39 | 000,197,632 | ---- | M] () -- C:\ProgramData\wneehh.dat [2013/04/15 21:47:13 | 000,001,321 | ---- | M] () -- C:\Users\Public\Desktop\GraphPad Prism 6 Viewer.lnk [2013/04/15 20:02:16 | 000,001,830 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk [2013/04/14 00:45:20 | 000,000,702 | ---- | M] () -- C:\Windows\NewsRover.INI [2013/04/13 21:04:53 | 017,008,320 | ---- | M] () -- C:\Users\Marc\Desktop\IMG_0636.MOV [2013/04/12 11:09:54 | 000,036,363 | ---- | M] () -- C:\Windows\CSTBox.INI [2013/04/11 03:22:37 | 005,080,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/04/06 22:19:49 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013/04/01 20:57:00 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll [2013/04/01 20:57:00 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013/04/01 20:57:00 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013/04/01 20:57:00 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013/04/01 20:57:00 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013/04/01 20:57:00 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013/04/01 19:16:06 | 000,037,515 | ---- | M] () -- C:\Windows\Irremote.ini [2013/04/01 19:16:06 | 000,001,006 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk [2013/04/01 19:06:37 | 000,002,712 | ---- | M] () -- C:\Windows\HCWPNP.INI [2013/04/01 19:01:42 | 000,000,699 | ---- | M] () -- C:\Users\Marc\Desktop\WinTV Scheduler.lnk [2013/04/01 19:01:42 | 000,000,167 | ---- | M] () -- C:\Users\Marc\Desktop\Program Guide.url [2013/04/01 18:50:44 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\TotalMedia Extreme 2.lnk [2013/03/29 03:03:11 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013/03/29 03:03:11 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013/03/29 03:03:11 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013/03/29 03:03:11 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013/03/29 03:03:11 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013/03/29 03:03:11 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013/03/29 03:03:11 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013/03/29 03:03:11 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013/03/29 03:03:11 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013/03/29 03:03:11 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013/03/29 03:03:11 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013/03/29 03:03:11 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013/03/29 03:03:11 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013/03/29 03:03:11 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013/03/29 03:03:11 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/03/29 03:03:11 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/03/29 03:03:11 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013/03/29 03:03:11 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013/03/29 03:03:11 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013/03/29 03:03:11 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013/03/29 03:03:11 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013/03/29 03:03:11 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013/03/29 03:03:11 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013/03/29 03:03:11 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013/03/29 03:03:11 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013/03/29 03:03:11 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013/03/29 03:03:11 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013/03/29 03:03:11 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013/03/29 03:03:11 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013/03/29 03:03:11 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013/03/29 03:03:11 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013/03/29 03:03:11 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013/03/29 03:03:11 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013/03/29 03:03:11 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013/03/29 03:03:11 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/03/29 03:03:11 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013/03/29 03:03:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013/03/29 03:03:11 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013/03/29 03:03:11 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/03/29 03:03:11 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013/03/29 03:03:11 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013/03/29 03:03:11 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013/03/29 03:03:11 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013/03/29 03:03:11 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013/03/29 03:03:11 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013/03/29 03:03:11 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013/03/29 03:03:11 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013/03/29 03:03:11 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013/03/29 03:03:11 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013/03/29 03:03:11 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013/03/29 03:03:11 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013/03/29 03:03:11 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013/03/29 03:03:11 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013/03/29 03:03:11 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013/03/29 03:03:11 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013/03/29 03:02:28 | 003,928,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013/03/29 03:02:28 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2013/03/29 03:02:28 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll [2013/03/29 03:02:28 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2013/03/29 03:02:28 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2013/03/29 03:02:28 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013/03/29 03:02:28 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013/03/29 03:02:28 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013/03/29 03:02:28 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013/03/29 03:02:28 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013/03/29 03:02:28 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013/03/29 03:02:28 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013/03/29 03:02:28 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013/03/29 03:02:28 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013/03/29 03:02:28 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013/03/29 03:02:28 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll [2013/03/29 03:02:28 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013/03/29 03:02:28 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll [2013/03/29 03:02:28 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013/03/29 03:02:28 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013/03/29 03:02:28 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013/03/29 03:02:28 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll [2013/03/29 03:02:28 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2013/03/29 03:02:28 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll [2013/03/29 03:02:28 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013/03/29 03:02:28 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013/03/29 03:02:28 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013/03/29 03:02:27 | 002,565,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013/03/29 03:02:27 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013/03/29 03:02:27 | 001,643,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013/03/29 03:02:27 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013/03/29 03:02:27 | 001,424,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013/03/29 03:02:27 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013/03/29 03:02:27 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013/03/29 03:02:27 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2013/03/29 03:02:27 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013/03/29 03:02:27 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013/03/29 03:02:27 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll [2013/03/29 03:02:27 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2013/03/29 03:02:27 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013/03/29 03:02:27 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll [2013/03/28 21:49:32 | 000,001,524 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk [2013/03/28 20:36:01 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk [2013/03/27 18:59:51 | 000,001,051 | ---- | M] () -- C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013/03/27 18:59:42 | 000,001,017 | ---- | M] () -- C:\Users\Marc\Desktop\Dropbox.lnk [2013/03/23 04:04:48 | 000,002,214 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2013/03/19 16:45:11 | 001,155,072 | ---- | M] () -- C:\Users\Marc\Documents\Database1.accdb [2013/03/19 16:45:06 | 000,344,064 | ---- | M] () -- C:\Users\Marc\Documents\Database2.accdb [2013/03/19 02:04:06 | 005,550,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013/03/19 01:46:56 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013/03/19 01:04:13 | 003,968,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013/03/19 01:04:10 | 003,913,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013/03/19 00:47:50 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013/03/18 23:06:33 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe ========== Files Created - No Company Name ========== [2013/04/16 09:52:17 | 000,816,128 | ---- | C] () -- C:\Users\Marc\Desktop\RogueKiller.exe [2013/04/16 00:39:39 | 000,197,632 | ---- | C] () -- C:\ProgramData\wneehh.dat [2013/04/15 21:47:13 | 000,001,321 | ---- | C] () -- C:\Users\Public\Desktop\GraphPad Prism 6 Viewer.lnk [2013/04/13 21:14:24 | 017,008,320 | ---- | C] () -- C:\Users\Marc\Desktop\IMG_0636.MOV [2013/04/01 19:15:01 | 000,001,006 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk [2013/04/01 18:50:44 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\TotalMedia Extreme 2.lnk [2013/04/01 18:48:24 | 000,000,699 | ---- | C] () -- C:\Users\Marc\Desktop\WinTV Scheduler.lnk [2013/04/01 18:48:24 | 000,000,167 | ---- | C] () -- C:\Users\Marc\Desktop\Program Guide.url [2013/04/01 18:34:28 | 000,037,515 | ---- | C] () -- C:\Windows\Irremote.ini [2013/03/29 03:03:11 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013/03/29 03:03:11 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013/03/28 21:49:32 | 000,001,536 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk [2013/03/28 21:49:31 | 000,001,524 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk [2013/03/28 21:28:18 | 000,001,520 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS6 (64 Bit).lnk [2013/03/28 21:27:51 | 000,001,039 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk [2013/03/28 21:27:08 | 000,001,359 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk [2013/03/28 21:27:04 | 000,001,525 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk [2013/03/28 21:26:46 | 000,000,999 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk [2013/03/28 20:36:01 | 000,001,045 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk [2013/03/28 20:36:01 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk [2013/03/23 04:04:48 | 000,002,214 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2013/03/19 16:44:52 | 000,344,064 | ---- | C] () -- C:\Users\Marc\Documents\Database2.accdb [2013/03/18 21:59:51 | 001,155,072 | ---- | C] () -- C:\Users\Marc\Documents\Database1.accdb [2013/02/18 00:08:20 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll [2013/02/18 00:08:19 | 002,468,520 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe [2013/02/18 00:08:19 | 000,087,112 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe [2013/02/18 00:08:19 | 000,009,160 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys [2013/02/18 00:08:18 | 000,014,920 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys [2012/12/09 12:13:31 | 000,000,543 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\All CPU MeterV3_Settings.ini [2012/10/29 13:58:36 | 000,000,076 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\mbam.context.scan [2012/09/27 21:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012/09/27 21:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012/05/02 15:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012/04/01 21:30:17 | 000,214,492 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2012/01/28 