ScottRT

I ended up doing a re-install of the factory image yesterday. (spend the rest of the day doing updates!). I do appreciate your help (paypal sent).

Nothing found! -------------------------------- Malwarebytes Anti-Rootkit BETA 1.06.1.1005www.malwarebytes.org Database version: v2013.08.22.10 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16660CVWS :: RIKKI-PC [administrator] 8/22/2013 4:48:34 PMmbar-log-2013-08-22 (16-48-34).txt Scan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2PScan options disabled: PUPObjects scanned: 418208Time elapsed: 10 minute(s), 30 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) Physical Sectors Detected: 0(No malicious items detected) (end)

JAVA 64 bit still wouldn't install. Tried while firewall & AV disabled, with Windows IE as default browser (have been using Safari since infection, IE was giving me infected file download errors when downloading recommended scan software)

Here is the combofix text file. Going to install Java. ---------------------------------------------- ComboFix 13-08-21.01 - CVWS 08/21/2013 18:41:14.2.8 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.6373 [GMT -7:00]Running from: c:\users\Scott\Desktop\ComboFix.exeAV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2013-07-22 to 2013-08-22 )))))))))))))))))))))))))))))))..2013-08-22 01:46 . 2013-08-22 01:46 -------- d-----w- c:\users\Scott New\AppData\Local\temp2013-08-22 01:46 . 2013-08-22 01:46 -------- d-----w- c:\users\Rikki\AppData\Local\temp2013-08-22 01:46 . 2013-08-22 01:46 -------- d-----w- c:\users\QBDataServiceUser21\AppData\Local\temp2013-08-21 09:52 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B0820A8C-A4C0-4E54-9AD3-A96655720796}\mpengine.dll2013-08-21 01:25 . 2013-07-15 10:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-08-20 02:15 . 2013-08-20 02:15 -------- d-----w- C:\_OTL2013-08-18 03:54 . 2013-08-18 03:54 -------- d-----w- c:\windows\ERUNT2013-08-17 22:01 . 2013-08-17 22:01 -------- d-----w- c:\users\Scott\My Backup Files2013-08-14 11:43 . 2013-05-02 15:29 278800 ------w- c:\windows\system32\MpSigStub.exe2013-08-14 03:23 . 2013-08-21 02:29 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)2013-08-14 01:58 . 2013-07-25 09:25 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL2013-08-14 01:57 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-08-13 04:04 . 2013-07-16 12:02 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll2013-08-13 04:04 . 2013-07-16 12:02 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C0FB82F4-9E23-4852-AA37-FBAA25C7AE14}\gapaengine.dll2013-08-13 04:00 . 2013-08-13 04:00 -------- d-----w- c:\program files (x86)\Microsoft Security Client2013-08-13 04:00 . 2013-08-13 04:00 -------- d-----w- c:\program files\Microsoft Security Client2013-08-13 01:26 . 2013-08-13 01:26 -------- d-s---w- c:\windows\SysWow64\Microsoft2013-08-13 00:39 . 2013-08-14 02:33 -------- d-----w- c:\users\CVWS2013-08-08 02:10 . 2012-11-02 09:51 185800 ----a-w- c:\programdata\Microsoft\Windows\Templates\VTechUninstall\ProductExtend.exe2013-08-08 02:10 . 2012-08-07 10:30 434112 ----a-w- c:\programdata\Microsoft\Windows\Templates\VTechUninstall\UninstallWizard.exe2013-08-08 02:10 . 2010-07-13 13:07 7826432 ----a-w- c:\programdata\Microsoft\Windows\Templates\VTechUninstall\QtGui4.dll2013-08-08 02:10 . 2010-06-24 01:16 2150400 ----a-w- c:\programdata\Microsoft\Windows\Templates\VTechUninstall\QtCore4.dll2013-08-08 02:10 . 2010-06-02 02:58 268800 ----a-w- c:\programdata\Microsoft\Windows\Templates\VTechUninstall\QtSvg4.dll2013-08-08 02:10 . 2010-06-02 02:29 934912 ----a-w- c:\programdata\Microsoft\Windows\Templates\VTechUninstall\QtNetwork4.dll2013-08-08 02:10 . 2010-06-02 02:28 335360 ----a-w- c:\programdata\Microsoft\Windows\Templates\VTechUninstall\QtXml4.dll2013-07-26 21:34 . 2012-08-21 20:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys2013-07-26 21:34 . 2013-08-14 01:56 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF692013-07-26 21:30 . 2013-07-26 21:30 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll2013-07-26 21:30 . 2013-07-26 21:30 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll2013-07-26 21:30 . 2013-07-26 21:30 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll2013-07-26 21:30 . 2013-07-26 21:30 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll2013-07-26 21:30 . 2013-07-26 21:30 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll2013-07-26 21:30 . 2013-07-26 21:30 -------- d-----w- c:\program files (x86)\QuickTime...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-08-21 01:37 . 2012-09-19 03:27 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll2013-08-21 01:37 . 2010-06-16 03:16 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll2013-08-14 02:04 . 2010-06-16 03:34 78161360 ----a-w- c:\windows\system32\MRT.exe2013-07-09 04:45 . 2013-08-14 01:58 44032 ----a-w- c:\windows\apppatch\acwow64.dll2013-06-19 04:50 . 2013-06-19 04:50 247216 ----a-w- c:\windows\system32\drivers\MpFilter.sys2013-06-19 04:50 . 2013-06-19 04:50 139616 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys2013-06-05 03:34 . 2013-07-10 15:08 3153920 ----a-w- c:\windows\system32\win32k.sys2013-06-04 06:00 . 2013-07-10 15:09 624128 ----a-w- c:\windows\system32\qedit.dll2013-06-04 04:53 . 2013-07-10 15:09 509440 ----a-w- c:\windows\SysWow64\qedit.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]"OEM05Mon.exe"="c:\windows\OEM05Mon.exe" [2007-05-09 36864]"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2013-03-01 2778424]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]"OTL"="c:\users\Scott\Desktop\OTL.exe" [2013-08-20 602112].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HD Writer.lnk - c:\program files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe [2012-1-8 292240]Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe /Startup [2010-12-2 5828952]QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-7-6 1156968]QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2008\QBW32.EXE -silent [2011-7-6 1178984].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".R2 0098141376356052mcinstcleanup;McAfee Application Installer Cleanup (0098141376356052);c:\users\Scott\AppData\Local\Temp\009814~1.EXE;c:\users\Scott\AppData\Local\Temp\009814~1.EXE [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]R3 QuickBooksDB21;QuickBooksDB21;c:\progra~2\Intuit\QUICKB~1\QBDBMgrN.exe;c:\progra~2\Intuit\QUICKB~1\QBDBMgrN.exe [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys;c:\windows\SYSNATIVE\DRIVERS\s1018bus.sys [x]R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdfl.sys [x]R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdm.sys [x]R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mgmt.sys [x]R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s1018nd5.sys [x]R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys;c:\windows\SYSNATIVE\DRIVERS\s1018obex.sys [x]R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys;c:\windows\SYSNATIVE\DRIVERS\s1018unic.sys [x]R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [x]S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]S3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;c:\windows\system32\Drivers\OEM05Afx.sys;c:\windows\SYSNATIVE\Drivers\OEM05Afx.sys [x]S3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;c:\windows\system32\DRIVERS\OEM05Vfx.sys;c:\windows\SYSNATIVE\DRIVERS\OEM05Vfx.sys [x]S3 OEM05Vid;Creative Camera OEM005 Driver;c:\windows\system32\DRIVERS\OEM05Vid.sys;c:\windows\SYSNATIVE\DRIVERS\OEM05Vid.sys [x]S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys;c:\windows\SYSNATIVE\DRIVERS\seehcri.sys [x]...--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-03 8158240]"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-21 1356240].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmTCP: DhcpNameServer = 192.168.2.1.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)AddRemove-{C73A3942-84C8-4597-9F9B-EE227DCBA758} - c:\programdata\{D19C2D22-6043-47E7-B400-83A351841204}\delldock.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-08-21 18:48:41ComboFix-quarantined-files.txt 2013-08-22 01:48.Pre-Run: 476,599,058,432 bytes freePost-Run: 476,283,428,864 bytes free.- - End Of File - - 6A8FF97F071824A83222DD9E0DFF9DB3CDB4DE4BBD714F152979DA2DCBEF57EB

Another interesting thing that occurred - the recycle bin was corrupted - showed it had stuff in it, but when opened, there was nothing there. I deleted it from the desktop (but I forgot how to point a shortcut back to it). Also, I have a directory in c:\Program Files (x86)\google\desktop\install that was coming up early in my scan process. It has a bunch of sub directories that eventually windows can't open as the "Location is not available". I could not access a 9th level directory with a name of "...". I did a quick scan with Malwarebytes and an MBAR rootkit scan. Nothing showed up.

D-FRED-BROWN, It was strange that my version of Acrobat reader was 10 (X), but I noticed one the logs as well that said version 7. I uninstalled all Adobe stuff and installed reader XI. I also implemented the sandbox precautions on the new version. There was an old version of Java (2010) installed along with a newer one (2012). I uninstalled both, starting with the newer one. Reinstall of the new version didn't work - java said to install the 32 bit version due to browser compatibility although my OS is 64 bit. The test page didn't work so I uninstalled it. I didn't install Java back on the computer. Thoughts?

I found the OTL report (attached below) and the AdwCleaner is below that (I guess I got excited a couple days ago with the progress being made and started running the program actions vs. just posting logs - sorry about that! ) OTL logfile created on: 8/19/2013 6:10:03 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Scott\Desktop64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.10.9200.16660)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.99 Gb Total Physical Memory | 5.87 Gb Available Physical Memory | 73.48% Memory free15.98 Gb Paging File | 13.34 Gb Available in Paging File | 83.51% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 585.25 Gb Total Space | 439.65 Gb Free Space | 75.12% Space Free | Partition Type: NTFSDrive E: | 3.75 Gb Total Space | 2.35 Gb Free Space | 62.63% Space Free | Partition Type: FAT32 Computer Name: RIKKI-PC | User Name: CVWS | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/08/19 18:07:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Scott\Desktop\OTL.exePRC - [2013/08/01 05:44:18 | 002,807,608 | ---- | M] (Intuit Inc. All rights reserved.) -- C:\Users\Scott\AppData\Local\Intuit\SyncManager\Current\IntuitSyncManager.exePRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exePRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exePRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exePRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exePRC - [2011/08/18 08:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exePRC - [2011/07/06 10:47:16 | 001,156,968 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exePRC - [2011/07/06 10:45:32 | 001,178,984 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2008\QBW32.EXEPRC - [2011/07/06 09:39:58 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exePRC - [2011/06/30 13:25:52 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exePRC - [2010/12/15 19:53:44 | 000,292,240 | ---- | M] (Panasonic Corporation) -- C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exePRC - [2010/04/28 00:36:44 | 000,679,936 | ---- | M] (Intuit, Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2008\QBDBMgrN.exePRC - [2009/12/29 14:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exePRC - [2009/06/04 17:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exePRC - [2009/06/04 17:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exePRC - [2007/05/09 01:00:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM05Mon.exe ========== Modules (No Company Name) ========== MOD - [2013/08/13 20:05:44 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\e043ad64456256a8ee5b934e227d9782\System.Runtime.Serialization.ni.dllMOD - [2013/08/13 20:05:44 | 001,084,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c8ebe1bcee19f2a9ae9331eb860a3748\System.IdentityModel.ni.dllMOD - [2013/08/13 20:05:42 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\1327ad2637aab17189c5461fbf30dc19\SMDiagnostics.ni.dllMOD - [2013/08/13 20:05:41 | 017,477,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\7325e254b75c1bc559633857d1ff867f\System.ServiceModel.ni.dllMOD - [2013/08/13 20:05:04 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\9e38ddbb3a90cc3e782a0640788b1fcb\System.Core.ni.dllMOD - [2013/08/13 19:19:41 | 011,914,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8dc1c182cd1f10cd2abcfecd01fe9eeb\System.Web.ni.dllMOD - [2013/08/13 19:19:12 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dllMOD - [2013/08/13 19:19:06 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dllMOD - [2013/08/13 19:18:51 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dllMOD - [2013/08/13 19:18:48 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dllMOD - [2013/08/13 19:18:46 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dllMOD - [2013/07/11 07:13:56 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\8c20095bd7d46cdfa7933eb258a07daa\Accessibility.ni.dllMOD - [2013/07/11 07:13:24 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dllMOD - [2011/07/06 10:46:14 | 000,125,288 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2008\QBMAPILibrary.dllMOD - [2011/07/06 10:46:12 | 000,020,840 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2008\QBCompressor.DLLMOD - [2011/07/06 10:45:56 | 000,042,344 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2008\mbpopup.dllMOD - [2011/07/06 10:45:38 | 000,268,648 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2008\boost_regex-vc90-mt-p-1_33.dllMOD - [2011/07/06 10:45:38 | 000,176,488 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2008\boost_serialization-vc90-mt-p-1_33.dllMOD - [2011/07/06 10:45:36 | 000,346,984 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2008\BackupLib.dllMOD - [2011/04/30 08:23:12 | 000,024,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Interop.QBInstanceFinder\21.0.0.0__5b3f47ba29970ccb\Interop.QBInstanceFinder.dllMOD - [2010/12/14 21:53:20 | 000,210,944 | ---- | M] () -- C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\MSResource\MSTextResource.dllMOD - [2005/07/20 00:18:00 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2008\zlib1.dll ========== Services (SafeList) ========== SRV:64bit: - [2013/06/20 20:33:08 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)SRV:64bit: - [2013/06/20 20:33:08 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)SRV - [2013/06/12 07:25:09 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)SRV - [2011/08/18 08:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)SRV - [2011/07/06 09:39:58 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)SRV - [2011/06/30 13:25:52 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)SRV - [2010/06/09 23:56:32 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)SRV - [2010/04/28 00:36:44 | 000,679,936 | ---- | M] (Intuit, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Intuit\QuickBooks 2008\QBDBMgrN.exe -- (QuickBooksDB21)SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2009/07/23 22:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)SRV - [2009/06/26 09:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe -- (RoxMediaDB10)SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)SRV - [2009/06/04 17:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/08/17 14:34:22 | 000,036,680 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)DRV:64bit: - [2013/02/18 09:22:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2010/05/13 15:10:04 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)DRV:64bit: - [2009/07/24 19:58:56 | 000,100,776 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV:64bit: - [2009/06/04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)DRV:64bit: - [2009/06/04 17:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)DRV:64bit: - [2009/05/22 23:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)DRV:64bit: - [2008/11/04 10:52:36 | 000,145,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018unic.sys -- (s1018unic)DRV:64bit: - [2008/11/04 10:52:36 | 000,132,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mgmt.sys -- (s1018mgmt)DRV:64bit: - [2008/11/04 10:52:36 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018obex.sys -- (s1018obex)DRV:64bit: - [2008/11/04 10:52:36 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018nd5.sys -- (s1018nd5)DRV:64bit: - [2008/11/04 10:52:32 | 000,152,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdm.sys -- (s1018mdm)DRV:64bit: - [2008/11/04 10:52:32 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdfl.sys -- (s1018mdfl)DRV:64bit: - [2008/11/04 10:52:30 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018bus.sys -- (s1018bus)DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)DRV:64bit: - [2008/01/09 12:28:20 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\seehcri.sys -- (seehcri)DRV:64bit: - [2007/07/20 01:00:00 | 000,266,720 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OEM05Vid.sys -- (OEM05Vid)DRV:64bit: - [2007/06/08 01:00:02 | 000,212,864 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OEM05Afx.sys -- (OEM05Afx)DRV:64bit: - [2007/03/05 18:55:48 | 000,012,288 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OEM05Vfx.sys -- (OEM05Vfx)DRV:64bit: - [2006/11/01 09:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)DRV - [2010/07/07 18:38:50 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)DRV - [2010/05/13 15:10:04 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)DRV - [2009/06/26 08:27:28 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7IE:64bit: - HKLM\..\SearchScopes\{B254A2CA-0663-45FF-A441-9C5C79DAC981}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBoxIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{603F92DC-8A1E-4478-87D6-0825C0DFE151}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBoxIE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-598081582-2854634212-1293884500-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1IE - HKU\S-1-5-21-598081582-2854634212-1293884500-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=iehpIE - HKU\S-1-5-21-598081582-2854634212-1293884500-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}IE - HKU\S-1-5-21-598081582-2854634212-1293884500-1003\..