Jump to content

Cannot remove Happili redirect - DDS.txt / Attach.txt


Recommended Posts

Here is my TDSSKiller log:

11:41:07.0126 11160 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43

11:41:07.0654 11160 ============================================================

11:41:07.0654 11160 Current date / time: 2012/04/26 11:41:07.0654

11:41:07.0654 11160 SystemInfo:

11:41:07.0655 11160

11:41:07.0655 11160 OS Version: 6.1.7601 ServicePack: 1.0

11:41:07.0655 11160 Product type: Workstation

11:41:07.0655 11160 ComputerName: DEV

11:41:07.0655 11160 UserName: Scottg

11:41:07.0655 11160 Windows directory: C:\Windows

11:41:07.0655 11160 System windows directory: C:\Windows

11:41:07.0655 11160 Running under WOW64

11:41:07.0655 11160 Processor architecture: Intel x64

11:41:07.0655 11160 Number of processors: 8

11:41:07.0655 11160 Page size: 0x1000

11:41:07.0655 11160 Boot type: Normal boot

11:41:07.0655 11160 ============================================================

11:41:08.0067 11160 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0300000 (931.50 Gb), SectorSize: 0x200, Cylinders: 0x1DAFF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

11:41:08.0072 11160 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

11:41:08.0094 11160 ============================================================

11:41:08.0094 11160 \Device\Harddisk0\DR0:

11:41:08.0094 11160 MBR partitions:

11:41:08.0094 11160 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x15C3000

11:41:08.0094 11160 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x15D7000, BlocksNum 0x7312A000

11:41:08.0094 11160 \Device\Harddisk1\DR1:

11:41:08.0094 11160 MBR partitions:

11:41:08.0094 11160 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A384C02

11:41:08.0094 11160 ============================================================

11:41:08.0125 11160 C: <-> \Device\Harddisk0\DR0\Partition1

11:41:08.0126 11160 E: <-> \Device\Harddisk1\DR1\Partition0

11:41:08.0126 11160 ============================================================

11:41:08.0126 11160 Initialize success

11:41:08.0126 11160 ============================================================

11:41:20.0233 10324 ============================================================

11:41:20.0233 10324 Scan started

11:41:20.0233 10324 Mode: Manual;

11:41:20.0233 10324 ============================================================

11:41:20.0795 10324 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

11:41:20.0797 10324 1394ohci - ok

11:41:20.0840 10324 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

11:41:20.0842 10324 ACPI - ok

11:41:20.0864 10324 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

11:41:20.0864 10324 AcpiPmi - ok

11:41:21.0002 10324 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

11:41:21.0003 10324 AdobeARMservice - ok

11:41:21.0129 10324 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

11:41:21.0130 10324 AdobeFlashPlayerUpdateSvc - ok

11:41:21.0165 10324 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

11:41:21.0167 10324 adp94xx - ok

11:41:21.0224 10324 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

11:41:21.0226 10324 adpahci - ok

11:41:21.0245 10324 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

11:41:21.0246 10324 adpu320 - ok

11:41:21.0277 10324 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

11:41:21.0278 10324 AeLookupSvc - ok

11:41:21.0343 10324 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

11:41:21.0345 10324 AFD - ok

11:41:21.0364 10324 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

11:41:21.0364 10324 agp440 - ok

11:41:21.0397 10324 aksdf (44f360b65c37a42eb5b71c2e5179fdd5) C:\Windows\system32\drivers\aksdf.sys

11:41:21.0397 10324 aksdf - ok

11:41:21.0420 10324 aksfridge (43415af4f20e9867974623840a22fe98) C:\Windows\system32\DRIVERS\aksfridge.sys

11:41:21.0421 10324 aksfridge - ok

11:41:21.0443 10324 akshasp (a56f1b0f967aef8a82d7771e6d166def) C:\Windows\system32\DRIVERS\akshasp.sys

11:41:21.0443 10324 akshasp - ok

11:41:21.0490 10324 akshhl (bc0ee7f8d0be561793b80871f4f10627) C:\Windows\system32\DRIVERS\akshhl.sys

11:41:21.0490 10324 akshhl - ok

11:41:21.0547 10324 aksusb (27f2e2c89a1855b063fcac21eb7d6a73) C:\Windows\system32\DRIVERS\aksusb.sys

11:41:21.0548 10324 aksusb - ok

11:41:21.0582 10324 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

11:41:21.0583 10324 ALG - ok

11:41:21.0595 10324 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

11:41:21.0603 10324 aliide - ok

11:41:21.0657 10324 AMD External Events Utility (f0e61cf2c0fda5b011cd1cb2e2353c9a) C:\Windows\system32\atiesrxx.exe

11:41:21.0659 10324 AMD External Events Utility - ok

11:41:21.0676 10324 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

11:41:21.0676 10324 amdide - ok

11:41:21.0720 10324 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

11:41:21.0721 10324 AmdK8 - ok

11:41:21.0887 10324 amdkmdag (cf3db4d8b2ce0b282ab39c9d846eca74) C:\Windows\system32\DRIVERS\atikmdag.sys

11:41:21.0969 10324 amdkmdag - ok

11:41:22.0012 10324 amdkmdap (7d07db26f6d3a16a6c8d34ce6c09fd01) C:\Windows\system32\DRIVERS\atikmpag.sys

11:41:22.0013 10324 amdkmdap - ok

11:41:22.0029 10324 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

11:41:22.0029 10324 AmdPPM - ok

11:41:22.0057 10324 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

11:41:22.0058 10324 amdsata - ok

11:41:22.0082 10324 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

11:41:22.0083 10324 amdsbs - ok

11:41:22.0108 10324 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

11:41:22.0108 10324 amdxata - ok

11:41:22.0188 10324 AppHostSvc (59d01fa91962c9c1e9b4022b2d3b46db) C:\Windows\system32\inetsrv\apphostsvc.dll

11:41:22.0189 10324 AppHostSvc - ok

11:41:22.0269 10324 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

11:41:22.0269 10324 AppID - ok

11:41:22.0294 10324 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

11:41:22.0295 10324 AppIDSvc - ok

11:41:22.0328 10324 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

11:41:22.0329 10324 Appinfo - ok

11:41:22.0375 10324 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll

11:41:22.0376 10324 AppMgmt - ok

11:41:22.0443 10324 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

11:41:22.0444 10324 arc - ok

11:41:22.0474 10324 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

11:41:22.0475 10324 arcsas - ok

11:41:22.0562 10324 aspnet_state (1838f16e9ce03b993fc500703b711dab) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe

11:41:22.0563 10324 aspnet_state - ok

11:41:22.0592 10324 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

11:41:22.0592 10324 AsyncMac - ok

11:41:22.0628 10324 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

11:41:22.0629 10324 atapi - ok

11:41:22.0663 10324 AtiHdmiService (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys

11:41:22.0663 10324 AtiHdmiService - ok

11:41:22.0707 10324 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

11:41:22.0710 10324 AudioEndpointBuilder - ok

11:41:22.0715 10324 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

11:41:22.0718 10324 AudioSrv - ok

11:41:22.0732 10324 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

11:41:22.0734 10324 AxInstSV - ok

11:41:22.0775 10324 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

11:41:22.0777 10324 b06bdrv - ok

11:41:22.0807 10324 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

11:41:22.0809 10324 b57nd60a - ok

11:41:22.0844 10324 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

11:41:22.0845 10324 BDESVC - ok

11:41:22.0860 10324 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

11:41:22.0860 10324 Beep - ok

11:41:22.0937 10324 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

11:41:22.0949 10324 BFE - ok

11:41:22.0992 10324 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll

11:41:22.0997 10324 BITS - ok

11:41:23.0022 10324 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

11:41:23.0022 10324 blbdrive - ok

11:41:23.0054 10324 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

11:41:23.0055 10324 bowser - ok

11:41:23.0075 10324 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

11:41:23.0076 10324 BrFiltLo - ok

11:41:23.0095 10324 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

11:41:23.0096 10324 BrFiltUp - ok

11:41:23.0121 10324 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

11:41:23.0121 10324 BridgeMP - ok

11:41:23.0157 10324 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

11:41:23.0158 10324 Browser - ok

11:41:23.0175 10324 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

11:41:23.0177 10324 Brserid - ok

11:41:23.0197 10324 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

11:41:23.0198 10324 BrSerWdm - ok

11:41:23.0211 10324 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

11:41:23.0212 10324 BrUsbMdm - ok

11:41:23.0227 10324 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

11:41:23.0227 10324 BrUsbSer - ok

11:41:23.0249 10324 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

11:41:23.0249 10324 BTHMODEM - ok

11:41:23.0268 10324 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

11:41:23.0269 10324 bthserv - ok

11:41:23.0290 10324 catchme - ok

11:41:23.0311 10324 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

11:41:23.0315 10324 cdfs - ok

11:41:23.0358 10324 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

11:41:23.0358 10324 cdrom - ok

11:41:23.0409 10324 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

11:41:23.0410 10324 CertPropSvc - ok

11:41:23.0447 10324 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

11:41:23.0447 10324 circlass - ok

11:41:23.0469 10324 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

11:41:23.0471 10324 CLFS - ok

11:41:23.0556 10324 CLKMSVC10_9EC60124 (fdff50af8a708a23b7de1d69c285a2ae) c:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe

11:41:23.0558 10324 CLKMSVC10_9EC60124 - ok

11:41:23.0617 10324 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

11:41:23.0618 10324 clr_optimization_v2.0.50727_32 - ok

11:41:23.0665 10324 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

11:41:23.0665 10324 clr_optimization_v2.0.50727_64 - ok

11:41:23.0760 10324 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

11:41:23.0762 10324 clr_optimization_v4.0.30319_32 - ok

11:41:23.0814 10324 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

11:41:23.0816 10324 clr_optimization_v4.0.30319_64 - ok

11:41:23.0839 10324 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

11:41:23.0840 10324 CmBatt - ok

11:41:23.0869 10324 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

11:41:23.0870 10324 cmdide - ok

11:41:23.0901 10324 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

11:41:23.0903 10324 CNG - ok

11:41:23.0939 10324 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

11:41:23.0939 10324 Compbatt - ok

11:41:23.0965 10324 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

11:41:23.0966 10324 CompositeBus - ok

11:41:23.0972 10324 COMSysApp - ok

11:41:23.0992 10324 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

11:41:23.0992 10324 crcdisk - ok

11:41:24.0031 10324 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

11:41:24.0032 10324 CryptSvc - ok

11:41:24.0068 10324 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

11:41:24.0083 10324 CSC - ok

11:41:24.0117 10324 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll

11:41:24.0120 10324 CscService - ok

11:41:24.0167 10324 dc3d (7f61fbe259c18666d8ddf862f13a5eb0) C:\Windows\system32\DRIVERS\dc3d.sys

11:41:24.0167 10324 dc3d - ok

11:41:24.0194 10324 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

11:41:24.0197 10324 DcomLaunch - ok

11:41:24.0217 10324 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

11:41:24.0219 10324 defragsvc - ok

11:41:24.0248 10324 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

11:41:24.0249 10324 DfsC - ok

11:41:24.0276 10324 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

11:41:24.0278 10324 Dhcp - ok

11:41:24.0290 10324 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

11:41:24.0290 10324 discache - ok

11:41:24.0297 10324 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

11:41:24.0297 10324 Disk - ok

11:41:24.0324 10324 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

11:41:24.0326 10324 Dnscache - ok

11:41:24.0437 10324 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe

11:41:24.0438 10324 DockLoginService - ok

11:41:24.0466 10324 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

11:41:24.0474 10324 dot3svc - ok

11:41:24.0509 10324 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

11:41:24.0510 10324 DPS - ok

11:41:24.0540 10324 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

11:41:24.0541 10324 drmkaud - ok

11:41:24.0571 10324 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

11:41:24.0579 10324 DXGKrnl - ok

11:41:24.0590 10324 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

11:41:24.0592 10324 EapHost - ok

11:41:24.0718 10324 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

11:41:24.0755 10324 ebdrv - ok

11:41:24.0797 10324 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

11:41:24.0798 10324 EFS - ok

11:41:24.0858 10324 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

11:41:24.0861 10324 ehRecvr - ok

11:41:24.0895 10324 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

11:41:24.0896 10324 ehSched - ok

11:41:24.0933 10324 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

11:41:24.0936 10324 elxstor - ok

11:41:24.0958 10324 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

11:41:24.0959 10324 ErrDev - ok

11:41:25.0022 10324 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

11:41:25.0024 10324 EventSystem - ok

11:41:25.0051 10324 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

11:41:25.0052 10324 exfat - ok

11:41:25.0074 10324 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

11:41:25.0075 10324 fastfat - ok

11:41:25.0125 10324 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

11:41:25.0128 10324 Fax - ok

11:41:25.0145 10324 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

11:41:25.0145 10324 fdc - ok

11:41:25.0160 10324 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

11:41:25.0160 10324 fdPHost - ok

11:41:25.0188 10324 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

11:41:25.0194 10324 FDResPub - ok

11:41:25.0213 10324 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

11:41:25.0214 10324 FileInfo - ok

11:41:25.0235 10324 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

11:41:25.0236 10324 Filetrace - ok

11:41:25.0323 10324 FLEXnet Licensing Service (8669be94f63944e4f899c3950b520241) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

11:41:25.0328 10324 FLEXnet Licensing Service - ok

11:41:25.0354 10324 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

11:41:25.0354 10324 flpydisk - ok

11:41:25.0396 10324 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

11:41:25.0397 10324 FltMgr - ok

11:41:25.0438 10324 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

11:41:25.0443 10324 FontCache - ok

11:41:25.0526 10324 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

11:41:25.0526 10324 FontCache3.0.0.0 - ok

11:41:25.0550 10324 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

11:41:25.0551 10324 FsDepends - ok

11:41:25.0600 10324 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

11:41:25.0601 10324 Fs_Rec - ok

11:41:25.0683 10324 ftpsvc (79179c6f8a3784cc3a20cde998d5bd2c) C:\Windows\system32\inetsrv\ftpsvc.dll

11:41:25.0685 10324 ftpsvc - ok

11:41:25.0727 10324 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

11:41:25.0728 10324 fvevol - ok

11:41:25.0748 10324 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

11:41:25.0749 10324 gagp30kx - ok

11:41:25.0837 10324 GoToAssist (8f6ae606eb0cc884ee12c41948424422) C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe

11:41:25.0838 10324 GoToAssist - ok

11:41:25.0877 10324 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

11:41:25.0882 10324 gpsvc - ok

11:41:25.0935 10324 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

11:41:25.0936 10324 gupdate - ok

11:41:25.0950 10324 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

11:41:25.0951 10324 gupdatem - ok

11:41:25.0980 10324 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

11:41:25.0981 10324 gusvc - ok

11:41:26.0022 10324 Hardlock (d619ba1712b83d14149850e758b835ad) C:\Windows\system32\drivers\hardlock.sys

11:41:26.0024 10324 Hardlock - ok

11:41:26.0026 10324 hasplms - ok

11:41:26.0051 10324 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

11:41:26.0052 10324 hcw85cir - ok

11:41:26.0090 10324 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

11:41:26.0091 10324 HDAudBus - ok

11:41:26.0137 10324 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

11:41:26.0137 10324 HidBatt - ok

11:41:26.0151 10324 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

11:41:26.0152 10324 HidBth - ok

11:41:26.0169 10324 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

11:41:26.0169 10324 HidIr - ok

11:41:26.0198 10324 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

11:41:26.0199 10324 hidserv - ok

11:41:26.0224 10324 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

11:41:26.0224 10324 HidUsb - ok

11:41:26.0278 10324 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

11:41:26.0280 10324 hkmsvc - ok

11:41:26.0321 10324 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

11:41:26.0323 10324 HomeGroupListener - ok

11:41:26.0341 10324 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

11:41:26.0342 10324 HomeGroupProvider - ok

11:41:26.0366 10324 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

11:41:26.0367 10324 HpSAMD - ok

11:41:26.0415 10324 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

11:41:26.0419 10324 HTTP - ok

11:41:26.0450 10324 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

11:41:26.0451 10324 hwpolicy - ok

11:41:26.0506 10324 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

11:41:26.0507 10324 i8042prt - ok

11:41:26.0536 10324 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys

11:41:26.0538 10324 iaStor - ok

11:41:26.0588 10324 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

11:41:26.0588 10324 IAStorDataMgrSvc - ok

11:41:26.0626 10324 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

11:41:26.0628 10324 iaStorV - ok

11:41:26.0669 10324 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

11:41:26.0673 10324 idsvc - ok

11:41:26.0704 10324 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

11:41:26.0705 10324 iirsp - ok

11:41:26.0743 10324 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

11:41:26.0748 10324 IKEEXT - ok

11:41:26.0848 10324 IntcAzAudAddService (a0eab13a78cc5fb960ec76e3d6408da3) C:\Windows\system32\drivers\RTKVHD64.sys

11:41:26.0859 10324 IntcAzAudAddService - ok

11:41:26.0919 10324 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

11:41:26.0920 10324 intelide - ok

11:41:26.0934 10324 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

11:41:26.0935 10324 intelppm - ok

11:41:26.0974 10324 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

11:41:26.0976 10324 IPBusEnum - ok

11:41:27.0010 10324 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

11:41:27.0011 10324 IpFilterDriver - ok

11:41:27.0044 10324 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

11:41:27.0047 10324 iphlpsvc - ok

11:41:27.0078 10324 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

11:41:27.0084 10324 IPMIDRV - ok

11:41:27.0116 10324 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

11:41:27.0117 10324 IPNAT - ok

11:41:27.0133 10324 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

11:41:27.0141 10324 IRENUM - ok

11:41:27.0189 10324 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

11:41:27.0189 10324 isapnp - ok

11:41:27.0214 10324 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

11:41:27.0215 10324 iScsiPrt - ok

11:41:27.0243 10324 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

11:41:27.0244 10324 kbdclass - ok

11:41:27.0275 10324 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

11:41:27.0275 10324 kbdhid - ok

11:41:27.0309 10324 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:41:27.0310 10324 KeyIso - ok