22:44:47 | 000,036,363 | ---- | C] () -- C:\Windows\CSTBox.INI [2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011/05/13 08:47:37 | 000,743,538 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010/05/21 08:26:47 | 000,007,607 | -H-- | C] () -- C:\Users\Marc\AppData\Local\resmon.resmoncfg [2010/05/09 11:38:23 | 000,015,360 | -H-- | C] () -- C:\Users\Marc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/05/07 01:01:40 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010/05/07 01:01:40 | 000,000,088 | RHS- | C] () -- C:\ProgramData\F03DAFFE0F.sys ========== ZeroAccess Check ========== [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011/12/17 00:39:52 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Amazon [2013/04/06 00:29:18 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\avidemux [2013/02/20 00:09:28 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Babylon [2012/04/25 23:30:31 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\BitTorrent [2010/05/17 13:35:55 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Canon [2011/04/21 00:08:39 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2010/06/20 06:31:03 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\CoffeeCup Software [2013/03/28 20:36:03 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2013/04/16 12:53:46 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Dropbox [2011/05/09 22:16:10 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\GARMIN [2013/02/20 00:09:30 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\GoforFiles [2013/04/15 21:47:13 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\GraphPad Software [2012/11/24 23:35:32 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\GroundSchool FAA [2010/08/07 16:50:07 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\ISIS Drivers [2012/12/10 20:53:02 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Leadertech [2010/12/26 00:10:34 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\LockHunter [2012/12/16 09:03:30 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Mael [2011/12/31 12:26:01 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Organize MP3 Music [2012/12/10 23:47:05 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\PandoraRecovery [2011/05/25 13:02:39 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\PCDr [2013/03/28 21:50:02 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\PDAppFlex [2013/03/28 21:50:40 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011/03/06 20:50:41 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\TeamViewer [2012/10/17 09:25:20 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\webex [2013/02/23 13:37:32 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Windows Home Server [2012/05/02 01:32:29 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\WindSolutions ========== Purity Check ========== ========== Files - Unicode (All) ========== [2012/11/19 23:43:47 | 000,025,088 | ---- | M] ()(C:\Users\Marc\Documents\??.doc) -- C:\Users\Marc\Documents\谷口.doc [2012/11/18 23:53:21 | 000,025,088 | ---- | C] ()(C:\Users\Marc\Documents\??.doc) -- C:\Users\Marc\Documents\谷口.doc < End of report >

Here is first part of OTL.txt OTL logfile created on: 4/16/2013 2:00:09 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marc\Desktop\cham 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.99 Gb Total Physical Memory | 6.14 Gb Available Physical Memory | 76.87% Memory free 15.98 Gb Paging File | 13.06 Gb Available in Paging File | 81.74% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 689.47 Gb Total Space | 224.03 Gb Free Space | 32.49% Space Free | Partition Type: NTFS Drive D: | 168.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF Drive E: | 931.51 Gb Total Space | 120.41 Gb Free Space | 12.93% Space Free | Partition Type: NTFS Computer Name: MARC-PC | User Name: Marc | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/04/16 13:58:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marc\Desktop\cham\OTL.exe PRC - [2013/03/12 03:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\Marc\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013/03/07 16:31:48 | 019,357,112 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe PRC - [2013/02/19 05:58:21 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe PRC - [2013/02/12 22:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2013/01/28 14:08:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe PRC - [2012/12/28 10:03:25 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\real\realplayer\Update\realsched.exe PRC - [2012/12/18 10:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/12/17 18:14:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe PRC - [2012/12/17 17:48:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe PRC - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe PRC - [2012/11/29 11:32:16 | 002,086,984 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe PRC - [2012/08/29 14:51:48 | 001,061,960 | R--- | M] (Carbonite, Inc.) -- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe PRC - [2011/11/13 08:53:42 | 002,996,592 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2tray.exe PRC - [2011/11/13 08:53:40 | 000,946,032 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe PRC - [2011/11/13 08:53:36 | 002,120,048 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2pre.exe PRC - [2011/11/13 08:53:28 | 001,687,408 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2comm.exe PRC - [2011/09/06 13:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe PRC - [2011/08/18 11:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe PRC - [2011/08/18 11:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe PRC - [2011/08/01 13:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe PRC - [2011/05/20 02:05:38 | 001,271,096 | ---- | M] (Jetico, Inc.) -- C:\Program Files (x86)\Jetico\BestCrypt\BCWipeTM.exe PRC - [2011/03/28 07:26:14 | 000,095,544 | ---- | M] (Jetico, Inc.) -- C:\Program Files (x86)\Jetico\BestCrypt\BCWipeSvc.exe PRC - [2011/03/14 10:22:06 | 002,125,472 | ---- | M] (Audible, Inc.) -- C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe PRC - [2011/02/17 01:24:44 | 000,200,704 | ---- | M] (Jetico, Inc.) -- C:\Program Files (x86)\Jetico\BestCrypt\BCResident.exe PRC - [2011/02/11 11:41:29 | 000,603,896 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe PRC - [2011/01/13 12:00:24 | 000,117,344 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files (x86)\WinTV\Ir.exe PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe PRC - [2010/09/03 02:45:02 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac PRC - [2010/07/20 01:29:20 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe PRC - [2010/07/20 01:29:16 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe PRC - [2010/07/20 01:29:06 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009/12/29 17:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe PRC - [2009/11/23 01:35:12 | 002,388,992 | ---- | M] (www.elegantpie.com) -- C:\Program Files (x86)\clickclock\clickclock.exe PRC - [2009/11/13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe PRC - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe PRC - [2009/06/04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008/12/01 10:58:22 | 000,034,104 | ---- | M] (APC) -- C:\Program Files (x86)\APC\PowerChute Business Edition\agent\pbeagent.exe PRC - [2004/12/17 03:00:00 | 000,110,592 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Common Files\Sonic Shared\CineTray.exe ========== Modules (No Company Name) ========== MOD - [2013/04/16 12:53:08 | 000,128,512 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\_elementtree.pyd MOD - [2013/04/16 12:53:07 | 001,022,416 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\windows._cacheinvalidation.pyd MOD - [2013/04/16 12:53:07 | 000,805,888 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\wx._gdi_.pyd MOD - [2013/04/16 12:53:07 | 000,735,232 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\wx._misc_.pyd MOD - [2013/04/16 12:53:07 | 000,557,056 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\pysqlite2._sqlite.pyd MOD - [2013/04/16 12:53:07 | 000,364,544 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\pythoncom27.dll MOD - [2013/04/16 12:53:07 | 000,320,512 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\win32com.shell.shell.pyd MOD - [2013/04/16 12:53:07 | 000,110,080 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\PyWinTypes27.dll MOD - [2013/04/16 12:53:07 | 000,108,544 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\win32security.pyd MOD - [2013/04/16 12:53:07 | 000,098,816 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\win32api.pyd MOD - [2013/04/16 12:53:07 | 000,087,040 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\_ctypes.pyd MOD - [2013/04/16 12:53:07 | 000,070,656 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\wx._html2.pyd MOD - [2013/04/16 12:53:07 | 000,044,032 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\_socket.pyd MOD - [2013/04/16 12:53:07 | 000,022,528 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\win32ts.pyd MOD - [2013/04/16 12:53:07 | 000,017,408 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\win32profile.pyd MOD - [2013/04/16 12:53:07 | 000,011,264 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\win32crypt.pyd MOD - [2013/04/16 12:53:06 | 001,175,040 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\wx._core_.pyd MOD - [2013/04/16 12:53:06 | 001,153,024 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\_ssl.pyd MOD - [2013/04/16 12:53:06 | 001,062,400 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\wx._controls_.pyd MOD - [2013/04/16 12:53:06 | 000,811,008 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\wx._windows_.pyd MOD - [2013/04/16 12:53:06 | 000,711,680 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\_hashlib.pyd MOD - [2013/04/16 12:53:06 | 000,686,080 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\unicodedata.pyd MOD - [2013/04/16 12:53:06 | 000,127,488 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\pyexpat.pyd MOD - [2013/04/16 12:53:06 | 000,122,368 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\wx._wizard.pyd MOD - [2013/04/16 12:53:06 | 000,119,808 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\win32file.pyd MOD - [2013/04/16 12:53:06 | 000,038,912 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\win32inet.pyd MOD - [2013/04/16 12:53:06 | 000,035,840 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\win32process.pyd MOD - [2013/04/16 12:53:06 | 000,025,600 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\win32pdh.pyd MOD - [2013/04/16 12:53:06 | 000,018,432 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\win32event.pyd MOD - [2013/04/16 12:53:06 | 000,010,240 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\select.pyd MOD - [2013/02/14 04:28:52 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\64cf6c356be66bb17c4667d6d8aa467b\System.Web.Services.ni.dll MOD - [2013/02/14 04:28:41 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013/02/12 22:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2013/02/12 22:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2013/01/10 04:41:43 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll MOD - [2013/01/10 04:40:58 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll MOD - [2013/01/10 04:33:24 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll MOD - [2013/01/10 04:33:04 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll MOD - [2013/01/10 04:32:49 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013/01/10 04:32:47 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll MOD - [2013/01/10 04:32:40 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013/01/10 04:32:37 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013/01/10 04:32:34 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013/01/10 04:32:34 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013/01/10 04:32:25 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/08/18 11:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe MOD - [2011/01/31 03:19:17 | 000,070,968 | ---- | M] () -- C:\Program Files (x86)\Jetico\BestCrypt\dismount.dll MOD - [2009/11/13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe MOD - [2009/11/13 17:15:00 | 000,275,696 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll MOD - [2009/11/13 17:15:00 | 000,152,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll MOD - [2009/11/13 17:15:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll MOD - [2009/11/13 17:15:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll MOD - [2009/11/13 17:15:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll ========== Services (SafeList) ========== SRV:64bit: - [2013/02/19 14:56:14 | 000,182,752 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2013/02/19 14:53:32 | 000,218,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV:64bit: - [2013/02/19 14:51:54 | 000,241,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV:64bit: - [2012/11/16 22:10:22 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS) SRV:64bit: - [2012/09/27 21:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012/08/31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service) SRV:64bit: - [2012/08/31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy) SRV:64bit: - [2012/08/31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc) SRV:64bit: - [2012/08/31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV:64bit: - [2012/08/31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV:64bit: - [2012/08/31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV:64bit: - [2012/08/31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service) SRV:64bit: - [2012/08/29 14:43:58 | 006,742,088 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService) SRV:64bit: - [2011/01/10 14:19:58 | 000,489,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\WHSConnector.exe -- (WHSConnector) SRV:64bit: - [2009/08/11 16:50:50 | 000,083,968 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe -- (MediaCollectorService) SRV:64bit: - [2009/08/11 16:50:50 | 000,020,480 | ---- | M] (HP) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe -- (HPMSSConnectorSvc) SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService) SRV - [2013/03/12 17:12:50 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/12/18 10:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service) SRV - [2011/11/13 08:53:40 | 000,946,032 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC) SRV - [2011/08/18 11:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService) SRV - [2011/03/28 07:26:14 | 000,095,544 | ---- | M] (Jetico, Inc.) [Auto | Running] -- C:\Program Files (x86)\Jetico\BestCrypt\BCWipeSvc.exe -- (BCWipeSvc) SRV - [2011/02/11 11:41:29 | 000,603,896 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent) SRV - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0) SRV - [2010/09/03 02:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService) SRV - [2010/07/20 01:29:20 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SRV - [2010/07/20 01:29:16 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SRV - [2010/04/29 15:30:46 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009/06/26 12:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe -- (RoxMediaDB10) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2008/12/01 10:58:22 | 000,034,104 | ---- | M] (APC) [Auto | Running] -- C:\Program Files (x86)\APC\PowerChute Business Edition\agent\pbeagent.exe -- (APCPBEAgent) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/02/19 14:59:06 | 000,070,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids) DRV:64bit: - [2013/02/19 14:56:26 | 000,340,216 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk) DRV:64bit: - [2013/02/19 14:55:14 | 000,106,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet) DRV:64bit: - [2013/02/19 14:54:32 | 000,771,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2013/02/19 14:53:42 | 000,515,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek) DRV:64bit: - [2013/02/19 14:53:02 | 000,309,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2013/02/19 14:52:44 | 000,179,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2012/12/21 14:53:58 | 000,017,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv) DRV:64bit: - [2012/12/21 14:53:58 | 000,009,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv) DRV:64bit: - [2012/12/14 17:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/09/27 22:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012/09/27 21:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012/08/17 17:26:48 | 000,025,584 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Running] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020200}_0) DRV:64bit: - [2012/05/14 02:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012/04/20 17:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK) DRV:64bit: - [2012/03/26 07:46:47 | 000,192,072 | ---- | M] (Hauppauge, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcwhdpvr.sys -- (hcwhdpvr) DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/05/13 06:02:51 | 000,058,432 | ---- | M] (Jetico, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fsh.sys -- (fsh) DRV:64bit: - [2011/03/28 05:21:24 | 000,081,984 | ---- | M] (Jetico, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bcbus.sys -- (bcbus) DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/02/11 11:27:37 | 000,022,752 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva) DRV:64bit: - [2011/01/24 09:38:21 | 000,187,456 | ---- | M] (Jetico, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\bcfnt.sys -- (bcfnt) DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/08/12 00:07:46 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010/07/21 17:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2010/07/21 17:59:28 | 000,023,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr) DRV:64bit: - [2010/07/17 00:02:40 | 000,013,376 | ---- | M] (Jetico, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\moh.sys -- (moh) DRV:64bit: - [2010/07/17 00:02:18 | 000,017,472 | ---- | M] (Jetico, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mhk.sys -- (mhk) DRV:64bit: - [2010/07/07 19:18:58 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) DRV:64bit: - [2010/05/18 00:05:47 | 000,033,856 | ---- | M] (Jetico, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bc_des.sys -- (BC_DES) DRV:64bit: - [2010/05/18 00:01:40 | 000,034,368 | ---- | M] (Jetico, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bc_3des.sys -- (BC_3DES) DRV:64bit: - [2010/01/29 02:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009/12/22 09:56:50 | 000,034,368 | ---- | M] (Jetico, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bc_tfish.sys -- (BC_TFISH) DRV:64bit: - [2009/12/22 09:56:42 | 000,036,928 | ---- | M] (Michael Oestergaard Pedersen) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bc_serp.sys -- (BC_SERP) DRV:64bit: - [2009/12/22 09:56:33 | 000,051,264 | ---- | M] (Jetico, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bc_rijn.sys -- (BC_RIJN) DRV:64bit: - [2009/12/22 09:56:24 | 000,030,272 | ---- | M] (Michael Oestergaard Pedersen) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bc_rc6.sys -- (BC_RC6) DRV:64bit: - [2009/12/22 09:56:16 | 000,027,712 | ---- | M] (Iarsn) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bc_idea.sys -- (BC_IDEA) DRV:64bit: - [2009/12/22 09:56:08 | 000,025,664 | ---- | M] (Jetico, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bc_gost.sys -- (BC_Gost) DRV:64bit: - [2009/12/22 09:55:44 | 000,037,440 | ---- | M] (Jetico, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bc_cast.sys -- (BC_CAST) DRV:64bit: - [2009/12/22 09:55:36 | 000,030,272 | ---- | M] (Jetico, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bc_bfish.sys -- (BC_BFish) DRV:64bit: - [2009/12/22 09:55:27 | 000,030,784 | ---- | M] (Jetico, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bc_bf448.sys -- (BC_BF448) DRV:64bit: - [2009/12/22 09:55:19 | 000,030,784 | ---- | M] (Jetico, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bc_bf128.sys -- (BC_BF128) DRV:64bit: - [2009/10/07 15:11:30 | 000,053,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BackupReader.sys -- (BackupReader) DRV:64bit: - [2009/07/24 22:58:56 | 000,100,776 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/06/04 22:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009/06/04 20:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009/05/23 02:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM) DRV:64bit: - [2007/05/14 17:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb) DRV:64bit: - [2007/04/17 12:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi) DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2012/12/21 14:54:00 | 000,014,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv) DRV - [2012/12/21 14:53:58 | 000,009,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv) DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50) DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009/06/26 11:27:28 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter) DRV - [2004/05/29 09:15:12 | 000,009,728 | ---- | M] (iolo technologies, LLC (based on original work by Bo Brantén)) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\filedisk.sys -- (FileDisk) DRV - [2003/12/19 03:00:00 | 000,006,656 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\cinemsup.sys -- (Cinemsup) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B61413CE-3964-4670-91AB-8C5B90E726F2} IE:64bit: - HKLM\..\SearchScopes\{B61413CE-3964-4670-91AB-8C5B90E726F2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {1B612CFC-E1B3-4BDC-BEF6-38C67BE69819} IE - HKLM\..\SearchScopes\{1B612CFC-E1B3-4BDC-BEF6-38C67BE69819}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {0D166A7C-8114-4544-BC02-9B3C3BF20F71} IE - HKCU\..\SearchScopes\{0D166A7C-8114-4544-BC02-9B3C3BF20F71}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-search.com/?q={searchTerms}&affID=119293&babsrc=SP_ss&mntrId=840a8925000000000000a4badbf9c3c9 IE - HKCU\..\SearchScopes\{6D1B1F47-35AA-4806-A9A3-5F820D74B71A}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/10/27 09:43:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/12/28 10:04:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012/12/28 10:04:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/03/08 08:13:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/03/06 09:40:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013/02/25 02:23:47 | 000,000,000 | ---D | M] [2013/02/20 00:09:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: http://www.delta-search.com/?affID=119293&babsrc=HP_ss&mntrId=840a8925000000000000a4badbf9c3c9 CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java Platform SE 7 U11 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll CHR - plugin: RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll CHR - plugin: RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll CHR - Extension: SiteAdvisor = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\ CHR - Extension: RealDownloader = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\ O1 HOSTS File: ([2013/02/23 13:44:16 | 000,001,788 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 adobe.activate.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 www.adobeereg.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 125.252.224.90 O1 - Hosts: 127.0.0.1 125.252.224.91 O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found O2:64bit: - BHO: (BrowserHelper Class) - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [bCWipeTM Startup] C:\Program Files (x86)\Jetico\BestCrypt\BCWipeTM.exe (Jetico, Inc.) O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe () O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [EaseUS EPM tray] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe (CHENGDU YIWO Tech Development Co., Ltd) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun File not found O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\real\realplayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe" File not found O4 - HKLM..\Run: [VERIZONDM] C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKCU..\Run: [ClickClock] C:\Program Files (x86)\clickclock\clickclock.exe (www.elegantpie.com) O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)