\SearchScopes\{603F92DC-8A1E-4478-87D6-0825C0DFE151}: "URL" = http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBoxIE - HKU\S-1-5-21-598081582-2854634212-1293884500-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_enUS435IE - HKU\S-1-5-21-598081582-2854634212-1293884500-1003\..\SearchScopes\{6A539A22-0CD3-4D09-B31A-AC4D67876F52}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}IE - HKU\S-1-5-21-598081582-2854634212-1293884500-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-598081582-2854634212-1293884500-1006\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-598081582-2854634212-1293884500-1009\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-598081582-2854634212-1293884500-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll File not foundFF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext O1 HOSTS File: ([2013/08/17 15:42:10 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKU\S-1-5-21-598081582-2854634212-1293884500-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.O3 - HKU\S-1-5-21-598081582-2854634212-1293884500-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.O3 - HKU\S-1-5-21-598081582-2854634212-1293884500-1003\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.O4:64bit: - HKLM..\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)O4 - HKLM..\Run: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)O4 - HKLM..\Run: [OEM05Mon.exe] C:\Windows\OEM05Mon.exe (Creative Technology Ltd.)O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)O4 - HKU\S-1-5-21-598081582-2854634212-1293884500-1003..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not foundO4 - HKU\S-1-5-21-598081582-2854634212-1293884500-1006..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-21-598081582-2854634212-1293884500-1003..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe -update activex File not foundO4 - HKU\S-1-5-21-598081582-2854634212-1293884500-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - Startup: C:\Users\QBDataServiceUser18\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not foundO4 - Startup: C:\Users\QBDataServiceUser21\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not foundO4 - Startup: C:\Users\Rikki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not foundO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-598081582-2854634212-1293884500-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-598081582-2854634212-1293884500-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-21-598081582-2854634212-1293884500-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2O7 - HKU\S-1-5-21-598081582-2854634212-1293884500-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1O7 - HKU\S-1-5-21-598081582-2854634212-1293884500-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-598081582-2854634212-1293884500-1009\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-598081582-2854634212-1293884500-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-21-598081582-2854634212-1293884500-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O7 - HKU\S-1-5-21-598081582-2854634212-1293884500-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2O7 - HKU\S-1-5-21-598081582-2854634212-1293884500-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)O13 - gopher Prefix: missingO16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)O16:64bit: - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Key error.)O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06A868B5-B0B4-40C8-9A0D-5AAB485034EA}: DhcpNameServer = 192.168.2.1O18:64bit: - Protocol\Handler\intu-help-qb4 - No CLSID value foundO18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\qbwc - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not foundO21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O32 - HKLM CDRom: AutoRun - 1O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/08/17 20:54:58 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT[2013/08/17 15:56:46 | 000,000,000 | ---D | C] -- C:\Users\CVWS\AppData\Roaming\Malwarebytes[2013/08/17 15:44:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN[2013/08/17 15:44:15 | 000,000,000 | ---D | C] -- C:\Windows\temp[2013/08/17 15:44:15 | 000,000,000 | ---D | C] -- C:\Users\CVWS\AppData\Local\temp[2013/08/17 15:33:35 | 000,000,000 | ---D | C] -- C:\Windows\erdnt[2013/08/13 20:23:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)[2013/08/13 19:54:54 | 000,000,000 | ---D | C] -- C:\Users\CVWS\Desktop\mbar[2013/08/13 19:49:06 | 000,000,000 | ---D | C] -- C:\Windows\pss[2013/08/13 19:09:35 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll[2013/08/13 19:09:34 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll[2013/08/13 19:09:33 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll[2013/08/13 19:09:33 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll[2013/08/13 19:09:33 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe[2013/08/13 19:09:33 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe[2013/08/13 19:09:33 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll[2013/08/13 19:09:33 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll[2013/08/13 19:09:33 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe[2013/08/13 19:09:33 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll[2013/08/13 19:09:33 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll[2013/08/13 19:09:31 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll[2013/08/13 19:09:31 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll[2013/08/13 19:09:31 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll[2013/08/13 19:09:30 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll[2013/08/13 18:58:56 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL[2013/08/13 18:58:56 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL[2013/08/13 18:58:43 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll[2013/08/13 18:58:43 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll[2013/08/13 18:58:42 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll[2013/08/13 18:58:09 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll[2013/08/13 18:58:08 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe[2013/08/13 18:58:07 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe[2013/08/13 18:58:07 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe[2013/08/13 18:58:07 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll[2013/08/13 18:58:07 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll[2013/08/13 18:58:06 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe[2013/08/13 18:58:06 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll[2013/08/13 18:58:06 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe[2013/08/13 18:58:06 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll[2013/08/13 18:58:06 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe[2013/08/13 18:53:45 | 000,000,000 | ---D | C] -- C:\Users\CVWS\AppData\Local\Apple Computer[2013/08/12 21:07:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll[2013/08/12 21:07:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe[2013/08/12 21:07:10 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll[2013/08/12 21:07:09 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys[2013/08/12 21:07:09 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys[2013/08/12 21:07:08 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe[2013/08/12 21:07:08 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll[2013/08/12 21:07:08 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll[2013/08/12 21:07:08 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll[2013/08/12 21:07:08 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll[2013/08/12 21:07:08 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll[2013/08/12 21:07:08 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe[2013/08/12 21:07:08 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll[2013/08/12 21:07:08 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll[2013/08/12 21:07:08 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll[2013/08/12 21:07:08 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll[2013/08/12 21:07:08 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll[2013/08/12 21:07:08 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll[2013/08/12 21:07:08 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll[2013/08/12 21:07:07 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll[2013/08/12 21:07:07 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll[2013/08/12 21:07:07 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll[2013/08/12 21:07:07 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe[2013/08/12 21:07:07 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe[2013/08/12 21:00:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client[2013/08/12 21:00:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client[2013/08/12 18:37:54 | 000,000,000 | ---D | C] -- C:\Windows\softwaredistribution[2013/08/12 18:26:07 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft[2013/08/12 17:40:39 | 000,000,000 | ---D | C] -- C:\Users\CVWS\AppData\Roaming\Real[2013/08/12 17:40:39 | 000,000,000 | ---D | C] -- C:\Users\CVWS\AppData\Local\Intuit[2013/08/12 17:40:39 | 000,000,000 | ---D | C] -- C:\Users\CVWS\AppData\Roaming\Apple Computer[2013/08/12 17:39:51 | 000,000,000 | ---D | C] -- C:\Users\CVWS\AppData\Roaming\Adobe[2013/08/12 17:39:48 | 000,000,000 | R--D | C] -- C:\Users\CVWS\Searches[2013/08/12 17:39:48 | 000,000,000 | R--D | C] -- C:\Users\CVWS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools[2013/08/12 17:39:48 | 000,000,000 | -H-D | C] -- C:\Users\CVWS\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned[2013/08/12 17:39:43 | 000,000,000 | ---D | C] -- C:\Users\CVWS\AppData\Roaming\Identities[2013/08/12 17:39:41 | 000,000,000 | R--D | C] -- C:\Users\CVWS\Contacts[2013/08/12 17:39:40 | 000,000,000 | ---D | C] -- C:\Users\CVWS\AppData\Local\VirtualStore[2013/08/12 17:39:08 | 000,000,000 | -HSD | C] -- C:\Users\CVWS\AppData\Local\Temporary Internet Files[2013/08/12 17:39:08 | 000,000,000 | -HSD | C] -- C:\Users\CVWS\Templates[2013/08/12 17:39:08 | 000,000,000 | -HSD | C] -- C:\Users\CVWS\Start Menu[2013/08/12 17:39:08 | 000,000,000 | -HSD | C] -- C:\Users\CVWS\SendTo[2013/08/12 17:39:08 | 000,000,000 | -HSD | C] -- C:\Users\CVWS\Recent[2013/08/12 17:39:08 | 000,000,000 | -HSD | C] -- C:\Users\CVWS\PrintHood[2013/08/12 17:39:08 | 000,000,000 | -HSD | C] -- C:\Users\CVWS\NetHood[2013/08/12 17:39:08 | 000,000,000 | -HSD | C] -- C:\Users\CVWS\Documents\My Videos[2013/08/12 17:39:08 | 000,000,000 | -HSD | C] -- C:\Users\CVWS\Documents\My Pictures[2013/08/12 17:39:08 | 000,000,000 | -HSD | C] -- C:\Users\CVWS\Documents\My Music[2013/08/12 17:39:08 | 000,000,000 | -HSD | C] -- C:\Users\CVWS\My Documents[2013/08/12 17:39:08 | 000,000,000 | -HSD | C] -- C:\Users\CVWS\Local Settings[2013/08/12 17:39:08 | 000,000,000 | -HSD | C] -- C:\Users\CVWS\AppData\Local\History[2013/08/12 17:39:08 | 000,000,000 | -HSD | C] -- C:\Users\CVWS\Cookies[2013/08/12 17:39:08 | 000,000,000 | -HSD | C] -- C:\Users\CVWS\Application Data[2013/08/12 17:39:08 | 000,000,000 | -HSD | C] -- C:\Users\CVWS\AppData\Local\Application Data[2013/08/12 17:39:07 | 000,000,000 | --SD | C] -- C:\Users\CVWS\AppData\Roaming\Microsoft[2013/08/12 17:39:07 | 000,000,000 | R--D | C] -- C:\Users\CVWS\Videos[2013/08/12 17:39:07 | 000,000,000 | R--D | C] -- C:\Users\CVWS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup[2013/08/12 17:39:07 | 000,000,000 | R--D | C] -- C:\Users\CVWS\Saved Games[2013/08/12 17:39:07 | 000,000,000 | R--D | C] -- C:\Users\CVWS\Pictures[2013/08/12 17:39:07 | 000,000,000 | R--D | C] -- C:\Users\CVWS\Music[2013/08/12 17:39:07 | 000,000,000 | R--D | C] -- C:\Users\CVWS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance[2013/08/12 17:39:07 | 000,000,000 | R--D | C] -- C:\Users\CVWS\Links[2013/08/12 17:39:07 | 000,000,000 | R--D | C] -- C:\Users\CVWS\Favorites[2013/08/12 17:39:07 | 000,000,000 | R--D | C] -- C:\Users\CVWS\Downloads[2013/08/12 17:39:07 | 000,000,000 | R--D | C] -- C:\Users\CVWS\Documents[2013/08/12 17:39:07 | 000,000,000 | R--D | C] -- C:\Users\CVWS\Desktop[2013/08/12 17:39:07 | 000,000,000 | R--D | C] -- C:\Users\CVWS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories[2013/08/12 17:39:07 | 000,000,000 | -H-D | C] -- C:\Users\CVWS\AppData[2013/08/12 17:39:07 | 000,000,000 | ---D | C] -- C:\Users\CVWS\AppData\Local\SoftThinks[2013/08/12 17:39:07 | 000,000,000 | ---D | C] -- C:\Users\CVWS\AppData\Local\Microsoft Help[2013/08/12 17:39:07 | 000,000,000 | ---D | C] -- C:\Users\CVWS\AppData\Local\Microsoft[2013/08/12 17:39:07 | 000,000,000 | ---D | C] -- C:\Users\CVWS\AppData\Roaming\Media Center Programs[2013/08/12 17:39:07 | 000,000,000 | ---D | C] -- C:\Users\CVWS\AppData\Roaming\Macromedia[2013/07/26 14:34:37 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys[2013/07/26 14:34:11 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69[2013/07/26 14:30:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime[2013/07/26 14:30:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime[2013/07/21 21:26:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT ========== Files - Modified Within 30 Days ========== [2013/08/19 17:25:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2013/08/19 16:17:33 | 000,730,338 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2013/08/19 16:17:33 | 000,627,066 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2013/08/19 16:17:33 | 000,107,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2013/08/19 05:42:40 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2013/08/19 05:42:40 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2013/08/19 05:35:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2013/08/19 05:35:06 | 2140,393,471 | -HS- | M] () -- C:\hiberfil.sys[2013/08/17 20:07:47 | 000,001,123 | ---- | M] () -- C:\Users\CVWS\Desktop\Continue Zip Opener Installation.lnk[2013/08/17 15:42:10 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts[2013/08/17 14:34:22 | 000,036,680 | ---- | M] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys[2013/08/13 19:54:00 | 000,190,024 | ---- | M] () -- C:\Users\CVWS\Documents\cc_20130813_195337.reg[2013/08/13 19:39:48 | 000,001,409 | ---- | M] () -- C:\Users\CVWS\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk[2013/08/13 19:37:31 | 000,002,515 | ---- | M] () -- C:\Users\CVWS\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk[2013/08/13 19:37:31 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk[2013/08/13 19:33:03 | 000,000,632 | RHS- | M] () -- C:\Users\CVWS\ntuser.pol[2013/08/12 21:06:55 | 000,002,057 | ---- | M] () -- C:\Windows\epplauncher.mif[2013/07/31 15:30:13 | 003,231,744 | ---- | M] () -- C:\ThorenOakenshield.ezb[2013/07/26 14:30:36 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk[2013/07/25 22:13:58 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe[2013/07/25 22:12:27 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll[2013/07/25 22:12:08 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll[2013/07/25 22:12:08 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll[2013/07/25 22:12:04 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll[2013/07/25 22:12:04 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll[2013/07/25 22:12:03 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll[2013/07/25 22:12:03 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll[2013/07/25 20:12:04 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll[2013/07/25 20:12:00 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll[2013/07/25 20:12:00 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll[2013/07/25 20:12:00 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll[2013/07/25 20:11:59 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll[2013/07/25 19:39:38 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe[2013/07/25 18:59:38 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe[2013/07/25 02:25:54 | 001,888,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL[2013/07/25 01:57:27 | 001,620,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL ========== Files Created - No Company Name ========== [2013/08/17 20:07:47 | 000,001,123 | ---- | C] () -- C:\Users\CVWS\Desktop\Continue Zip Opener Installation.lnk[2013/08/17 14:34:22 | 000,036,680 | ---- | C] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys[2013/08/13 19:53:50 | 000,190,024 | ---- | C] () -- C:\Users\CVWS\Documents\cc_20130813_195337.reg[2013/08/13 19:39:48 | 000,001,409 | ---- | C] () -- C:\Users\CVWS\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk[2013/08/13 19:37:31 | 000,002,515 | ---- | C] () -- C:\Users\CVWS\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk[2013/08/12 21:01:06 | 000,002,057 | ---- | C] () -- C:\Windows\epplauncher.mif[2013/08/12 21:00:51 | 000,002,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk[2013/08/12 17:39:51 | 000,001,415 | ---- | C] () -- C:\Users\CVWS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk[2013/08/12 17:39:09 | 000,000,632 | RHS- | C] () -- C:\Users\CVWS\ntuser.pol[2013/08/12 17:39:07 | 000,000,290 | ---- | C] () -- C:\Users\CVWS\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk[2013/08/12 17:39:07 | 000,000,272 | ---- | C] () -- C:\Users\CVWS\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk[2013/07/26 14:30:36 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk[2011/12/30 19:32:40 | 000,013,042 | -HS- | C] () -- C:\ProgramData\kja31hu26sc3cxaxsplg387601l8ryf753e50jlstv8[2011/11/22 19:58:57 | 000,216,412 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat[2010/07/07 18:49:29 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt ========== ZeroAccess Check ========== [2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:C22674B6 < End of report > ------------------------------------------------ # AdwCleaner v2.306 - Logfile created 08/19/2013 at 19:24:57# Updated 19/07/2013 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : CVWS - RIKKI-PC# Boot Mode : Normal# Running from : C:\Users\Scott\Desktop\AdwCleaner.exe# Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16660 [OK] Registry is clean. ************************* AdwCleaner[R2].txt - [1343 octets] - [17/08/2013 20:45:20]AdwCleaner[R3].txt - [760 octets] - [17/08/2013 20:48:22]AdwCleaner[R4].txt - [878 octets] - [19/08/2013 19:24:21]AdwCleaner[s1].txt - [1419 octets] - [17/08/2013 20:45:33]AdwCleaner[s2].txt - [819 octets] - [17/08/2013 20:49:54]AdwCleaner[s3].txt - [812 octets] - [19/08/2013 19:24:57] ########## EOF - \AdwCleaner[s3].txt - [871 octets] ##########

The OTL ran, rebooted, but did not open a report after logging back in. Is there a place where I can retrieve it?