11:41:27.0318 10324 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

11:41:27.0319 10324 KSecDD - ok

11:41:27.0340 10324 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

11:41:27.0341 10324 KSecPkg - ok

11:41:27.0357 10324 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

11:41:27.0358 10324 ksthunk - ok

11:41:27.0384 10324 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

11:41:27.0418 10324 KtmRm - ok

11:41:27.0456 10324 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

11:41:27.0458 10324 LanmanServer - ok

11:41:27.0495 10324 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

11:41:27.0497 10324 LanmanWorkstation - ok

11:41:27.0524 10324 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

11:41:27.0525 10324 lltdio - ok

11:41:27.0555 10324 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

11:41:27.0557 10324 lltdsvc - ok

11:41:27.0577 10324 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

11:41:27.0578 10324 lmhosts - ok

11:41:27.0603 10324 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

11:41:27.0604 10324 LSI_FC - ok

11:41:27.0626 10324 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

11:41:27.0627 10324 LSI_SAS - ok

11:41:27.0647 10324 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

11:41:27.0649 10324 LSI_SAS2 - ok

11:41:27.0705 10324 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

11:41:27.0705 10324 LSI_SCSI - ok

11:41:27.0722 10324 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

11:41:27.0722 10324 luafv - ok

11:41:27.0779 10324 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

11:41:27.0779 10324 MBAMProtector - ok

11:41:27.0853 10324 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

11:41:27.0857 10324 MBAMService - ok

11:41:27.0886 10324 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

11:41:27.0887 10324 Mcx2Svc - ok

11:41:27.0906 10324 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

11:41:27.0907 10324 megasas - ok

11:41:27.0941 10324 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

11:41:27.0943 10324 MegaSR - ok

11:41:27.0965 10324 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

11:41:27.0966 10324 MMCSS - ok

11:41:27.0984 10324 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

11:41:27.0984 10324 Modem - ok

11:41:28.0024 10324 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

11:41:28.0024 10324 monitor - ok

11:41:28.0056 10324 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

11:41:28.0056 10324 mouclass - ok

11:41:28.0077 10324 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

11:41:28.0077 10324 mouhid - ok

11:41:28.0107 10324 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

11:41:28.0108 10324 mountmgr - ok

11:41:28.0119 10324 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

11:41:28.0120 10324 mpio - ok

11:41:28.0124 10324 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

11:41:28.0124 10324 mpsdrv - ok

11:41:28.0173 10324 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

11:41:28.0177 10324 MpsSvc - ok

11:41:28.0199 10324 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

11:41:28.0200 10324 MRxDAV - ok

11:41:28.0232 10324 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

11:41:28.0233 10324 mrxsmb - ok

11:41:28.0275 10324 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

11:41:28.0277 10324 mrxsmb10 - ok

11:41:28.0291 10324 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

11:41:28.0291 10324 mrxsmb20 - ok

11:41:28.0314 10324 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

11:41:28.0315 10324 msahci - ok

11:41:28.0336 10324 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

11:41:28.0337 10324 msdsm - ok

11:41:28.0362 10324 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

11:41:28.0363 10324 MSDTC - ok

11:41:28.0478 10324 MsDtsServer (00eb6a7fdebfdd30dc348f7e5bf3a2e3) C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe

11:41:28.0480 10324 MsDtsServer - ok

11:41:28.0515 10324 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

11:41:28.0515 10324 Msfs - ok

11:41:28.0621 10324 msftesql (27dcd5f3cf89655556c5f89717d24d65) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe

11:41:28.0622 10324 msftesql - ok

11:41:28.0644 10324 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

11:41:28.0645 10324 mshidkmdf - ok

11:41:28.0674 10324 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

11:41:28.0675 10324 msisadrv - ok

11:41:28.0710 10324 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

11:41:28.0712 10324 MSiSCSI - ok

11:41:28.0713 10324 msiserver - ok

11:41:28.0742 10324 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

11:41:28.0743 10324 MSKSSRV - ok

11:41:28.0746 10324 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

11:41:28.0758 10324 MSPCLOCK - ok

11:41:28.0761 10324 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

11:41:28.0762 10324 MSPQM - ok

11:41:28.0795 10324 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

11:41:28.0796 10324 MsRPC - ok

11:41:28.0832 10324 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

11:41:28.0832 10324 mssmbios - ok

11:41:28.0842 10324 MSSQLSERVER - ok

11:41:28.0887 10324 MSSQLServerADHelper (af07844e1016c959ff54303b12f92993) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe

11:41:28.0888 10324 MSSQLServerADHelper - ok

11:41:28.0902 10324 MSSQLServerOLAPService - ok

11:41:28.0905 10324 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

11:41:28.0906 10324 MSTEE - ok

11:41:28.0925 10324 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

11:41:28.0926 10324 MTConfig - ok

11:41:28.0945 10324 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

11:41:28.0945 10324 Mup - ok

11:41:28.0984 10324 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

11:41:28.0987 10324 napagent - ok

11:41:29.0010 10324 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

11:41:29.0012 10324 NativeWifiP - ok

11:41:29.0089 10324 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

11:41:29.0094 10324 NDIS - ok

11:41:29.0128 10324 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

11:41:29.0128 10324 NdisCap - ok

11:41:29.0147 10324 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

11:41:29.0147 10324 NdisTapi - ok

11:41:29.0170 10324 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

11:41:29.0184 10324 Ndisuio - ok

11:41:29.0223 10324 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

11:41:29.0224 10324 NdisWan - ok

11:41:29.0245 10324 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

11:41:29.0246 10324 NDProxy - ok

11:41:29.0283 10324 Net Driver HPZ12 (b6cba9a0403e2c1a9ea03c33a4932e89) C:\Windows\system32\HPZinw12.dll

11:41:29.0284 10324 Net Driver HPZ12 - ok

11:41:29.0299 10324 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

11:41:29.0300 10324 NetBIOS - ok

11:41:29.0327 10324 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

11:41:29.0328 10324 NetBT - ok

11:41:29.0331 10324 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:41:29.0331 10324 Netlogon - ok

11:41:29.0368 10324 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

11:41:29.0371 10324 Netman - ok

11:41:29.0386 10324 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

11:41:29.0389 10324 netprofm - ok

11:41:29.0455 10324 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

11:41:29.0456 10324 NetTcpPortSharing - ok

11:41:29.0476 10324 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

11:41:29.0477 10324 nfrd960 - ok

11:41:29.0530 10324 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

11:41:29.0532 10324 NlaSvc - ok

11:41:29.0546 10324 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

11:41:29.0546 10324 Npfs - ok

11:41:29.0563 10324 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

11:41:29.0564 10324 nsi - ok

11:41:29.0587 10324 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

11:41:29.0587 10324 nsiproxy - ok

11:41:29.0655 10324 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

11:41:29.0664 10324 Ntfs - ok

11:41:29.0773 10324 NuidFltr (317020d31f1696334679b9d0416eb62e) C:\Windows\system32\DRIVERS\NuidFltr.sys

11:41:29.0774 10324 NuidFltr - ok

11:41:29.0790 10324 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

11:41:29.0791 10324 Null - ok

11:41:29.0827 10324 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

11:41:29.0829 10324 nvraid - ok

11:41:29.0864 10324 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

11:41:29.0866 10324 nvstor - ok

11:41:29.0886 10324 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

11:41:29.0887 10324 nv_agp - ok

11:41:29.0912 10324 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

11:41:29.0925 10324 ohci1394 - ok

11:41:29.0994 10324 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

11:41:29.0995 10324 ose - ok

11:41:30.0017 10324 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

11:41:30.0020 10324 p2pimsvc - ok

11:41:30.0059 10324 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

11:41:30.0062 10324 p2psvc - ok

11:41:30.0093 10324 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

11:41:30.0094 10324 Parport - ok

11:41:30.0109 10324 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

11:41:30.0109 10324 partmgr - ok

11:41:30.0155 10324 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

11:41:30.0157 10324 PcaSvc - ok

11:41:30.0232 10324 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms

11:41:30.0233 10324 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok

11:41:30.0248 10324 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

11:41:30.0249 10324 pci - ok

11:41:30.0291 10324 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

11:41:30.0292 10324 pciide - ok

11:41:30.0316 10324 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

11:41:30.0325 10324 pcmcia - ok

11:41:30.0350 10324 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

11:41:30.0351 10324 pcw - ok

11:41:30.0382 10324 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

11:41:30.0385 10324 PEAUTH - ok

11:41:30.0433 10324 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll

11:41:30.0440 10324 PeerDistSvc - ok

11:41:30.0511 10324 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

11:41:30.0511 10324 PerfHost - ok

11:41:30.0565 10324 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

11:41:30.0577 10324 pla - ok

11:41:30.0623 10324 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

11:41:30.0626 10324 PlugPlay - ok

11:41:30.0669 10324 Pml Driver HPZ12 (35ccb20b0d730b7764d049463e4b2ac5) C:\Windows\system32\HPZipm12.dll

11:41:30.0669 10324 Pml Driver HPZ12 - ok

11:41:30.0693 10324 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

11:41:30.0694 10324 PNRPAutoReg - ok

11:41:30.0704 10324 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

11:41:30.0706 10324 PNRPsvc - ok

11:41:30.0761 10324 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys

11:41:30.0762 10324 Point64 - ok

11:41:30.0899 10324 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

11:41:30.0902 10324 PolicyAgent - ok

11:41:30.0929 10324 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

11:41:30.0931 10324 Power - ok

11:41:30.0965 10324 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

11:41:30.0966 10324 PptpMiniport - ok

11:41:30.0984 10324 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

11:41:30.0985 10324 Processor - ok

11:41:31.0021 10324 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

11:41:31.0025 10324 ProfSvc - ok

11:41:31.0026 10324 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:41:31.0027 10324 ProtectedStorage - ok

11:41:31.0089 10324 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

11:41:31.0090 10324 Psched - ok

11:41:31.0124 10324 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys

11:41:31.0125 10324 PxHlpa64 - ok

11:41:31.0169 10324 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

11:41:31.0185 10324 ql2300 - ok

11:41:31.0217 10324 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

11:41:31.0218 10324 ql40xx - ok

11:41:31.0264 10324 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

11:41:31.0266 10324 QWAVE - ok

11:41:31.0286 10324 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

11:41:31.0286 10324 QWAVEdrv - ok

11:41:31.0302 10324 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

11:41:31.0303 10324 RasAcd - ok

11:41:31.0330 10324 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

11:41:31.0331 10324 RasAgileVpn - ok

11:41:31.0341 10324 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

11:41:31.0343 10324 RasAuto - ok

11:41:31.0350 10324 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

11:41:31.0351 10324 Rasl2tp - ok

11:41:31.0386 10324 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

11:41:31.0388 10324 RasMan - ok

11:41:31.0411 10324 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

11:41:31.0412 10324 RasPppoe - ok

11:41:31.0419 10324 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

11:41:31.0420 10324 RasSstp - ok

11:41:31.0443 10324 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

11:41:31.0444 10324 rdbss - ok

11:41:31.0458 10324 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

11:41:31.0458 10324 rdpbus - ok

11:41:31.0479 10324 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

11:41:31.0479 10324 RDPCDD - ok

11:41:31.0514 10324 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

11:41:31.0515 10324 RDPDR - ok

11:41:31.0548 10324 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

11:41:31.0548 10324 RDPENCDD - ok

11:41:31.0552 10324 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

11:41:31.0553 10324 RDPREFMP - ok

11:41:31.0582 10324 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

11:41:31.0583 10324 RDPWD - ok

11:41:31.0614 10324 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

11:41:31.0615 10324 rdyboost - ok

11:41:31.0644 10324 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

11:41:31.0650 10324 RemoteAccess - ok

11:41:31.0670 10324 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

11:41:31.0672 10324 RemoteRegistry - ok

11:41:31.0740 10324 RichVideo64 (0b169fe016039571ecc6db70073f8979) C:\Program Files\CyberLink\Shared files\RichVideo64.exe

11:41:31.0742 10324 RichVideo64 - ok

11:41:31.0851 10324 RoxMediaDB10 (05fc44d32a144925eae45570029fd6e1) c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

11:41:31.0855 10324 RoxMediaDB10 - ok

11:41:31.0874 10324 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

11:41:31.0875 10324 RpcEptMapper - ok

11:41:31.0907 10324 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

11:41:31.0908 10324 RpcLocator - ok

11:41:31.0985 10324 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

11:41:31.0988 10324 RpcSs - ok

11:41:32.0024 10324 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

11:41:32.0024 10324 rspndr - ok

11:41:32.0061 10324 RSUSBSTOR (5aab4808e8ccae8c2ecda5b791260616) C:\Windows\system32\Drivers\RtsUStor.sys

11:41:32.0062 10324 RSUSBSTOR - ok

11:41:32.0102 10324 RTL8167 (777fc2c418465404e3d8a290dc247d24) C:\Windows\system32\DRIVERS\Rt64win7.sys

11:41:32.0104 10324 RTL8167 - ok

11:41:32.0106 10324 RxFilter - ok

11:41:32.0135 10324 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

11:41:32.0136 10324 s3cap - ok

11:41:32.0138 10324 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:41:32.0139 10324 SamSs - ok

11:41:32.0161 10324 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

11:41:32.0161 10324 sbp2port - ok

11:41:32.0188 10324 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

11:41:32.0190 10324 SCardSvr - ok

11:41:32.0222 10324 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

11:41:32.0223 10324 scfilter - ok

11:41:32.0283 10324 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

11:41:32.0297 10324 Schedule - ok

11:41:32.0335 10324 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

11:41:32.0336 10324 SCPolicySvc - ok

11:41:32.0362 10324 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

11:41:32.0363 10324 SDRSVC - ok

11:41:32.0382 10324 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

11:41:32.0383 10324 secdrv - ok

11:41:32.0410 10324 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

11:41:32.0411 10324 seclogon - ok

11:41:32.0432 10324 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll

11:41:32.0433 10324 SENS - ok

11:41:32.0449 10324 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

11:41:32.0450 10324 SensrSvc - ok

11:41:32.0479 10324 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

11:41:32.0479 10324 Serenum - ok

11:41:32.0520 10324 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

11:41:32.0521 10324 Serial - ok

11:41:32.0558 10324 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

11:41:32.0559 10324 sermouse - ok

11:41:32.0599 10324 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

11:41:32.0600 10324 SessionEnv - ok

11:41:32.0634 10324 SessionLauncher - ok

11:41:32.0651 10324 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

11:41:32.0659 10324 sffdisk - ok

11:41:32.0676 10324 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

11:41:32.0677 10324 sffp_mmc - ok

11:41:32.0694 10324 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

11:41:32.0694 10324 sffp_sd - ok

11:41:32.0713 10324 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

11:41:32.0714 10324 sfloppy - ok

11:41:32.0820 10324 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

11:41:32.0828 10324 SftService - ok

11:41:32.0863 10324 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

11:41:32.0865 10324 SharedAccess - ok

11:41:32.0890 10324 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

11:41:32.0893 10324 ShellHWDetection - ok

11:41:32.0911 10324 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

11:41:32.0911 10324 SiSRaid2 - ok

11:41:32.0930 10324 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

11:41:32.0931 10324 SiSRaid4 - ok

11:41:32.0949 10324 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

11:41:32.0950 10324 Smb - ok

11:41:32.0989 10324 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

11:41:32.0996 10324 SNMPTRAP - ok

11:41:33.0013 10324 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

11:41:33.0013 10324 spldr - ok

11:41:33.0079 10324 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

11:41:33.0082 10324 Spooler - ok

11:41:33.0210 10324 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

11:41:33.0254 10324 sppsvc - ok

11:41:33.0273 10324 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

11:41:33.0275 10324 sppuinotify - ok

11:41:33.0358 10324 SQLBrowser (b2ec3e1deac5f0a764bd3486d213a0af) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

11:41:33.0359 10324 SQLBrowser - ok

11:41:33.0485 10324 SQLSERVERAGENT (00b0e9f0ffd98b829345dff292650470) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE

11:41:33.0487 10324 SQLSERVERAGENT - ok

11:41:33.0563 10324 SQLWriter (d63fc56c7c3f9b576bc25f617e3f7963) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

11:41:33.0563 10324 SQLWriter - ok

11:41:33.0606 10324 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

11:41:33.0608 10324 srv - ok

11:41:33.0652 10324 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

11:41:33.0654 10324 srv2 - ok

11:41:33.0674 10324 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

11:41:33.0675 10324 srvnet - ok

11:41:33.0726 10324 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

11:41:33.0728 10324 SSDPSRV - ok

11:41:33.0753 10324 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

11:41:33.0754 10324 SstpSvc - ok

11:41:33.0777 10324 Steam Client Service - ok

11:41:33.0803 10324 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

11:41:33.0803 10324 stexstor - ok

11:41:33.0842 10324 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys

11:41:33.0843 10324 StillCam - ok

11:41:33.0888 10324 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

11:41:33.0892 10324 stisvc - ok

11:41:33.0924 10324 stllssvr (ff5eb78af7dfb68c2fb363537aaf753e) c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

11:41:33.0924 10324 stllssvr - ok

11:41:33.0957 10324 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys

11:41:33.0957 10324 storflt - ok

11:41:33.0979 10324 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll

11:41:33.0980 10324 StorSvc - ok

11:41:33.0990 10324 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

11:41:33.0997 10324 storvsc - ok

11:41:34.0021 10324 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

11:41:34.0022 10324 swenum - ok

11:41:34.0054 10324 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

11:41:34.0058 10324 swprv - ok

11:41:34.0164 10324 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

11:41:34.0174 10324 SysMain - ok

11:41:34.0193 10324 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

11:41:34.0195 10324 TabletInputService - ok

11:41:34.0225 10324 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

11:41:34.0237 10324 TapiSrv - ok

11:41:34.0258 10324 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

11:41:34.0260 10324 TBS - ok

11:41:34.0325 10324 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

11:41:34.0334 10324 Tcpip - ok

11:41:34.0395 10324 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

11:41:34.0402 10324 TCPIP6 - ok

11:41:34.0437 10324 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

11:41:34.0438 10324 tcpipreg - ok

11:41:34.0458 10324 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

11:41:34.0459 10324 TDPIPE - ok

11:41:34.0492 10324 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

11:41:34.0492 10324 TDTCP - ok

11:41:34.0502 10324 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

11:41:34.0510 10324 tdx - ok

11:41:34.0524 10324 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

11:41:34.0525 10324 TermDD - ok

11:41:34.0561 10324 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

11:41:34.0565 10324 TermService - ok

11:41:34.0586 10324 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

11:41:34.0587 10324 Themes - ok

11:41:34.0613 10324 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

11:41:34.0614 10324 THREADORDER - ok

11:41:34.0652 10324 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

11:41:34.0654 10324 TrkWks - ok

11:41:34.0694 10324 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

11:41:34.0695 10324 TrustedInstaller - ok

11:41:34.0728 10324 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

11:41:34.0729 10324 tssecsrv - ok

11:41:34.0780 10324 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

11:41:34.0781 10324 TsUsbFlt - ok

11:41:34.0822 10324 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

11:41:34.0823 10324 tunnel - ok

11:41:34.0849 10324 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

11:41:34.0850 10324 uagp35 - ok

11:41:34.0880 10324 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

11:41:34.0882 10324 udfs - ok

11:41:34.0918 10324 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

11:41:34.0919 10324 UI0Detect - ok

11:41:34.0949 10324 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

11:41:34.0950 10324 uliagpkx - ok

11:41:34.0976 10324 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

11:41:34.0977 10324 umbus - ok

11:41:35.0009 10324 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

11:41:35.0010 10324 UmPass - ok

11:41:35.0034 10324 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll

11:41:35.0036 10324 UmRdpService - ok

11:41:35.0061 10324 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

11:41:35.0064 10324 upnphost - ok

11:41:35.0093 10324 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

11:41:35.0093 10324 usbccgp - ok

11:41:35.0116 10324 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

11:41:35.0117 10324 usbcir - ok

11:41:35.0147 10324 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

11:41:35.0147 10324 usbehci - ok

11:41:35.0184 10324 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

11:41:35.0186 10324 usbhub - ok

11:41:35.0206 10324 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

11:41:35.0206 10324 usbohci - ok

11:41:35.0230 10324 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

11:41:35.0231 10324 usbprint - ok

11:41:35.0262 10324 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

11:41:35.0263 10324 USBSTOR - ok

11:41:35.0292 10324 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys

11:41:35.0293 10324 usbuhci - ok

11:41:35.0303 10324 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

11:41:35.0325 10324 UxSms - ok

11:41:35.0350 10324 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:41:35.0351 10324 VaultSvc - ok