Sorry, I didn't realize there were further steps. Screenshot capture of the message I get when trying to run Malwarebytes or McAfee is here: https://picasaweb.google.com/lh/photo/YFFZaggXns9KlJaGVnZMudMTjNZETYmyPJy0liipFm0?feat=directlink Ran flush.bat with no problems. Upon re-boot, there were no anti-virus programs running to turn off. Ran TDSSKiller and it reported no suspicious files. Log is pasted below. thanks, Marc **************************************************************** 12:56:00.0057 9264 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 12:56:00.0759 9264 ============================================================ 12:56:00.0759 9264 Current date / time: 2013/04/16 12:56:00.0759 12:56:00.0759 9264 SystemInfo: 12:56:00.0759 9264 12:56:00.0759 9264 OS Version: 6.1.7601 ServicePack: 1.0 12:56:00.0759 9264 Product type: Workstation 12:56:00.0759 9264 ComputerName: MARC-PC 12:56:00.0759 9264 UserName: Marc 12:56:00.0759 9264 Windows directory: C:\Windows 12:56:00.0759 9264 System windows directory: C:\Windows 12:56:00.0759 9264 Running under WOW64 12:56:00.0759 9264 Processor architecture: Intel x64 12:56:00.0759 9264 Number of processors: 8 12:56:00.0759 9264 Page size: 0x1000 12:56:00.0759 9264 Boot type: Normal boot 12:56:00.0759 9264 ============================================================ 12:56:01.0149 9264 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 12:56:01.0165 9264 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 12:56:01.0181 9264 ============================================================ 12:56:01.0181 9264 \Device\Harddisk0\DR0: 12:56:01.0181 9264 MBR partitions: 12:56:01.0181 9264 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x123F000 12:56:01.0181 9264 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1253000, BlocksNum 0x562F2800 12:56:01.0181 9264 \Device\Harddisk1\DR1: 12:56:01.0181 9264 MBR partitions: 12:56:01.0181 9264 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982 12:56:01.0181 9264 ============================================================ 12:56:01.0212 9264 C: <-> \Device\Harddisk0\DR0\Partition2 12:56:01.0227 9264 E: <-> \Device\Harddisk1\DR1\Partition1 12:56:01.0227 9264 ============================================================ 12:56:01.0227 9264 Initialize success 12:56:01.0227 9264 ============================================================ 12:56:07.0202 6264 ============================================================ 12:56:07.0202 6264 Scan started 12:56:07.0202 6264 Mode: Manual; 12:56:07.0202 6264 ============================================================ 12:56:07.0670 6264 ================ Scan system memory ======================== 12:56:07.0670 6264 System memory - ok 12:56:07.0670 6264 ================ Scan services ============================= 12:56:07.0842 6264 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 12:56:07.0842 6264 1394ohci - ok 12:56:07.0998 6264 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe 12:56:07.0998 6264 ACDaemon - ok 12:56:08.0029 6264 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 12:56:08.0029 6264 ACPI - ok 12:56:08.0045 6264 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 12:56:08.0060 6264 AcpiPmi - ok 12:56:08.0138 6264 [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe 12:56:08.0154 6264 Adobe LM Service - ok 12:56:08.0294 6264 [ 1474F121C3DF1232D3E7239C03691EE6 ] AdobeActiveFileMonitor9.0 C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe 12:56:08.0294 6264 AdobeActiveFileMonitor9.0 - ok 12:56:08.0372 6264 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 12:56:08.0372 6264 AdobeARMservice - ok 12:56:08.0466 6264 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 12:56:08.0466 6264 AdobeFlashPlayerUpdateSvc - ok 12:56:08.0528 6264 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 12:56:08.0622 6264 adp94xx - ok 12:56:08.0637 6264 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 12:56:08.0637 6264 adpahci - ok 12:56:08.0653 6264 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 12:56:08.0653 6264 adpu320 - ok 12:56:08.0684 6264 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 12:56:08.0684 6264 AeLookupSvc - ok 12:56:08.0747 6264 [ 0D0E5281784C2C526BA43C2ECD374288 ] Afc C:\Windows\syswow64\drivers\Afc.sys 12:56:08.0747 6264 Afc - ok 12:56:08.0809 6264 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 12:56:08.0809 6264 AFD - ok 12:56:08.0840 6264 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 12:56:08.0840 6264 agp440 - ok 12:56:08.0856 6264 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 12:56:08.0856 6264 ALG - ok 12:56:08.0871 6264 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 12:56:08.0871 6264 aliide - ok 12:56:08.0965 6264 ALSysIO - ok 12:56:09.0012 6264 [ 4C1E3649C89C7D542CD18ECC5210099D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 12:56:09.0012 6264 AMD External Events Utility - ok 12:56:09.0043 6264 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 12:56:09.0043 6264 amdide - ok 12:56:09.0059 6264 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 12:56:09.0059 6264 AmdK8 - ok 12:56:09.0573 6264 [ A3C0A15B39F979E8F3EABA901D72ECD7 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 12:56:09.0620 6264 amdkmdag - ok 12:56:09.0698 6264 [ 20F3CD38B107C1BD747C0EA37D450165 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 12:56:09.0698 6264 amdkmdap - ok 12:56:09.0714 6264 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 12:56:09.0729 6264 AmdPPM - ok 12:56:09.0776 6264 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 12:56:09.0792 6264 amdsata - ok 12:56:09.0823 6264 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 12:56:09.0839 6264 amdsbs - ok 12:56:09.0854 6264 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 12:56:09.0854 6264 amdxata - ok 12:56:09.0948 6264 [ 312E49A5FB32E543766F706A0A09C81D ] APCPBEAgent C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe 12:56:09.0948 6264 APCPBEAgent - ok 12:56:09.0979 6264 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 12:56:09.0979 6264 AppID - ok 12:56:10.0010 6264 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 12:56:10.0010 6264 AppIDSvc - ok 12:56:10.0041 6264 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 12:56:10.0041 6264 Appinfo - ok 12:56:10.0166 6264 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 12:56:10.0166 6264 Apple Mobile Device - ok 12:56:10.0182 6264 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 12:56:10.0182 6264 arc - ok 12:56:10.0275 6264 archlp - ok 12:56:10.0291 6264 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 12:56:10.0291 6264 arcsas - ok 12:56:10.0307 6264 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 12:56:10.0307 6264 AsyncMac - ok 12:56:10.0353 6264 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 12:56:10.0353 6264 atapi - ok 12:56:10.0369 6264 [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys 12:56:10.0369 6264 AtiHDAudioService - ok 12:56:10.0400 6264 [ 77C149E6D702737B2E372DEE166FAEF8 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys 12:56:10.0463 6264 AtiHdmiService - ok 12:56:10.0509 6264 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 12:56:10.0509 6264 AudioEndpointBuilder - ok 12:56:10.0525 6264 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 12:56:10.0525 6264 AudioSrv - ok 12:56:10.0572 6264 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 12:56:10.0603 6264 AxInstSV - ok 12:56:10.0650 6264 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 12:56:10.0650 6264 b06bdrv - ok 12:56:10.0681 6264 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 12:56:10.0681 6264 b57nd60a - ok 12:56:10.0728 6264 [ 7950A5463893475935967DACC387E3A1 ] BackupReader C:\Windows\system32\DRIVERS\BackupReader.sys 12:56:10.0728 6264 BackupReader - ok 12:56:10.0790 6264 [ 9E31B72452A927AD3647EE1AEF4395F2 ] bcbus C:\Windows\system32\DRIVERS\bcbus.sys 12:56:10.0790 6264 bcbus - ok 12:56:10.0837 6264 [ AFAF49532D39BE135B6D15D5C439D96C ] bcfnt C:\Windows\system32\drivers\bcfnt.sys 12:56:10.0837 6264 bcfnt - ok 12:56:10.0946 6264 [ DF857F8F25EF52FD6111E8BF8DDBEF76 ] BCWipeSvc C:\Program Files (x86)\Jetico\BestCrypt\BCWipeSvc.exe 12:56:10.0946 6264 BCWipeSvc - ok 12:56:10.0977 6264 [ D9AA4CFE38D62FC18576D84D49C244F5 ] BC_3DES C:\Windows\system32\drivers\BC_3DES.sys 12:56:10.0977 6264 BC_3DES - ok 12:56:11.0009 6264 [ 34CA67729B9117385D4824940D719F9D ] BC_BF128 C:\Windows\system32\drivers\BC_BF128.sys 12:56:11.0009 6264 BC_BF128 - ok 12:56:11.0024 6264 [ D20B03DF1B41E265E7842E5C7DCC1A22 ] BC_BF448 C:\Windows\system32\drivers\BC_BF448.sys 12:56:11.0024 6264 BC_BF448 - ok 12:56:11.0055 6264 [ C0500F01DA2D5E0EE5E5DF79C1FC1262 ] BC_BFish C:\Windows\system32\drivers\BC_BFish.sys 12:56:11.0055 6264 BC_BFish - ok 12:56:11.0071 6264 [ 345B68AFD97999193BFF776899DD62FA ] BC_CAST C:\Windows\system32\drivers\BC_CAST.sys 12:56:11.0071 6264 BC_CAST - ok 12:56:11.0087 6264 [ EF266E37D139EB64C48FA8696B219FC6 ] BC_DES C:\Windows\system32\drivers\BC_DES.sys 12:56:11.0087 6264 BC_DES - ok 12:56:11.0102 6264 [ CE0A22BD3BE0CCFBD29BA26A6FD2DBAF ] BC_Gost C:\Windows\system32\drivers\BC_Gost.sys 12:56:11.0102 6264 BC_Gost - ok 12:56:11.0133 6264 [ 08B593871A2671E2B8F8116D1E0B9CBD ] BC_IDEA C:\Windows\system32\drivers\BC_IDEA.sys 12:56:11.0133 6264 BC_IDEA - ok 12:56:11.0165 6264 [ 560C504CA41DACB3FC22FAFB498B428E ] BC_RC6 C:\Windows\system32\drivers\BC_RC6.sys 12:56:11.0165 6264 BC_RC6 - ok 12:56:11.0180 6264 [ 4E7B9A24E477DB2B9D84D1C5761D7697 ] BC_RIJN C:\Windows\system32\drivers\BC_RIJN.sys 12:56:11.0180 6264 BC_RIJN - ok 12:56:11.0196 6264 [ 243E49F5028080BD25D94DF5BA28A942 ] BC_SERP C:\Windows\system32\drivers\BC_SERP.sys 12:56:11.0196 6264 BC_SERP - ok 12:56:11.0211 6264 [ BD0261532882FAE63C197AF48EFF5B90 ] BC_TFISH C:\Windows\system32\drivers\BC_TFISH.sys 12:56:11.0211 6264 BC_TFISH - ok 12:56:11.0243 6264 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 12:56:11.0243 6264 BDESVC - ok 12:56:11.0289 6264 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 12:56:11.0289 6264 Beep - ok 12:56:11.0367 6264 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 12:56:11.0383 6264 BFE - ok 12:56:11.0445 6264 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 12:56:11.0461 6264 BITS - ok 12:56:11.0477 6264 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 12:56:11.0477 6264 blbdrive - ok 12:56:11.0570 6264 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 12:56:11.0570 6264 Bonjour Service - ok 12:56:11.0601 6264 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 12:56:11.0601 6264 bowser - ok 12:56:11.0633 6264 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 12:56:11.0633 6264 BrFiltLo - ok 12:56:11.0648 6264 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 12:56:11.0648 6264 BrFiltUp - ok 12:56:11.0711 6264 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 12:56:11.0726 6264 Browser - ok 12:56:11.0804 6264 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 12:56:11.0835 6264 Brserid - ok 12:56:11.0851 6264 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 12:56:11.0867 6264 BrSerWdm - ok 12:56:11.0882 6264 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 12:56:11.0882 6264 BrUsbMdm - ok 12:56:11.0913 6264 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 12:56:11.0913 6264 BrUsbSer - ok 12:56:11.0913 6264 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 12:56:11.0913 6264 BTHMODEM - ok 12:56:11.0960 6264 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 12:56:11.0960 6264 bthserv - ok 12:56:12.0615 6264 [ 5B183E26AFE185DE1436479D217154B3 ] CarboniteService C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe 12:56:12.0631 6264 CarboniteService - ok 12:56:12.0678 6264 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 12:56:12.0678 6264 cdfs - ok 12:56:12.0740 6264 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys 12:56:12.0740 6264 cdrom - ok 12:56:12.0803 6264 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 12:56:12.0803 6264 CertPropSvc - ok 12:56:12.0849 6264 [ D2B3252AD4EB499C935A56467997AA3C ] cfwids C:\Windows\system32\drivers\cfwids.sys 12:56:12.0849 6264 cfwids - ok 12:56:12.0865 6264 CinemaNow Service - ok 12:56:12.0881 6264 Cinemsup - ok 12:56:12.0927 6264 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 12:56:12.0927 6264 circlass - ok 12:56:12.0974 6264 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 12:56:12.0990 6264 CLFS - ok 12:56:13.0068 6264 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 12:56:13.0068 6264 clr_optimization_v2.0.50727_32 - ok 12:56:13.0317 6264 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 12:56:13.0333 6264 clr_optimization_v2.0.50727_64 - ok 12:56:13.0427 6264 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 12:56:13.0505 6264 clr_optimization_v4.0.30319_32 - ok 12:56:13.0707 6264 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 12:56:13.0707 6264 clr_optimization_v4.0.30319_64 - ok 12:56:13.0770 6264 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 12:56:13.0770 6264 CmBatt - ok 12:56:13.0801 6264 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 12:56:13.0801 6264 cmdide - ok 12:56:13.0863 6264 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys 12:56:13.0879 6264 CNG - ok 12:56:13.0926 6264 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 12:56:13.0926 6264 Compbatt - ok 12:56:13.0957 6264 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 12:56:13.0957 6264 CompositeBus - ok 12:56:13.0973 6264 COMSysApp - ok 12:56:14.0019 6264 