Here are the OTL reports - thanks OTL logfile created on: 8/19/2013 6:10:03 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Scott\Desktop64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.10.9200.16660)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.99 Gb Total Physical Memory | 5.87 Gb Available Physical Memory | 73.48% Memory free15.98 Gb Paging File | 13.34 Gb Available in Paging File | 83.51% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 585.25 Gb Total Space | 439.65 Gb Free Space | 75.12% Space Free | Partition Type: NTFSDrive E: | 3.75 Gb Total Space | 2.35 Gb Free Space | 62.63% Space Free | Partition Type: FAT32 Computer Name: RIKKI-PC | User Name: CVWS | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/08/19 18:07:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Scott\Desktop\OTL.exePRC - [2013/08/01 05:44:18 | 002,807,608 | ---- | M] (Intuit Inc. All rights reserved.) -- C:\Users\Scott\AppData\Local\Intuit\SyncManager\Current\IntuitSyncManager.exePRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exePRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exePRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exePRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exePRC - [2011/08/18 08:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exePRC - [2011/07/06 10:47:16 | 001,156,968 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exePRC - [2011/07/06 10:45:32 | 001,178,984 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2008\QBW32.EXEPRC - [2011/07/06 09:39:58 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exePRC - [2011/06/30 13:25:52 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exePRC - [2010/12/15 19:53:44 | 000,292,240 | ---- | M] (Panasonic Corporation) -- C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exePRC - [2010/04/28 00:36:44 | 000,679,936 | ---- | M] (Intuit, Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2008\QBDBMgrN.exePRC - [2009/12/29 14:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exePRC - [2009/06/04 17:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exePRC - [2009/06/04 17:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exePRC - [2007/05/09 01:00:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM05Mon.exe ========== Modules (No Company Name) ========== MOD - [2013/08/13 20:05:44 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\e043ad64456256a8ee5b934e227d9782\System.Runtime.Serialization.ni.dllMOD - [2013/08/13 20:05:44 | 001,084,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c8ebe1bcee19f2a9ae9331eb860a3748\System.IdentityModel.ni.dllMOD - [2013/08/13 20:05:42 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\1327ad2637aab17189c5461fbf30dc19\SMDiagnostics.ni.dllMOD - [2013/08/13 20:05:41 | 017,477,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\7325e254b75c1bc559633857d1ff867f\System.ServiceModel.ni.dllMOD - [2013/08/13 20:05:04 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\9e38ddbb3a90cc3e782a0640788b1fcb\System.Core.ni.dllMOD - [2013/08/13 19:19:41 | 011,914,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8dc1c182cd1f10cd2abcfecd01fe9eeb\System.Web.ni.dllMOD - [2013/08/13 19:19:12 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dllMOD - [2013/08/13 19:19:06 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dllMOD - [2013/08/13 19:18:51 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dllMOD - [2013/08/13 19:18:48 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dllMOD - [2013/08/13 19:18:46 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dllMOD - [2013/07/11 07:13:56 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\8c20095bd7d46cdfa7933eb258a07daa\Accessibility.ni.dllMOD - [2013/07/11 07:13:24 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dllMOD - [2011/07/06 10:46:14 | 000,125,288 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2008\QBMAPILibrary.dllMOD - [2011/07/06 10:46:12 | 000,020,840 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2008\QBCompressor.DLLMOD - [2011/07/06 10:45:56 | 000,042,344 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2008\mbpopup.dllMOD - [2011/07/06 10:45:38 | 000,268,648 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2008\boost_regex-vc90-mt-p-1_33.dllMOD - [2011/07/06 10:45:38 | 000,176,488 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2008\boost_serialization-vc90-mt-p-1_33.dllMOD - [2011/07/06 10:45:36 | 000,346,984 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2008\BackupLib.dllMOD - [2011/04/30 08:23:12 | 000,024,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Interop.QBInstanceFinder\21.0.0.0__5b3f47ba29970ccb\Interop.QBInstanceFinder.dllMOD - [2010/12/14 21:53:20 | 000,210,944 | ---- | M] () -- C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\MSResource\MSTextResource.dllMOD - [2005/07/20 00:18:00 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2008\zlib1.dll ========== Services (SafeList) ========== SRV:64bit: - [2013/06/20 20:33:08 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)SRV:64bit: - [2013/06/20 20:33:08 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)SRV - [2013/06/12 07:25:09 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)SRV - [2011/08/18 08:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)SRV - [2011/07/06 09:39:58 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)SRV - [2011/06/30 13:25:52 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)SRV - [2010/06/09 23:56:32 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)SRV - [2010/04/28 00:36:44 | 000,679,936 | ---- | M] (Intuit, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Intuit\QuickBooks 2008\QBDBMgrN.exe -- (QuickBooksDB21)SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2009/07/23 22:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)SRV - [2009/06/26 09:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe -- (RoxMediaDB10)SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)SRV - [2009/06/04 17:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/08/17 14:34:22 | 000,036,680 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)DRV:64bit: - [2013/02/18 09:22:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2010/05/13 15:10:04 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)DRV:64bit: - [2009/07/24 19:58:56 | 000,100,776 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV:64bit: - [2009/06/04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)DRV:64bit: - [2009/06/04 17:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)DRV:64bit: - [2009/05/22 23:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)DRV:64bit: - [2008/11/04 10:52:36 | 000,145,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018unic.sys -- (s1018unic)DRV:64bit: - [2008/11/04 10:52:36 | 000,132,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mgmt.sys -- (s1018mgmt)DRV:64bit: - [2008/11/04 10:52:36 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018obex.sys -- (s1018obex)DRV:64bit: - [2008/11/04 10:52:36 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018nd5.sys -- (s1018nd5)DRV:64bit: - [2008/11/04 10:52:32 | 000,152,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdm.sys -- (s1018mdm)DRV:64bit: - [2008/11/04 10:52:32 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdfl.sys -- (s1018mdfl)DRV:64bit: - [2008/11/04 10:52:30 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018bus.sys -- (s1018bus)DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)DRV:64bit: - [2008/01/09 12:28:20 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\seehcri.sys -- (seehcri)DRV:64bit: - [2007/07/20 01:00:00 | 000,266,720 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OEM05Vid.sys -- (OEM05Vid)DRV:64bit: - [2007/06/08 01:00:02 | 000,212,864 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OEM05Afx.sys -- (OEM05Afx)DRV:64bit: - [2007/03/05 18:55:48 | 000,012,288 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OEM05Vfx.sys -- (OEM05Vfx)DRV:64bit: - [2006/11/01 09:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)DRV - [2010/07/07 18:38:50 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)DRV - [2010/05/13 15:10:04 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)DRV - [2009/06/26 08:27:28 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7IE:64bit: - HKLM\..\SearchScopes\{B254A2CA-0663-45FF-A441-9C5C79DAC981}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBoxIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{603F92DC-8A1E-4478-87D6-0825C0DFE151}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBoxIE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-598081582-2854634212-1293884500-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1IE - HKU\S-1-5-21-598081582-2854634212-1293884500-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=iehpIE - HKU\S-1-5-21-598081582-2854634212-1293884500-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}IE - HKU\S-1-5-21-598081582-2854634212-1293884500-1003\..\SearchScopes\{603F92DC-8A1E-4478-87D6-0825C0DFE151}: "URL" = http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBoxIE - HKU\S-1-5-21-598081582-2854634212-1293884500-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_enUS435IE - HKU\S-1-5-21-598081582-2854634212-1293884500-1003\..\SearchScopes\{6A539A22-0CD3-4D09-B31A-AC4D67876F52}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}IE - HKU\S-1-5-21-598081582-2854634212-1293884500-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-598081582-2854634212-1293884500-1006\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-598081582-2854634212-1293884500-1009\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-598081582-2854634212-1293884500-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll File not foundFF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext O1 HOSTS File: ([2013/08/17 15:42:10 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKU\S-1-5-21-598081582-2854634212-1293884500-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.O3 - HKU\S-1-5-21-598081582-2854634212-1293884500-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.O3 - HKU\S-1-5-21-598081582-2854634212-1293884500-1003\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.O4:64bit: - HKLM..\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)O4 - HKLM..\Run: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)O4 - HKLM..\Run: [OEM05Mon.exe] C:\Windows\OEM05Mon.exe (Creative Technology Ltd.)O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)O4 - HKU\S-1-5-21-598081582-2854634212-1293884500-1003..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not foundO4 - HKU\S-1-5-21-598081582-2854634212-1293884500-1006..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-21-598081582-2854634212-1293884500-1003..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe -update activex File not foundO4 - HKU\S-1-5-21-598081582-2854634212-1293884500-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - Startup: C:\Users\QBDataServiceUser18\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not foundO4 - Startup: C:\Users\QBDataServiceUser21\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not foundO4 - Startup: C:\Users\Rikki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not foundO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-598081582-2854634212-1293884500-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-598081582-2854634212-1293884500-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-21-598081582-2854634212-1293884500-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2O7 - HKU\S-1-5-21-598081582-2854634212-1293884500-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1O7 - HKU\S-1-5-21-598081582-2854634212-1293884500-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-598081582-2854634212-1293884500-1009\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-598081582-2854634212-1293884500-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-21-598081582-2854634212-1293884500-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O7 - HKU\S-1-5-21-598081582-2854634212-1293884500-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2O7 - HKU\S-1-5-21-598081582-2854634212-1293884500-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)O13 - gopher Prefix: missingO16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)O16:64bit: - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Key error.)O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06A868B5-B0B4-40C8-9A0D-5AAB485034EA}: DhcpNameServer = 192.168.2.1O18:64bit: - Protocol\Handler\intu-help-qb4 - No CLSID value foundO18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\qbwc - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not foundO21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O32 - HKLM CDRom: AutoRun - 1O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/08/17 20:54:58 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT[2013/08/17 15:56:46 | 000,000,000 | ---D | C] -- C:\Users\CVWS\AppData\Roaming\Malwarebytes[2013/08/17 15:44:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN[2013/08/17 15:44:15 | 000,000,000 | ---D | C] -- C:\Windows\temp[2013/08/17 15:44:15 | 000,000,000 | ---D | C] -- C:\Users\CVWS\AppData\Local\temp[2013/08/17 15:33:35 | 000,000,000 | ---D | C] -- C:\Windows\erdnt[2013/08/13 20:23:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)[2013/08/13 19:54:54 | 000,000,000 | ---D | C] -- C:\Users\CVWS\Desktop\mbar[2013/08/13 19:49:06 | 000,000,000 | ---D | C] -- C:\Windows\pss[2013/08/13 19:09:35 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll[2013/08/13 19:09:34 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll[2013/08/13 19:09:33 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll[2013/08/13 19:09:33 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll[2013/08/13 19:09:33 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe[2013/08/13 19:09:33 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe[2013/08/13 19:09:33 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll[2013/08/13 19:09:33 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll[2013/08/13 19:09:33 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe[2013/08/13 19:09:33 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll[2013/08/13 19:09:33 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll[2013/08/13 19:09:31 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll[2013/08/13 19:09:31 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll[2013/08/13 19:09:31 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll[2013/08/13 19:09:30 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll[2013/08/13 18:58:56 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL[2013/08/13 18:58:56 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL[2013/08/13 18:58:43 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll[2013/08/13 18:58:43 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll[2013/08/13 18:58:42 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll[2013/08/13 18:58:09 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll[2013/08/13 18:58:08 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe[2013/08/13 18:58:07 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe[2013/08/13 18:58:07 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe[2013/08/13 18:58:07 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll[2013/08/13 18:58:07 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll[2013/08/13 18:58:06 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe[2013/08/13 18:58:06 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll[2013/08/13 18:58:06 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe[2013/08/13 18:58:06 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll[2013/08/13 18:58:06 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe[2013/08/13 18:53:45 | 000,000,000 | ---D | C] -- C:\Users\CVWS\AppData\Local\Apple Computer[2013/08/12 21:07:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll[2013/08/12 21:07:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe[2013/08/12 21:07:10 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll[2013/08/12 21:07:09 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys[2013/08/12 21:07:09 