11:41:35.0370 10324 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

11:41:35.0371 10324 vdrvroot - ok

11:41:35.0401 10324 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

11:41:35.0405 10324 vds - ok

11:41:35.0426 10324 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

11:41:35.0427 10324 vga - ok

11:41:35.0430 10324 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

11:41:35.0431 10324 VgaSave - ok

11:41:35.0457 10324 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

11:41:35.0458 10324 vhdmp - ok

11:41:35.0498 10324 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

11:41:35.0499 10324 viaide - ok

11:41:35.0524 10324 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys

11:41:35.0525 10324 vmbus - ok

11:41:35.0545 10324 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

11:41:35.0546 10324 VMBusHID - ok

11:41:35.0571 10324 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

11:41:35.0571 10324 volmgr - ok

11:41:35.0604 10324 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

11:41:35.0606 10324 volmgrx - ok

11:41:35.0618 10324 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

11:41:35.0620 10324 volsnap - ok

11:41:35.0665 10324 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

11:41:35.0666 10324 vsmraid - ok

11:41:35.0737 10324 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

11:41:35.0745 10324 VSS - ok

11:41:35.0766 10324 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

11:41:35.0766 10324 vwifibus - ok

11:41:35.0791 10324 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

11:41:35.0794 10324 W32Time - ok

11:41:35.0844 10324 W3SVC (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll

11:41:35.0846 10324 W3SVC - ok

11:41:35.0871 10324 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

11:41:35.0881 10324 WacomPen - ok

11:41:35.0902 10324 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

11:41:35.0907 10324 WANARP - ok

11:41:35.0908 10324 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

11:41:35.0909 10324 Wanarpv6 - ok

11:41:35.0927 10324 WAS (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll

11:41:35.0928 10324 WAS - ok

11:41:36.0013 10324 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

11:41:36.0019 10324 WatAdminSvc - ok

11:41:36.0074 10324 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

11:41:36.0081 10324 wbengine - ok

11:41:36.0112 10324 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

11:41:36.0114 10324 WbioSrvc - ok

11:41:36.0146 10324 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

11:41:36.0149 10324 wcncsvc - ok

11:41:36.0167 10324 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

11:41:36.0168 10324 WcsPlugInService - ok

11:41:36.0189 10324 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

11:41:36.0190 10324 Wd - ok

11:41:36.0219 10324 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

11:41:36.0222 10324 Wdf01000 - ok

11:41:36.0235 10324 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

11:41:36.0237 10324 WdiServiceHost - ok

11:41:36.0238 10324 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

11:41:36.0240 10324 WdiSystemHost - ok

11:41:36.0261 10324 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

11:41:36.0263 10324 WebClient - ok

11:41:36.0277 10324 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

11:41:36.0283 10324 Wecsvc - ok

11:41:36.0301 10324 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

11:41:36.0302 10324 wercplsupport - ok

11:41:36.0324 10324 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

11:41:36.0325 10324 WerSvc - ok

11:41:36.0364 10324 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

11:41:36.0364 10324 WfpLwf - ok

11:41:36.0415 10324 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys

11:41:36.0417 10324 WimFltr - ok

11:41:36.0433 10324 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

11:41:36.0443 10324 WIMMount - ok

11:41:36.0455 10324 WinDefend - ok

11:41:36.0459 10324 WinHttpAutoProxySvc - ok

11:41:36.0521 10324 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

11:41:36.0522 10324 Winmgmt - ok

11:41:36.0606 10324 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

11:41:36.0615 10324 WinRM - ok

11:41:36.0654 10324 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

11:41:36.0655 10324 WinUsb - ok

11:41:36.0695 10324 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

11:41:36.0700 10324 Wlansvc - ok

11:41:36.0823 10324 wlidsvc (98f138897ef4246381d197cb81846d62) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

11:41:36.0833 10324 wlidsvc - ok

11:41:36.0857 10324 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

11:41:36.0865 10324 WmiAcpi - ok

11:41:36.0882 10324 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

11:41:36.0898 10324 wmiApSrv - ok

11:41:36.0900 10324 WMPNetworkSvc - ok

11:41:36.0934 10324 WMSVC (b5bd872122a2ce82d196abf2d5d8d80a) C:\Windows\system32\inetsrv\wmsvc.exe

11:41:36.0935 10324 WMSVC - ok

11:41:36.0972 10324 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

11:41:36.0973 10324 WPCSvc - ok

11:41:37.0010 10324 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

11:41:37.0012 10324 WPDBusEnum - ok

11:41:37.0040 10324 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

11:41:37.0040 10324 ws2ifsl - ok

11:41:37.0073 10324 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll

11:41:37.0074 10324 wscsvc - ok

11:41:37.0076 10324 WSearch - ok

11:41:37.0184 10324 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

11:41:37.0195 10324 wuauserv - ok

11:41:37.0228 10324 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

11:41:37.0229 10324 WudfPf - ok

11:41:37.0260 10324 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

11:41:37.0262 10324 WUDFRd - ok

11:41:37.0284 10324 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

11:41:37.0285 10324 wudfsvc - ok

11:41:37.0304 10324 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

11:41:37.0307 10324 WwanSvc - ok

11:41:37.0327 10324 MBR (0x1B8) (faf3db026c90f586e5993588661e2612) \Device\Harddisk0\DR0

11:41:37.0352 10324 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

11:41:37.0352 10324 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

11:41:37.0382 10324 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

11:41:37.0387 10324 \Device\Harddisk1\DR1 - ok

11:41:37.0401 10324 Boot (0x1200) (f3bae82eca5dd01b891d889120f9108d) \Device\Harddisk0\DR0\Partition0

11:41:37.0410 10324 \Device\Harddisk0\DR0\Partition0 - ok

11:41:37.0429 10324 Boot (0x1200) (4e06d1d7f5ff07592a2270da4b4ae24a) \Device\Harddisk0\DR0\Partition1

11:41:37.0438 10324 \Device\Harddisk0\DR0\Partition1 - ok

11:41:37.0441 10324 Boot (0x1200) (8cc0880b263558aabf413ae4214513c0) \Device\Harddisk1\DR1\Partition0

11:41:37.0442 10324 \Device\Harddisk1\DR1\Partition0 - ok

11:41:37.0442 10324 ============================================================

11:41:37.0442 10324 Scan finished

11:41:37.0442 10324 ============================================================

11:41:37.0450 10804 Detected object count: 1

11:41:37.0450 10804 Actual detected object count: 1

11:41:46.0511 10804 \Device\Harddisk0\DR0\# - copied to quarantine

11:41:46.0511 10804 \Device\Harddisk0\DR0 - copied to quarantine

11:41:46.0518 10804 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

11:41:46.0519 10804 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

11:41:46.0520 10804 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

11:41:46.0521 10804 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

11:41:46.0524 10804 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

11:41:46.0526 10804 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

11:41:46.0526 10804 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

11:41:46.0527 10804 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

11:41:46.0527 10804 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

11:41:46.0528 10804 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

11:41:46.0528 10804 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

11:41:46.0529 10804 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

11:41:46.0537 10804 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

11:41:46.0537 10804 \Device\Harddisk0\DR0 - ok

11:41:46.0550 10804 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

11:42:00.0000 10596 Deinitialize success

Link to post
Share on other sites

Here is my ComboFix log:

ComboFix 12-04-25.02 - Scottg 04/26/2012 11:52:55.2.8 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12279.9763 [GMT -5:00]

Running from: c:\temp\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\aebbbeaaffdecbdct.exe

c:\programdata\XkFcjVGVgWJhiQK.exe

c:\windows\svchost.exe

T:\Autorun.inf

U:\Autorun.inf

.

.

((((((((((((((((((((((((( Files Created from 2012-03-26 to 2012-04-26 )))))))))))))))))))))))))))))))

.

.

2012-04-26 17:04 . 2012-04-26 17:04 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp

2012-04-26 17:04 . 2012-04-26 17:04 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-26 17:04 . 2012-04-26 17:04 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp

2012-04-25 18:23 . 2012-04-25 23:26 -------- d-----w- c:\programdata\Norton

2012-04-25 18:23 . 2012-04-25 20:34 -------- d--h--w- c:\users\Scottg\AppData\Local\NPE

2012-04-24 16:55 . 2012-04-24 16:55 -------- d-----we c:\windows\system64

2012-04-19 17:54 . 2012-04-19 17:54 -------- d--h--w- c:\users\Scottg\AppData\Roaming\Windows Live Writer

2012-04-19 17:54 . 2012-04-19 17:54 -------- d--h--w- c:\users\Scottg\AppData\Local\Windows Live Writer

2012-04-19 09:26 . 2012-04-25 00:30 -------- d-----w- C:\OpenSSL-Win32

2012-04-18 22:20 . 2012-04-25 23:26 -------- d-----w- c:\program files (x86)\SSLBuddy

2012-04-17 19:38 . 2012-04-17 19:38 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-04-17 18:57 . 2012-04-17 19:38 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-04-13 22:30 . 2011-05-13 16:19 198088 ----a-w- c:\windows\SysWow64\hlvdd.dll

2012-04-13 22:30 . 2011-12-30 12:39 4889032 ----a-w- c:\windows\system32\aksllmtp.exe

2012-04-13 22:30 . 2012-04-13 22:30 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2012-04-13 22:17 . 2012-04-13 22:17 -------- d-----w- c:\program files (x86)\Common Files\Aladdin Shared

2012-04-13 22:17 . 2011-12-30 12:39 4889032 ----a-w- c:\windows\system32\hasplms.exe

2012-04-13 21:58 . 2012-04-13 21:58 -------- d-----w- c:\program files (x86)\Chief Architect Inc

2012-04-13 21:58 . 2004-10-22 07:17 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll

2012-04-13 21:58 . 2004-10-22 07:17 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll

2012-04-13 21:58 . 2004-10-22 07:16 180224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll

2012-04-13 21:58 . 2004-10-22 07:16 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe

2012-04-13 21:58 . 2012-04-13 21:58 192644 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll

2012-04-13 21:58 . 2004-10-22 07:18 749568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll

2012-04-13 21:58 . 2012-04-13 21:58 323716 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll

2012-04-13 19:27 . 2012-04-13 19:27 -------- d-----w- c:\programdata\Cadsoft

2012-04-13 19:22 . 2012-04-13 19:22 -------- d-----w- c:\programdata\Nova Development

2012-04-13 19:22 . 2012-04-13 19:22 -------- d-----w- c:\program files (x86)\Nova Development

2012-04-11 14:58 . 2012-04-11 14:58 -------- d--h--w- c:\users\Scottg\AppData\Roaming\Malwarebytes

2012-04-11 14:58 . 2012-04-11 14:58 -------- d-----w- c:\programdata\Malwarebytes

2012-04-11 14:58 . 2012-04-25 23:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-04-11 14:58 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-11 08:00 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-11 08:00 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-11 08:00 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-04-11 08:00 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-11 08:00 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-11 08:00 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-11 08:00 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll

2012-03-28 22:06 . 2012-03-28 22:06 -------- d--h--w- c:\users\Scottg\AppData\Roaming\tmssoftware

2012-03-28 21:28 . 2012-03-10 07:16 2648064 ----a-w- c:\windows\SysWow64\Intraweb_120_160.bpl

2012-03-28 21:27 . 2012-01-24 19:24 100352 ----a-w- c:\windows\SysWow64\zlib1.dll

2012-03-28 21:27 . 2012-04-25 23:26 -------- d-----w- c:\users\Scottg\AppData\Roaming\IntraWeb XII

2012-03-28 20:00 . 2000-06-27 17:07 1305200 ------w- c:\windows\SysWow64\sbe6_32.dll

2012-03-28 20:00 . 2000-06-19 04:53 512560 ------w- c:\windows\SysWow64\sb6ent.ocx

2012-03-28 19:58 . 2012-03-28 19:58 -------- d-----w- c:\programdata\Kaed

2012-03-28 19:55 . 2012-03-28 19:55 -------- d-----w- c:\program files (x86)\nsoftware

2012-03-28 19:25 . 2012-03-28 19:36 -------- dc-h--w- c:\programdata\{671BC913-F5C9-4A39-9F4C-D7522A418F2F}

2012-03-28 19:25 . 2012-03-28 19:25 -------- d-----w- c:\programdata\SmartBear

2012-03-28 19:23 . 2012-03-28 19:23 -------- d-----w- c:\programdata\Raize

2012-03-28 19:23 . 2011-10-27 20:55 3402752 ----a-w- c:\windows\SysWow64\vcl160.bpl

2012-03-28 19:23 . 2011-10-27 20:55 2876416 ----a-w- c:\windows\SysWow64\rtl160.bpl

2012-03-28 19:23 . 2012-03-28 19:57 -------- d-----w- c:\program files (x86)\Raize

2012-03-28 19:23 . 2012-03-28 19:23 -------- d-----w- c:\programdata\VSoft

2012-03-28 19:23 . 2012-03-28 21:13 -------- d-----w- c:\program files (x86)\FinalBuilder 7 XE2

2012-03-28 19:23 . 2012-03-28 21:13 -------- d-----w- c:\program files (x86)\Common Files\VSoft

2012-03-28 19:21 . 2012-03-28 19:21 -------- d-----w- c:\program files (x86)\SmartBear

2012-03-28 19:04 . 2011-08-15 13:10 1312768 ----a-w- c:\windows\SysWow64\Rave100VCL160.bpl

2012-03-28 19:04 . 2012-03-28 19:04 -------- d-----w- c:\program files (x86)\CollabNet

2012-03-28 19:04 . 2012-03-28 21:12 -------- d-----w- c:\program files (x86)\DevJet

2012-03-28 18:58 . 2012-03-28 20:00 -------- d-----w- c:\programdata\Embarcadero

2012-03-28 18:58 . 2012-03-28 20:00 -------- d-----w- c:\program files (x86)\Embarcadero

2012-03-28 18:58 . 2012-03-28 18:58 -------- d-----w- c:\program files (x86)\Common Files\CodeGear Shared

2012-03-28 18:58 . 2012-03-28 18:58 -------- d-----w- c:\program files (x86)\Common Files\Borland Shared

2012-03-28 18:34 . 2012-03-28 21:08 -------- d--h--w- c:\programdata\{05500BA0-5731-46FD-9326-FA79A36E6D46}

2012-03-28 14:40 . 2012-03-28 14:40 -------- d--h--w- c:\users\Scottg\AppData\Roaming\Subversion

2012-03-28 14:02 . 2011-10-30 11:00 421888 ----a-w- c:\windows\SysWow64\RaizeComponentsVclDb160.bpl

2012-03-28 14:02 . 2011-10-30 11:00 2115072 ----a-w- c:\windows\SysWow64\RaizeComponentsVcl160.bpl

2012-03-28 13:56 . 2012-03-28 19:54 416256 ----a-w- c:\windows\SysWow64\vclZipForged16.bpl

2012-03-27 22:25 . 2011-08-29 20:53 891104 ----a-w- c:\windows\ipworks8.dll

2012-03-27 22:22 . 2012-03-27 22:22 -------- d--h--w- c:\users\Scottg\AppData\Roaming\SmartBear

2012-03-27 22:22 . 2012-04-25 23:26 -------- d-----w- c:\users\Scottg\AppData\Roaming\DevJET

2012-03-27 22:22 . 2012-03-27 22:22 -------- d--h--w- c:\users\Scottg\AppData\Local\Embarcadero

2012-03-27 22:22 . 2012-03-27 22:22 -------- d--h--w- c:\users\Scottg\AppData\Local\SmartBear

2012-03-27 22:19 . 2011-12-11 10:00 512160 ----a-w- c:\windows\SysWow64\CodeSiteExpressPkg160.bpl

2012-03-27 22:19 . 2011-12-11 10:00 144536 ----a-w- c:\windows\SysWow64\CodeSitePlugIns160.bpl

2012-03-27 22:19 . 2007-09-11 20:21 150528 ----a-w- c:\windows\SysWow64\TLBINF32.dll

2012-03-27 21:29 . 2012-03-28 18:05 -------- dc-h--w- c:\programdata\{B0A6C550-7640-4BB9-A44C-C9A7B5257584}

2012-03-27 20:47 . 2012-03-27 20:47 -------- d--h--w- c:\users\Scottg\AppData\Local\PackageAware

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-17 19:38 . 2011-05-31 14:46 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-23 22:55 . 2012-02-23 22:55 28672 ----a-w- c:\windows\SysWow64\BDSSR160.dll

2012-02-23 22:55 . 2012-02-23 22:55 28672 ----a-w- c:\windows\SysWow64\BDSSR.dll

2012-02-17 06:38 . 2012-03-14 08:05 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 05:34 . 2012-03-14 08:05 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58 . 2012-03-14 08:05 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:57 . 2012-03-14 08:05 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-10 06:36 . 2012-03-14 08:06 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-02-10 05:38 . 2012-03-14 08:06 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-02-03 04:34 . 2012-03-14 08:06 3145728 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2012-04-26_00.12.54 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-04-09 15:50 . 2012-04-26 16:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2012-04-09 15:50 . 2012-04-25 23:54 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2012-04-25 23:33 . 2012-04-26 00:25 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012042520120426\index.dat

+ 2012-04-09 15:50 . 2012-04-26 00:25 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat

- 2012-04-09 15:50 . 2012-04-25 23:54 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat

+ 2010-11-11 00:42 . 2012-04-26 16:47 44968 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-04-26 16:47 27544 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-11-14 03:43 . 2012-04-26 16:47 12894 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3010258393-3416120133-4182077219-1000_UserData.bin

+ 2010-11-11 00:42 . 2012-04-26 16:47 44968 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-04-26 16:47 27544 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-11-14 03:43 . 2012-04-26 16:47 12894 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3010258393-3416120133-4182077219-1000_UserData.bin

+ 2010-11-23 21:41 . 2012-04-26 17:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-11-23 21:41 . 2012-04-26 00:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-11-23 21:41 . 2012-04-26 00:12 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-11-23 21:41 . 2012-04-26 17:06 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-11-23 21:41 . 2012-04-26 17:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-11-23 21:41 . 2012-04-26 00:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-11-14 00:48 . 2012-04-26 00:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-11-14 00:48 . 2012-04-26 16:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-11-14 00:48 . 2012-04-26 16:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-11-14 00:48 . 2012-04-26 00:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2012-04-26 00:12 . 2012-04-26 00:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-04-26 17:06 . 2012-04-26 17:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-04-26 17:06 . 2012-04-26 17:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-04-26 00:12 . 2012-04-26 00:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-07-14 04:54 . 2012-04-26 17:07 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-04-26 17:07 933888 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 02:36 . 2012-04-26 00:17 824186 c:\windows\system64\perfh009.dat

- 2009-07-14 02:36 . 2012-04-25 23:58 824186 c:\windows\system64\perfh009.dat

+ 2009-07-14 02:36 . 2012-04-26 00:17 178858 c:\windows\system64\perfc009.dat

- 2009-07-14 02:36 . 2012-04-25 23:58 178858 c:\windows\system64\perfc009.dat

+ 2009-07-14 02:36 . 2012-04-26 00:17 824186 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-04-25 23:58 824186 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-04-26 00:17 178858 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-04-25 23:58 178858 c:\windows\system32\perfc009.dat

- 2009-07-14 05:01 . 2012-04-26 00:11 270692 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-04-26 17:05 270692 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 04:54 . 2012-04-26 17:07 4734976 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-04-25 23:54 4734976 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-15 39408]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-17 98304]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]

"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]

"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-14 50472]

"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2010-04-27 75048]

"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-09-16 560128]

.

c:\users\Scottg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 5 (0x5)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"ConsentPromptBehaviorAdminShOrigSetting"= 5 (0x5)

"ConsentPromptBehaviorUserShOrigSetting"= 3 (0x3)

"PromptOnSecureDesktopShOrigSetting"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 CLKMSVC10_9EC60124;CyberLink Product - 2010/11/10 18:57;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-04-27 232944]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-15 136176]

R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 253088]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-15 136176]

R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2010-07-30 25072]

R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe [2009-07-14 27136]

S2 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [2008-11-25 199520]

S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2010-08-19 386344]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - CLKMDRV10_9EC60124

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

iissvcs REG_MULTI_SZ w3svc was

apphost REG_MULTI_SZ apphostsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-26 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 19:38]

.

2012-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-15 17:31]

.

2012-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-15 17:31]

.

2012-04-09 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2010-10-27 16:27]

.

2012-04-26 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\pcdrcui.exe [2010-10-27 16:27]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-23 10081312]

"RunDLLEntry_THXCfg"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]

"RunDLLEntry_EptMon"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1860496]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

TCP: Interfaces\{EDFE8E86-B437-443B-AE84-E6F40B9D476F}: NameServer = 207.70.128.240,207.70.172.240

FF - ProfilePath - c:\users\Scottg\AppData\Roaming\Mozilla\Firefox\Profiles\qw1aw24t.default\

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-aebbbeaaffdecbdct - c:\programdata\aebbbeaaffdecbdct.exe

Wow6432Node-HKLM-Run-XkFcjVGVgWJhiQK.exe - c:\programdata\XkFcjVGVgWJhiQK.exe

Wow6432Node-HKU-Default-Run-aebbbeaaffdecbdct - c:\programdata\aebbbeaaffdecbdct.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\msftesql]

"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"

"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z

[\]^_¬\00\00¬\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~¬\00\00¬\00\00\00\00¬\00\00\00\00\00\00\00\00‘’“"

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]

"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

c:\\.\globalroot\systemroot\svchost.exe

.

**************************************************************************

.

Completion time: 2012-04-26 12:11:41 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-26 17:11

ComboFix2.txt 2012-04-26 00:17

.

Pre-Run: 875,017,629,696 bytes free

Post-Run: 874,567,888,896 bytes free

.

- - End Of File - - 91BB6153B786D7ED2D32A0DAFCE77A74

Link to post
Share on other sites

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT by doing a RIGHT click and select Run as Administrator.

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Step 4

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Step 5

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply. Exit aswMBR.

Step 6

Please read carefully and follow these steps.

  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

RE-Enable your antivirus program.

Copy & Paste contents of Log.txt & Info.txt & Checkup.txt & log from aswMBR & TDSSKILLER.

Use separate replies as needed if logs do not fit into one reply box.

Link to post
Share on other sites

Log.txt

Logfile of random's system information tool 1.09 (written by random/random)

Run by Scottg at 2012-04-26 12:57:30

Microsoft Windows 7 Professional Service Pack 1

System drive C: has 834 GB (88%) free of 943 GB

Total RAM: 12279 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:57:35 PM, on 04/26/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe

C:\Program Files (x86)\CyberLink\Shared files\brs.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\trend micro\Scottg.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

O4 - HKLM\..\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r

O4 - HKLM\..\Run: [updReg] C:\Windows\UpdReg.EXE

O4 - HKLM\..\Run: [RemoteControl9] "c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"

O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"

O4 - HKLM\..\Run: [bDRegion] c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe

O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')

O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{EDFE8E86-B437-443B-AE84-E6F40B9D476F}: NameServer = 207.70.128.240,207.70.172.240

O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - (no file)

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: CyberLink Product - 2010/11/10 18:57:30 (CLKMSVC10_9EC60124) - CyberLink - c:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe

O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Sentinel Local License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe

O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SessionLauncher - Unknown owner - c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)

O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-20001 (WMSVC) - Unknown owner - C:\Windows\system32\inetsrv\wmsvc.exe (file missing)

--

End of file - 11121 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

wininit.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

winlogon.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

"C:\Program Files\Dell\DellDock\DockLogin.exe"

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"

C:\Windows\system32\svchost.exe -k apphost

atieclxx

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k ftpsvc

C:\Windows\system32\hasplms.exe -run

"C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe"

"taskhost.exe"

"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe" -s:MSSQL.1 -f:MSSQLSERVER

"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER

"C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\Config"

"C:\Windows\system32\Dwm.exe"

C:\Windows\Explorer.EXE

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

"C:\Program Files\CyberLink\Shared files\RichVideo64.exe"

"C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE"

"C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe"

"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k iissvcs

"c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"

"C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE" C:\Users\Scottg

"C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"

"C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE"

"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s

"C:\Windows\System32\rundll32.exe" C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64

"C:\Windows\System32\rundll32.exe" C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64

"C:\Program Files\Microsoft IntelliType Pro\itype.exe"

WLIDSvcM.exe 2296

"C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun

"C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"

"C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

"C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"

"C:\Program Files (x86)\CyberLink\Shared files\brs.exe"

"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

-netsvcs

\??\C:\Windows\system32\conhost.exe "11372854851607368472-191567626-1853967901-660816592-118062816695676418212803595

C:\Windows\system32\SearchIndexer.exe /Embedding

"C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe"

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"

"C:\Windows\system32\wuauclt.exe"

C:\Windows\system32\svchost.exe -k SDRSVC

"C:\Windows\System32\mstsc.exe" /v:"sancho"

"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"

"C:\Windows\system32\SearchFilterHost.exe" 0 544 548 556 65536 552

"C:\Users\Scottg\Desktop\RSITx64.exe"

C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job

C:\Windows\tasks\SystemToolsDailyTest.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Scottg\AppData\Roaming\Mozilla\Firefox\Profiles\qw1aw24t.default

prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.28"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 11.2.202.233 Plugin

"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@mcafee.com/MSC,version=10]

"Description"=McAfee Total Protection MIME Plugin

"Path"=c:\progra~2\mcafee\msc\npmcsn~1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]

"Description"=Google Update

"Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]

"Description"=Google Update

"Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]

"Description"=Handles PDFs in-place in Firefox

"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 11.2.202.233 Plugin

"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mcafee.com/MSC,version=10]

"Description"=McAfee Total Protection MIME Plugin

"Path"=c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

C:\Program Files (x86)\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\

binary.manifest

browsercomps.dll

nsIQTScriptablePlugin.xpt

Scriptff.dll

C:\Program Files (x86)\Mozilla Firefox\plugins\

npdeployJava1.dll

nppdf32.dll

npqtplugin.dll

npqtplugin2.dll

npqtplugin3.dll

npqtplugin4.dll

npqtplugin5.dll

npqtplugin6.dll

npqtplugin7.dll

QuickTimePlugin.class

C:\Program Files (x86)\Mozilla Firefox\searchplugins\

amazondotcom.xml

bing.xml

eBay.xml

google.xml

twitter.xml

wikipedia.xml

yahoo.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2010-11-15 398512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll [2010-11-15 317496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2011-12-12 75656]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-11-15 297648]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll [2010-11-15 843832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2010-11-15 398512]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-11-15 297648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-02-22 10081312]

"RunDLLEntry_THXCfg"=C:\Windows\system32\THXCfg64.dll [2009-10-15 17920]

"RunDLLEntry_EptMon"=C:\Windows\system32\EptMon64.dll [2009-10-15 21504]

"IntelliPoint"=c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2011-04-13 2399632]

"itype"=c:\Program Files\Microsoft IntelliType Pro\itype.exe [2011-04-13 1860496]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-11-15 39408]

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"=C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [2010-03-03 284696]

"StartCCC"=c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-05-17 98304]

"Dell DataSafe Online"=C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [2010-02-09 1807680]

"THX Audio Control Panel"=C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [2009-12-01 963584]

"UpdReg"=C:\Windows\UpdReg.EXE [2000-05-11 90112]

"RemoteControl9"=c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [2009-07-06 87336]

"PDVD9LanguageShortcut"=c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [2010-04-13 50472]

"BDRegion"=c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [2010-04-26 75048]

"amd_dc_opt"=C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]

"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]

"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]

"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2011-10-24 421888]

"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-09-27 59240]

"Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2012-04-04 462408]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]

""C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe""=C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [2011-09-16 560128]

C:\Users\Scottg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]

C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll [2011-03-21 13672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2010-11-20 290304]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=0

"ConsentPromptBehaviorUser"=5

"EnableLUA"=0

"EnableUIADesktopToggle"=0

"PromptOnSecureDesktop"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"ConsentPromptBehaviorAdminShOrigSetting"=5

"ConsentPromptBehaviorUserShOrigSetting"=3

"PromptOnSecureDesktopShOrigSetting"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"vidc.uyvy"=msyuv.dll

"vidc.yuy2"=msyuv.dll

"vidc.yvyu"=msyuv.dll

"vidc.iyuv"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"vidc.yvu9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2012-04-26 12:57:30 ----D---- C:\rsit

2012-04-26 12:57:30 ----D---- C:\Program Files\trend micro

2012-04-26 12:53:45 ----D---- C:\Program Files (x86)\ERUNT

2012-04-26 12:11:42 ----A---- C:\ComboFix.txt

2012-04-26 12:07:02 ----SHD---- C:\$RECYCLE.BIN

2012-04-26 11:44:31 ----A---- C:\Windows\svchost.exe

2012-04-26 11:41:46 ----D---- C:\TDSSKiller_Quarantine

2012-04-26 11:41:07 ----A---- C:\TDSSKiller.2.7.33.0_26.04.2012_11.41.07_log.txt

2012-04-25 19:02:55 ----A---- C:\Windows\zip.exe

2012-04-25 19:02:55 ----A---- C:\Windows\SWSC.exe

2012-04-25 19:02:55 ----A---- C:\Windows\SWREG.exe

2012-04-25 19:02:55 ----A---- C:\Windows\sed.exe

2012-04-25 19:02:55 ----A---- C:\Windows\PEV.exe

2012-04-25 19:02:55 ----A---- C:\Windows\NIRCMD.exe

2012-04-25 19:02:55 ----A---- C:\Windows\MBR.exe

2012-04-25 19:02:55 ----A---- C:\Windows\grep.exe

2012-04-25 19:02:45 ----D---- C:\Windows\ERDNT

2012-04-25 19:02:43 ----D---- C:\Qoobox

2012-04-25 18:28:29 ----A---- C:\Windows\ntbtlog.txt

2012-04-25 13:23:30 ----D---- C:\ProgramData\Norton

2012-04-24 11:55:30 ----D---- C:\Windows\system64

2012-04-19 12:54:34 ----HD---- C:\Users\Scottg\AppData\Roaming\Windows Live Writer

2012-04-19 04:26:22 ----D---- C:\OpenSSL-Win32

2012-04-18 17:20:07 ----D---- C:\Program Files (x86)\SSLBuddy

2012-04-17 14:38:04 ----A---- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe

2012-04-17 13:57:28 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe

2012-04-16 08:06:21 ----D---- C:\Config.Msi

2012-04-14 14:26:57 ----HD---- C:\Windows\system32\CanonIJ Uninstaller Information

2012-04-14 14:26:57 ----HD---- C:\ProgramData\CanonBJ

2012-04-14 14:26:54 ----A---- C:\Windows\system32\CNMLM95.DLL

2012-04-14 14:26:51 ----A---- C:\Windows\system32\CNC700O.DLL

2012-04-14 14:26:51 ----A---- C:\Windows\system32\CNC700L.DLL

2012-04-14 14:26:51 ----A---- C:\Windows\system32\CNC700I.DLL

2012-04-14 14:26:51 ----A---- C:\Windows\system32\CNC700C.DLL

2012-04-14 14:26:50 ----A---- C:\Windows\system32\CNCFMSe.EXE

2012-04-14 14:26:50 ----A---- C:\Windows\system32\CNCFLeUS.DLL

2012-04-14 14:26:50 ----A---- C:\Windows\system32\CNCFLeJP.DLL

2012-04-14 14:26:50 ----A---- C:\Windows\system32\CNCF2Le.DLL

2012-04-14 14:26:47 ----HD---- C:\Program Files\CanonBJ

2012-04-13 17:30:23 ----A---- C:\Windows\SYSWOW64\hlvdd.dll

2012-04-13 17:30:16 ----A---- C:\Windows\system32\aksllmtp.exe

2012-04-13 17:17:11 ----A---- C:\Windows\system32\hasplms.exe

2012-04-13 16:58:50 ----D---- C:\Program Files (x86)\Chief Architect Inc

2012-04-13 14:27:18 ----D---- C:\ProgramData\Cadsoft

2012-04-13 14:22:31 ----D---- C:\ProgramData\Nova Development

2012-04-13 14:22:31 ----D---- C:\Program Files (x86)\Nova Development

2012-04-11 09:58:40 ----HD---- C:\Users\Scottg\AppData\Roaming\Malwarebytes

2012-04-11 09:58:37 ----D---- C:\ProgramData\Malwarebytes

2012-04-11 09:58:35 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-04-11 09:58:35 ----A---- C:\Windows\system32\drivers\mbam.sys

2012-04-11 03:02:07 ----A---- C:\Windows\system32\MRT.INI

2012-04-11 03:00:29 ----A---- C:\Windows\system32\imagehlp.dll

2012-04-11 03:00:29 ----A---- C:\Windows\system32\drivers\fs_rec.sys

2012-04-11 03:00:28 ----A---- C:\Windows\SYSWOW64\wmi.dll

2012-04-11 03:00:28 ----A---- C:\Windows\SYSWOW64\wintrust.dll

2012-04-11 03:00:28 ----A---- C:\Windows\SYSWOW64\imagehlp.dll

2012-04-11 03:00:28 ----A---- C:\Windows\system32\wmi.dll

2012-04-11 03:00:28 ----A---- C:\Windows\system32\wintrust.dll

2012-04-11 00:52:39 ----A---- C:\Windows\system32\mshtml.dll

2012-04-11 00:52:35 ----A---- C:\Windows\SYSWOW64\mshtml.dll

2012-04-11 00:52:35 ----A---- C:\Windows\SYSWOW64\ieframe.dll

2012-04-11 00:52:34 ----A---- C:\Windows\system32\iertutil.dll

2012-04-11 00:52:34 ----A---- C:\Windows\system32\ieframe.dll

2012-04-11 00:52:33 ----A---- C:\Windows\SYSWOW64\wininet.dll

2012-04-11 00:52:33 ----A---- C:\Windows\SYSWOW64\urlmon.dll

2012-04-11 00:52:33 ----A---- C:\Windows\SYSWOW64\url.dll

2012-04-11 00:52:33 ----A---- C:\Windows\SYSWOW64\mshtmled.dll

2012-04-11 00:52:33 ----A---- C:\Windows\SYSWOW64\msfeeds.dll

2012-04-11 00:52:33 ----A---- C:\Windows\SYSWOW64\jsproxy.dll

2012-04-11 00:52:33 ----A---- C:\Windows\SYSWOW64\ieui.dll

2012-04-11 00:52:33 ----A---- C:\Windows\SYSWOW64\iertutil.dll

2012-04-11 00:52:33 ----A---- C:\Windows\system32\wininet.dll

2012-04-11 00:52:33 ----A---- C:\Windows\system32\urlmon.dll

2012-04-11 00:52:33 ----A---- C:\Windows\system32\url.dll

2012-04-11 00:52:33 ----A---- C:\Windows\system32\mshtmled.dll

2012-04-11 00:52:33 ----A---- C:\Windows\system32\msfeeds.dll

2012-04-11 00:52:33 ----A---- C:\Windows\system32\jsproxy.dll

2012-04-11 00:52:33 ----A---- C:\Windows\system32\ieui.dll

2012-03-28 17:06:35 ----HD---- C:\Users\Scottg\AppData\Roaming\tmssoftware

2012-03-28 16:27:57 ----A---- C:\Windows\SYSWOW64\zlib1.dll

2012-03-28 16:27:52 ----D---- C:\Users\Scottg\AppData\Roaming\IntraWeb XII

2012-03-28 15:00:50 ----N---- C:\Windows\SYSWOW64\sbe6_32.dll

2012-03-28 14:58:23 ----D---- C:\ProgramData\Kaed

2012-03-28 14:55:33 ----D---- C:\Program Files (x86)\nsoftware

2012-03-28 14:25:42 ----HDC---- C:\ProgramData\{671BC913-F5C9-4A39-9F4C-D7522A418F2F}