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 12:56:14.0019 6264 crcdisk - ok 12:56:14.0066 6264 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 12:56:14.0066 6264 CryptSvc - ok 12:56:14.0113 6264 [ 76E02DB615A03801D698199A2BC4A06A ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys 12:56:14.0160 6264 dc3d - ok 12:56:14.0238 6264 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 12:56:14.0238 6264 DcomLaunch - ok 12:56:14.0300 6264 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 12:56:14.0316 6264 defragsvc - ok 12:56:14.0363 6264 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 12:56:14.0378 6264 DfsC - ok 12:56:14.0441 6264 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 12:56:14.0503 6264 Dhcp - ok 12:56:14.0519 6264 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 12:56:14.0519 6264 discache - ok 12:56:14.0565 6264 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 12:56:14.0581 6264 Disk - ok 12:56:14.0612 6264 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 12:56:14.0612 6264 Dnscache - ok 12:56:14.0706 6264 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe 12:56:14.0721 6264 DockLoginService - ok 12:56:14.0799 6264 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 12:56:14.0862 6264 dot3svc - ok 12:56:14.0924 6264 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 12:56:14.0940 6264 DPS - ok 12:56:15.0002 6264 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 12:56:15.0002 6264 drmkaud - ok 12:56:15.0080 6264 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 12:56:15.0080 6264 DXGKrnl - ok 12:56:15.0127 6264 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 12:56:15.0127 6264 EapHost - ok 12:56:15.0252 6264 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 12:56:15.0283 6264 ebdrv - ok 12:56:15.0314 6264 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 12:56:15.0314 6264 EFS - ok 12:56:15.0330 6264 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 12:56:15.0345 6264 elxstor - ok 12:56:15.0377 6264 [ 6106653B08F4F72EEAA7F099E7C408A4 ] epmntdrv C:\Windows\system32\epmntdrv.sys 12:56:15.0408 6264 epmntdrv - ok 12:56:15.0439 6264 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 12:56:15.0439 6264 ErrDev - ok 12:56:15.0517 6264 [ 991C04A31777ED77CB92A4F96F14C2E2 ] EuGdiDrv C:\Windows\system32\EuGdiDrv.sys 12:56:15.0517 6264 EuGdiDrv - ok 12:56:15.0579 6264 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 12:56:15.0579 6264 EventSystem - ok 12:56:15.0642 6264 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 12:56:15.0642 6264 exfat - ok 12:56:15.0673 6264 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 12:56:15.0673 6264 fastfat - ok 12:56:15.0751 6264 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 12:56:15.0767 6264 Fax - ok 12:56:15.0813 6264 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 12:56:15.0813 6264 fdc - ok 12:56:15.0829 6264 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 12:56:15.0829 6264 fdPHost - ok 12:56:15.0845 6264 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 12:56:15.0845 6264 FDResPub - ok 12:56:15.0907 6264 FileDisk - ok 12:56:15.0938 6264 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 12:56:15.0938 6264 FileInfo - ok 12:56:15.0954 6264 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 12:56:15.0954 6264 Filetrace - ok 12:56:15.0969 6264 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 12:56:15.0969 6264 flpydisk - ok 12:56:16.0001 6264 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 12:56:16.0001 6264 FltMgr - ok 12:56:16.0063 6264 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll 12:56:16.0063 6264 FontCache - ok 12:56:16.0141 6264 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 12:56:16.0141 6264 FontCache3.0.0.0 - ok 12:56:16.0172 6264 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 12:56:16.0188 6264 FsDepends - ok 12:56:16.0235 6264 [ AC31C297B69A7C2BA051AD781449021D ] fsh C:\Windows\system32\drivers\fsh.sys 12:56:16.0235 6264 fsh - ok 12:56:16.0266 6264 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 12:56:16.0266 6264 Fs_Rec - ok 12:56:16.0328 6264 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 12:56:16.0328 6264 fvevol - ok 12:56:16.0375 6264 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 12:56:16.0375 6264 gagp30kx - ok 12:56:16.0422 6264 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 12:56:16.0437 6264 GEARAspiWDM - ok 12:56:16.0562 6264 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe 12:56:16.0578 6264 GoToAssist - ok 12:56:16.0656 6264 [ 0B53F4306E17025E7685D18C3A77127E ] GoToMyPC C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe 12:56:16.0656 6264 GoToMyPC - ok 12:56:16.0687 6264 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 12:56:16.0703 6264 gpsvc - ok 12:56:16.0827 6264 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 12:56:16.0827 6264 gupdate - ok 12:56:16.0905 6264 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 12:56:16.0905 6264 gupdatem - ok 12:56:17.0015 6264 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 12:56:17.0046 6264 gusvc - ok 12:56:17.0061 6264 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 12:56:17.0061 6264 hcw85cir - ok 12:56:17.0108 6264 [ 06B60A20C7843DA78F28CD77A58548C9 ] hcwhdpvr C:\Windows\system32\DRIVERS\hcwhdpvr.sys 12:56:17.0108 6264 hcwhdpvr - ok 12:56:17.0171 6264 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 12:56:17.0171 6264 HDAudBus - ok 12:56:17.0202 6264 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 12:56:17.0217 6264 HidBatt - ok 12:56:17.0233 6264 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 12:56:17.0233 6264 HidBth - ok 12:56:17.0264 6264 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 12:56:17.0264 6264 HidIr - ok 12:56:17.0295 6264 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 12:56:17.0295 6264 hidserv - ok 12:56:17.0420 6264 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 12:56:17.0420 6264 HidUsb - ok 12:56:17.0592 6264 [ A894FB2CAE6A29F5D9C8EDA47B074623 ] HipShieldK C:\Windows\system32\drivers\HipShieldK.sys 12:56:17.0623 6264 HipShieldK - ok 12:56:17.0670 6264 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 12:56:17.0685 6264 hkmsvc - ok 12:56:17.0732 6264 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 12:56:17.0779 6264 HomeGroupListener - ok 12:56:17.0826 6264 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 12:56:17.0919 6264 HomeGroupProvider - ok 12:56:17.0982 6264 [ 33EF0070477433437D51D50FD46A66FD ] HPMSSConnectorSvc C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe 12:56:17.0982 6264 HPMSSConnectorSvc - ok 12:56:18.0060 6264 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 12:56:18.0060 6264 HpSAMD - ok 12:56:18.0138 6264 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 12:56:18.0138 6264 HTTP - ok 12:56:18.0185 6264 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 12:56:18.0185 6264 hwpolicy - ok 12:56:18.0247 6264 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 12:56:18.0263 6264 i8042prt - ok 12:56:18.0356 6264 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe 12:56:18.0356 6264 IAANTMON - ok 12:56:18.0481 6264 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 12:56:18.0528 6264 iaStor - ok 12:56:18.0590 6264 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 12:56:18.0590 6264 iaStorV - ok 12:56:18.0809 6264 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 12:56:18.0824 6264 IDriverT - ok 12:56:19.0043 6264 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 12:56:19.0058 6264 idsvc - ok 12:56:19.0121 6264 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 12:56:19.0121 6264 iirsp - ok 12:56:19.0167 6264 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 12:56:19.0183 6264 IKEEXT - ok 12:56:19.0245 6264 [ 2A7CF87BE453241FE0BAA1C8651E7AA4 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 12:56:19.0261 6264 IntcAzAudAddService - ok 12:56:19.0292 6264 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 12:56:19.0292 6264 intelide - ok 12:56:19.0323 6264 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 12:56:19.0323 6264 intelppm - ok 12:56:19.0339 6264 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 12:56:19.0355 6264 IPBusEnum - ok 12:56:19.0417 6264 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 12:56:19.0417 6264 IpFilterDriver - ok 12:56:19.0511 6264 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 12:56:19.0542 6264 iphlpsvc - ok 12:56:19.0573 6264 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 12:56:19.0573 6264 IPMIDRV - ok 12:56:19.0604 6264 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 12:56:19.0604 6264 IPNAT - ok 12:56:19.0698 6264 [ 44886233135241F3990724082EB104EE ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 12:56:19.0713 6264 iPod Service - ok 12:56:19.0729 6264 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 12:56:19.0745 6264 IRENUM - ok 12:56:19.0776 6264 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 12:56:19.0776 6264 isapnp - ok 12:56:19.0791 6264 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 12:56:19.0791 6264 iScsiPrt - ok 12:56:19.0823 6264 [ 71235F7BAA7E5E79D38157DF7A0F806A ] JRAID C:\Windows\system32\DRIVERS\jraid.sys 12:56:19.0823 6264 JRAID - ok 12:56:19.0838 6264 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 12:56:19.0838 6264 kbdclass - ok 12:56:19.0885 6264 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 12:56:19.0885 6264 kbdhid - ok 12:56:19.0932 6264 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 12:56:19.0932 6264 KeyIso - ok 12:56:19.0963 6264 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 12:56:19.0963 6264 KSecDD - ok 12:56:20.0010 6264 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 12:56:20.0025 6264 KSecPkg - ok 12:56:20.0041 6264 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 12:56:20.0041 6264 ksthunk - ok 12:56:20.0057 6264 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 12:56:20.0072 6264 KtmRm - ok 12:56:20.0119 6264 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 12:56:20.0166 6264 LanmanServer - ok 12:56:20.0197 6264 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 12:56:20.0197 6264 LanmanWorkstation - ok 12:56:20.0228 6264 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 12:56:20.0228 6264 lltdio - ok 12:56:20.0259 6264 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 12:56:20.0275 6264 lltdsvc - ok 12:56:20.0275 6264 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 12:56:20.0291 6264 lmhosts - ok 12:56:20.0322 6264 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 12:56:20.0322 6264 LSI_FC - ok 12:56:20.0337 6264 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 12:56:20.0337 6264 LSI_SAS - ok 12:56:20.0353 6264 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 12:56:20.0353 6264 LSI_SAS2 - ok 12:56:20.0369 6264 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 12:56:20.0369 6264 LSI_SCSI - ok 12:56:20.0384 6264 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 12:56:20.0384 6264 luafv - ok 12:56:20.0415 6264 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 12:56:20.0415 6264 MBAMProtector - ok 12:56:20.0478 6264 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe 12:56:20.0493 6264 MBAMScheduler - ok 12:56:20.0525 6264 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 12:56:20.0540 6264 MBAMService - ok 12:56:20.0603 6264 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 12:56:20.0603 6264 McAfee SiteAdvisor Service - ok 12:56:20.0681 6264 [ F8B823414A22DBF3BEC10DCAA5F93CD8 ] McciCMService C:\Program Files (x86)\Common Files\Motive\McciCMService.exe 12:56:20.0696 6264 McciCMService - ok 12:56:20.0852 6264 [ FD3AD5E1ECDAA94A89D6697F5C5465D6 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe 12:56:20.0868 6264 McComponentHostService - ok 12:56:20.0868 6264 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 12:56:20.0868 6264 McMPFSvc - ok 12:56:20.0868 6264 [ F928E5E72BBA15DD0CE9A26E0413D236 ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 12:56:20.0883 6264 mcmscsvc - ok 12:56:20.0899 6264 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 12:56:20.0899 6264 McNaiAnn - ok 12:56:20.0899 6264 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 12:56:20.0899 6264 McNASvc - ok 12:56:20.0961 6264 [ 1814532DB0404C5FB65AA3EB051B2BE5 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe 12:56:20.0961 6264 McODS - ok 12:56:20.0961 6264 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 12:56:20.0961 6264 McProxy - ok 12:56:21.0008 6264 [ 21F81090A00932C5E96700EDF2977582 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe 12:56:21.0008 6264 McShield - ok 12:56:21.0039 6264 [ 7CC5AB58C1008F36FA564EBDC147AE96 ] MediaCollectorService C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe 12:56:21.0055 6264 MediaCollectorService - ok 12:56:21.0071 6264 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 12:56:21.0071 6264 megasas - ok 12:56:21.0086 6264 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 12:56:21.0086 6264 MegaSR - ok 12:56:21.0133 6264 [ B1720E97FABBDF7D30B36DAF19C3DEE8 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys 12:56:21.0133 6264 mfeapfk - ok 12:56:21.0149 6264 [ 113F1534B80D65DFDCA660F19967A3B7 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys 12:56:21.0149 6264 mfeavfk - ok 12:56:21.0149 6264 mfeavfk01 - ok 12:56:21.0195 6264 [ C4F521310E40327BBC8E8E71DA344F48 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe 12:56:21.0195 6264 mfefire - ok 12:56:21.0211 6264 [ CECC9841D036EE008091825272D91331 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys 12:56:21.0211 6264 mfefirek - ok 12:56:21.0258 6264 [ EF0F85EDBDF6C0AB467E88E0CEE2B346 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys 12:56:21.0258 6264 mfehidk - ok 12:56:21.0273 6264 [ 6E3A46BF6CBB80450CC24F80FE03ED5A ] mferkdet C:\Windows\system32\drivers\mferkdet.sys 12:56:21.0289 6264 mferkdet - ok 12:56:21.0305 6264 [ 341BFCAA3A55C08E8C9ECB1654ACA905 ] mfevtp C:\Windows\system32\mfevtps.exe 12:56:21.0305 6264 mfevtp - ok 12:56:21.0320 6264 [ 2802D09F1B6ED502237539563F3C4992 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys 12:56:21.0320 6264 mfewfpk - ok 12:56:21.0351 6264 [ 1EDF2BAEAA25A5940E41C736F0F5DF06 ] mhk C:\Windows\system32\drivers\mhk.sys 12:56:21.0351 6264 mhk - ok 12:56:21.0367 6264 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 12:56:21.0367 6264 MMCSS - ok 12:56:21.0383 6264 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 12:56:21.0383 6264 Modem - ok 12:56:21.0414 6264 [ 15F7AB3A8C250327AC4C43CD75DDF7DB ] moh C:\Windows\system32\drivers\moh.sys 12:56:21.0414 6264 moh - ok 12:56:21.0445 6264 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 12:56:21.0445 6264 monitor - ok 12:56:21.0476 6264 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 12:56:21.0476 6264 mouclass - ok 12:56:21.0492 6264 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 12:56:21.0492 6264 mouhid - ok 12:56:21.0523 6264 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 12:56:21.0523 6264 mountmgr - ok 12:56:21.0570 6264 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 12:56:21.0570 6264 mpio - ok 12:56:21.0570 6264 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 12:56:21.0570 6264 mpsdrv - ok 12:56:21.0617 6264 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 12:56:21.0617 6264 MpsSvc - ok 12:56:21.0648 6264 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS 12:56:21.0663 6264 MREMP50 - ok 12:56:21.0710 6264 MREMP50a64 - ok 12:56:21.0726 6264 MREMPR5 - ok 12:56:21.0726 6264 MRENDIS5 - ok 12:56:21.0741 6264 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS 12:56:21.0741 6264 MRESP50 - ok 12:56:21.0741 6264 MRESP50a64 - ok 12:56:21.0773 6264 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 12:56:21.0773 6264 MRxDAV - ok 12:56:21.0819 6264 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 12:56:21.0819 6264 mrxsmb - ok 12:56:21.0913 6264 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 12:56:21.0913 6264 mrxsmb10 - ok 12:56:21.0944 6264 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 12:56:21.0944 6264 mrxsmb20 - ok 12:56:21.0991 6264 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 12:56:21.0991 6264 msahci - ok 12:56:22.0007 6264 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 12:56:22.0069 6264 msdsm - ok 12:56:22.0116 6264 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 12:56:22.0131 6264 MSDTC - ok 12:56:22.0163 6264 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 12:56:22.0163 6264 Msfs - ok 12:56:22.0178 6264 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 12:56:22.0178 6264 mshidkmdf - ok 12:56:22.0225 6264 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 12:56:22.0225 6264 msisadrv - ok 12:56:22.0287 6264 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 12:56:22.0319 6264 MSiSCSI - ok 12:56:22.0319 6264 msiserver - ok 12:56:22.0365 6264 [ F928E5E72BBA15DD0CE9A26E0413D236 ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 12:56:22.0365 6264 MSK80Service - ok 12:56:22.0381 6264 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 12:56:22.0381 6264 MSKSSRV - ok 12:56:22.0397 6264 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 12:56:22.0397 6264 MSPCLOCK - ok 12:56:22.0412 6264 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 12:56:22.0412 6264 MSPQM - ok 12:56:22.0490 6264 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 12:56:22.0506 6264 MsRPC - ok 12:56:22.0537 6264 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 12:56:22.0537 6264 mssmbios - ok 12:56:22.0553 6264 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 12:56:22.0553 6264 MSTEE - ok 12:56:22.0553 6264 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 12:56:22.0553 6264 MTConfig - ok 12:56:22.0568 6264 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 12:56:22.0568 6264 Mup - ok 12:56:22.0584 6264 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 12:56:22.0584 6264 napagent - ok 12:56:22.0615 6264 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 12:56:22.0615 6264 NativeWifiP - ok 12:56:22.0646 6264 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 12:56:22.0662 6264 NDIS - ok 12:56:22.0677 6264 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 12:56:22.0677 6264 NdisCap - ok 12:56:22.0693 6264 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 12:56:22.0693 6264 NdisTapi - ok 12:56:22.0740 6264 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 12:56:22.0787 6264 Ndisuio - ok 12:56:22.0818 6264 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 12:56:22.0818 6264 NdisWan - ok 12:56:22.0849 6264 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 12:56:22.0849 6264 NDProxy - ok 12:56:22.0896 6264 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 12:56:22.0896 6264 NetBIOS - ok 12:56:22.0911 6264 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 12:56:22.0958 6264 NetBT - ok 12:56:23.0005 6264 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 12:56:23.0005 6264 Netlogon - ok 12:56:23.0036 6264 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 12:56:23.0036 6264 Netman - ok 12:56:23.0052 6264 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 12:56:23.0052 6264 netprofm - ok 12:56:23.0083 6264 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 12:56:23.0083 6264 NetTcpPortSharing - ok 12:56:23.0099 6264 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 12:56:23.0099 6264 nfrd960 - ok 12:56:23.0145 6264 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 12:56:23.0145 6264 NlaSvc - ok 12:56:23.0161 6264 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 12:56:23.0161 6264 Npfs - ok 12:56:23.0192 6264 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 12:56:23.0208 6264 nsi - ok 12:56:23.0208 6264 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 12:56:23.0208 6264 nsiproxy - ok 12:56:23.0255 6264 [ B8965FB53551B5455630A4B804D0791F ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 12:56:23.0286 6264 Ntfs - ok 12:56:23.0333 6264 [ 4C08A14D04E62963E96E0BB57BBC953B ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys 12:56:23.0348 6264 NuidFltr - ok 12:56:23.0364 6264 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 12:56:23.0364 6264 Null - ok 12:56:23.0395 6264 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 12:56:23.0395 6264 nvraid - ok 12:56:23.0442 6264 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 12:56:23.0442 6264 nvstor - ok 12:56:23.0489 6264 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 12:56:23.0489 6264 nv_agp - ok 12:56:23.0520 6264 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 12:56:23.0520 6264 ohci1394 - ok 12:56:23.0582 6264 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 12:56:23.0582 6264 ose - ok 12:56:24.0097 6264 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 12:56:24.0128 6264 osppsvc - ok 12:56:24.0206 6264 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 12:56:24.0206 6264 p2pimsvc - ok 12:56:24.0269 6264 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 12:56:24.0284 6264 p2psvc - ok 12:56:24.0300 6264 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 12:56:24.0300 6264 Parport - ok 12:56:24.0331 6264 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 12:56:24.0331 6264 partmgr - ok 12:56:24.0347 6264 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 12:56:24.0347 6264 PcaSvc - ok 12:56:24.0440 6264 [ 4B5F5774FF1C577B9515FDD2B5C535C5 ] PCDSRVC{1E208CE0-FB7451FF-06020200}_0 c:\program files\dell support center\pcdsrvc_x64.pkms 12:56:24.0440 6264 PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - ok 12:56:24.0456 6264 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 12:56:24.0456 6264 pci - ok 12:56:24.0471 6264 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 12:56:24.0471 6264 pciide - ok 12:56:24.0487 6264 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 12:56:24.0487 6264 pcmcia - ok 12:56:24.0503 6264 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 12:56:24.0503 6264 pcw - ok 12:56:24.0518 6264 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 12:56:24.0534 6264 PEAUTH - ok 12:56:25.0095 6264 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 12:56:25.0095 6264 PerfHost - ok 12:56:25.0283 6264 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 12:56:25.0298 6264 pla - ok 12:56:25.0345 6264 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 12:56:25.0376 6264 PlugPlay - ok 12:56:25.0392 6264 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 12:56:25.0392 6264 PNRPAutoReg - ok 12:56:25.0423 6264 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 12:56:25.0423 6264 PNRPsvc - ok 12:56:25.0454 6264 [ B8D8EC78B0F9ED8E220506181274F3D3 ] Point64 C:\Windows\system32\DRIVERS\point64.sys 12:56:25.0454 6264 Point64 - ok 12:56:25.0501 6264 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 12:56:25.0501 6264 PolicyAgent - ok 12:56:25.0532 6264 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 12:56:25.0532 6264 Power - ok 12:56:25.0579 6264 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 12:56:25.0610 6264 PptpMiniport - ok 12:56:25.0626 6264 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 12:56:25.0626 6264 Processor - ok 12:56:25.0657 6264 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 12:56:25.0673 6264 ProfSvc - ok 12:56:25.0688 6264 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 12:56:25.0688 6264 ProtectedStorage - ok 12:56:25.0735 6264 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 12:56:25.0735 6264 Psched - ok 12:56:25.0782 6264 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys 12:56:25.0782 6264 PxHlpa64 - ok 12:56:25.0829 6264 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 12:56:25.0844 6264 ql2300 - ok 12:56:25.0860 6264 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 12:56:25.0875 6264 ql40xx - ok 12:56:25.0907 6264 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 12:56:25.0922 6264 QWAVE - ok 12:56:25.0953 6264 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 12:56:25.0953 6264 QWAVEdrv - ok 12:56:25.0969 6264 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 12:56:25.0969 6264 RasAcd - ok 12:56:26.0000 6264 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 12:56:26.0000 6264 RasAgileVpn - ok 12:56:26.0016 6264 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 12:56:26.0031 6264 RasAuto - ok 12:56:26.0047 6264 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 12:56:26.0047 6264 Rasl2tp - ok 12:56:26.0125 6264 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 12:56:26.0172 6264 RasMan - ok 12:56:26.0203 6264 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 12:56:26.0203 6264 RasPppoe - ok 12:56:26.0250 6264 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 12:56:26.0250 6264 RasSstp - ok 12:56:26.0328 6264 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 12:56:26.0328 6264 rdbss - ok 12:56:26.0359 6264 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 12:56:26.0359 6264 rdpbus - ok 12:56:26.0375 6264 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 12:56:26.0375 6264 RDPCDD - ok 12:56:26.0421 6264 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 12:56:26.0421 6264 RDPENCDD - ok 12:56:26.0437 6264 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 12:56:26.0437 6264 RDPREFMP - ok 12:56:26.0499 6264 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 