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys[2013/08/12 21:07:08 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe[2013/08/12 21:07:08 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll[2013/08/12 21:07:08 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll[2013/08/12 21:07:08 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll[2013/08/12 21:07:08 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll[2013/08/12 21:07:08 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll[2013/08/12 21:07:08 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe[2013/08/12 21:07:08 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll[2013/08/12 21:07:08 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll[2013/08/12 21:07:08 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll[2013/08/12 21:07:08 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll[2013/08/12 21:07:08 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll[2013/08/12 21:07:08 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll[2013/08/12 21:07:08 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll[2013/08/12 21:07:07 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll[2013/08/12 21:07:07 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll[2013/08/12 21:07:07 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll[2013/08/12 21:07:07 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe[2013/08/12 21:07:07 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe[2013/08/12 21:00:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client[2013/08/12 21:00:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client[2013/08/12 18:37:54 | 000,000,000 | ---D | C] -- C:\Windows\softwaredistribution[2013/08/12 18:26:07 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft[2013/08/12 17:40:39 | 000,000,000 | ---D | C] -- C:\Users\CVWS\AppData\Roaming\Real[2013/08/12 17:40:39 | 000,000,000 | ---D | C] -- C:\Users\CVWS\AppData\Local\Intuit[2013/08/12 17:40:39 | 000,000,000 | ---D | C] -- C:\Users\CVWS\AppData\Roaming\Apple Computer[2013/08/12 17:39:51 | 000,000,000 | ---D | C] -- C:\Users\CVWS\AppData\Roaming\Adobe[2013/08/12 17:39:48 | 000,000,000 | R--D | C] -- C:\Users\CVWS\Searches[2013/08/12 17:39:48 | 000,000,000 | R--D | C] -- C:\Users\CVWS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools[2013/08/12 17:39:48 | 000,000,000 | -H-D | C] -- C:\Users\CVWS\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned[2013/08/12 17:39:43 | 000,000,000 | ---D | C] -- C:\Users\CVWS\AppData\Roaming\Identities[2013/08/12 17:39:41 | 000,000,000 | R--D | C] -- C:\Users\CVWS\Contacts[2013/08/12 17:39:40 | 000,000,000 | ---D | C] -- C:\Users\CVWS\AppData\Local\VirtualStore[2013/08/12 17:39:08 | 000,000,000 | -HSD | C] -- C:\Users\CVWS\AppData\Local\Temporary Internet Files[2013/08/12 17:39:08 | 000,000,000 | -HSD | C] -- C:\Users\CVWS\Templates[2013/08/12 17:39:08 | 000,000,000 | -HSD | C] -- C:\Users\CVWS\Start Menu[2013/08/12 17:39:08 | 000,000,000 | -HSD | C] -- C:\Users\CVWS\SendTo[2013/08/12 17:39:08 | 000,000,000 | -HSD | C] -- C:\Users\CVWS\Recent[2013/08/12 17:39:08 | 000,000,000 | -HSD | C] -- C:\Users\CVWS\PrintHood[2013/08/12 17:39:08 | 000,000,000 | -HSD | C] -- C:\Users\CVWS\NetHood[2013/08/12 17:39:08 | 000,000,000 | -HSD | C] -- C:\Users\CVWS\Documents\My Videos[2013/08/12 17:39:08 | 000,000,000 | -HSD | C] -- C:\Users\CVWS\Documents\My Pictures[2013/08/12 17:39:08 | 000,000,000 | -HSD | C] -- C:\Users\CVWS\Documents\My Music[2013/08/12 17:39:08 | 000,000,000 | -HSD | C] -- C:\Users\CVWS\My Documents[2013/08/12 17:39:08 | 000,000,000 | -HSD | C] -- C:\Users\CVWS\Local Settings[2013/08/12 17:39:08 | 000,000,000 | -HSD | C] -- C:\Users\CVWS\AppData\Local\History[2013/08/12 17:39:08 | 000,000,000 | -HSD | C] -- C:\Users\CVWS\Cookies[2013/08/12 17:39:08 | 000,000,000 | -HSD | C] -- C:\Users\CVWS\Application Data[2013/08/12 17:39:08 | 000,000,000 | -HSD | C] -- C:\Users\CVWS\AppData\Local\Application Data[2013/08/12 17:39:07 | 000,000,000 | --SD | C] -- C:\Users\CVWS\AppData\Roaming\Microsoft[2013/08/12 17:39:07 | 000,000,000 | R--D | C] -- C:\Users\CVWS\Videos[2013/08/12 17:39:07 | 000,000,000 | R--D | C] -- C:\Users\CVWS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup[2013/08/12 17:39:07 | 000,000,000 | R--D | C] -- C:\Users\CVWS\Saved Games[2013/08/12 17:39:07 | 000,000,000 | R--D | C] -- C:\Users\CVWS\Pictures[2013/08/12 17:39:07 | 000,000,000 | R--D | C] -- C:\Users\CVWS\Music[2013/08/12 17:39:07 | 000,000,000 | R--D | C] -- C:\Users\CVWS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance[2013/08/12 17:39:07 | 000,000,000 | R--D | C] -- C:\Users\CVWS\Links[2013/08/12 17:39:07 | 000,000,000 | R--D | C] -- C:\Users\CVWS\Favorites[2013/08/12 17:39:07 | 000,000,000 | R--D | C] -- C:\Users\CVWS\Downloads[2013/08/12 17:39:07 | 000,000,000 | R--D | C] -- C:\Users\CVWS\Documents[2013/08/12 17:39:07 | 000,000,000 | R--D | C] -- C:\Users\CVWS\Desktop[2013/08/12 17:39:07 | 000,000,000 | R--D | C] -- C:\Users\CVWS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories[2013/08/12 17:39:07 | 000,000,000 | -H-D | C] -- C:\Users\CVWS\AppData[2013/08/12 17:39:07 | 000,000,000 | ---D | C] -- C:\Users\CVWS\AppData\Local\SoftThinks[2013/08/12 17:39:07 | 000,000,000 | ---D | C] -- C:\Users\CVWS\AppData\Local\Microsoft Help[2013/08/12 17:39:07 | 000,000,000 | ---D | C] -- C:\Users\CVWS\AppData\Local\Microsoft[2013/08/12 17:39:07 | 000,000,000 | ---D | C] -- C:\Users\CVWS\AppData\Roaming\Media Center Programs[2013/08/12 17:39:07 | 000,000,000 | ---D | C] -- C:\Users\CVWS\AppData\Roaming\Macromedia[2013/07/26 14:34:37 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys[2013/07/26 14:34:11 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69[2013/07/26 14:30:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime[2013/07/26 14:30:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime[2013/07/21 21:26:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT ========== Files - Modified Within 30 Days ========== [2013/08/19 17:25:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2013/08/19 16:17:33 | 000,730,338 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2013/08/19 16:17:33 | 000,627,066 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2013/08/19 16:17:33 | 000,107,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2013/08/19 05:42:40 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2013/08/19 05:42:40 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2013/08/19 05:35:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2013/08/19 05:35:06 | 2140,393,471 | -HS- | M] () -- C:\hiberfil.sys[2013/08/17 20:07:47 | 000,001,123 | ---- | M] () -- C:\Users\CVWS\Desktop\Continue Zip Opener Installation.lnk[2013/08/17 15:42:10 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts[2013/08/17 14:34:22 | 000,036,680 | ---- | M] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys[2013/08/13 19:54:00 | 000,190,024 | ---- | M] () -- C:\Users\CVWS\Documents\cc_20130813_195337.reg[2013/08/13 19:39:48 | 000,001,409 | ---- | M] () -- C:\Users\CVWS\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk[2013/08/13 19:37:31 | 000,002,515 | ---- | M] () -- C:\Users\CVWS\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk[2013/08/13 19:37:31 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk[2013/08/13 19:33:03 | 000,000,632 | RHS- | M] () -- C:\Users\CVWS\ntuser.pol[2013/08/12 21:06:55 | 000,002,057 | ---- | M] () -- C:\Windows\epplauncher.mif[2013/07/31 15:30:13 | 003,231,744 | ---- | M] () -- C:\ThorenOakenshield.ezb[2013/07/26 14:30:36 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk[2013/07/25 22:13:58 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe[2013/07/25 22:12:27 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll[2013/07/25 22:12:08 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll[2013/07/25 22:12:08 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll[2013/07/25 22:12:04 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll[2013/07/25 22:12:04 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll[2013/07/25 22:12:03 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll[2013/07/25 22:12:03 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll[2013/07/25 20:12:04 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll[2013/07/25 20:12:00 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll[2013/07/25 20:12:00 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll[2013/07/25 20:12:00 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll[2013/07/25 20:11:59 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll[2013/07/25 19:39:38 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe[2013/07/25 18:59:38 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe[2013/07/25 02:25:54 | 001,888,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL[2013/07/25 01:57:27 | 001,620,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL ========== Files Created - No Company Name ========== [2013/08/17 20:07:47 | 000,001,123 | ---- | C] () -- C:\Users\CVWS\Desktop\Continue Zip Opener Installation.lnk[2013/08/17 14:34:22 | 000,036,680 | ---- | C] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys[2013/08/13 19:53:50 | 000,190,024 | ---- | C] () -- C:\Users\CVWS\Documents\cc_20130813_195337.reg[2013/08/13 19:39:48 | 000,001,409 | ---- | C] () -- C:\Users\CVWS\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk[2013/08/13 19:37:31 | 000,002,515 | ---- | C] () -- C:\Users\CVWS\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk[2013/08/12 21:01:06 | 000,002,057 | ---- | C] () -- C:\Windows\epplauncher.mif[2013/08/12 21:00:51 | 000,002,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk[2013/08/12 17:39:51 | 000,001,415 | ---- | C] () -- C:\Users\CVWS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk[2013/08/12 17:39:09 | 000,000,632 | RHS- | C] () -- C:\Users\CVWS\ntuser.pol[2013/08/12 17:39:07 | 000,000,290 | ---- | C] () -- C:\Users\CVWS\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk[2013/08/12 17:39:07 | 000,000,272 | ---- | C] () -- C:\Users\CVWS\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk[2013/07/26 14:30:36 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk[2011/12/30 19:32:40 | 000,013,042 | -HS- | C] () -- C:\ProgramData\kja31hu26sc3cxaxsplg387601l8ryf753e50jlstv8[2011/11/22 19:58:57 | 000,216,412 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat[2010/07/07 18:49:29 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt ========== ZeroAccess Check ========== [2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:C22674B6 < End of report > OTL Extras logfile created on: 8/19/2013 6:10:03 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Scott\Desktop64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.10.9200.16660)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.99 Gb Total Physical Memory | 5.87 Gb Available Physical Memory | 73.48% Memory free15.98 Gb Paging File | 13.34 Gb Available in Paging File | 83.51% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 585.25 Gb Total Space | 439.65 Gb Free Space | 75.12% Space Free | Partition Type: NTFSDrive E: | 3.75 Gb Total Space | 2.35 Gb Free Space | 62.63% Space Free | Partition Type: FAT32 Computer Name: RIKKI-PC | User Name: CVWS | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation).url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation).html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 1"FirewallDisableNotify" = 0"AntiVirusDisableNotify" = 0"UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"DisableNotifications" = 0"EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"DisableNotifications" = 0"EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"DisableNotifications" = 0"EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{1350F595-8DAE-4171-9721-0F5ED3A24D5E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{38F6E513-22A3-4E80-86F7-54C7F71EFEC1}" = lport=445 | protocol=6 | dir=in | app=system | "{3FB56C4D-5177-47A6-8856-CF717F6BC6DD}" = rport=139 | protocol=6 | dir=out | app=system | "{436766A1-FDB2-4F46-B4CB-7D2E540FF693}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{50523116-196F-42DF-9366-C67C49FAA526}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{51630AD8-4F4D-41A1-8C29-B2F37110E0D9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{62B4B8AF-A62C-40F0-963E-7635D27DD42F}" = rport=445 | protocol=6 | dir=out | app=system | "{6E2C62AE-9C11-4939-9BFA-8C5BB86A9984}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9A5A863C-47FF-4B53-9CEA-2136D9F331E2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A91175CE-F9EA-4D9F-8452-78908B8B9B61}" = lport=139 | protocol=6 | dir=in | app=system | "{BA30717D-569E-47D6-9019-AA89A9FFA2BC}" = rport=137 | protocol=17 | dir=out | app=system | "{BAB5CB69-70AC-47FC-A4C6-8A417491B0E4}" = lport=137 | protocol=17 | dir=in | app=system | "{BDF15A16-03CB-433C-9454-0304D793E8E9}" = rport=138 | protocol=17 | dir=out | app=system | "{CADF61D0-28A1-4CBB-8894-E013DE23780F}" = lport=138 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{1BAABB30-5E70-475A-848B-2A80C361B9AA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{830A41CF-1158-4952-B5F1-530FC34CE6E5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{C424F444-25DF-41E7-98E3-113A1AA28611}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{E29D4D17-0F37-4CD6-BA89-33F3F8BCFCBA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "TCP Query User{0A9F62F8-D13C-4029-963B-A1E2B2FEC8E8}C:\users\scott\appdata\local\temp\showmypc\smpc3152\smpcph.exe" = protocol=6 | dir=in | app=c:\users\scott\appdata\local\temp\showmypc\smpc3152\smpcph.exe | "UDP Query User{ED3827E5-48F2-4F00-A085-120DC6051D27}C:\users\scott\appdata\local\temp\showmypc\smpc3152\smpcph.exe" = protocol=17 | dir=in | app=c:\users\scott\appdata\local\temp\showmypc\smpc3152\smpcph.