2012-03-28 14:25:10 ----D---- C:\ProgramData\SmartBear

2012-03-28 14:23:54 ----D---- C:\ProgramData\Raize

2012-03-28 14:23:52 ----D---- C:\Program Files (x86)\Raize

2012-03-28 14:23:38 ----D---- C:\ProgramData\VSoft

2012-03-28 14:23:35 ----D---- C:\Program Files (x86)\FinalBuilder 7 XE2

2012-03-28 14:21:23 ----D---- C:\Program Files (x86)\SmartBear

2012-03-28 14:04:13 ----D---- C:\Program Files (x86)\CollabNet

2012-03-28 14:04:09 ----D---- C:\Program Files (x86)\DevJet

2012-03-28 13:58:41 ----D---- C:\ProgramData\Embarcadero

2012-03-28 13:58:41 ----D---- C:\Program Files (x86)\Embarcadero

2012-03-28 13:34:09 ----HD---- C:\ProgramData\{05500BA0-5731-46FD-9326-FA79A36E6D46}

2012-03-28 09:40:31 ----HD---- C:\Users\Scottg\AppData\Roaming\Subversion

2012-03-27 17:25:02 ----A---- C:\Windows\ipworks8.dll

2012-03-27 17:22:35 ----HD---- C:\Users\Scottg\AppData\Roaming\SmartBear

2012-03-27 17:22:34 ----D---- C:\Users\Scottg\AppData\Roaming\DevJET

2012-03-27 17:19:22 ----A---- C:\Windows\SYSWOW64\TLBINF32.dll

2012-03-27 17:19:22 ----A---- C:\Windows\SYSWOW64\CapiCom.dll

2012-03-27 16:29:11 ----HDC---- C:\ProgramData\{B0A6C550-7640-4BB9-A44C-C9A7B5257584}

======List of files/folders modified in the last 1 month======

2012-04-26 12:57:35 ----D---- C:\Windows\Prefetch

2012-04-26 12:57:30 ----RD---- C:\Program Files

2012-04-26 12:57:03 ----D---- C:\Temp

2012-04-26 12:55:10 ----D---- C:\Windows\Temp

2012-04-26 12:53:45 ----RD---- C:\Program Files (x86)

2012-04-26 12:22:09 ----D---- C:\Windows\system32\config

2012-04-26 12:11:44 ----D---- C:\Windows\system32\drivers

2012-04-26 12:07:47 ----D---- C:\Program Files (x86)\Dell DataSafe Local Backup

2012-04-26 12:07:16 ----D---- C:\Windows

2012-04-26 12:07:06 ----D---- C:\ProgramData

2012-04-26 12:07:04 ----A---- C:\Windows\system.ini

2012-04-26 12:06:42 ----D---- C:\Windows\system32\drivers\etc

2012-04-26 12:00:34 ----D---- C:\Windows\SYSWOW64\drivers

2012-04-26 12:00:34 ----D---- C:\Windows\SysWOW64

2012-04-26 12:00:34 ----D---- C:\Windows\System32

2012-04-26 12:00:34 ----D---- C:\Windows\AppPatch

2012-04-26 12:00:33 ----D---- C:\Program Files\Common Files

2012-04-26 12:00:33 ----D---- C:\Program Files (x86)\Common Files

2012-04-26 03:00:25 ----SHD---- C:\System Volume Information

2012-04-25 19:17:42 ----D---- C:\Windows\inf

2012-04-25 19:17:42 ----A---- C:\Windows\system32\PerfStringBackup.INI

2012-04-25 18:26:40 ----D---- C:\Windows\Tasks

2012-04-25 18:26:40 ----D---- C:\Windows\SYSWOW64\Macromed

2012-04-25 18:26:40 ----D---- C:\Windows\system32\wfp

2012-04-25 18:26:40 ----D---- C:\Windows\system32\DriverStore

2012-04-25 18:26:40 ----D---- C:\Windows\system32\catroot2

2012-04-25 18:26:17 ----D---- C:\Windows\system32\wbem

2012-04-25 18:26:17 ----D---- C:\Windows\system32\Tasks

2012-04-25 18:26:16 ----SHD---- C:\Windows\Installer

2012-04-25 18:26:16 ----D---- C:\Windows\system32\Macromed

2012-04-25 18:26:16 ----D---- C:\Windows\system32\CodeIntegrity

2012-04-25 18:26:16 ----D---- C:\Windows\AppCompat

2012-04-25 18:26:15 ----SD---- C:\Users\Scottg\AppData\Roaming\Microsoft

2012-04-25 18:26:15 ----D---- C:\Users\Scottg\AppData\Roaming\CodeGear

2012-04-25 18:26:13 ----D---- C:\ProgramData\Temp

2012-04-25 18:26:10 ----D---- C:\ProgramData\Microsoft Help

2012-04-25 18:26:10 ----D---- C:\ProgramData\eSellerate

2012-04-25 18:26:08 ----D---- C:\CYABackup

2012-04-25 18:25:25 ----D---- C:\Windows\registration

2012-04-25 18:18:30 ----D---- C:\Users\Scottg\AppData\Roaming\PCDr

2012-04-25 18:18:30 ----D---- C:\Users\Scottg\AppData\Roaming\Mozilla

2012-04-25 18:18:23 ----D---- C:\Users\Scottg\AppData\Roaming\Forte

2012-04-25 18:18:22 ----D---- C:\Users\Scottg\AppData\Roaming\Embarcadero

2012-04-25 18:18:22 ----D---- C:\Users\Scottg\AppData\Roaming\CyberLink

2012-04-25 18:18:22 ----D---- C:\Users\Scottg\AppData\Roaming\Adobe

2012-04-25 18:17:45 ----SD---- C:\ProgramData\Microsoft

2012-04-24 19:21:29 ----D---- C:\Windows\system32\LogFiles

2012-04-14 14:27:00 ----RSD---- C:\Windows\Media

2012-04-14 14:26:56 ----D---- C:\Windows\twain_32

2012-04-14 14:26:56 ----D---- C:\Windows\system32\catroot

2012-04-13 17:30:40 ----D---- C:\Windows\system32\Setup

2012-04-13 16:58:50 ----HD---- C:\Program Files (x86)\InstallShield Installation Information

2012-04-13 14:24:19 ----D---- C:\Windows\winsxs

2012-04-11 03:30:24 ----D---- C:\Windows\Microsoft.NET

2012-04-11 03:30:16 ----RSD---- C:\Windows\assembly

2012-04-11 03:19:59 ----D---- C:\Windows\SYSWOW64\migration

2012-04-11 03:19:59 ----D---- C:\Windows\system32\migration

2012-04-11 03:19:59 ----D---- C:\Program Files\Internet Explorer

2012-04-11 03:19:59 ----D---- C:\Program Files (x86)\Internet Explorer

2012-04-11 03:00:46 ----A---- C:\Windows\system32\MRT.exe

2012-04-10 15:34:17 ----D---- C:\HAL

2012-03-30 11:14:40 ----D---- C:\Program Files (x86)\Mozilla Firefox

2012-03-28 13:59:17 ----D---- C:\Windows\SYSWOW64\en-US

2012-03-28 13:31:45 ----D---- C:\Program Files (x86)\Steam

2012-03-28 13:13:00 ----D---- C:\Program Files (x86)\Microsoft

2012-03-28 13:11:35 ----D---- C:\Program Files (x86)\IntraWeb 10.0

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel RAID Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-03-03 540696]

R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]

R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]

R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]

R2 aksdf;aksdf; \??\C:\Windows\system32\drivers\aksdf.sys [2011-11-22 78208]

R2 aksfridge;Sentinel Fridge; C:\Windows\system32\DRIVERS\aksfridge.sys [2011-11-22 139592]

R2 Hardlock;Hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2011-09-28 321536]

R3 akshasp;SafeNet Inc. HASP Key; C:\Windows\system32\DRIVERS\akshasp.sys [2011-02-09 53760]

R3 akshhl;SafeNet Inc. Sentinel HL Key; C:\Windows\system32\DRIVERS\akshhl.sys [2011-09-08 57088]

R3 aksusb;SafeNet Inc. USB Key; C:\Windows\system32\DRIVERS\aksusb.sys [2011-08-09 21120]

R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-05-17 6853632]

R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-05-17 263680]

R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-04-08 124944]

R3 dc3d;MS Hardware Device Detection Driver (USB); C:\Windows\system32\DRIVERS\dc3d.sys [2011-04-12 52632]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-02-22 2271648]

R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2012-04-04 24904]

R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2011-04-13 23960]

R3 Point64;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point64.sys [2011-04-13 45432]

R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-03-12 242720]

R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-11-27 295424]

S1 RxFilter;RxFilter; C:\Windows\system32\DRIVERS\RxFilter.sys []

S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-13 95232]

S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []

S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [2010-07-30 25072]

S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-13 12352]

S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]

S3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-13 12288]

S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]

S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]

S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2006-11-01 151656]

S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-05-17 203264]

R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2009-07-13 27136]

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-13 27136]

R2 DockLoginService;Dock Login Service; C:\Program Files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

R2 ftpsvc;@%windir%\system32\inetsrv\ftpres.dll,-30001; C:\Windows\system32\svchost.exe [2009-07-13 27136]

R2 hasplms;Sentinel Local License Manager; C:\Windows\system32\hasplms.exe [2011-12-30 4889032]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]

R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

R2 MsDtsServer;SQL Server Integration Services; C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [2008-11-25 199520]

R2 msftesql;SQL Server FullText Search (MSSQLSERVER); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [2007-06-22 158568]

R2 MSSQLSERVER;SQL Server (MSSQLSERVER); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-25 39626592]

R2 MSSQLServerOLAPService;SQL Server Analysis Services (MSSQLSERVER); C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe [2008-11-25 31648608]

R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-13 27136]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-13 27136]

R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2010-08-19 386344]

R2 SftService;SoftThinks Agent Service; C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]

R2 SQLBrowser;SQL Server Browser; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]

R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-25 153952]

R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2009-07-13 27136]

R2 wlidsvc;Windows Live ID Sign-in Assistant; c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]

R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-13 27136]

R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2009-07-13 27136]

S2 CLKMSVC10_9EC60124;CyberLink Product - 2010/11/10 18:57:30; c:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-04-26 232944]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-15 136176]

S2 SessionLauncher;SessionLauncher; c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe []

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 253088]

S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-13 27136]

S3 aspnet_state;@%windir%\system32\inetsrv\iisres.dll,-30009; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe [2009-06-10 42840]

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-11-10 1045256]

S3 GoToAssist;GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe [2011-03-21 13160]

S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-15 136176]

S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-11-15 182768]

S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-13 27136]

S3 RoxMediaDB10;RoxMediaDB10; c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]

S3 SQLSERVERAGENT;SQL Server Agent (MSSQLSERVER); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE [2008-11-25 426336]

S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2009-07-16 316664]

S3 stllssvr;stllssvr; c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [2009-04-30 74392]

S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-13 27136]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-11-13 1255736]

S3 WMSVC;@%windir%\system32\inetsrv\iisres.dll,-20001; C:\Windows\system32\inetsrv\wmsvc.exe [2009-07-13 10752]

S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-25 64352]

-----------------EOF-----------------

INFO.txt

info.txt logfile of random's system information tool 1.09 2012-04-26 12:57:36

======Uninstall list======

-->"C:\Program Files (x86)\InstallShield Installation Information\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}\setup.exe" /z-uninstall

-->C:\ProgramData\{D19C2D22-6043-47E7-B400-83A351841204}\delldock.exe

-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{DDCCBB78-8FFB-4FDE-912F-930E4D9FBC67}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{DDCCBB78-8FFB-4FDE-912F-930E4D9FBC67}\setup.exe" -l0x9 /remove

64 Bit HP CIO Components Installer-->MsiExec.exe /I{FDD06F32-C9C8-429C-A7B0-915D8A5AD406}

7-Zip 9.20 (x64 edition)-->MsiExec.exe /I{23170F69-40C1-2702-0920-000001000000}

Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}

Adobe Flash Player 11 ActiveX 64-bit-->C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_233_ActiveX.exe -maintain activex

Adobe Flash Player 11 Plugin 64-bit-->C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_233_Plugin.exe -maintain plugin

Adobe Reader X (10.1.3)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001}

Android SDK Tools-->C:\Program Files (x86)\Android\android-sdk\uninstall.exe

Apple Application Support-->MsiExec.exe /I{A83279FD-CA4B-4206-9535-90974DE76654}

Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}

Art Effects for PDR10-->C:\Program Files\CyberLink\PowerDirector10\..\Shared files\Plugin\NewBlue\\UninstallArtEffectsBundleForPDR10.exe

ATI Catalyst Control Center-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x9

BDE_ENT-->MsiExec.exe /I{E966F0CC-76B3-11D3-945B-00C04FB1760A}

Better Homes and Gardens Home Designer Pro 7.0-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{6E613434-312D-4786-B879-8659B0EB0FCA}\setup.exe" -l0x9 -removeonly

C3FaxWSClientAPI 8.0.5.0-->C:\Program Files (x86)\Concord Technologies\C3FaxWSClientAPI\C3FaxWSClientAPIUninst.EXE

Canon MX700 series-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series /L0x0009

Catalyst Control Center - Branding-->MsiExec.exe /I{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}

CodeSite Express 5.1-->C:\PROGRA~2\Raize\CS5\UNWISE.EXE C:\PROGRA~2\Raize\CS5\CS5_EX~1.LOG

CollabNet Subversion Client 1.6.17-->C:\Program Files (x86)\CollabNet\uninst.exe

CyberLink PhotoNow-->"C:\Program Files (x86)\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe" /z-uninstall

CyberLink PhotoNow-->"C:\Program Files (x86)\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe" /z-uninstall

CyberLink PowerDirector 10 Content Pack I-->"C:\Program Files (x86)\InstallShield Installation Information\{9AA216FE-501D-4169-A239-709F67B5B060}\setup.exe" /z-uninstall

CyberLink PowerDirector 10 Content Pack I-->"C:\Program Files (x86)\InstallShield Installation Information\{9AA216FE-501D-4169-A239-709F67B5B060}\setup.exe" /z-uninstall

CyberLink PowerDirector 10 Content Pack II-->"C:\Program Files (x86)\InstallShield Installation Information\{AABB78C0-A435-486A-84E3-17E6684828C2}\setup.exe" /z-uninstall

CyberLink PowerDirector 10 Content Pack II-->"C:\Program Files (x86)\InstallShield Installation Information\{AABB78C0-A435-486A-84E3-17E6684828C2}\setup.exe" /z-uninstall

CyberLink PowerDirector 10-->"C:\Program Files (x86)\InstallShield Installation Information\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}\setup.exe" /z-uninstall

CyberLink PowerDirector 10-->"C:\Program Files (x86)\InstallShield Installation Information\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}\setup.exe" /z-uninstall

CyberLink PowerDVD 9.5-->"C:\Program Files (x86)\InstallShield Installation Information\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\setup.exe" /z-uninstall

CyberLink PowerDVD 9.5-->"C:\Program Files (x86)\InstallShield Installation Information\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\setup.exe" /z-uninstall

CyberLink Romance Pack v3-->"C:\Program Files (x86)\InstallShield Installation Information\{D66DE2CC-64DF-402D-B270-33F2A6C67F0C}\Setup.exe" /z-uninstall

CyberLink Romance Pack v3-->"C:\Program Files (x86)\InstallShield Installation Information\{D66DE2CC-64DF-402D-B270-33F2A6C67F0C}\Setup.exe" /z-uninstall

CyberLink WaveEditor-->"C:\Program Files (x86)\InstallShield Installation Information\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\Setup.exe" /z-uninstall

CyberLink WaveEditor-->"C:\Program Files (x86)\InstallShield Installation Information\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\Setup.exe" /z-uninstall

Dell DataSafe Local Backup - Support Software-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}\setup.exe" -l0x9 -removeonly /z"dsu"

Dell DataSafe Local Backup-->"C:\Program Files (x86)\InstallShield Installation Information\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}\setup.exe" -runfromtemp -l0x9 -removeonly

Dell DataSafe Online-->MsiExec.exe /X{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}

Dell Dock-->"C:\ProgramData\{D19C2D22-6043-47E7-B400-83A351841204}\delldock.exe" REMOVE=TRUE MODIFY=FALSE

Dell Edoc Viewer-->MsiExec.exe /I{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}

Dell Getting Started Guide-->MsiExec.exe /I{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}

Dell Support Center-->C:\PROGRA~1\DELLSU~1\uninst.exe

Dell Support Center-->MsiExec.exe /X{0090A87C-3E0E-43D4-AA71-A71B06563A4A}

DevJET Documentation Insight Express Edition V2.0.3.251-->"C:\Program Files (x86)\DevJet\unins000.exe"

DirectXInstallService-->MsiExec.exe /X{098122AB-C605-4853-B441-C0A4EB359B75}

Dual-Core Optimizer-->MsiExec.exe /X{9FD6F1A8-5550-46AF-8509-271DF0E768B5}

Duke Nukem Forever-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/57900

Embarcadero Delphi and C++Builder XE2 Help System-->"C:\ProgramData\{671BC913-F5C9-4A39-9F4C-D7522A418F2F}\Setup.exe" REMOVE=TRUE MODIFY=FALSE

Embarcadero Delphi and C++Builder XE2 Help System-->C:\ProgramData\{671BC913-F5C9-4A39-9F4C-D7522A418F2F}\Setup.exe

Embarcadero ER/Studio v9.0 Developer Edition-->"C:\Program Files (x86)\InstallShield Installation Information\{10386097-AC77-4D10-A63F-D0B854648F25}\setup.exe" -runfromtemp -l0x0009 -removeonly

Embarcadero RAD Studio XE2-->"C:\ProgramData\{05500BA0-5731-46FD-9326-FA79A36E6D46}\Setup.exe" REMOVE=TRUE MODIFY=FALSE

Embarcadero RAD Studio XE2-->C:\ProgramData\{05500BA0-5731-46FD-9326-FA79A36E6D46}\Setup.exe

EMC 10 Content-->MsiExec.exe /X{FDB46DE7-9045-47BB-970A-3E4ED5369E03}

EMCGadgets64-->MsiExec.exe /I{02AD9D20-03D2-4DE0-8793-E8253026AD86}

ERUNT 1.1j-->"C:\Program Files (x86)\ERUNT\unins000.exe"

FinalBuilder 7.0.0.1725 Embarcadero Edition-->"C:\Program Files (x86)\FinalBuilder 7 XE2\unins000.exe"

Forté Agent-->C:\PROGRA~2\Agent\UNWISE.EXE C:\PROGRA~2\Agent\INSTALL.LOG

Google Toolbar for Internet Explorer-->"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_AC0049E063DE2AEA.exe" /uninstall

Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

GoToAssist Corporate-->C:\Program Files (x86)\Citrix\GoToAssist\615\G2AUninstaller.exe /uninstall