12:56:26.0499 6264 RdpVideoMiniport - ok 12:56:26.0531 6264 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 12:56:26.0546 6264 RDPWD - ok 12:56:26.0577 6264 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 12:56:26.0577 6264 rdyboost - ok 12:56:26.0655 6264 [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] RealNetworks Downloader Resolver Service C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe 12:56:26.0655 6264 RealNetworks Downloader Resolver Service - ok 12:56:26.0702 6264 [ 4D9AFDDDA0EFE97CDBFD3B5FA48B05F6 ] regi C:\Windows\system32\drivers\regi.sys 12:56:26.0702 6264 regi - ok 12:56:26.0718 6264 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 12:56:26.0749 6264 RemoteAccess - ok 12:56:26.0765 6264 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 12:56:26.0765 6264 RemoteRegistry - ok 12:56:26.0811 6264 [ 7B04C9843921AB1F695FB395422C5360 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys 12:56:26.0811 6264 RimUsb - ok 12:56:27.0077 6264 [ 05FC44D32A144925EAE45570029FD6E1 ] RoxMediaDB10 c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe 12:56:27.0108 6264 RoxMediaDB10 - ok 12:56:27.0123 6264 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 12:56:27.0123 6264 RpcEptMapper - ok 12:56:27.0155 6264 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 12:56:27.0155 6264 RpcLocator - ok 12:56:27.0201 6264 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 12:56:27.0201 6264 RpcSs - ok 12:56:27.0233 6264 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 12:56:27.0233 6264 rspndr - ok 12:56:27.0248 6264 [ 2DB8116D52B19216812C4E6D5D837810 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys 12:56:27.0311 6264 RSUSBSTOR - ok 12:56:27.0342 6264 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 12:56:27.0342 6264 RTL8167 - ok 12:56:27.0342 6264 RxFilter - ok 12:56:27.0342 6264 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 12:56:27.0342 6264 SamSs - ok 12:56:27.0373 6264 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 12:56:27.0373 6264 sbp2port - ok 12:56:27.0404 6264 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 12:56:27.0420 6264 SCardSvr - ok 12:56:27.0435 6264 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 12:56:27.0451 6264 scfilter - ok 12:56:27.0498 6264 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 12:56:27.0513 6264 Schedule - ok 12:56:27.0545 6264 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 12:56:27.0545 6264 SCPolicySvc - ok 12:56:27.0576 6264 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 12:56:27.0591 6264 SDRSVC - ok 12:56:27.0591 6264 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 12:56:27.0591 6264 secdrv - ok 12:56:27.0638 6264 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 12:56:27.0669 6264 seclogon - ok 12:56:27.0685 6264 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 12:56:27.0685 6264 SENS - ok 12:56:27.0685 6264 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 12:56:27.0701 6264 SensrSvc - ok 12:56:27.0716 6264 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 12:56:27.0716 6264 Serenum - ok 12:56:27.0732 6264 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 12:56:27.0732 6264 Serial - ok 12:56:27.0794 6264 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 12:56:27.0825 6264 sermouse - ok 12:56:27.0857 6264 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 12:56:27.0903 6264 SessionEnv - ok 12:56:27.0935 6264 SessionLauncher - ok 12:56:27.0950 6264 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 12:56:27.0966 6264 sffdisk - ok 12:56:27.0966 6264 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 12:56:27.0981 6264 sffp_mmc - ok 12:56:27.0981 6264 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 12:56:27.0981 6264 sffp_sd - ok 12:56:28.0013 6264 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 12:56:28.0013 6264 sfloppy - ok 12:56:28.0231 6264 [ 74EC60E20516AAA573BE74F31175270F ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE 12:56:28.0262 6264 SftService - ok 12:56:28.0309 6264 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 12:56:28.0325 6264 SharedAccess - ok 12:56:28.0387 6264 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 12:56:28.0403 6264 ShellHWDetection - ok 12:56:28.0434 6264 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 12:56:28.0434 6264 SiSRaid2 - ok 12:56:28.0481 6264 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 12:56:28.0481 6264 SiSRaid4 - ok 12:56:28.0496 6264 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 12:56:28.0496 6264 Smb - ok 12:56:28.0527 6264 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 12:56:28.0527 6264 SNMPTRAP - ok 12:56:28.0543 6264 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 12:56:28.0543 6264 spldr - ok 12:56:28.0637 6264 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 12:56:28.0652 6264 Spooler - ok 12:56:29.0089 6264 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 12:56:29.0136 6264 sppsvc - ok 12:56:29.0167 6264 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 12:56:29.0183 6264 sppuinotify - ok 12:56:29.0229 6264 sprtsvc_verizondm - ok 12:56:29.0339 6264 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 12:56:29.0339 6264 srv - ok 12:56:29.0448 6264 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 12:56:29.0448 6264 srv2 - ok 12:56:29.0526 6264 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 12:56:29.0526 6264 srvnet - ok 12:56:29.0573 6264 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 12:56:29.0573 6264 SSDPSRV - ok 12:56:29.0573 6264 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 12:56:29.0573 6264 SstpSvc - ok 12:56:29.0588 6264 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 12:56:29.0588 6264 stexstor - ok 12:56:29.0635 6264 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 12:56:29.0651 6264 stisvc - ok 12:56:29.0729 6264 [ FF5EB78AF7DFB68C2FB363537AAF753E ] stllssvr c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe 12:56:29.0760 6264 stllssvr - ok 12:56:29.0791 6264 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 12:56:29.0791 6264 swenum - ok 12:56:29.0822 6264 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 12:56:29.0838 6264 swprv - ok 12:56:29.0900 6264 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 12:56:29.0916 6264 SysMain - ok 12:56:29.0963 6264 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 12:56:30.0009 6264 TabletInputService - ok 12:56:30.0041 6264 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 12:56:30.0041 6264 TapiSrv - ok 12:56:30.0087 6264 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 12:56:30.0087 6264 TBS - ok 12:56:30.0321 6264 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 12:56:30.0337 6264 Tcpip - ok 12:56:30.0384 6264 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 12:56:30.0384 6264 TCPIP6 - ok 12:56:30.0431 6264 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 12:56:30.0431 6264 tcpipreg - ok 12:56:30.0493 6264 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 12:56:30.0509 6264 TDPIPE - ok 12:56:30.0540 6264 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 12:56:30.0540 6264 TDTCP - ok 12:56:30.0571 6264 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 12:56:30.0571 6264 tdx - ok 12:56:30.0587 6264 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 12:56:30.0602 6264 TermDD - ok 12:56:30.0743 6264 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 12:56:30.0758 6264 TermService - ok 12:56:30.0758 6264 tgsrvc_verizondm - ok 12:56:30.0774 6264 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 12:56:30.0789 6264 Themes - ok 12:56:30.0821 6264 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 12:56:30.0821 6264 THREADORDER - ok 12:56:30.0836 6264 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 12:56:30.0852 6264 TrkWks - ok 12:56:30.0883 6264 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 12:56:30.0883 6264 TrustedInstaller - ok 12:56:30.0930 6264 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 12:56:30.0930 6264 tssecsrv - ok 12:56:30.0961 6264 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 12:56:30.0961 6264 TsUsbFlt - ok 12:56:31.0008 6264 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 12:56:31.0023 6264 tunnel - ok 12:56:31.0039 6264 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 12:56:31.0039 6264 uagp35 - ok 12:56:31.0070 6264 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 12:56:31.0086 6264 udfs - ok 12:56:31.0101 6264 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 12:56:31.0117 6264 UI0Detect - ok 12:56:31.0133 6264 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 12:56:31.0133 6264 uliagpkx - ok 12:56:31.0164 6264 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 12:56:31.0164 6264 umbus - ok 12:56:31.0211 6264 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 12:56:31.0211 6264 UmPass - ok 12:56:31.0226 6264 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 12:56:31.0242 6264 upnphost - ok 12:56:31.0273 6264 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 12:56:31.0273 6264 USBAAPL64 - ok 12:56:31.0320 6264 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 12:56:31.0320 6264 usbaudio - ok 12:56:31.0351 6264 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 12:56:31.0351 6264 usbccgp - ok 12:56:31.0382 6264 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 12:56:31.0382 6264 usbcir - ok 12:56:31.0398 6264 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 12:56:31.0398 6264 usbehci - ok 12:56:31.0429 6264 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 12:56:31.0429 6264 usbhub - ok 12:56:31.0429 6264 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 12:56:31.0445 6264 usbohci - ok 12:56:31.0445 6264 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 12:56:31.0445 6264 usbprint - ok 12:56:31.0507 6264 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 12:56:31.0507 6264 usbscan - ok 12:56:31.0507 6264 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 12:56:31.0507 6264 USBSTOR - ok 12:56:31.0523 6264 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 12:56:31.0523 6264 usbuhci - ok 12:56:31.0554 6264 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 12:56:31.0554 6264 UxSms - ok 12:56:31.0569 6264 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 12:56:31.0585 6264 VaultSvc - ok 12:56:31.0585 6264 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 12:56:31.0585 6264 vdrvroot - ok 12:56:31.0632 6264 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 12:56:31.0647 6264 vds - ok 12:56:31.0663 6264 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 12:56:31.0663 6264 vga - ok 12:56:31.0679 6264 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 12:56:31.0679 6264 VgaSave - ok 12:56:31.0694 6264 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 12:56:31.0694 6264 vhdmp - ok 12:56:31.0725 6264 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 12:56:31.0725 6264 viaide - ok 12:56:31.0741 6264 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 12:56:31.0788 6264 volmgr - ok 12:56:31.0835 6264 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 12:56:31.0835 6264 volmgrx - ok 12:56:31.0850 6264 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 12:56:31.0850 6264 volsnap - ok 12:56:31.0928 6264 [ 34756733F0480D68E519E80E22E05D12 ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe 12:56:31.0928 6264 vpnagent - ok 12:56:31.0991 6264 [ E526A69D932538AE8BC96B3F4A5A90B1 ] vpnva C:\Windows\system32\DRIVERS\vpnva64.sys 12:56:32.0037 6264 vpnva - ok 12:56:32.0069 6264 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 12:56:32.0084 6264 vsmraid - ok 12:56:32.0162 6264 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 12:56:32.0178 6264 VSS - ok 12:56:32.0193 6264 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 12:56:32.0209 6264 vwifibus - ok 12:56:32.0256 6264 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 12:56:32.0256 6264 W32Time - ok 12:56:32.0271 6264 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 12:56:32.0271 6264 WacomPen - ok 12:56:32.0303 6264 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 12:56:32.0318 6264 WANARP - ok 12:56:32.0318 6264 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 12:56:32.0318 6264 Wanarpv6 - ok 12:56:32.0412 6264 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 12:56:32.0427 6264 WatAdminSvc - ok 12:56:32.0490 6264 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 12:56:32.0505 6264 wbengine - ok 12:56:32.0505 6264 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 12:56:32.0521 6264 WbioSrvc - ok 12:56:32.0537 6264 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 12:56:32.0537 