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety"{02AD9D20-03D2-4DE0-8793-E8253026AD86}" = EMCGadgets64"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant"{26A24AE4-039D-4CA4-87B4-2F86416018FF}" = Java 6 Update 18 (64-bit)"{27726449-83B8-428D-92DE-101346C1E15C}" = Microsoft Security Client"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application"{B93A5C71-1F05-47c6-A9CD-DB6183CC8B30}" = Canon MF4360-4390"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile"CCleaner" = CCleaner"Creative OEM005" = Monitor Webcam (SP2208WFP) Driver (1.00.08.0720) "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile"Microsoft Security Client" = Microsoft Security Essentials"NVIDIA Drivers" = NVIDIA Drivers"PC-Doctor for Windows" = My Dell"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer"{0E14FFF4-927F-45B4-8D67-7D3709BB1E1B}" = EZWrapper"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup"{11E0AC7D-6822-4F67-865F-EE1C13D28C38}" = QuickBooks Pro 2011"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker"{1D70AABC-CB59-4700-A708-EA56D1CA07B0}" = QuickBooks"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions"{22318EFC-9FF8-4A16-BB57-AA9B73014470}" = SDWrapper"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java 6 Update 35"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU"{40C4903E-EDFB-4CAE-A611-41FEBA585921}" = VTech Download Agent Library"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy CD and DVD Burning"{5678B15A-504C-4A79-8554-05488A206E41}" = HD Writer AE 3.0"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service"{5B1CE354-AF56-45EF-B0F2-9DC729122413}" = SDIComplete"{612B5D2E-8084-4102-91DE-24281E4EFB2C}" = Roxio Easy CD and DVD Burning"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3"{66B4C110-8BEB-49B5-824E-C70AEEB20ECD}" = ScanSoft OmniPage SE 4"{6767DFEE-8909-453A-B553-C7693912B2EB}" = Canon MF Toolbox 4.9.1.1.mf07"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core"{7C05EEDD-E565-4E2B-ADE4-0C784C17311C}" = Crystal Reports for .NET Framework 2.0 (x86)"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform"{D7BF69AF-BB0B-4813-A321-75DE2B779DA7}" = EZReader6"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari"{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner"Adobe AIR" = Adobe AIR"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin"Adobe Shockwave Player" = Adobe Shockwave Player 11.5"GoToAssist" = GoToAssist 8.0.0.514"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300"Office14.SingleImage" = Microsoft Office Home and Business 2010"QB Connection Diagnostic Tool" = QB Connection Diagnostic Tool"WinLiveSuite" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-598081582-2854634212-1293884500-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"DSite" = Update for Zip Opener ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-598081582-2854634212-1293884500-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 20 Event Log Errors ========== [ Application Events ]Error - 8/18/2013 2:09:35 PM | Computer Name = Rikki-PC | Source = QuickBooks | ID = 4Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance Hand Error - 8/18/2013 2:09:35 PM | Computer Name = Rikki-PC | Source = QuickBooks | ID = 4Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance Hand Error - 8/18/2013 3:26:26 PM | Computer Name = Rikki-PC | Source = QuickBooks | ID = 4Description = An unexpected error has occured in "QuickBooks Pro 2011": Failed to send mail message: Error - 8/18/2013 3:26:26 PM | Computer Name = Rikki-PC | Source = QuickBooks | ID = 4Description = An unexpected error has occured in "QuickBooks Pro 2011": The user canceled one of the dialog boxes. No message was sen Error - 8/19/2013 12:24:46 AM | Computer Name = Rikki-PC | Source = QuickBooks | ID = 4Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance Hand Error - 8/19/2013 12:24:46 AM | Computer Name = Rikki-PC | Source = QuickBooks | ID = 4Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance Hand Error - 8/19/2013 12:24:46 AM | Computer Name = Rikki-PC | Source = QuickBooks | ID = 4Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance Hand Error - 8/19/2013 9:11:35 AM | Computer Name = Rikki-PC | Source = QuickBooks | ID = 4Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance Hand Error - 8/19/2013 9:11:35 AM | Computer Name = Rikki-PC | Source = QuickBooks | ID = 4Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance Hand Error - 8/19/2013 9:11:35 AM | Computer Name = Rikki-PC | Source = QuickBooks | ID = 4Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance Hand [ Dell Events ]Error - 4/9/2011 6:47:56 PM | Computer Name = Rikki-PC | Source = DataSafe | ID = 17Description = The process was interrupted before completion. Error - 4/9/2011 6:47:56 PM | Computer Name = Rikki-PC | Source = DataSafe | ID = 17Description = The process was interrupted before completion. Error - 4/17/2011 10:34:49 AM | Computer Name = Rikki-PC | Source = DataSafe | ID = 17Description = The process was interrupted before completion. Error - 4/17/2011 10:34:49 AM | Computer Name = Rikki-PC | Source = DataSafe | ID = 17Description = The process was interrupted before completion. Error - 4/24/2011 2:35:00 PM | Computer Name = Rikki-PC | Source = DataSafe | ID = 17Description = The process was interrupted before completion. Error - 4/24/2011 2:35:00 PM | Computer Name = Rikki-PC | Source = DataSafe | ID = 17Description = The process was interrupted before completion. Error - 5/8/2011 6:28:19 PM | Computer Name = Rikki-PC | Source = DataSafe | ID = 17Description = The process was interrupted before completion. Error - 5/8/2011 6:28:19 PM | Computer Name = Rikki-PC | Source = DataSafe | ID = 17Description = The process was interrupted before completion. Error - 5/15/2011 7:03:57 PM | Computer Name = Rikki-PC | Source = DataSafe | ID = 17Description = The process was interrupted before completion. Error - 5/15/2011 7:03:57 PM | Computer Name = Rikki-PC | Source = DataSafe | ID = 17Description = The process was interrupted before completion. [ System Events ]Error - 8/18/2013 1:55:31 PM | Computer Name = Rikki-PC | Source = Service Control Manager | ID = 7026Description = The following boot-start or system-start driver(s) failed to load: RxFilter StarOpen Error - 8/18/2013 2:10:08 PM | Computer Name = Rikki-PC | Source = Service Control Manager | ID = 7011Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service. Error - 8/19/2013 12:22:54 AM | Computer Name = Rikki-PC | Source = Application Popup | ID = 1060Description = \SystemRoot\SysWow64\Drivers\StarOpen.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 8/19/2013 12:24:03 AM | Computer Name = Rikki-PC | Source = Service Control Manager | ID = 7000Description = The SessionLauncher service failed to start due to the following error: %%2 Error - 8/19/2013 12:24:06 AM | Computer Name = Rikki-PC | Source = Service Control Manager | ID = 7026Description = The following boot-start or system-start driver(s) failed to load: RxFilter StarOpen Error - 8/19/2013 12:24:47 AM | Computer Name = Rikki-PC | Source = Service Control Manager | ID = 7011Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service. Error - 8/19/2013 8:35:05 AM | Computer Name = Rikki-PC | Source = Application Popup | ID = 1060Description = \SystemRoot\SysWow64\Drivers\StarOpen.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 8/19/2013 8:35:25 AM | Computer Name = Rikki-PC | Source = Service Control Manager | ID = 7000Description = The SessionLauncher service failed to start due to the following error: %%2 Error - 8/19/2013 8:35:29 AM | Computer Name = Rikki-PC | Source = Service Control Manager | ID = 7026Description = The following boot-start or system-start driver(s) failed to load: RxFilter StarOpen Error - 8/19/2013 9:12:08 AM | Computer Name = Rikki-PC | Source = Service Control Manager | ID = 7011Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service. < End of report >

Hi Fred, Not sure where to find the log for ESET, but at the completion it indicated that no threats were found! I'm running a Malware bytes quick scan this morning (no malicious items detected). So what is the best firewall/malware/antivirus setup to be running? I have Microsoft Security essentials on that computer. Defender is there but not running, and I have Malware Bytes active. I have seen the warnings of running to AV programs together; not sure how MSE and Malware get along? Another question; do all the logs I have posted provide any sort of quick access for hackers? Lastly, is that computer ripe for future backdoor vulnerabilities? Should the hard drive be wiped? It didn't come with software disks, so I built a recovery set of disks (while the virus was still on the computer). Should I build another set of disks? Thanks a bunch for your help and sorry for all the noob questions! ScottRT

I ran adware, jrt and OLT (but the cleanup deleted the files!) adware (before and after) and jrt text files follow. -------------------------------------------------------------- adware before # AdwCleaner v2.306 - Logfile created 08/17/2013 at 20:43:22# Updated 19/07/2013 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : CVWS - RIKKI-PC# Boot Mode : Normal# Running from : C:\Users\Scott\Desktop\AdwCleaner.exe# Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\Users\Rikki\AppData\LocalLow\SiteRankerFolder Found : C:\Users\Scott\AppData\Local\PackageAwareFolder Found : C:\Users\Scott\AppData\Roaming\DSite ***** [Registry] ***** Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B6}Key Found : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}Key Found : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762} ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16660 [OK] Registry is clean. *************************adware after=================== AdwCleaner[R1].txt - [1220 octets] - [17/08/2013 20:43:22] ########## EOF - \AdwCleaner[R1].txt - [1280 octets] ########## # AdwCleaner v2.306 - Logfile created 08/17/2013 at 20:48:22# Updated 19/07/2013 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : CVWS - RIKKI-PC# Boot Mode : Normal# Running from : C:\Users\Scott\Desktop\AdwCleaner.exe# Option [search] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16660 [OK] Registry is clean. ************************* AdwCleaner[R2].txt - [1343 octets] - [17/08/2013 20:45:20]AdwCleaner[R3].txt - [575 octets] - [17/08/2013 20:48:22]AdwCleaner[s1].txt - [1419 octets] - [17/08/2013 20:45:33] ########## EOF - \AdwCleaner[R3].txt - [694 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 5.4.9 (08.17.2013:3)OS: Windows 7 Home Premium x64Ran by CVWS on Sat 08/17/2013 at 20:55:00.37~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Sat 08/17/2013 at 20:58:12.15End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Looking a lot better! See what you think of the RogueKiller report ----------------------------------------------------------- RogueKiller V8.6.5 _x64_ [Aug 5 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : CVWS [Admin rights]Mode : Scan -- Date : 08/17/2013 20:22:47| ARK || FAK || MBR | ¤¤¤ Bad processes : 1 ¤¤¤[sUSP PATH] IntuitSyncManager.exe -- C:\Users\Scott\AppData\Local\Intuit\SyncManager\Current\IntuitSyncManager.exe [7] -> KILLED [TermProc] ¤¤¤ Registry Entries : 0 ¤¤¤ ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HD642JJ +++++--- User ---[MBR] 1f981fab9a27807b9d68b986b74c8ada[bSP] b70017239a24bcc9c4980ea39ca71343 : Windows Vista MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 11142 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 22900736 | Size: 599297 MoUser = LL1 ... OK!User = LL2 ... OK! +++++ PhysicalDrive1: SAMSUNG HD642JJ +++++--- User ---[MBR] 81a87908c65f2ee42faf9faaef20c589[bSP] ef3177ea6997481f5647d45aa222b26f : Empty MBR CodePartition table:0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 3839 MoUser = LL1 ... OK!Error reading LL2 MBR! Finished : << RKreport[0]_S_08172013_202247.txt >>RKreport[0]_D_08172013_201540.txt;RKreport[0]_S_08172013_201247.txt

Here is the first run...going to reboot and run again. ================== RogueKiller V8.6.5 _x64_ [Aug 5 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : CVWS [Admin rights]Mode : Remove -- Date : 08/17/2013 20:15:40| ARK || FAK || MBR | ¤¤¤ Bad processes : 2 ¤¤¤[sUSP PATH] IntuitSyncManager.exe -- C:\Users\Scott\AppData\Local\Intuit\SyncManager\Current\IntuitSyncManager.exe [7] -> KILLED [TermProc][ZeroAccess][sERVICE] ???etadpug -- "C:\Program Files (x86)\Google\Desktop\Install\{0b5807d3-4b4a-b89b-62a4-4e723dcea304}\ \...\???ﯹ๛\{0b5807d3-4b4a-b89b-62a4-4e723dcea304}\GoogleUpdate.exe" < [x] -> STOPPED ¤¤¤ Registry Entries : 13 ¤¤¤[RUN][ZeroAccess] HKUS\S-1-5-21-598081582-2854634212-1293884500-1003\[...]\Run : Google Update ("C:\Users\Scott\AppData\Local\Google\Desktop\Install\{0b5807d3-4b4a-b89b-62a4-4e723dcea304}\?��?��?��\?��?��?��\???ﯹ๛\{0b5807d3-4b4a-b89b-62a4-4e723dcea304}\GoogleUpdate.exe" >) -> DELETED[RUN][sUSP PATH] HKUS\S-1-5-21-598081582-2854634212-1293884500-1003\[...]\RunOnce : Del475147 (cmd.exe /Q /D /c del "C:\Users\Scott\AppData\Local\Temp\0.del" [x][x]) -> DELETED[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : (cleanup) (rundll32.exe "C:\ProgramData\Malwarebytes' Anti-Malware (portable)\cleanup.dll",ProcessCleanupScript "C:\ProgramData\Malwarebytes' Anti-Malware (portable)" [x][7][x][-]) -> DELETED[sERVICE][ZeroAccess] HKLM\[...]\CCSet\[...]\Services : ???etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{0b5807d3-4b4a-b89b-62a4-4e723dcea304}\ \...\???ﯹ๛\{0b5807d3-4b4a-b89b-62a4-4e723dcea304}\GoogleUpdate.exe" < [x]) -> DELETED[sERVICE][ZeroAccess] HKLM\[...]\CS001\[...]\Services : ???etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{0b5807d3-4b4a-b89b-62a4-4e723dcea304}\ \...\???ﯹ๛\{0b5807d3-4b4a-b89b-62a4-4e723dcea304}\GoogleUpdate.exe" < [x]) -> [0x57] The parameter is incorrect. [sERVICE][ZeroAccess] HKLM\[...]\CS002\[...]\Services : ???etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{0b5807d3-4b4a-b89b-62a4-4e723dcea304}\ \...\???ﯹ๛\{0b5807d3-4b4a-b89b-62a4-4e723dcea304}\GoogleUpdate.exe" < [x]) -> DELETED[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified. [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)[HID SVC][Hidden from API] HKLM\[...]\CCSet\[...]\Services : . e () -> [0x3] The system cannot find the path specified. [HID SVC][Hidden from API] HKLM\[...]\CS001\[...]\Services : . e () -> [0x3] The system cannot find the path specified. [HID SVC][Hidden from API] HKLM\[...]\CS002\[...]\Services : . e () -> [0x3] The system cannot find the path specified. ¤¤¤ Scheduled tasks : 2 ¤¤¤[V1][sUSP PATH] DSite.job : C:\Users\Scott\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE - /Check [-] -> DELETED[V2][sUSP PATH] DSite : C:\Users\Scott\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE - /Check [-] -> DELETED ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HD642JJ +++++--- User ---[MBR] 1f981fab9a27807b9d68b986b74c8ada[bSP] b70017239a24bcc9c4980ea39ca71343 : Windows Vista MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 11142 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 22900736 | Size: 599297 MoUser = LL1 ... OK!User = LL2 ... OK! +++++ PhysicalDrive1: SAMSUNG HD642JJ +++++--- User ---[MBR] 81a87908c65f2ee42faf9faaef20c589[bSP] ef3177ea6997481f5647d45aa222b26f : Empty MBR CodePartition table:0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 3839 MoUser = LL1 ... OK!Error reading LL2 MBR! Finished : << RKreport[0]_D_08172013_201540.txt >>RKreport[0]_S_08172013_201247.txt

TDSSKiller still has a hit - Rootkit.win32.PMax.gen log below Should I delete it using TDSSKiller? Guidance above says to skip (cure is not one of the options) ---------------------------------------------------------------- 16:12:39.0371 0x1f78 TDSS rootkit removing tool 2.9.2.0 Aug 15 2013 16:44:2916:12:39.0932 0x1f78 ============================================================16:12:39.0932 0x1f78 Current date / time: 2013/08/17 16:12:39.093216:12:39.0932 0x1f78 SystemInfo:16:12:39.0932 0x1f78 16:12:39.0932 0x1f78 OS Version: 6.1.7601 ServicePack: 1.016:12:39.0932 0x1f78 Product type: Workstation16:12:39.0932 0x1f78 ComputerName: RIKKI-PC16:12:39.0933 0x1f78 UserName: CVWS16:12:39.0933 0x1f78 Windows directory: C:\Windows16:12:39.0933 0x1f78 System windows directory: C:\Windows16:12:39.0933 0x1f78 Running under WOW6416:12:39.0933 0x1f78 Processor architecture: Intel x6416:12:39.0933 0x1f78 Number of processors: 816:12:39.0933 0x1f78 Page size: 0x100016:12:39.0933 0x1f78 Boot type: Normal boot16:12:39.0933 0x1f78 ============================================================16:12:40.0900 0x1f78 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004016:12:40.0906 0x1f78 ============================================================16:12:40.0906 0x1f78 \Device\Harddisk0\DR0:16:12:40.0906 0x1f78 MBR partitions:16:12:40.0906 0x1f78 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x15C300016:12:40.0906 0x1f78 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x15D7000, BlocksNum 0x4928080016:12:40.0906 0x1f78 ============================================================16:12:40.0929 0x1f78 C: <-> \Device\Harddisk0\DR0\Partition216:12:40.0929 0x1f78 ============================================================16:12:40.0929 0x1f78 Initialize success16:12:40.0929 0x1f78 ============================================================16:12:55.0148 0x0dec ============================================================16:12:55.0148 0x0dec Scan started16:12:55.0148 0x0dec Mode: Manual; 16:12:55.0148 0x0dec ============================================================16:12:55.0567 0x0dec ================ Scan system memory ========================16:12:55.0567 0x0dec System memory - ok16:12:55.0568 0x0dec ================ Scan services =============================16:12:55.0750 0x0dec 0098141376356052mcinstcleanup - ok16:12:55.0874 0x0dec [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys16:12:55.0876 0x0dec 1394ohci - ok16:12:55.0925 0x0dec [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys16:12:55.0927 0x0dec ACPI - ok16:12:55.0964 0x0dec [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys16:12:55.0965 0x0dec AcpiPmi - ok16:12:56.0085 0x0dec [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe16:12:56.0086 0x0dec AdobeARMservice - ok16:12:56.0172 0x0dec [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe16:12:56.0174 0x0dec AdobeFlashPlayerUpdateSvc - ok16:12:56.0216 0x0dec [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys16:12:56.0220 0x0dec adp94xx - ok16:12:56.0234 0x0dec [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys16:12:56.0237 