HGTV Ultimate Home Design with Landscaping & Decks-->"C:\Program Files (x86)\InstallShield Installation Information\{0363C7DA-291C-454E-A318-570D4FC0A040}\setup.exe" -runfromtemp -l0x0409 -removeonly

HGTV Ultimate Home Design with Landscaping & Decks-->MsiExec.exe /X{0363C7DA-291C-454E-A318-570D4FC0A040}

Intel® Control Center-->C:\Program Files (x86)\Intel\Intel Control Center\uninstaller\SetupICC.exe -uninstall -force -confirm

Intel® Rapid Storage Technology-->C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\Uninstall\setup.exe -uninstall

IntraWeb XII-->"C:\Users\Scottg\AppData\Roaming\IntraWeb XII\unins000.exe"

IP*Works! V8 Delphi Edition-->C:\Program Files (x86)\nsoftware\IPWorks V8 Delphi Edition\uninstall.exe

Java 6 Update 20 (64-bit)-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F86416020FF}

Java 6 Update 29-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}

Java 7 Update 1 (64-bit)-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F86417001FF}

Java SE Development Kit 7 Update 1 (64-bit)-->MsiExec.exe /I{64A3A4F4-B792-11D6-A78A-00B0D0170010}

Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}

KDImage Editor version 3.3 (Build 57)-->"C:\ProgramData\Kaed\KDImage Editor\3.3\unins000.exe"

KDTele Tools version 4.0 (Build 34).-->"C:\ProgramData\Kaed\KDTele Tools\4.0\unins000.exe"

Malwarebytes Anti-Malware version 1.61.0.1400-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client

Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}

Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}

Microsoft Document Explorer 2008-->C:\Program Files (x86)\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.exe

Microsoft Document Explorer 2008-->MsiExec.exe /X{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}

Microsoft IntelliPoint 8.1-->msiexec.exe /I {3ED4AD02-F631-4A4C-AAC8-2325996E5A56}

Microsoft IntelliPoint 8.1-->MsiExec.exe /X{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}

Microsoft IntelliType Pro 8.1-->msiexec.exe /I {446EE0D9-1F6B-42BF-8278-8D0B172BA15D}

Microsoft IntelliType Pro 8.1-->MsiExec.exe /X{446EE0D9-1F6B-42BF-8278-8D0B172BA15D}

Microsoft Office 2003 Web Components-->MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}

Microsoft Office Access database engine 2007 (English)-->MsiExec.exe /I{90120000-00D1-0409-0000-0000000FF1CE}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server 2005 (64-bit)-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove

Microsoft SQL Server 2005 (64-bit)-->MsiExec.exe /I{F14F2E25-99AF-42A9-977C-F6D0352DC59F}

Microsoft SQL Server 2005 Analysis Services (64-bit)-->MsiExec.exe /I{54C2B4E9-DD13-4AA4-B09A-A6EF68F9359A}

Microsoft SQL Server 2005 Backward compatibility-->MsiExec.exe /I{62D2F823-0EAA-496D-B0F9-A869BFC51550}

Microsoft SQL Server 2005 Books Online (English)-->MsiExec.exe /I{0B43A744-B1B8-4089-9BD1-9D41C7EC0AA3}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft SQL Server 2005 Integration Services (64-bit)-->MsiExec.exe /I{8A52D844-0DA7-40B0-8602-0567C068C081}

Microsoft SQL Server 2005 Notification Services (64-bit)-->MsiExec.exe /I{EA145881-7452-4004-80B9-971FC3D1D8D8}

Microsoft SQL Server 2005 Tools (64-bit)-->MsiExec.exe /I{FE7C8861-3195-4CA5-98EB-094652478192}

Microsoft SQL Server Native Client-->MsiExec.exe /I{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}

Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{18C5A65B-0A39-40B5-B958-63055AFAB65C}

Microsoft SQL Server VSS Writer-->MsiExec.exe /I{86177DAE-38B1-49DD-912E-35CB703AB779}

Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}

Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable - KB2467175-->MsiExec.exe /X{a0fe116e-9a8a-466f-aee0-625cb7c207e3}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{820B6609-4C97-3A2B-B644-573B06A0F0CC}

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E}

Microsoft Visual J# 2.0 Redistributable Package-->C:\Windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe

Microsoft Visual Studio 2005 Premier Partner Edition - ENU-->MsiExec.exe /I{C25EF637-BE7A-4761-9B45-9069989C319F}

Mozilla Firefox 11.0 (x86 en-US)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

QuickTime-->MsiExec.exe /I{7BE15435-2D3E-4B58-867F-9C75BED0208C}

Raize Components 6.0-->C:\PROGRA~2\Raize\RC6\UNWISE.EXE C:\PROGRA~2\Raize\RC6\INSTALL.LOG

Rave Reports 10.0.0 BE-->"C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\RaveReports\unins000.exe"

Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709

Roxio Activation Module-->MsiExec.exe /I{EC877639-07AB-495C-BFD1-D63AF9140810}

Roxio BackOnTrack-->MsiExec.exe /I{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}

Roxio Central Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}

Roxio Central Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}

Roxio Central Core-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}

Roxio Central Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}

Roxio Central Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}

Roxio Easy CD and DVD Burning-->C:\ProgramData\Uninstall\{537BF16E-7412-448C-95D8-846E85A1D817}\setup.exe /x {537BF16E-7412-448C-95D8-846E85A1D817}

Roxio Easy CD and DVD Burning-->MsiExec.exe /I{612B5D2E-8084-4102-91DE-24281E4EFB2C}

Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}

Roxio File Backup-->MsiExec.exe /I{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}

Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FDD13F1E-9C6B-311E-A0D9-D6E172FC28FF} /parameterfolder Client

Sentinel Runtime-->MsiExec.exe /X{2A414CBE-CDF3-48C6-A91B-D3D4522F8EB5}

Service Pack 3 for SQL Server Analysis Services 2005 (64-bit) ENU (KB955706)-->C:\Windows\OLAP9_KB955706_ENU_64\Hotfix.exe /Uninstall

Service Pack 3 for SQL Server Database Services 2005 (64-bit) ENU (KB955706)-->C:\Windows\SQL9_KB955706_ENU_64\Hotfix.exe /Uninstall

Service Pack 3 for SQL Server Integration Services 2005 (64-bit) ENU (KB955706)-->C:\Windows\DTS9_KB955706_ENU_64\Hotfix.exe /Uninstall

Service Pack 3 for SQL Server Notification Services 2005 (64-bit) ENU (KB955706)-->C:\Windows\NS9_KB955706_ENU_64\Hotfix.exe /Uninstall

Service Pack 3 for SQL Server Tools and Workstation Components 2005 (64-bit) ENU (KB955706)-->C:\Windows\SQLTools9_KB955706_ENU_64\Hotfix.exe /Uninstall

SmartBear AQtime 7 Standard for Embarcadero RAD Studio XE and XE2-->"C:\Windows\Installer\{DC73000A-9FD8-4445-A578-C52209A90522}\Setup\setup.exe" -runfromtemp -l0x0409 -removeonly

SmartBear AQtime 7 Standard for Embarcadero RAD Studio XE and XE2-->MsiExec.exe /I{DC73000A-9FD8-4445-A578-C52209A90522}

SmartSound Quicktracks 5-->"C:\Program Files (x86)\InstallShield Installation Information\{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}\setup.exe" -runfromtemp -l0x0409 -removeonly

SmartSound Quicktracks 5-->MsiExec.exe /I{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}

Sonic CinePlayer Decoder Pack-->MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}

SQLXML4-->MsiExec.exe /I{B358C627-4492-469A-8D0A-FCA1EC769DA9}

Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}

THX TruStudio PC-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{010A785B-F920-4350-821B-6309909C20BB}\setup.exe" -l0x9 /remove

TMS Async32 for Delphi / C++ Builder v1.5.0.0-->"C:\Users\Scottg\Documents\tmssoftware\TMS Async32\unins000.exe"

TMS Component Pack for Delphi / C++ Builder v6.3.2.0-->"C:\Users\Scottg\Documents\tmssoftware\TMS Component Pack\unins000.exe"

TMS Component Pack Help Files for Delphi XE2 for VCL-->"C:\Users\Scottg\Documents\tmssoftware\TMS Component Pack\Help\Delphi XE2\unins000.exe"

TMS Component Pack Samples-->"C:\Users\Scottg\Documents\tmssoftware\TMS Component Pack\Samples\unins000.exe"

TMS Instrumentation Workshop for Delphi / C++ Builder v1.5.0.0-->"C:\Users\Scottg\Documents\tmssoftware\TMS Instrumentation Workshop\unins000.exe"

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client

VD64Inst-->MsiExec.exe /I{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}

Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe

Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}

Windows Live ID Sign-in Assistant-->MsiExec.exe /X{9B48B0AC-C813-4174-9042-476A887592C7}

Windows Live Mail-->MsiExec.exe /I{6412CECE-8172-4BE5-935B-6CECACD2CA87}

Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}

Windows Live Movie Maker-->MsiExec.exe /X{3D5044A5-97B8-45C0-B956-BB2376569188}

Windows Live Photo Gallery-->MsiExec.exe /X{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}

Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}

Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

Windows Live Writer-->MsiExec.exe /X{178832DE-9DE0-4C87-9F82-9315A9B03985}

======System event log======

Computer Name: DEV

Event Code: 7000

Message: The SessionLauncher service failed to start due to the following error:

The system cannot find the file specified.

Record Number: 4954540

Source Name: Service Control Manager

Time Written: 20120112091820.245263-000

Event Type: Error

User:

Computer Name: DEV

Event Code: 1

Message: Realtek PCIe GBE Family Controller is disconnected from network.

Record Number: 4954489

Source Name: RTL8167

Time Written: 20120112091806.371238-000

Event Type: Warning

User:

Computer Name: DEV

Event Code: 36882

Message: The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The SSL connection request has failed. The attached data contains the server certificate.

Record Number: 4953538

Source Name: Schannel

Time Written: 20120103204202.749094-000

Event Type: Error

User: DEV\Scottg

Computer Name: DEV

Event Code: 36888

Message: The following fatal alert was generated: 48. The internal error state is 552.

Record Number: 4953537

Source Name: Schannel

Time Written: 20120103204202.749094-000

Event Type: Error

User: DEV\Scottg

Computer Name: DEV

Event Code: 1014

Message: Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.

Record Number: 4953177

Source Name: Microsoft-Windows-DNS-Client

Time Written: 20111230160136.369941-000

Event Type: Warning

User: NT AUTHORITY\NETWORK SERVICE

=====Application event log=====

Computer Name: DEV

Event Code: 1130

Message: .NET Runtime Optimization Service (2.0.50727.4952) - Version or flavor did not match with repository: mcepg

Record Number: 908

Source Name: .NET Runtime Optimization Service

Time Written: 20101114005711.000000-000

Event Type: Warning

User:

Computer Name: DEV

Event Code: 1130

Message: .NET Runtime Optimization Service (2.0.50727.4952) - Version or flavor did not match with repository: ehRecObj

Record Number: 907

Source Name: .NET Runtime Optimization Service

Time Written: 20101114005708.000000-000

Event Type: Warning

User:

Computer Name: DEV

Event Code: 1130

Message: .NET Runtime Optimization Service (2.0.50727.4952) - Version or flavor did not match with repository: Microsoft.MediaCenter

Record Number: 906

Source Name: .NET Runtime Optimization Service

Time Written: 20101114005707.000000-000

Event Type: Warning

User:

Computer Name: DEV

Event Code: 1130

Message: .NET Runtime Optimization Service (2.0.50727.4952) - Version or flavor did not match with repository: Microsoft.MediaCenter.UI

Record Number: 902

Source Name: .NET Runtime Optimization Service

Time Written: 20101114005628.000000-000

Event Type: Warning

User:

Computer Name: DEV

Event Code: 1530

Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -

1 user registry handles leaked from \Registry\User\S-1-5-21-3010258393-3416120133-4182077219-1000:

Process 732 (\Device\HarddiskVolume3\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-3010258393-3416120133-4182077219-1000

Record Number: 877

Source Name: Microsoft-Windows-User Profiles Service

Time Written: 20101114005208.646667-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: DEV

Event Code: 4648

Message: A logon was attempted using explicit credentials.

Subject:

Security ID: S-1-5-18

Account Name: DEV$

Account Domain: S2

Logon ID: 0x3e7

Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:

Account Name: Scottg

Account Domain: DEV

Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:

Target Server Name: localhost

Additional Information: localhost

Process Information:

Process ID: 0x370

Process Name: C:\Windows\System32\winlogon.exe

Network Information:

Network Address: 127.0.0.1

Port: 0

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.

Record Number: 1528

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20101125020334.511250-000

Event Type: Audit Success

User:

Computer Name: DEV

Event Code: 4634

Message: An account was logged off.

Subject:

Security ID: S-1-5-21-3010258393-3416120133-4182077219-1000

Account Name: Scottg

Account Domain: DEV

Logon ID: 0x13460f5

Logon Type: 7

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.

Record Number: 1527

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20101125013733.312955-000

Event Type: Audit Success

User:

Computer Name: DEV

Event Code: 4634

Message: An account was logged off.

Subject:

Security ID: S-1-5-21-3010258393-3416120133-4182077219-1000

Account Name: Scottg

Account Domain: DEV

Logon ID: 0x1346103

Logon Type: 7

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.

Record Number: 1526

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20101125013733.312955-000

Event Type: Audit Success

User:

Computer Name: DEV

Event Code: 4672

Message: Special privileges assigned to new logon.

Subject:

Security ID: S-1-5-21-3010258393-3416120133-4182077219-1000

Account Name: Scottg

Account Domain: DEV

Logon ID: 0x13460f5

Privileges: SeSecurityPrivilege

SeTakeOwnershipPrivilege

SeLoadDriverPrivilege

SeBackupPrivilege

SeRestorePrivilege

SeDebugPrivilege

SeSystemEnvironmentPrivilege

SeImpersonatePrivilege

Record Number: 1525

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20101125013733.311954-000

Event Type: Audit Success

User:

Computer Name: DEV

Event Code: 4624

Message: An account was successfully logged on.

Subject:

Security ID: S-1-5-18

Account Name: DEV$

Account Domain: S2

Logon ID: 0x3e7

Logon Type: 7

New Logon:

Security ID: S-1-5-21-3010258393-3416120133-4182077219-1000

Account Name: Scottg

Account Domain: DEV

Logon ID: 0x1346103

Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:

Process ID: 0x370

Process Name: C:\Windows\System32\winlogon.exe

Network Information:

Workstation Name: DEV

Source Network Address: 127.0.0.1

Source Port: 0

Detailed Authentication Information:

Logon Process: User32

Authentication Package: Negotiate

Transited Services: -

Package Name (NTLM only): -

Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.

- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.

- Transited services indicate which intermediate services have participated in this logon request.

- Package name indicates which sub-protocol was used among the NTLM protocols.

- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

Record Number: 1524

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20101125013733.311954-000

Event Type: Audit Success

User:

======Environment variables======

"CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip

"ComSpec"=%SystemRoot%\system32\cmd.exe

"EMC_AUTOPLAY"=c:\Program Files (x86)\Common Files\Roxio Shared\

"FP_NO_HOST_CHECK"=NO

"lib"=C:\Program Files\SQLXML 4.0\bin\

"NUMBER_OF_PROCESSORS"=8

"OS"=Windows_NT

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files (x86)\CollabNet;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;%CommonProgramFiles%\Microsoft Shared\Windows Live;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;c:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared;c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared;C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn;C:\Program Files\Microsoft SQL Server\90\DTS\Binn;C:\Program Files\Microsoft SQL Server\90\Tools\binn;C:\Program Files (x86)\Microsoft SQL Server\90\Tools\binn;C:\Program Files (x86)\Microsoft SQL Server\90\DTS\Binn;C:\Program Files (x86)\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE;C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies;C:\Program Files (x86)\QuickTime\QTSystem;C:\Users\Scottg\Documents\tmssoftware\TMS Component Pack;C:\Users\Scottg\Documents\tmssoftware\TMS Component Pack\DelphiXE2;C:\Users\Scottg\Documents\tmssoftware\TMS Component Pack\bpl;C:\Users\Scottg\Documents\tmssoftware\TMS Async32\bpl;C:\Users\Scottg\Documents\tmssoftware\TMS Async32\DelphiXE2;C:\Users\Scottg\Documents\tmssoftware\TMS Instrumentation Workshop\bpl

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=AMD64

"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 26 Stepping 5, GenuineIntel

"PROCESSOR_LEVEL"=6

"PROCESSOR_REVISION"=1a05

"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

"QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip

"RoxioCentral"=c:\Program Files (x86)\Common Files\Roxio Shared\10.0\Roxio Central36\

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

-----------------EOF-----------------

Checkup.txt

Results of screen317's Security Check version 0.99.32

Windows 7 x64 (UAC is disabled!)

Internet Explorer 8 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Java 6 Update 29

Java version out of date!