6264 wcncsvc - ok 12:56:32.0552 6264 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 12:56:32.0568 6264 WcsPlugInService - ok 12:56:32.0568 6264 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 12:56:32.0568 6264 Wd - ok 12:56:32.0615 6264 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys 12:56:32.0615 6264 WDC_SAM - ok 12:56:32.0661 6264 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 12:56:32.0677 6264 Wdf01000 - ok 12:56:32.0693 6264 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 12:56:32.0693 6264 WdiServiceHost - ok 12:56:32.0708 6264 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 12:56:32.0708 6264 WdiSystemHost - ok 12:56:32.0739 6264 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 12:56:32.0786 6264 WebClient - ok 12:56:32.0817 6264 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 12:56:32.0849 6264 Wecsvc - ok 12:56:32.0864 6264 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 12:56:32.0864 6264 wercplsupport - ok 12:56:32.0880 6264 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 12:56:32.0895 6264 WerSvc - ok 12:56:32.0895 6264 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 12:56:32.0895 6264 WfpLwf - ok 12:56:33.0145 6264 [ 1EF54B3220EBF3794439EB072B350F3E ] WHSConnector C:\Program Files\Windows Home Server\WHSConnector.exe 12:56:33.0145 6264 WHSConnector - ok 12:56:33.0207 6264 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys 12:56:33.0207 6264 WimFltr - ok 12:56:33.0223 6264 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 12:56:33.0223 6264 WIMMount - ok 12:56:33.0239 6264 WinDefend - ok 12:56:33.0239 6264 WinHttpAutoProxySvc - ok 12:56:33.0317 6264 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 12:56:33.0348 6264 Winmgmt - ok 12:56:33.0395 6264 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 12:56:33.0473 6264 WinRM - ok 12:56:33.0519 6264 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 12:56:33.0519 6264 WinUsb - ok 12:56:33.0597 6264 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 12:56:33.0597 6264 Wlansvc - ok 12:56:33.0972 6264 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 12:56:33.0987 6264 wlidsvc - ok 12:56:34.0034 6264 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 12:56:34.0034 6264 WmiAcpi - ok 12:56:34.0065 6264 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 12:56:34.0065 6264 wmiApSrv - ok 12:56:34.0081 6264 WMPNetworkSvc - ok 12:56:34.0128 6264 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 12:56:34.0128 6264 WPCSvc - ok 12:56:34.0175 6264 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 12:56:34.0221 6264 WPDBusEnum - ok 12:56:34.0221 6264 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 12:56:34.0221 6264 ws2ifsl - ok 12:56:34.0237 6264 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 12:56:34.0237 6264 wscsvc - ok 12:56:34.0237 6264 WSearch - ok 12:56:34.0346 6264 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 12:56:34.0377 6264 wuauserv - ok 12:56:34.0409 6264 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 12:56:34.0409 6264 WudfPf - ok 12:56:34.0424 6264 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 12:56:34.0424 6264 WUDFRd - ok 12:56:34.0455 6264 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 12:56:34.0518 6264 wudfsvc - ok 12:56:34.0549 6264 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 12:56:34.0565 6264 WwanSvc - ok 12:56:34.0565 6264 ================ Scan global =============================== 12:56:34.0596 6264 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 12:56:34.0643 6264 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 12:56:34.0643 6264 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 12:56:34.0674 6264 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 12:56:34.0705 6264 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 12:56:34.0721 6264 [Global] - ok 12:56:34.0721 6264 ================ Scan MBR ================================== 12:56:34.0721 6264 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0 12:56:35.0969 6264 \Device\Harddisk0\DR0 - ok 12:56:35.0969 6264 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1 12:56:35.0969 6264 \Device\Harddisk1\DR1 - ok 12:56:35.0969 6264 ================ Scan VBR ================================== 12:56:35.0984 6264 [ B419A001D8C1D26E4D7CCAD8AFB84FFB ] \Device\Harddisk0\DR0\Partition1 12:56:35.0984 6264 \Device\Harddisk0\DR0\Partition1 - ok 12:56:36.0015 6264 [ 64A9EC43A012282C8A1C9D825A0E2260 ] \Device\Harddisk0\DR0\Partition2 12:56:36.0015 6264 \Device\Harddisk0\DR0\Partition2 - ok 12:56:36.0015 6264 [ 8CA1FE5498586972083BAEA8C5B335B2 ] \Device\Harddisk1\DR1\Partition1 12:56:36.0015 6264 \Device\Harddisk1\DR1\Partition1 - ok 12:56:36.0015 6264 ============================================================ 12:56:36.0015 6264 Scan finished 12:56:36.0015 6264 ============================================================ 12:56:36.0015 3152 Detected object count: 0 12:56:36.0015 3152 Actual detected object count: 0

And Malwarebytes does not open due to "program blocked by group policy". This is after removing the suspicious registry entries

Yes, these 2 entries re-appear each time I re-start.

Upon restarting my computer and running RKill again, I found that 2 of the registry items had re=appeared. I will try deleting again. *************************************** RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Marc [Admin rights] Mode : Scan -- Date : 04/16/2013 11:35:01 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 8 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : wneehh (regsvr32.exe /s "C:\ProgramData\wneehh.dat") [-] -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-1614919336-1411973032-2412637700-1001[...]\Run : wneehh (regsvr32.exe /s "C:\ProgramData\wneehh.dat") [-] -> FOUND [TASK][sUSP PATH] Carbonite Upgrade Check : "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" /silent [x] -> FOUND [TASK][sUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} : "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" /silent $(Arg0) [x] -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 adobe.activate.com 127.0.0.1 adobeereg.com 127.0.0.1 www.adobeereg.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 125.252.224.90 127.0.0.1 125.252.224.91 [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HD754JJ +++++ --- User --- [MBR] 86c015542609df5c3cbb0256b4c18bc7 [bSP] b70017239a24bcc9c4980ea39ca71343 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 9342 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 19214336 | Size: 706021 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD1001FALS-00E8B0 +++++ --- User --- [MBR] 57230bd3f8163fb2e03144a25d6cecc0 [bSP] a634db8eae3eef68e3013819e30954c4 : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[4]_S_04162013_02d1135.txt >> RKreport[1]_S_04162013_02d0955.txt ; RKreport[2]_S_04162013_02d1105.txt ; RKreport[3]_D_04162013_02d1111.txt ; RKreport[4]_S_04162013_02d1135.txt

Here is report from aswMBR ******************************* aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software Run date: 2013-04-16 11:16:06 ----------------------------- 11:16:06.912 OS Version: Windows x64 6.1.7601 Service Pack 1 11:16:06.912 Number of processors: 8 586 0x1A05 11:16:06.912 ComputerName: MARC-PC UserName: Marc 11:16:07.567 Initialize success 11:16:26.755 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 11:16:26.755 Disk 0 Vendor: SAMSUNG_ 1AJ1 Size: 715404MB BusType: 3 11:16:26.755 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2 11:16:26.755 Disk 1 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 3 11:16:26.833 Disk 0 MBR read successfully 11:16:26.849 Disk 0 MBR scan 11:16:26.849 Disk 0 Windows VISTA default MBR code 11:16:26.849 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63 11:16:26.849 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 9342 MB offset 81920 11:16:26.864 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 706021 MB offset 19214336 11:16:26.880 Disk 0 scanning C:\Windows\system32\drivers 11:16:32.730 Service scanning 11:16:46.194 Modules scanning 11:16:46.209 Scan finished successfully 11:17:00.327 Disk 0 MBR has been saved successfully to "C:\Users\Marc\Desktop\cham\MBR.dat" 11:17:00.327 The log file has been saved successfully to "C:\Users\Marc\Desktop\cham\aswMBR.txt"

Thanks, I ran these programs as you advised. The Fix button was not enabled in asbMBR. Below is the report for Rkill ****************************************** RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Marc [Admin rights] Mode : Remove -- Date : 04/16/2013 11:11:39 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 12 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : wneehh (regsvr32.exe /s "C:\ProgramData\wneehh.dat") [-] -> DELETED [RUN][ROGUE ST] HKLM\[...]\Wow6432Node\RunOnce : 1 (C:\Users\Marc\Desktop\cham\mbam-chameleon-1.62.1.1000\mbam-chameleon.exe /r /p) -> NOT SELECTED [TASK][sUSP PATH] Carbonite Upgrade Check : "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" /silent [x] -> NOT SELECTED [TASK][sUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} : "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" /silent $(Arg0) [x] -> NOT SELECTED [HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2) [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1) [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 adobe.activate.com 127.0.0.1 adobeereg.com 127.0.0.1 www.adobeereg.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 125.252.224.90 127.0.0.1 125.252.224.91 [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HD754JJ +++++ --- User --- [MBR] 86c015542609df5c3cbb0256b4c18bc7 [bSP] b70017239a24bcc9c4980ea39ca71343 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 9342 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 19214336 | Size: 706021 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD1001FALS-00E8B0 +++++ --- User --- [MBR] 57230bd3f8163fb2e03144a25d6cecc0 [bSP] a634db8eae3eef68e3013819e30954c4 : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[3]_D_04162013_02d1111.txt >> RKreport[1]_S_04162013_02d0955.txt ; RKreport[2]_S_04162013_02d1105.txt ; RKreport[3]_D_04162013_02d1111.txt

Symptoms are as follows: (1) On some pages, Internet Explorer quickly refreshes to “This page can’t be displayed”, apparently because it cannot connect to https://fls.doubleclick.net, http://googleads.g.doubleclick.net, etc. (2) Neither McAfee or Malwarebytes is running or appear as tray icons (3) When I attempt to start either McAfee or Malwarebytes manually I get the message "This program is blocked by group policy. For more information, contact your system administrator." I search the archives and found a similar problem that was responded to by Maurice Naggar. http://forums.malwarebytes.org/index.php?showtopic=122559 Maurice suggested first running Rkill, which I did. I found what appear to be a number of issues. As Maurice said that the solution depended on the particular issues, I have not proceeded further. Please see Rkill report below. Any advice on how to solve would be appreciated. Thanks, Marc ********************************************************* RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Marc [Admin rights] Mode : Scan -- Date : 04/16/2013 09:55:43 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 16 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : wneehh (regsvr32.exe /s "C:\ProgramData\wneehh.dat") [-] -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-1614919336-1411973032-2412637700-1001[...]\Run : wneehh (regsvr32.exe /s "C:\ProgramData\wneehh.dat") [-] -> FOUND [TASK][sUSP PATH] Carbonite Upgrade Check : "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" /silent [x] -> FOUND [TASK][sUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} : "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" /silent $(Arg0) [x] -> FOUND [HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 adobe.activate.com 127.0.0.1 adobeereg.com 127.0.0.1 www.adobeereg.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 125.252.224.90 127.0.0.1 125.252.224.91 [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HD754JJ +++++ --- User --- [MBR] 86c015542609df5c3cbb0256b4c18bc7 [bSP] b70017239a24bcc9c4980ea39ca71343 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 9342 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 19214336 | Size: 706021 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD1001FALS-00E8B0 +++++ --- User --- [MBR] 57230bd3f8163fb2e03144a25d6cecc0 [bSP] a634db8eae3eef68e3013819e30954c4 : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_04162013_02d0955.txt >> RKreport[1]_S_04162013_02d0955.txt