0x0dec adpahci - ok16:12:56.0250 0x0dec [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys16:12:56.0252 0x0dec adpu320 - ok16:12:56.0271 0x0dec [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll16:12:56.0272 0x0dec AeLookupSvc - ok16:12:56.0327 0x0dec [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys16:12:56.0331 0x0dec AFD - ok16:12:56.0374 0x0dec [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys16:12:56.0375 0x0dec agp440 - ok16:12:56.0388 0x0dec [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe16:12:56.0389 0x0dec ALG - ok16:12:56.0414 0x0dec [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys16:12:56.0414 0x0dec aliide - ok16:12:56.0423 0x0dec [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys16:12:56.0424 0x0dec amdide - ok16:12:56.0435 0x0dec [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys16:12:56.0436 0x0dec AmdK8 - ok16:12:56.0449 0x0dec [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys16:12:56.0450 0x0dec AmdPPM - ok16:12:56.0467 0x0dec [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys16:12:56.0468 0x0dec amdsata - ok16:12:56.0485 0x0dec [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys16:12:56.0486 0x0dec amdsbs - ok16:12:56.0498 0x0dec [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys16:12:56.0498 0x0dec amdxata - ok16:12:56.0530 0x0dec [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys16:12:56.0531 0x0dec AppID - ok16:12:56.0548 0x0dec [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll16:12:56.0549 0x0dec AppIDSvc - ok16:12:56.0580 0x0dec [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll16:12:56.0581 0x0dec Appinfo - ok16:12:56.0606 0x0dec [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys16:12:56.0607 0x0dec arc - ok16:12:56.0628 0x0dec [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys16:12:56.0629 0x0dec arcsas - ok16:12:56.0655 0x0dec [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys16:12:56.0655 0x0dec AsyncMac - ok16:12:56.0664 0x0dec [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys16:12:56.0665 0x0dec atapi - ok16:12:56.0708 0x0dec [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll16:12:56.0713 0x0dec AudioEndpointBuilder - ok16:12:56.0724 0x0dec [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll16:12:56.0728 0x0dec AudioSrv - ok16:12:56.0763 0x0dec [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll16:12:56.0764 0x0dec AxInstSV - ok16:12:56.0785 0x0dec [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys16:12:56.0788 0x0dec b06bdrv - ok16:12:56.0806 0x0dec [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys16:12:56.0808 0x0dec b57nd60a - ok16:12:56.0842 0x0dec [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll16:12:56.0843 0x0dec BDESVC - ok16:12:56.0849 0x0dec [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys16:12:56.0850 0x0dec Beep - ok16:12:56.0900 0x0dec [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll16:12:56.0905 0x0dec BFE - ok16:12:56.0942 0x0dec [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll16:12:56.0949 0x0dec BITS - ok16:12:56.0966 0x0dec [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys16:12:56.0967 0x0dec blbdrive - ok16:12:57.0007 0x0dec [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys16:12:57.0008 0x0dec bowser - ok16:12:57.0012 0x0dec [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys16:12:57.0012 0x0dec BrFiltLo - ok16:12:57.0021 0x0dec [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys16:12:57.0022 0x0dec BrFiltUp - ok16:12:57.0036 0x0dec [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys16:12:57.0037 0x0dec BridgeMP - ok16:12:57.0073 0x0dec [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll16:12:57.0075 0x0dec Browser - ok16:12:57.0091 0x0dec [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys16:12:57.0093 0x0dec Brserid - ok16:12:57.0102 0x0dec [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys16:12:57.0102 0x0dec BrSerWdm - ok16:12:57.0111 0x0dec [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys16:12:57.0112 0x0dec BrUsbMdm - ok16:12:57.0116 0x0dec [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys16:12:57.0116 0x0dec BrUsbSer - ok16:12:57.0136 0x0dec [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys16:12:57.0137 0x0dec BTHMODEM - ok16:12:57.0153 0x0dec [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll16:12:57.0154 0x0dec bthserv - ok16:12:57.0172 0x0dec catchme - ok16:12:57.0183 0x0dec [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys16:12:57.0184 0x0dec cdfs - ok16:12:57.0222 0x0dec [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys16:12:57.0224 0x0dec cdrom - ok16:12:57.0263 0x0dec [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll16:12:57.0264 0x0dec CertPropSvc - ok16:12:57.0286 0x0dec [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys16:12:57.0286 0x0dec circlass - ok16:12:57.0306 0x0dec [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys16:12:57.0309 0x0dec CLFS - ok16:12:57.0349 0x0dec [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe16:12:57.0350 0x0dec clr_optimization_v2.0.50727_32 - ok16:12:57.0380 0x0dec [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe16:12:57.0381 0x0dec clr_optimization_v2.0.50727_64 - ok16:12:57.0456 0x0dec [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe16:12:57.0457 0x0dec clr_optimization_v4.0.30319_32 - ok16:12:57.0496 0x0dec [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe16:12:57.0498 0x0dec clr_optimization_v4.0.30319_64 - ok16:12:57.0529 0x0dec [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys16:12:57.0530 0x0dec CmBatt - ok16:12:57.0543 0x0dec [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys16:12:57.0544 0x0dec cmdide - ok16:12:57.0582 0x0dec [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys16:12:57.0585 0x0dec CNG - ok16:12:57.0589 0x0dec [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys16:12:57.0590 0x0dec Compbatt - ok16:12:57.0645 0x0dec [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys16:12:57.0645 0x0dec CompositeBus - ok16:12:57.0655 0x0dec COMSysApp - ok16:12:57.0666 0x0dec [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys16:12:57.0667 0x0dec crcdisk - ok16:12:57.0699 0x0dec [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc C:\Windows\system32\cryptsvc.dll16:12:57.0735 0x0dec CryptSvc - ok16:12:57.0771 0x0dec [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll16:12:57.0776 0x0dec DcomLaunch - ok16:12:57.0796 0x0dec [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll16:12:57.0798 0x0dec defragsvc - ok16:12:57.0828 0x0dec [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys16:12:57.0829 0x0dec DfsC - ok16:12:57.0858 0x0dec [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll16:12:57.0861 0x0dec Dhcp - ok16:12:57.0883 0x0dec [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys16:12:57.0884 0x0dec discache - ok16:12:57.0911 0x0dec [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys16:12:57.0912 0x0dec Disk - ok16:12:57.0944 0x0dec [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll16:12:57.0946 0x0dec Dnscache - ok16:12:57.0982 0x0dec [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll16:12:57.0984 0x0dec dot3svc - ok16:12:58.0020 0x0dec [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll16:12:58.0021 0x0dec DPS - ok16:12:58.0068 0x0dec [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys16:12:58.0068 0x0dec drmkaud - ok16:12:58.0118 0x0dec [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys16:12:58.0125 0x0dec DXGKrnl - ok16:12:58.0147 0x0dec [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll16:12:58.0149 0x0dec EapHost - ok16:12:58.0213 0x0dec [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys16:12:58.0235 0x0dec ebdrv - ok16:12:58.0271 0x0dec [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe16:12:58.0272 0x0dec EFS - ok16:12:58.0330 0x0dec [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe16:12:58.0335 0x0dec ehRecvr - ok16:12:58.0356 0x0dec [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe16:12:58.0358 0x0dec ehSched - ok16:12:58.0386 0x0dec [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys16:12:58.0390 0x0dec elxstor - ok16:12:58.0422 0x0dec [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys16:12:58.0423 0x0dec ErrDev - ok16:12:58.0446 0x0dec [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll16:12:58.0450 0x0dec EventSystem - ok16:12:58.0470 0x0dec [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys16:12:58.0472 0x0dec exfat - ok16:12:58.0485 0x0dec [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys16:12:58.0487 0x0dec fastfat - ok16:12:58.0536 0x0dec [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe16:12:58.0541 0x0dec Fax - ok16:12:58.0549 0x0dec [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys16:12:58.0550 0x0dec fdc - ok16:12:58.0577 0x0dec [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll16:12:58.0578 0x0dec fdPHost - ok16:12:58.0585 0x0dec [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll16:12:58.0586 0x0dec FDResPub - ok16:12:58.0609 0x0dec [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys16:12:58.0610 0x0dec FileInfo - ok16:12:58.0624 0x0dec [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys16:12:58.0624 0x0dec Filetrace - ok16:12:58.0635 0x0dec [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys16:12:58.0636 0x0dec flpydisk - ok16:12:58.0648 0x0dec [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys16:12:58.0650 0x0dec FltMgr - ok16:12:58.0706 0x0dec [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll16:12:58.0716 0x0dec FontCache - ok16:12:58.0758 0x0dec [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe16:12:58.0759 0x0dec FontCache3.0.0.0 - ok16:12:58.0769 0x0dec [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys16:12:58.0770 0x0dec FsDepends - ok16:12:58.0818 0x0dec [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys16:12:58.0819 0x0dec fssfltr - ok16:12:58.0903 0x0dec [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe16:12:58.0916 0x0dec fsssvc - ok16:12:58.0947 0x0dec [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys16:12:58.0948 0x0dec Fs_Rec - ok16:12:58.0981 0x0dec [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys16:12:58.0982 0x0dec fvevol - ok16:12:59.0021 0x0dec [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys16:12:59.0022 0x0dec gagp30kx - ok16:12:59.0070 0x0dec [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys16:12:59.0070 0x0dec GEARAspiWDM - ok16:12:59.0117 0x0dec [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe16:12:59.0118 0x0dec GoToAssist - ok16:12:59.0173 0x0dec [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll16:12:59.0179 0x0dec gpsvc - ok16:12:59.0190 0x0dec [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys16:12:59.0191 0x0dec hcw85cir - ok16:12:59.0209 0x0dec [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys16:12:59.0211 0x0dec HDAudBus - ok16:12:59.0222 0x0dec [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys16:12:59.0222 0x0dec HidBatt - ok16:12:59.0234 0x0dec [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys16:12:59.0235 0x0dec HidBth - ok16:12:59.0282 0x0dec [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys16:12:59.0283 0x0dec HidIr - ok16:12:59.0306 0x0dec [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll16:12:59.0307 0x0dec hidserv - ok16:12:59.0340 0x0dec [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys16:12:59.0341 0x0dec HidUsb - ok16:12:59.0373 0x0dec [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll16:12:59.0374 0x0dec hkmsvc - ok16:12:59.0406 0x0dec [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll16:12:59.0408 0x0dec HomeGroupListener - ok16:12:59.0446 0x0dec [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll16:12:59.0449 0x0dec HomeGroupProvider - ok16:12:59.0472 0x0dec [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys16:12:59.0473 0x0dec HpSAMD - ok16:12:59.0514 0x0dec [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys16:12:59.0519 0x0dec HTTP - ok16:12:59.0530 0x0dec [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys16:12:59.0531 0x0dec hwpolicy - ok16:12:59.0559 0x0dec [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys16:12:59.0560 0x0dec i8042prt - ok16:12:59.0625 0x0dec [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe16:12:59.0628 0x0dec IAANTMON - ok16:12:59.0655 0x0dec [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys16:12:59.0657 0x0dec iaStor - ok16:12:59.0707 0x0dec [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys16:12:59.0710 0x0dec iaStorV - ok16:12:59.0754 0x0dec [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe16:12:59.0760 0x0dec idsvc - ok16:12:59.0785 0x0dec [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys16:12:59.0786 0x0dec iirsp - ok16:12:59.0839 0x0dec [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll16:12:59.0845 0x0dec IKEEXT - ok16:12:59.0898 0x0dec [ 2A7CF87BE453241FE0BAA1C8651E7AA4 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys16:12:59.0911 0x0dec IntcAzAudAddService - ok16:12:59.0927 0x0dec [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys16:12:59.0928 0x0dec intelide - ok16:12:59.0950 0x0dec [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys16:12:59.0950 0x0dec intelppm - ok16:12:59.0977 0x0dec [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll16:12:59.0978 0x0dec IPBusEnum - ok16:13:00.0019 0x0dec [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys16:13:00.0020 0x0dec IpFilterDriver - ok16:13:00.0085 0x0dec [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll16:13:00.0089 0x0dec iphlpsvc - ok16:13:00.0134 0x0dec [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys16:13:00.0135 0x0dec IPMIDRV - ok16:13:00.0150 0x0dec [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys16:13:00.0152 0x0dec IPNAT - ok16:13:00.0171 0x0dec [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys16:13:00.0172 0x0dec IRENUM - ok16:13:00.0206 0x0dec [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys16:13:00.0207 0x0dec isapnp - ok16:13:00.0225 0x0dec [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys16:13:00.0227 0x0dec iScsiPrt - ok16:13:00.0247 0x0dec [ 71235F7BAA7E5E79D38157DF7A0F806A ] JRAID C:\Windows\system32\DRIVERS\jraid.sys16:13:00.0248 0x0dec JRAID - ok16:13:00.0270 0x0dec [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys16:13:00.0271 0x0dec kbdclass - ok16:13:00.0297 0x0dec [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys16:13:00.0298 0x0dec kbdhid - ok16:13:00.0311 0x0dec [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe16:13:00.0312 0x0dec KeyIso - ok16:13:00.0348 0x0dec [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys16:13:00.0349 0x0dec KSecDD - ok16:13:00.0383 0x0dec [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys16:13:00.0384 0x0dec KSecPkg - ok16:13:00.0396 0x0dec [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys16:13:00.0397 0x0dec ksthunk - ok16:13:00.0435 0x0dec [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll16:13:00.0438 0x0dec KtmRm - ok16:13:00.0482 0x0dec [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll16:13:00.0485 0x0dec LanmanServer - ok16:13:00.0516 0x0dec [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll16:13:00.0518 0x0dec LanmanWorkstation - ok16:13:00.0551 0x0dec [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys16:13:00.0552 0x0dec lltdio - ok16:13:00.0581 0x0dec [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll16:13:00.0584 0x0dec lltdsvc - ok16:13:00.0607 0x0dec [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll16:13:00.0608 0x0dec lmhosts - ok16:13:00.0636 0x0dec [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys16:13:00.0637 0x0dec LSI_FC - ok16:13:00.0641 0x0dec [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys16:13:00.0642 0x0dec LSI_SAS - ok16:13:00.0651 0x0dec [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys16:13:00.0652 0x0dec LSI_SAS2 - ok16:13:00.0663 0x0dec [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys16:13:00.0664 0x0dec LSI_SCSI - ok16:13:00.0674 0x0dec [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys16:13:00.0675 0x0dec luafv - ok16:13:00.0714 0x0dec [ 