Adobe Reader X (10.1.3)

Mozilla Firefox (11.0.)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

``````````End of Log````````````

aswMBR.txt

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-04-26 13:06:25

-----------------------------

13:06:25.562 OS Version: Windows x64 6.1.7601 Service Pack 1

13:06:25.562 Number of processors: 8 586 0x1A05

13:06:25.562 ComputerName: DEV UserName:

13:06:36.435 Initialize success

13:07:16.286 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

13:07:16.289 Disk 0 Vendor: Intel___ 1.0. Size: 953859MB BusType: 8

13:07:16.291 Device \Driver\iaStor -> MajorFunction fffffa800d6865c4

13:07:16.294 Disk 0 MBR read successfully

13:07:16.296 Disk 0 MBR scan

13:07:16.299 Disk 0 Windows VISTA default MBR code

13:07:16.324 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63

13:07:16.327 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 11142 MB offset 81920

13:07:16.349 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 942676 MB offset 22900736

13:07:16.407 Disk 0 scanning C:\Windows\system32\drivers

13:07:39.983 Service scanning

13:08:04.549 Modules scanning

13:08:04.558 Scan finished successfully

13:08:27.261 Disk 0 MBR has been saved successfully to "C:\Temp\MBR.dat"

13:08:27.264 The log file has been saved successfully to "C:\Temp\aswMBR.txt"

Link to post
Share on other sites

TDSSKiller

13:08:45.0321 7420 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43

13:08:45.0727 7420 ============================================================

13:08:45.0727 7420 Current date / time: 2012/04/26 13:08:45.0727

13:08:45.0727 7420 SystemInfo:

13:08:45.0727 7420

13:08:45.0727 7420 OS Version: 6.1.7601 ServicePack: 1.0

13:08:45.0727 7420 Product type: Workstation

13:08:45.0727 7420 ComputerName: DEV

13:08:45.0727 7420 UserName: Scottg

13:08:45.0727 7420 Windows directory: C:\Windows

13:08:45.0727 7420 System windows directory: C:\Windows

13:08:45.0727 7420 Running under WOW64

13:08:45.0727 7420 Processor architecture: Intel x64

13:08:45.0727 7420 Number of processors: 8

13:08:45.0727 7420 Page size: 0x1000

13:08:45.0727 7420 Boot type: Normal boot

13:08:45.0727 7420 ============================================================

13:08:46.0200 7420 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0300000 (931.50 Gb), SectorSize: 0x200, Cylinders: 0x1DAFF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

13:08:46.0205 7420 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

13:08:46.0232 7420 ============================================================

13:08:46.0232 7420 \Device\Harddisk0\DR0:

13:08:46.0232 7420 MBR partitions:

13:08:46.0232 7420 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x15C3000

13:08:46.0232 7420 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x15D7000, BlocksNum 0x7312A000

13:08:46.0232 7420 \Device\Harddisk1\DR1:

13:08:46.0232 7420 MBR partitions:

13:08:46.0232 7420 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A384C02

13:08:46.0232 7420 ============================================================

13:08:46.0292 7420 C: <-> \Device\Harddisk0\DR0\Partition1

13:08:46.0296 7420 E: <-> \Device\Harddisk1\DR1\Partition0

13:08:46.0296 7420 ============================================================

13:08:46.0296 7420 Initialize success

13:08:46.0296 7420 ============================================================

13:08:53.0475 6892 ============================================================

13:08:53.0475 6892 Scan started

13:08:53.0475 6892 Mode: Manual;

13:08:53.0475 6892 ============================================================

13:08:53.0930 6892 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

13:08:53.0932 6892 1394ohci - ok

13:08:54.0085 6892 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

13:08:54.0088 6892 ACPI - ok

13:08:54.0163 6892 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

13:08:54.0163 6892 AcpiPmi - ok

13:08:54.0399 6892 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

13:08:54.0400 6892 AdobeARMservice - ok

13:08:54.0793 6892 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

13:08:54.0795 6892 AdobeFlashPlayerUpdateSvc - ok

13:08:55.0124 6892 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

13:08:55.0126 6892 adp94xx - ok

13:08:55.0155 6892 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

13:08:55.0157 6892 adpahci - ok

13:08:55.0285 6892 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

13:08:55.0287 6892 adpu320 - ok

13:08:55.0382 6892 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

13:08:55.0383 6892 AeLookupSvc - ok

13:08:55.0847 6892 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

13:08:55.0851 6892 AFD - ok

13:08:55.0958 6892 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

13:08:55.0958 6892 agp440 - ok

13:08:56.0110 6892 aksdf (44f360b65c37a42eb5b71c2e5179fdd5) C:\Windows\system32\drivers\aksdf.sys

13:08:56.0111 6892 aksdf - ok

13:08:56.0249 6892 aksfridge (43415af4f20e9867974623840a22fe98) C:\Windows\system32\DRIVERS\aksfridge.sys

13:08:56.0251 6892 aksfridge - ok

13:08:56.0362 6892 akshasp (a56f1b0f967aef8a82d7771e6d166def) C:\Windows\system32\DRIVERS\akshasp.sys

13:08:56.0363 6892 akshasp - ok

13:08:56.0443 6892 akshhl (bc0ee7f8d0be561793b80871f4f10627) C:\Windows\system32\DRIVERS\akshhl.sys

13:08:56.0444 6892 akshhl - ok

13:08:56.0560 6892 aksusb (27f2e2c89a1855b063fcac21eb7d6a73) C:\Windows\system32\DRIVERS\aksusb.sys

13:08:56.0561 6892 aksusb - ok

13:08:56.0654 6892 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

13:08:56.0655 6892 ALG - ok

13:08:56.0729 6892 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

13:08:56.0729 6892 aliide - ok

13:08:56.0908 6892 AMD External Events Utility (f0e61cf2c0fda5b011cd1cb2e2353c9a) C:\Windows\system32\atiesrxx.exe

13:08:56.0910 6892 AMD External Events Utility - ok

13:08:56.0956 6892 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

13:08:56.0956 6892 amdide - ok

13:08:57.0055 6892 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

13:08:57.0055 6892 AmdK8 - ok

13:08:58.0963 6892 amdkmdag (cf3db4d8b2ce0b282ab39c9d846eca74) C:\Windows\system32\DRIVERS\atikmdag.sys

13:08:58.0990 6892 amdkmdag - ok

13:08:59.0084 6892 amdkmdap (7d07db26f6d3a16a6c8d34ce6c09fd01) C:\Windows\system32\DRIVERS\atikmpag.sys

13:08:59.0085 6892 amdkmdap - ok

13:08:59.0179 6892 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

13:08:59.0179 6892 AmdPPM - ok

13:08:59.0229 6892 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

13:08:59.0229 6892 amdsata - ok

13:08:59.0273 6892 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

13:08:59.0274 6892 amdsbs - ok

13:08:59.0295 6892 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

13:08:59.0295 6892 amdxata - ok

13:08:59.0508 6892 AppHostSvc (59d01fa91962c9c1e9b4022b2d3b46db) C:\Windows\system32\inetsrv\apphostsvc.dll

13:08:59.0509 6892 AppHostSvc - ok

13:08:59.0630 6892 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

13:08:59.0631 6892 AppID - ok

13:08:59.0664 6892 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

13:08:59.0664 6892 AppIDSvc - ok

13:08:59.0750 6892 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

13:08:59.0751 6892 Appinfo - ok

13:08:59.0865 6892 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll

13:08:59.0867 6892 AppMgmt - ok

13:08:59.0948 6892 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

13:08:59.0948 6892 arc - ok

13:09:00.0026 6892 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

13:09:00.0027 6892 arcsas - ok

13:09:00.0200 6892 aspnet_state (1838f16e9ce03b993fc500703b711dab) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe

13:09:00.0200 6892 aspnet_state - ok

13:09:00.0253 6892 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

13:09:00.0253 6892 AsyncMac - ok

13:09:00.0313 6892 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

13:09:00.0314 6892 atapi - ok

13:09:00.0432 6892 AtiHdmiService (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys

13:09:00.0433 6892 AtiHdmiService - ok

13:09:00.0956 6892 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

13:09:00.0960 6892 AudioEndpointBuilder - ok

13:09:00.0964 6892 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

13:09:00.0967 6892 AudioSrv - ok

13:09:00.0996 6892 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

13:09:00.0997 6892 AxInstSV - ok

13:09:01.0042 6892 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

13:09:01.0044 6892 b06bdrv - ok

13:09:01.0224 6892 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

13:09:01.0226 6892 b57nd60a - ok

13:09:01.0285 6892 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

13:09:01.0290 6892 BDESVC - ok

13:09:01.0293 6892 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

13:09:01.0293 6892 Beep - ok

13:09:01.0427 6892 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

13:09:01.0430 6892 BFE - ok

13:09:02.0010 6892 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll

13:09:02.0017 6892 BITS - ok

13:09:02.0069 6892 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

13:09:02.0070 6892 blbdrive - ok

13:09:02.0179 6892 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

13:09:02.0180 6892 bowser - ok

13:09:02.0208 6892 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

13:09:02.0209 6892 BrFiltLo - ok

13:09:02.0243 6892 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

13:09:02.0243 6892 BrFiltUp - ok

13:09:02.0343 6892 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

13:09:02.0344 6892 BridgeMP - ok

13:09:02.0465 6892 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

13:09:02.0466 6892 Browser - ok

13:09:02.0486 6892 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

13:09:02.0488 6892 Brserid - ok

13:09:02.0554 6892 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

13:09:02.0555 6892 BrSerWdm - ok

13:09:02.0569 6892 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

13:09:02.0569 6892 BrUsbMdm - ok

13:09:02.0600 6892 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

13:09:02.0602 6892 BrUsbSer - ok

13:09:02.0671 6892 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

13:09:02.0672 6892 BTHMODEM - ok

13:09:02.0774 6892 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

13:09:02.0797 6892 bthserv - ok

13:09:02.0806 6892 catchme - ok

13:09:02.0923 6892 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

13:09:02.0924 6892 cdfs - ok

13:09:03.0051 6892 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

13:09:03.0052 6892 cdrom - ok

13:09:03.0130 6892 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

13:09:03.0131 6892 CertPropSvc - ok

13:09:03.0261 6892 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

13:09:03.0262 6892 circlass - ok

13:09:03.0285 6892 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

13:09:03.0288 6892 CLFS - ok

13:09:03.0525 6892 CLKMSVC10_9EC60124 (fdff50af8a708a23b7de1d69c285a2ae) c:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe

13:09:03.0526 6892 CLKMSVC10_9EC60124 - ok

13:09:03.0692 6892 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

13:09:03.0693 6892 clr_optimization_v2.0.50727_32 - ok

13:09:03.0754 6892 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

13:09:03.0755 6892 clr_optimization_v2.0.50727_64 - ok

13:09:03.0924 6892 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

13:09:03.0926 6892 clr_optimization_v4.0.30319_32 - ok

13:09:04.0100 6892 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

13:09:04.0101 6892 clr_optimization_v4.0.30319_64 - ok

13:09:04.0193 6892 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

13:09:04.0194 6892 CmBatt - ok

13:09:04.0251 6892 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

13:09:04.0251 6892 cmdide - ok

13:09:04.0706 6892 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

13:09:04.0709 6892 CNG - ok

13:09:04.0745 6892 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

13:09:04.0745 6892 Compbatt - ok

13:09:04.0820 6892 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

13:09:04.0820 6892 CompositeBus - ok

13:09:04.0836 6892 COMSysApp - ok

13:09:04.0881 6892 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

13:09:04.0882 6892 crcdisk - ok

13:09:05.0040 6892 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

13:09:05.0042 6892 CryptSvc - ok

13:09:05.0113 6892 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

13:09:05.0116 6892 CSC - ok

13:09:05.0258 6892 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll

13:09:05.0261 6892 CscService - ok

13:09:05.0375 6892 dc3d (7f61fbe259c18666d8ddf862f13a5eb0) C:\Windows\system32\DRIVERS\dc3d.sys

13:09:05.0376 6892 dc3d - ok

13:09:05.0579 6892 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

13:09:05.0584 6892 DcomLaunch - ok

13:09:05.0805 6892 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

13:09:05.0808 6892 defragsvc - ok

13:09:05.0928 6892 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

13:09:05.0929 6892 DfsC - ok

13:09:06.0201 6892 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

13:09:06.0203 6892 Dhcp - ok

13:09:06.0271 6892 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

13:09:06.0271 6892 discache - ok

13:09:06.0359 6892 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

13:09:06.0359 6892 Disk - ok

13:09:06.0513 6892 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

13:09:06.0515 6892 Dnscache - ok

13:09:06.0752 6892 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe

13:09:06.0753 6892 DockLoginService - ok

13:09:06.0829 6892 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

13:09:06.0832 6892 dot3svc - ok

13:09:06.0869 6892 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

13:09:06.0871 6892 DPS - ok

13:09:06.0951 6892 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

13:09:06.0952 6892 drmkaud - ok

13:09:07.0167 6892 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

13:09:07.0171 6892 DXGKrnl - ok

13:09:07.0243 6892 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

13:09:07.0249 6892 EapHost - ok

13:09:09.0421 6892 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

13:09:09.0434 6892 ebdrv - ok

13:09:09.0531 6892 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

13:09:09.0532 6892 EFS - ok

13:09:10.0052 6892 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

13:09:10.0057 6892 ehRecvr - ok

13:09:10.0151 6892 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

13:09:10.0152 6892 ehSched - ok

13:09:10.0527 6892 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

13:09:10.0531 6892 elxstor - ok

13:09:10.0580 6892 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

13:09:10.0580 6892 ErrDev - ok

13:09:10.0925 6892 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

13:09:10.0928 6892 EventSystem - ok

13:09:11.0479 6892 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

13:09:11.0481 6892 exfat - ok

13:09:11.0508 6892 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

13:09:11.0509 6892 fastfat - ok

13:09:11.0553 6892 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

13:09:11.0557 6892 Fax - ok

13:09:11.0572 6892 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

13:09:11.0573 6892 fdc - ok

13:09:11.0598 6892 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

13:09:11.0598 6892 fdPHost - ok

13:09:11.0657 6892 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

13:09:11.0658 6892 FDResPub - ok

13:09:11.0674 6892 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

13:09:11.0674 6892 FileInfo - ok

13:09:11.0689 6892 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

13:09:11.0689 6892 Filetrace - ok

13:09:12.0223 6892 FLEXnet Licensing Service (8669be94f63944e4f899c3950b520241) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

13:09:12.0230 6892 FLEXnet Licensing Service - ok

13:09:12.0264 6892 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

13:09:12.0264 6892 flpydisk - ok

13:09:12.0486 6892 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

13:09:12.0488 6892 FltMgr - ok

13:09:13.0368 6892 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

13:09:13.0375 6892 FontCache - ok

13:09:13.0504 6892 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

13:09:13.0504 6892 FontCache3.0.0.0 - ok

13:09:13.0579 6892 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

13:09:13.0579 6892 FsDepends - ok

13:09:13.0654 6892 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

13:09:13.0654 6892 Fs_Rec - ok

13:09:13.0905 6892 ftpsvc (79179c6f8a3784cc3a20cde998d5bd2c) C:\Windows\system32\inetsrv\ftpsvc.dll

13:09:13.0908 6892 ftpsvc - ok

13:09:13.0931 6892 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

13:09:13.0932 6892 fvevol - ok

13:09:13.0979 6892 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

13:09:13.0980 6892 gagp30kx - ok

13:09:14.0088 6892 GoToAssist (8f6ae606eb0cc884ee12c41948424422) C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe

13:09:14.0088 6892 GoToAssist - ok

13:09:14.0772 6892 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

13:09:14.0776 6892 gpsvc - ok

13:09:14.0888 6892 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

13:09:14.0889 6892 gupdate - ok

13:09:14.0891 6892 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

13:09:14.0892 6892 gupdatem - ok

13:09:15.0028 6892 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

13:09:15.0029 6892 gusvc - ok

13:09:15.0291 6892 Hardlock (d619ba1712b83d14149850e758b835ad) C:\Windows\system32\drivers\hardlock.sys

13:09:15.0294 6892 Hardlock - ok

13:09:15.0296 6892 hasplms - ok

13:09:15.0363 6892 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

13:09:15.0363 6892 hcw85cir - ok

13:09:15.0501 6892 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

13:09:15.0502 6892 HDAudBus - ok

13:09:15.0534 6892 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

13:09:15.0557 6892 HidBatt - ok

13:09:15.0679 6892 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

13:09:15.0680 6892 HidBth - ok

13:09:15.0736 6892 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

13:09:15.0736 6892 HidIr - ok

13:09:15.0802 6892 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

13:09:15.0803 6892 hidserv - ok

13:09:15.0848 6892 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

13:09:15.0848 6892 HidUsb - ok

13:09:15.0956 6892 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

13:09:15.0957 6892 hkmsvc - ok

13:09:16.0165 6892 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

13:09:16.0168 6892 HomeGroupListener - ok

13:09:16.0344 6892 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

13:09:16.0347 6892 HomeGroupProvider - ok

13:09:16.0406 6892 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

13:09:16.0406 6892 HpSAMD - ok

13:09:16.0696 6892 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

13:09:16.0702 6892 HTTP - ok

13:09:16.0766 6892 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

13:09:16.0767 6892 hwpolicy - ok

13:09:16.0905 6892 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

13:09:16.0906 6892 i8042prt - ok

13:09:17.0132 6892 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys

13:09:17.0136 6892 iaStor - ok

13:09:17.0169 6892 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

13:09:17.0169 6892 IAStorDataMgrSvc - ok

13:09:17.0483 6892 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

13:09:17.0485 6892 iaStorV - ok

13:09:18.0141 6892 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

13:09:18.0147 6892 idsvc - ok

13:09:18.0267 6892 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

13:09:18.0268 6892 iirsp - ok

13:09:18.0823 6892 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

13:09:18.0842 6892 IKEEXT - ok

13:09:19.0539 6892 IntcAzAudAddService (a0eab13a78cc5fb960ec76e3d6408da3) C:\Windows\system32\drivers\RTKVHD64.sys

13:09:19.0548 6892 IntcAzAudAddService - ok

13:09:19.0729 6892 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

13:09:19.0729 6892 intelide - ok

13:09:19.0753 6892 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

13:09:19.0754 6892 intelppm - ok

13:09:19.0843 6892 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

13:09:19.0844 6892 IPBusEnum - ok

13:09:19.0881 6892 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

13:09:19.0881 6892 IpFilterDriver - ok

13:09:19.0930 6892 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

13:09:19.0933 6892 iphlpsvc - ok

13:09:20.0019 6892 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

13:09:20.0020 6892 IPMIDRV - ok

13:09:20.0114 6892 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

13:09:20.0115 6892 IPNAT - ok

13:09:20.0140 6892 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

13:09:20.0140 6892 IRENUM - ok

13:09:20.0174 6892 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

13:09:20.0174 6892 isapnp - ok

13:09:20.0354 6892 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

13:09:20.0378 6892 iScsiPrt - ok

13:09:20.0446 6892 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

13:09:20.0447 6892 kbdclass - ok

13:09:20.0498 6892 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

13:09:20.0499 6892 kbdhid - ok

13:09:20.0537 6892 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

13:09:20.0538 6892 KeyIso - ok

13:09:20.0615 6892 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

13:09:20.0616 6892 KSecDD - ok

13:09:20.0723 6892 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

13:09:20.0724 6892 KSecPkg - ok

13:09:20.0756 6892 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

13:09:20.0756 6892 ksthunk - ok

13:09:21.0026 6892 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

13:09:21.0062 6892 KtmRm - ok

13:09:21.0166 6892 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

13:09:21.0176 6892 LanmanServer - ok

13:09:21.0318 6892 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

13:09:21.0320 6892 LanmanWorkstation - ok

13:09:21.0409 6892 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

13:09:21.0409 6892 lltdio - ok

13:09:21.0742 6892 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

13:09:21.0745 6892 lltdsvc - ok

13:09:21.0749 6892 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

13:09:21.0749 6892 lmhosts - ok

13:09:21.0837 6892 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