31C6AFFFAD7C733A65F888929548BC22 ] mbamchameleon C:\Windows\system32\drivers\mbamchameleon.sys16:13:00.0716 0x0dec mbamchameleon - ok16:13:00.0769 0x0dec [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys16:13:00.0770 0x0dec MBAMProtector - ok16:13:00.0853 0x0dec [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe16:13:00.0856 0x0dec MBAMScheduler - ok16:13:00.0899 0x0dec [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe16:13:00.0904 0x0dec MBAMService - ok16:13:00.0933 0x0dec [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll16:13:00.0935 0x0dec Mcx2Svc - ok16:13:00.0944 0x0dec [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys16:13:00.0945 0x0dec megasas - ok16:13:00.0973 0x0dec [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys16:13:00.0975 0x0dec MegaSR - ok16:13:00.0999 0x0dec [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll16:13:01.0000 0x0dec MMCSS - ok16:13:01.0014 0x0dec [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys16:13:01.0015 0x0dec Modem - ok16:13:01.0048 0x0dec [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys16:13:01.0048 0x0dec monitor - ok16:13:01.0080 0x0dec [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys16:13:01.0081 0x0dec mouclass - ok16:13:01.0098 0x0dec [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys16:13:01.0099 0x0dec mouhid - ok16:13:01.0143 0x0dec [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys16:13:01.0144 0x0dec mountmgr - ok16:13:01.0197 0x0dec [ FC1D590039EF06A381768710E6C07E75 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys16:13:01.0199 0x0dec MpFilter - ok16:13:01.0237 0x0dec [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys16:13:01.0239 0x0dec mpio - ok16:13:01.0252 0x0dec [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys16:13:01.0252 0x0dec mpsdrv - ok16:13:01.0293 0x0dec [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll16:13:01.0299 0x0dec MpsSvc - ok16:13:01.0333 0x0dec [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys16:13:01.0335 0x0dec MRxDAV - ok16:13:01.0367 0x0dec [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys16:13:01.0369 0x0dec mrxsmb - ok16:13:01.0401 0x0dec [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys16:13:01.0403 0x0dec mrxsmb10 - ok16:13:01.0414 0x0dec [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys16:13:01.0415 0x0dec mrxsmb20 - ok16:13:01.0425 0x0dec [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys16:13:01.0425 0x0dec msahci - ok16:13:01.0439 0x0dec [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys16:13:01.0440 0x0dec msdsm - ok16:13:01.0455 0x0dec [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe16:13:01.0457 0x0dec MSDTC - ok16:13:01.0488 0x0dec [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys16:13:01.0488 0x0dec Msfs - ok16:13:01.0506 0x0dec [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys16:13:01.0507 0x0dec mshidkmdf - ok16:13:01.0541 0x0dec [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys16:13:01.0542 0x0dec msisadrv - ok16:13:01.0563 0x0dec [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll16:13:01.0565 0x0dec MSiSCSI - ok16:13:01.0569 0x0dec msiserver - ok16:13:01.0591 0x0dec [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys16:13:01.0592 0x0dec MSKSSRV - ok16:13:01.0685 0x0dec [ 66238063B53E51ADDA16764BAB9A3F7C ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe16:13:01.0685 0x0dec MsMpSvc - ok16:13:01.0697 0x0dec [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys16:13:01.0697 0x0dec MSPCLOCK - ok16:13:01.0701 0x0dec [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys16:13:01.0701 0x0dec MSPQM - ok16:13:01.0742 0x0dec [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys16:13:01.0744 0x0dec MsRPC - ok16:13:01.0750 0x0dec [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys16:13:01.0751 0x0dec mssmbios - ok16:13:01.0759 0x0dec [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys16:13:01.0759 0x0dec MSTEE - ok16:13:01.0765 0x0dec [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys16:13:01.0766 0x0dec MTConfig - ok16:13:01.0774 0x0dec [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys16:13:01.0775 0x0dec Mup - ok16:13:01.0796 0x0dec [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll16:13:01.0800 0x0dec napagent - ok16:13:01.0842 0x0dec [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys16:13:01.0845 0x0dec NativeWifiP - ok16:13:01.0905 0x0dec [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys16:13:01.0911 0x0dec NDIS - ok16:13:01.0916 0x0dec [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys16:13:01.0916 0x0dec NdisCap - ok16:13:01.0949 0x0dec [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys16:13:01.0950 0x0dec NdisTapi - ok16:13:01.0976 0x0dec [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys16:13:01.0977 0x0dec Ndisuio - ok16:13:02.0009 0x0dec [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys16:13:02.0011 0x0dec NdisWan - ok16:13:02.0055 0x0dec [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys16:13:02.0056 0x0dec NDProxy - ok16:13:02.0078 0x0dec [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys16:13:02.0078 0x0dec NetBIOS - ok16:13:02.0117 0x0dec [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys16:13:02.0119 0x0dec NetBT - ok16:13:02.0160 0x0dec [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe16:13:02.0161 0x0dec Netlogon - ok16:13:02.0186 0x0dec [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll16:13:02.0190 0x0dec Netman - ok16:13:02.0212 0x0dec [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll16:13:02.0216 0x0dec netprofm - ok16:13:02.0244 0x0dec [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe16:13:02.0246 0x0dec NetTcpPortSharing - ok16:13:02.0258 0x0dec [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys16:13:02.0259 0x0dec nfrd960 - ok16:13:02.0289 0x0dec [ 8FB3C853E886E1E4D57271672486111C ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys16:13:02.0290 0x0dec NisDrv - ok16:13:02.0327 0x0dec [ 869A808253726EA11939EC4FE76346A4 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe16:13:02.0329 0x0dec NisSrv - ok16:13:02.0369 0x0dec [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll16:13:02.0373 0x0dec NlaSvc - ok16:13:02.0382 0x0dec [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys16:13:02.0383 0x0dec Npfs - ok16:13:02.0408 0x0dec [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll16:13:02.0409 0x0dec nsi - ok16:13:02.0419 0x0dec [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys16:13:02.0419 0x0dec nsiproxy - ok16:13:02.0476 0x0dec [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys16:13:02.0490 0x0dec Ntfs - ok16:13:02.0505 0x0dec [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys16:13:02.0505 0x0dec Null - ok16:13:02.0529 0x0dec [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys16:13:02.0531 0x0dec NVHDA - ok16:13:02.0708 0x0dec [ A5D0603CAE6C334B1386204D94393C04 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys16:13:02.0752 0x0dec nvlddmkm - ok16:13:02.0767 0x0dec [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys16:13:02.0768 0x0dec nvraid - ok16:13:02.0799 0x0dec [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys16:13:02.0800 0x0dec nvstor - ok16:13:02.0829 0x0dec [ 268D382FCC6A8A568AAB7C6DC8C71BB3 ] nvsvc C:\Windows\system32\nvvsvc.exe16:13:02.0833 0x0dec nvsvc - ok16:13:02.0859 0x0dec [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys16:13:02.0860 0x0dec nv_agp - ok16:13:02.0892 0x0dec [ E52479B03A57DC3D4BABD9C5536C94D6 ] OEM05Afx C:\Windows\system32\Drivers\OEM05Afx.sys16:13:02.0894 0x0dec OEM05Afx - ok16:13:02.0909 0x0dec [ 766F689564BC30E5A91F8621CE65AD68 ] OEM05Vfx C:\Windows\system32\DRIVERS\OEM05Vfx.sys16:13:02.0909 0x0dec OEM05Vfx - ok16:13:02.0928 0x0dec [ 859F850A4FD021A66493D18CBA847792 ] OEM05Vid C:\Windows\system32\DRIVERS\OEM05Vid.sys16:13:02.0930 0x0dec OEM05Vid - ok16:13:02.0946 0x0dec [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys16:13:02.0947 0x0dec ohci1394 - ok16:13:02.0988 0x0dec [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE16:13:02.0989 0x0dec ose - ok16:13:03.0120 0x0dec [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE16:13:03.0158 0x0dec osppsvc - ok16:13:03.0198 0x0dec [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll16:13:03.0202 0x0dec p2pimsvc - ok16:13:03.0218 0x0dec [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll16:13:03.0223 0x0dec p2psvc - ok16:13:03.0245 0x0dec [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys16:13:03.0246 0x0dec Parport - ok16:13:03.0282 0x0dec [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys16:13:03.0283 0x0dec partmgr - ok16:13:03.0319 0x0dec [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys16:13:03.0320 0x0dec pci - ok16:13:03.0345 0x0dec [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys16:13:03.0346 0x0dec pciide - ok16:13:03.0362 0x0dec [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys16:13:03.0364 0x0dec pcmcia - ok16:13:03.0375 0x0dec [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys16:13:03.0376 0x0dec pcw - ok16:13:03.0396 0x0dec [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys16:13:03.0401 0x0dec PEAUTH - ok16:13:03.0495 0x0dec [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe16:13:03.0496 0x0dec PerfHost - ok16:13:03.0554 0x0dec [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll16:13:03.0566 0x0dec pla - ok16:13:03.0613 0x0dec [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll16:13:03.0617 0x0dec PlugPlay - ok16:13:03.0634 0x0dec [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll16:13:03.0636 0x0dec PNRPAutoReg - ok16:13:03.0671 0x0dec [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll16:13:03.0674 0x0dec PNRPsvc - ok16:13:03.0694 0x0dec [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll16:13:03.0698 0x0dec PolicyAgent - ok16:13:03.0731 0x0dec [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll16:13:03.0734 0x0dec Power - ok16:13:03.0781 0x0dec [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys16:13:03.0782 0x0dec PptpMiniport - ok16:13:03.0796 0x0dec [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys16:13:03.0797 0x0dec Processor - ok16:13:03.0827 0x0dec [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll16:13:03.0830 0x0dec ProfSvc - ok16:13:03.0844 0x0dec [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe16:13:03.0845 0x0dec ProtectedStorage - ok16:13:03.0876 0x0dec [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys16:13:03.0877 0x0dec Psched - ok16:13:03.0906 0x0dec [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys16:13:03.0907 0x0dec PxHlpa64 - ok16:13:03.0970 0x0dec [ C6DF3FF18D6ACB913C78C865DDED17D3 ] QBCFMonitorService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe16:13:03.0984 0x0dec QBCFMonitorService - ok16:13:04.0041 0x0dec [ 6BEE1814470DC12FA20C53DFC3C97EBB ] QBFCService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe16:13:04.0042 0x0dec QBFCService - ok16:13:04.0141 0x0dec [ 78AFB70DBE365BD6140E6740792AC3EA ] QBVSS C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe16:13:04.0210 0x0dec QBVSS - ok16:13:04.0262 0x0dec [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys16:13:04.0274 0x0dec ql2300 - ok16:13:04.0284 0x0dec [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys16:13:04.0284 0x0dec ql40xx - ok16:13:04.0320 0x0dec QuickBooksDB21 - ok16:13:04.0348 0x0dec [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll16:13:04.0352 0x0dec QWAVE - ok16:13:04.0364 0x0dec [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys16:13:04.0365 0x0dec QWAVEdrv - ok16:13:04.0412 0x0dec [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll16:13:04.0414 0x0dec RapiMgr - ok16:13:04.0428 0x0dec [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys16:13:04.0429 0x0dec RasAcd - ok16:13:04.0461 0x0dec [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys16:13:04.0462 0x0dec RasAgileVpn - ok16:13:04.0490 0x0dec [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll16:13:04.0493 0x0dec RasAuto - ok16:13:04.0526 0x0dec [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys16:13:04.0527 0x0dec Rasl2tp - ok16:13:04.0543 0x0dec [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll16:13:04.0547 0x0dec RasMan - ok16:13:04.0563 0x0dec [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys16:13:04.0564 0x0dec RasPppoe - ok16:13:04.0571 0x0dec [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys16:13:04.0572 0x0dec RasSstp - ok16:13:04.0607 0x0dec [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys16:13:04.0609 0x0dec rdbss - ok16:13:04.0623 0x0dec [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys16:13:04.0624 0x0dec rdpbus - ok16:13:04.0640 0x0dec [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys16:13:04.0641 0x0dec RDPCDD - ok16:13:04.0663 0x0dec [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys16:13:04.0664 0x0dec RDPENCDD - ok16:13:04.0673 0x0dec [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys16:13:04.0674 0x0dec RDPREFMP - ok16:13:04.0724 0x0dec [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys16:13:04.0725 0x0dec RdpVideoMiniport - ok16:13:04.0758 0x0dec [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys16:13:04.0760 0x0dec RDPWD - ok16:13:04.0804 0x0dec [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys16:13:04.0806 0x0dec rdyboost - ok16:13:04.0827 0x0dec [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll16:13:04.0829 0x0dec RemoteAccess - ok16:13:04.0866 0x0dec [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll16:13:04.0869 0x0dec RemoteRegistry - ok16:13:04.0967 0x0dec [ 05FC44D32A144925EAE45570029FD6E1 ] RoxMediaDB10 c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe16:13:04.0975 0x0dec RoxMediaDB10 - ok16:13:04.0985 0x0dec [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll16:13:04.0987 0x0dec RpcEptMapper - ok16:13:04.0996 0x0dec [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe16:13:04.0997 0x0dec RpcLocator - ok16:13:05.0036 0x0dec [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll16:13:05.0041 0x0dec RpcSs - ok16:13:05.0068 0x0dec [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys16:13:05.0069 0x0dec rspndr - ok16:13:05.0091 0x0dec [ 2DB8116D52B19216812C4E6D5D837810 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys16:13:05.0092 0x0dec RSUSBSTOR - ok16:13:05.0124 0x0dec [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys16:13:05.0126 0x0dec RTL8167 - ok16:13:05.0130 0x0dec RxFilter - ok16:13:05.0159 0x0dec [ 0EECD4B43EB917BD08BBE1738D7ECB11 ] s1018bus C:\Windows\system32\DRIVERS\s1018bus.sys16:13:05.0161 0x0dec s1018bus - ok16:13:05.0181 0x0dec [ 6F892723F1F694430F86E5FA01763C8A ] s1018mdfl C:\Windows\system32\DRIVERS\s1018mdfl.sys16:13:05.0181 0x0dec s1018mdfl - ok16:13:05.0196 0x0dec [ F7CFC8AC6F7F5F34721E6D10098C7AA3 ] s1018mdm C:\Windows\system32\DRIVERS\s1018mdm.sys16:13:05.0197 0x0dec s1018mdm - ok16:13:05.0210 0x0dec [ 455F361D8D605F059C83AB1016AD0E00 ] s1018mgmt C:\Windows\system32\DRIVERS\s1018mgmt.sys16:13:05.0211 0x0dec s1018mgmt - ok16:13:05.0221 0x0dec [ 3F69CA63B7157885ABBE8F4D559AEC8A ] s1018nd5 C:\Windows\system32\DRIVERS\s1018nd5.sys16:13:05.0221 0x0dec s1018nd5 - ok16:13:05.0234 0x0dec [ FD370AF1C196E2B339EA32819BEC1B9A ] s1018obex C:\Windows\system32\DRIVERS\s1018obex.sys16:13:05.0236 0x0dec s1018obex - ok16:13:05.0255 0x0dec [ 0A46DA0B8B162AF0EFB33BEA11A6EF3A ] s1018unic C:\Windows\system32\DRIVERS\s1018unic.sys16:13:05.0257 0x0dec s1018unic - ok16:13:05.0270 0x0dec [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe16:13:05.0271 0x0dec SamSs - ok16:13:05.0309 0x0dec [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys16:13:05.0310 0x0dec sbp2port - ok16:13:05.0331 0x0dec [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll16:13:05.0333 0x0dec SCardSvr - ok16:13:05.0358 0x0dec [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys16:13:05.0359 0x0dec scfilter - ok16:13:05.0415 0x0dec [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll16:13:05.0425 0x0dec Schedule - ok16:13:05.0456 0x0dec [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll16:13:05.0457 0x0dec SCPolicySvc - ok16:13:05.0488 0x0dec [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll16:13:05.0490 0x0dec SDRSVC - ok16:13:05.0514 0x0dec [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys16:13:05.0515 0x0dec secdrv - ok16:13:05.0524 0x0dec [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll16:13:05.0526 0x0dec seclogon - ok16:13:05.0547 0x0dec [ EDE7A1D2715AAC2190D51DC07AFD44E3 ] seehcri C:\Windows\system32\DRIVERS\seehcri.sys16:13:05.0548 0x0dec seehcri - ok16:13:05.0573 0x0dec [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll16:13:05.0575 0x0dec SENS - ok16:13:05.0583 0x0dec [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll16:13:05.0585 0x0dec SensrSvc - ok16:13:05.0613 0x0dec [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys16:13:05.0614 0x0dec Serenum - ok16:13:05.0625 0x0dec [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys16:13:05.0626 0x0dec Serial - ok16:13:05.0659 0x0dec [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys16:13:05.0659 0x0dec sermouse - ok16:13:05.0700 0x0dec [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll16:13:05.0703 0x0dec SessionEnv - ok16:13:05.0735 0x0dec SessionLauncher - ok16:13:05.0747 0x0dec [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys16:13:05.0747 0x0dec sffdisk - ok16:13:05.0754 0x0dec [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys16:13:05.0754 0x0dec sffp_mmc - ok16:13:05.0764 0x0dec [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys16:13:05.0764 0x0dec sffp_sd - ok16:13:05.0773 0x0dec [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys16:13:05.0774 0x0dec sfloppy - ok16:13:05.0848 0x0dec [ 74EC60E20516AAA573BE74F31175270F ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE16:13:05.0860 0x0dec SftService - ok16:13:05.0894 0x0dec [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll16:13:05.0898 0x0dec SharedAccess - ok16:13:05.0933 0x0dec [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll16:13:05.0937 0x0dec ShellHWDetection - ok16:13:05.0957 0x0dec [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys16:13:05.0958 0x0dec SiSRaid2 - ok16:13:05.0965 0x0dec [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys16:13:05.0966 0x0dec SiSRaid4 - ok16:13:05.0976 0x0dec [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys16:13:05.0977 0x0dec Smb - ok16:13:06.0014 0x0dec [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe16:13:06.0015 0x0dec SNMPTRAP - ok16:13:06.0027 0x0dec [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys16:13:06.0028 0x0dec spldr - ok16:13:06.0066 0x0dec [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe16:13:06.0072 0x0dec Spooler - ok16:13:06.0151 0x0dec [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe16:13:06.0178 0x0dec sppsvc - ok16:13:06.0191 0x0dec [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll16:13:06.0193 0x0dec sppuinotify - ok16:13:06.0228 0x0dec [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys16:13:06.0231 0x0dec srv - ok16:13:06.0247 0x0dec [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys16:13:06.0250 0x0dec srv2 - ok16:13:06.0260 0x0dec [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys16:13:06.0261 0x0dec srvnet - ok16:13:06.0292 0x0dec [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll16:13:06.0295 0x0dec SSDPSRV - ok16:13:06.0310 0x0dec [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll16:13:06.0312 0x0dec SstpSvc - ok16:13:06.0346 0x0dec StarOpen - ok16:13:06.0361 0x0dec [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys16:13:06.0362 0x0dec stexstor - ok16:13:06.0409 0x0dec [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll16:13:06.0415 0x0dec stisvc - ok16:13:06.0450 0x0dec [ FF5EB78AF7DFB68C2FB363537AAF753E ] stllssvr c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe16:13:06.0477 0x0dec stllssvr - ok16:13:06.0508 0x0dec [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys16:13:06.0509 0x0dec swenum - ok16:13:06.0525 0x0dec [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll16:13:06.0530 0x0dec swprv - ok16:13:06.0587 0x0dec [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll16:13:06.0603 0x0dec SysMain - ok16:13:06.0639 0x0dec [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll16:13:06.0641 0x0dec TabletInputService - ok16:13:06.0655 0x0dec [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll16:13:06.0659 0x0dec TapiSrv - ok16:13:06.0687 0x0dec [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll16:13:06.0689 0x0dec TBS - ok16:13:06.0733 0x0dec [ DB74544B75566C974815E79A62433F29 ] Tcpip C:\Windows\system32\drivers\tcpip.sys16:13:06.0749 0x0dec Tcpip - ok16:13:06.0785 0x0dec [ DB74544B75566C974815E79A62433F29 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys16:13:06.0795 0x0dec TCPIP6 - ok16:13:06.0827 0x0dec [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys16:13:06.0828 0x0dec tcpipreg - ok16:13:06.0857 0x0dec [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys16:13:06.0858 0x0dec TDPIPE - ok16:13:06.0887 0x0dec [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys16:13:06.0888 0x0dec TDTCP - ok16:13:06.0921 0x0dec [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys16:13:06.0922 0x0dec tdx - ok16:13:06.0958 0x0dec [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys16:13:06.0959 0x0dec TermDD - ok16:13:07.0004 0x0dec [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll16:13:07.0010 0x0dec TermService - ok16:13:07.0066 0x0dec [ 48D9D00C2E0E72C3D4F52772C80355F6 ] TFsExDisk C:\Windows\System32\Drivers\TFsExDisk.sys16:13:07.0077 0x0dec TFsExDisk - ok16:13:07.0092 0x0dec [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll16:13:07.0094 0x0dec Themes - ok16:13:07.0119 0x0dec [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll16:13:07.0120 0x0dec THREADORDER - ok16:13:07.0131 0x0dec [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll16:13:07.0134 0x0dec TrkWks - ok16:13:07.0177 0x0dec [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe16:13:07.0179 0x0dec TrustedInstaller - ok16:13:07.0201 0x0dec [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys16:13:07.0211 0x0dec tssecsrv - ok16:13:07.0241 0x0dec [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys16:13:07.0242 0x0dec TsUsbFlt - ok16:13:07.0291 0x0dec [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys16:13:07.0292 0x0dec tunnel - ok16:13:07.0318 0x0dec [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys16:13:07.0319 0x0dec uagp35 - ok16:13:07.0353 0x0dec [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys16:13:07.0355 0x0dec udfs - ok16:13:07.0382 0x0dec [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe16:13:07.0384 0x0dec UI0Detect - ok16:13:07.0415 0x0dec [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys16:13:07.0416 0x0dec uliagpkx - ok16:13:07.0457 0x0dec [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys16:13:07.0458 0x0dec umbus - ok16:13:07.0484 0x0dec [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys16:13:07.0484 0x0dec UmPass - ok16:13:07.0500 0x0dec [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll16:13:07.0504 0x0dec upnphost - ok16:13:07.0526 0x0dec [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys16:13:07.0527 0x0dec USBAAPL64 - ok16:13:07.0549 0x0dec [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys16:13:07.0551 0x0dec usbaudio - ok16:13:07.0581 0x0dec [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys16:13:07.0582 0x0dec usbccgp - ok16:13:07.0608 0x0dec [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys16:13:07.0609 0x0dec usbcir - ok16:13:07.0626 0x0dec [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys16:13:07.0626 0x0dec usbehci - ok16:13:07.0666 0x0dec [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys16:13:07.0669 0x0dec usbhub - ok16:13:07.0681 0x0dec [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys16:13:07.0682 0x0dec usbohci - ok16:13:07.0701 0x0dec [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys16:13:07.0702 0x0dec usbprint - ok16:13:07.0738 0x0dec [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys16:13:07.0739 0x0dec usbscan - ok16:13:07.0766 0x0dec [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS16:13:07.0767 0x0dec USBSTOR - ok16:13:07.0777 0x0dec [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys16:13:07.0778 0x0dec usbuhci - ok16:13:07.0792 0x0dec [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys16:13:07.0794 0x0dec usbvideo - ok16:13:07.0816 0x0dec [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll16:13:07.0818 0x0dec UxSms - ok16:13:07.0824 0x0dec [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe16:13:07.0825 0x0dec VaultSvc - ok16:13:07.0847 0x0dec [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys16:13:07.0847 0x0dec vdrvroot - ok16:13:07.0883 0x0dec [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe16:13:07.0888 0x0dec vds - ok16:13:07.0900 0x0dec [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys16:13:07.0901 0x0dec vga - ok16:13:07.0912 0x0dec [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys16:13:07.0912 0x0dec VgaSave - ok16:13:07.0931 0x0dec [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys16:13:07.0933 0x0dec vhdmp - ok16:13:07.0953 0x0dec [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys16:13:07.0954 0x0dec viaide - ok16:13:07.0976 0x0dec [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys16:13:07.0977 0x0dec volmgr - ok16:13:08.0006 0x0dec [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys16:13:08.0009 0x0dec volmgrx - ok16:13:08.0020 0x0dec [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys16:13:08.0023 0x0dec volsnap - ok16:13:08.0048 0x0dec [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys16:13:08.0050 0x0dec vsmraid - ok16:13:08.0107 0x0dec [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe16:13:08.0122 0x0dec VSS - ok16:13:08.0134 0x0dec [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys16:13:08.0135 0x0dec vwifibus - ok16:13:08.0171 0x0dec [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll16:13:08.0176 0x0dec W32Time - ok16:13:08.0188 0x0dec [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys16:13:08.0189 0x0dec WacomPen - ok16:13:08.0214 0x0dec [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys16:13:08.0215 0x0dec WANARP - ok16:13:08.0219 0x0dec [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys16:13:08.0220 0x0dec Wanarpv6 - ok16:13:08.0278 0x0dec [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe16:13:08.0288 0x0dec WatAdminSvc - ok16:13:08.0320 0x0dec [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe16:13:08.0334 0x0dec wbengine - ok16:13:08.0358 0x0dec [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll16:13:08.0361 0x0dec WbioSrvc - ok16:13:08.0404 0x0dec [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll16:13:08.0407 0x0dec WcesComm - ok16:13:08.0441 0x0dec [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll16:13:08.0445 0x0dec wcncsvc - ok16:13:08.0460 0x0dec [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll16:13:08.0462 0x0dec WcsPlugInService - ok16:13:08.0483 0x0dec [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys16:13:08.0484 0x0dec Wd - ok16:13:08.0510 0x0dec [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys16:13:08.0511 0x0dec WDC_SAM - ok16:13:08.0557 0x0dec [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys16:13:08.0562 0x0dec Wdf01000 - ok16:13:08.0577 0x0dec [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll16:13:08.0580 0x0dec WdiServiceHost - ok16:13:08.0583 0x0dec [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll16:13:08.0585 0x0dec WdiSystemHost - ok16:13:08.0619 0x0dec [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll16:13:08.0623 0x0dec WebClient - ok16:13:08.0640 0x0dec [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll16:13:08.0644 0x0dec Wecsvc - ok16:13:08.0652 0x0dec [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll16:13:08.0655 0x0dec wercplsupport - ok16:13:08.0676 0x0dec [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll16:13:08.0678 0x0dec WerSvc - ok16:13:08.0701 0x0dec [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys16:13:08.0702 0x0dec WfpLwf - ok16:13:08.0735 0x0dec [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys16:13:08.0736 0x0dec WimFltr - ok16:13:08.0749 0x0dec [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys16:13:08.0749 0x0dec WIMMount - ok16:13:08.0780 0x0dec WinDefend - ok16:13:08.0785 0x0dec WinHttpAutoProxySvc - ok16:13:08.0834 0x0dec [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll16:13:08.0836 0x0dec Winmgmt - ok16:13:08.0884 0x0dec [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll16:13:08.0899 0x0dec WinRM - ok16:13:09.0015 0x0dec [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys16:13:09.0016 0x0dec WinUsb - ok16:13:09.0107 0x0dec [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll16:13:09.0115 0x0dec Wlansvc - ok16:13:09.0168 0x0dec [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe16:13:09.0169 0x0dec wlcrasvc - ok16:13:09.0263 0x0dec [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE16:13:09.0283 0x0dec wlidsvc - ok16:13:09.0325 0x0dec [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys16:13:09.0326 0x0dec WmiAcpi - ok16:13:09.0350 0x0dec [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe16:13:09.0352 0x0dec wmiApSrv - ok16:13:09.0368 0x0dec WMPNetworkSvc - ok16:13:09.0402 0x0dec [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll16:13:09.0404 0x0dec WPCSvc - ok16:13:09.0438 0x0dec [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll16:13:09.0441 0x0dec WPDBusEnum - ok16:13:09.0463 0x0dec [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys16:13:09.0464 0x0dec ws2ifsl - ok16:13:09.0515 0x0dec [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll16:13:09.0518 0x0dec wscsvc - ok16:13:09.0522 0x0dec WSearch - ok16:13:09.0603 0x0dec [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll16:13:09.0621 0x0dec wuauserv - ok16:13:09.0647 0x0dec [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys16:13:09.0647 0x0dec WudfPf - ok16:13:09.0657 0x0dec [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys16:13:09.0658 0x0dec WUDFRd - ok16:13:09.0687 0x0dec [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll16:13:09.0690 0x0dec wudfsvc - ok16:13:09.0718 0x0dec [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll16:13:09.0722 0x0dec WwanSvc - ok16:13:09.0762 0x0dec ‮etadpug ( Rootkit.Win32.PMax.gen ) - infected16:13:09.0762 0x0dec ‮etadpug - detected Rootkit.Win32.PMax.gen (0)16:13:09.0772 0x0dec ================ Scan global ===============================16:13:09.0790 0x0dec [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll16:13:09.0827 0x0dec [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll16:13:09.0834 0x0dec [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll16:13:09.0861 0x0dec [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll16:13:09.0879 0x0dec [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe16:13:09.0883 0x0dec [Global] - ok16:13:09.0883 0x0dec ================ Scan MBR ==================================16:13:09.0893 0x0dec [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR016:13:10.0128 0x0dec \Device\Harddisk0\DR0 - ok16:13:10.0128 0x0dec ================ Scan VBR ==================================16:13:10.0131 0x0dec [ 750523627AEC4E2098CA69ED4583ECC2 ] \Device\Harddisk0\DR0\Partition116:13:10.0133 0x0dec \Device\Harddisk0\DR0\Partition1 - ok16:13:10.0148 0x0dec [ 4526EEF41A657FEE9F9C0A80366C04AE ] \Device\Harddisk0\DR0\Partition216:13:10.0150 0x0dec \Device\Harddisk0\DR0\Partition2 - ok16:13:10.0150 0x0dec ============================================================16:13:10.0150 0x0dec Scan finished16:13:10.0150 0x0dec ============================================================16:13:10.0160 0x0478 Detected object count: 116:13:10.0160 0x0478 Actual detected object count: 116:14:50.0655 0x0478 ‮etadpug ( Rootkit.Win32.PMax.gen ) - skipped by user16:14:50.0655 0x0478 ‮etadpug ( Rootkit.Win32.PMax.gen ) - User select action: Skip 16:14:57.0237 0x0a34 Deinitialize success

And here is the SecurityCheck log - ============================= Results of screen317's Security Check version 0.99.72 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 6 Update 35 Java version out of Date! Adobe Flash Player 11.7.700.224 Adobe Reader 10.1.7 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````