13:09:21.0868 6892 LSI_FC - ok

13:09:21.0990 6892 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

13:09:21.0991 6892 LSI_SAS - ok

13:09:22.0072 6892 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

13:09:22.0075 6892 LSI_SAS2 - ok

13:09:22.0192 6892 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

13:09:22.0194 6892 LSI_SCSI - ok

13:09:22.0263 6892 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

13:09:22.0264 6892 luafv - ok

13:09:22.0379 6892 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

13:09:22.0379 6892 MBAMProtector - ok

13:09:22.0886 6892 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

13:09:22.0889 6892 MBAMService - ok

13:09:23.0010 6892 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

13:09:23.0011 6892 Mcx2Svc - ok

13:09:23.0054 6892 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

13:09:23.0155 6892 megasas - ok

13:09:23.0191 6892 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

13:09:23.0193 6892 MegaSR - ok

13:09:23.0246 6892 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

13:09:23.0248 6892 MMCSS - ok

13:09:23.0314 6892 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

13:09:23.0315 6892 Modem - ok

13:09:23.0371 6892 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

13:09:23.0371 6892 monitor - ok

13:09:23.0437 6892 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

13:09:23.0437 6892 mouclass - ok

13:09:23.0493 6892 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

13:09:23.0493 6892 mouhid - ok

13:09:23.0664 6892 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

13:09:23.0665 6892 mountmgr - ok

13:09:23.0787 6892 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

13:09:23.0788 6892 mpio - ok

13:09:23.0798 6892 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

13:09:23.0798 6892 mpsdrv - ok

13:09:24.0445 6892 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

13:09:24.0450 6892 MpsSvc - ok

13:09:24.0568 6892 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

13:09:24.0569 6892 MRxDAV - ok

13:09:24.0710 6892 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

13:09:24.0712 6892 mrxsmb - ok

13:09:24.0945 6892 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

13:09:24.0947 6892 mrxsmb10 - ok

13:09:25.0108 6892 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

13:09:25.0109 6892 mrxsmb20 - ok

13:09:25.0148 6892 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

13:09:25.0148 6892 msahci - ok

13:09:25.0241 6892 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

13:09:25.0242 6892 msdsm - ok

13:09:25.0377 6892 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

13:09:25.0379 6892 MSDTC - ok

13:09:25.0751 6892 MsDtsServer (00eb6a7fdebfdd30dc348f7e5bf3a2e3) C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe

13:09:25.0752 6892 MsDtsServer - ok

13:09:25.0800 6892 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

13:09:25.0801 6892 Msfs - ok

13:09:26.0023 6892 msftesql (27dcd5f3cf89655556c5f89717d24d65) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe

13:09:26.0024 6892 msftesql - ok

13:09:26.0074 6892 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

13:09:26.0074 6892 mshidkmdf - ok

13:09:26.0113 6892 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

13:09:26.0113 6892 msisadrv - ok

13:09:26.0312 6892 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

13:09:26.0314 6892 MSiSCSI - ok

13:09:26.0317 6892 msiserver - ok

13:09:26.0371 6892 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

13:09:26.0372 6892 MSKSSRV - ok

13:09:26.0375 6892 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

13:09:26.0375 6892 MSPCLOCK - ok

13:09:26.0378 6892 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

13:09:26.0378 6892 MSPQM - ok

13:09:26.0646 6892 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

13:09:26.0649 6892 MsRPC - ok

13:09:26.0672 6892 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

13:09:26.0673 6892 mssmbios - ok

13:09:26.0696 6892 MSSQLSERVER - ok

13:09:26.0891 6892 MSSQLServerADHelper (af07844e1016c959ff54303b12f92993) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe

13:09:26.0892 6892 MSSQLServerADHelper - ok

13:09:26.0914 6892 MSSQLServerOLAPService - ok

13:09:26.0918 6892 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

13:09:26.0919 6892 MSTEE - ok

13:09:26.0942 6892 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

13:09:26.0942 6892 MTConfig - ok

13:09:27.0013 6892 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

13:09:27.0013 6892 Mup - ok

13:09:27.0342 6892 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

13:09:27.0359 6892 napagent - ok

13:09:27.0657 6892 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

13:09:27.0660 6892 NativeWifiP - ok

13:09:28.0281 6892 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

13:09:28.0287 6892 NDIS - ok

13:09:28.0312 6892 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

13:09:28.0335 6892 NdisCap - ok

13:09:28.0365 6892 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

13:09:28.0365 6892 NdisTapi - ok

13:09:28.0415 6892 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

13:09:28.0416 6892 Ndisuio - ok

13:09:28.0575 6892 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

13:09:28.0576 6892 NdisWan - ok

13:09:28.0669 6892 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

13:09:28.0670 6892 NDProxy - ok

13:09:28.0785 6892 Net Driver HPZ12 (b6cba9a0403e2c1a9ea03c33a4932e89) C:\Windows\system32\HPZinw12.dll

13:09:28.0786 6892 Net Driver HPZ12 - ok

13:09:28.0820 6892 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

13:09:28.0821 6892 NetBIOS - ok

13:09:28.0861 6892 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

13:09:28.0862 6892 NetBT - ok

13:09:28.0865 6892 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

13:09:28.0866 6892 Netlogon - ok

13:09:29.0003 6892 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

13:09:29.0005 6892 Netman - ok

13:09:29.0021 6892 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

13:09:29.0024 6892 netprofm - ok

13:09:29.0185 6892 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

13:09:29.0186 6892 NetTcpPortSharing - ok

13:09:29.0212 6892 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

13:09:29.0212 6892 nfrd960 - ok

13:09:29.0433 6892 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

13:09:29.0435 6892 NlaSvc - ok

13:09:29.0489 6892 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

13:09:29.0490 6892 Npfs - ok

13:09:29.0527 6892 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

13:09:29.0528 6892 nsi - ok

13:09:29.0565 6892 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

13:09:29.0565 6892 nsiproxy - ok

13:09:30.0670 6892 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

13:09:30.0677 6892 Ntfs - ok

13:09:30.0998 6892 NuidFltr (317020d31f1696334679b9d0416eb62e) C:\Windows\system32\DRIVERS\NuidFltr.sys

13:09:30.0999 6892 NuidFltr - ok

13:09:31.0032 6892 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

13:09:31.0032 6892 Null - ok

13:09:31.0204 6892 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

13:09:31.0205 6892 nvraid - ok

13:09:31.0337 6892 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

13:09:31.0338 6892 nvstor - ok

13:09:31.0444 6892 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

13:09:31.0445 6892 nv_agp - ok

13:09:31.0587 6892 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

13:09:31.0589 6892 ohci1394 - ok

13:09:31.0774 6892 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

13:09:31.0775 6892 ose - ok

13:09:32.0040 6892 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

13:09:32.0043 6892 p2pimsvc - ok

13:09:32.0404 6892 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

13:09:32.0408 6892 p2psvc - ok

13:09:32.0512 6892 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

13:09:32.0513 6892 Parport - ok

13:09:32.0586 6892 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

13:09:32.0587 6892 partmgr - ok

13:09:32.0778 6892 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

13:09:32.0781 6892 PcaSvc - ok

13:09:33.0017 6892 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms

13:09:33.0018 6892 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok

13:09:33.0031 6892 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

13:09:33.0032 6892 pci - ok

13:09:33.0043 6892 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

13:09:33.0044 6892 pciide - ok

13:09:33.0062 6892 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

13:09:33.0064 6892 pcmcia - ok

13:09:33.0092 6892 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

13:09:33.0092 6892 pcw - ok

13:09:33.0151 6892 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

13:09:33.0154 6892 PEAUTH - ok

13:09:33.0239 6892 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll

13:09:33.0245 6892 PeerDistSvc - ok

13:09:33.0308 6892 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

13:09:33.0309 6892 PerfHost - ok

13:09:33.0366 6892 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

13:09:33.0376 6892 pla - ok

13:09:33.0803 6892 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

13:09:33.0807 6892 PlugPlay - ok

13:09:33.0939 6892 Pml Driver HPZ12 (35ccb20b0d730b7764d049463e4b2ac5) C:\Windows\system32\HPZipm12.dll

13:09:33.0940 6892 Pml Driver HPZ12 - ok

13:09:34.0004 6892 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

13:09:34.0037 6892 PNRPAutoReg - ok

13:09:34.0062 6892 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

13:09:34.0064 6892 PNRPsvc - ok

13:09:34.0217 6892 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys

13:09:34.0218 6892 Point64 - ok

13:09:34.0563 6892 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

13:09:34.0567 6892 PolicyAgent - ok

13:09:34.0693 6892 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

13:09:34.0695 6892 Power - ok

13:09:34.0811 6892 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

13:09:34.0812 6892 PptpMiniport - ok

13:09:34.0873 6892 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

13:09:34.0874 6892 Processor - ok

13:09:35.0058 6892 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

13:09:35.0082 6892 ProfSvc - ok

13:09:35.0086 6892 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

13:09:35.0087 6892 ProtectedStorage - ok

13:09:35.0246 6892 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

13:09:35.0247 6892 Psched - ok

13:09:35.0330 6892 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys

13:09:35.0331 6892 PxHlpa64 - ok

13:09:36.0313 6892 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

13:09:36.0319 6892 ql2300 - ok

13:09:36.0421 6892 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

13:09:36.0422 6892 ql40xx - ok

13:09:36.0515 6892 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

13:09:36.0517 6892 QWAVE - ok

13:09:36.0522 6892 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

13:09:36.0522 6892 QWAVEdrv - ok

13:09:36.0534 6892 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

13:09:36.0534 6892 RasAcd - ok

13:09:36.0606 6892 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

13:09:36.0607 6892 RasAgileVpn - ok

13:09:36.0642 6892 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

13:09:36.0643 6892 RasAuto - ok

13:09:36.0651 6892 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

13:09:36.0652 6892 Rasl2tp - ok

13:09:36.0952 6892 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

13:09:36.0971 6892 RasMan - ok

13:09:37.0050 6892 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

13:09:37.0051 6892 RasPppoe - ok

13:09:37.0149 6892 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

13:09:37.0150 6892 RasSstp - ok

13:09:37.0402 6892 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

13:09:37.0404 6892 rdbss - ok

13:09:37.0461 6892 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

13:09:37.0462 6892 rdpbus - ok

13:09:37.0543 6892 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

13:09:37.0543 6892 RDPCDD - ok

13:09:37.0743 6892 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

13:09:37.0745 6892 RDPDR - ok

13:09:37.0803 6892 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

13:09:37.0804 6892 RDPENCDD - ok

13:09:37.0815 6892 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

13:09:37.0815 6892 RDPREFMP - ok

13:09:37.0890 6892 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

13:09:37.0891 6892 RDPWD - ok

13:09:37.0917 6892 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

13:09:37.0919 6892 rdyboost - ok

13:09:37.0934 6892 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

13:09:37.0935 6892 RemoteAccess - ok

13:09:37.0960 6892 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

13:09:37.0962 6892 RemoteRegistry - ok

13:09:38.0032 6892 RichVideo64 (0b169fe016039571ecc6db70073f8979) C:\Program Files\CyberLink\Shared files\RichVideo64.exe

13:09:38.0034 6892 RichVideo64 - ok

13:09:38.0989 6892 RoxMediaDB10 (05fc44d32a144925eae45570029fd6e1) c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

13:09:38.0996 6892 RoxMediaDB10 - ok

13:09:39.0058 6892 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

13:09:39.0060 6892 RpcEptMapper - ok

13:09:39.0108 6892 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

13:09:39.0111 6892 RpcLocator - ok

13:09:39.0519 6892 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

13:09:39.0522 6892 RpcSs - ok

13:09:39.0599 6892 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

13:09:39.0599 6892 rspndr - ok

13:09:39.0831 6892 RSUSBSTOR (5aab4808e8ccae8c2ecda5b791260616) C:\Windows\system32\Drivers\RtsUStor.sys

13:09:39.0833 6892 RSUSBSTOR - ok

13:09:39.0997 6892 RTL8167 (777fc2c418465404e3d8a290dc247d24) C:\Windows\system32\DRIVERS\Rt64win7.sys

13:09:39.0999 6892 RTL8167 - ok

13:09:40.0002 6892 RxFilter - ok

13:09:40.0073 6892 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

13:09:40.0073 6892 s3cap - ok

13:09:40.0076 6892 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

13:09:40.0077 6892 SamSs - ok

13:09:40.0100 6892 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

13:09:40.0101 6892 sbp2port - ok

13:09:40.0282 6892 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

13:09:40.0284 6892 SCardSvr - ok

13:09:40.0333 6892 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

13:09:40.0333 6892 scfilter - ok

13:09:41.0291 6892 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

13:09:41.0297 6892 Schedule - ok

13:09:41.0391 6892 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

13:09:41.0391 6892 SCPolicySvc - ok

13:09:41.0533 6892 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

13:09:41.0535 6892 SDRSVC - ok

13:09:41.0596 6892 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

13:09:41.0596 6892 secdrv - ok

13:09:41.0635 6892 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

13:09:41.0636 6892 seclogon - ok

13:09:41.0712 6892 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll

13:09:41.0713 6892 SENS - ok

13:09:41.0788 6892 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

13:09:41.0790 6892 SensrSvc - ok

13:09:41.0840 6892 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

13:09:41.0840 6892 Serenum - ok

13:09:41.0936 6892 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

13:09:41.0936 6892 Serial - ok

13:09:41.0998 6892 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

13:09:41.0999 6892 sermouse - ok

13:09:42.0058 6892 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

13:09:42.0060 6892 SessionEnv - ok

13:09:42.0077 6892 SessionLauncher - ok

13:09:42.0086 6892 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

13:09:42.0086 6892 sffdisk - ok

13:09:42.0128 6892 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

13:09:42.0128 6892 sffp_mmc - ok

13:09:42.0186 6892 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

13:09:42.0187 6892 sffp_sd - ok

13:09:42.0207 6892 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

13:09:42.0208 6892 sfloppy - ok

13:09:43.0525 6892 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

13:09:43.0532 6892 SftService - ok

13:09:43.0930 6892 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

13:09:43.0934 6892 SharedAccess - ok

13:09:44.0225 6892 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

13:09:44.0229 6892 ShellHWDetection - ok

13:09:44.0276 6892 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

13:09:44.0276 6892 SiSRaid2 - ok

13:09:44.0354 6892 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

13:09:44.0354 6892 SiSRaid4 - ok

13:09:44.0501 6892 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

13:09:44.0502 6892 Smb - ok

13:09:44.0578 6892 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

13:09:44.0581 6892 SNMPTRAP - ok

13:09:44.0628 6892 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

13:09:44.0629 6892 spldr - ok

13:09:44.0719 6892 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

13:09:44.0723 6892 Spooler - ok

13:09:46.0798 6892 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

13:09:46.0813 6892 sppsvc - ok

13:09:46.0888 6892 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

13:09:46.0891 6892 sppuinotify - ok

13:09:47.0204 6892 SQLBrowser (b2ec3e1deac5f0a764bd3486d213a0af) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

13:09:47.0206 6892 SQLBrowser - ok

13:09:47.0637 6892 SQLSERVERAGENT (00b0e9f0ffd98b829345dff292650470) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE

13:09:47.0640 6892 SQLSERVERAGENT - ok

13:09:47.0830 6892 SQLWriter (d63fc56c7c3f9b576bc25f617e3f7963) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

13:09:47.0831 6892 SQLWriter - ok

13:09:48.0214 6892 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

13:09:48.0218 6892 srv - ok

13:09:48.0510 6892 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

13:09:48.0513 6892 srv2 - ok

13:09:48.0648 6892 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

13:09:48.0649 6892 srvnet - ok

13:09:48.0859 6892 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

13:09:48.0862 6892 SSDPSRV - ok

13:09:48.0931 6892 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

13:09:48.0933 6892 SstpSvc - ok

13:09:48.0969 6892 Steam Client Service - ok

13:09:49.0024 6892 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

13:09:49.0024 6892 stexstor - ok

13:09:49.0080 6892 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys

13:09:49.0080 6892 StillCam - ok

13:09:49.0522 6892 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

13:09:49.0526 6892 stisvc - ok

13:09:49.0634 6892 stllssvr (ff5eb78af7dfb68c2fb363537aaf753e) c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

13:09:49.0634 6892 stllssvr - ok

13:09:49.0701 6892 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys

13:09:49.0702 6892 storflt - ok

13:09:49.0740 6892 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll

13:09:49.0742 6892 StorSvc - ok

13:09:49.0799 6892 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

13:09:49.0800 6892 storvsc - ok

13:09:49.0824 6892 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

13:09:49.0824 6892 swenum - ok

13:09:49.0917 6892 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

13:09:49.0921 6892 swprv - ok

13:09:51.0208 6892 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

13:09:51.0216 6892 SysMain - ok

13:09:51.0296 6892 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

13:09:51.0301 6892 TabletInputService - ok

13:09:51.0516 6892 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

13:09:51.0518 6892 TapiSrv - ok

13:09:51.0581 6892 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

13:09:51.0583 6892 TBS - ok

13:09:52.0950 6892 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

13:09:52.0958 6892 Tcpip - ok

13:09:53.0094 6892 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

13:09:53.0101 6892 TCPIP6 - ok

13:09:53.0178 6892 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

13:09:53.0179 6892 tcpipreg - ok

13:09:53.0201 6892 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

13:09:53.0201 6892 TDPIPE - ok

13:09:53.0242 6892 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

13:09:53.0243 6892 TDTCP - ok

13:09:53.0358 6892 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

13:09:53.0359 6892 tdx - ok

13:09:53.0425 6892 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

13:09:53.0426 6892 TermDD - ok

13:09:53.0917 6892 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

13:09:53.0923 6892 TermService - ok

13:09:53.0965 6892 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

13:09:53.0966 6892 Themes - ok

13:09:54.0042 6892 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

13:09:54.0043 6892 THREADORDER - ok

13:09:54.0190 6892 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

13:09:54.0191 6892 TrkWks - ok

13:09:54.0240 6892 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

13:09:54.0241 6892 TrustedInstaller - ok

13:09:54.0262 6892 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

13:09:54.0262 6892 tssecsrv - ok

13:09:54.0296 6892 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

13:09:54.0296 6892 TsUsbFlt - ok

13:09:54.0470 6892 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

13:09:54.0471 6892 tunnel - ok

13:09:54.0522 6892 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

13:09:54.0523 6892 uagp35 - ok

13:09:54.0864 6892 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

13:09:54.0867 6892 udfs - ok

13:09:54.0918 6892 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

13:09:54.0919 6892 UI0Detect - ok

13:09:54.0982 6892 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

13:09:54.0982 6892 uliagpkx - ok

13:09:55.0090 6892 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

13:09:55.0091 6892 umbus - ok

13:09:55.0125 6892 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

13:09:55.0125 6892 UmPass - ok

13:09:55.0290 6892 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll

13:09:55.0293 6892 UmRdpService - ok

13:09:55.0566 6892 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

13:09:55.0568 6892 upnphost - ok

13:09:55.0650 6892 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

13:09:55.0650 6892 usbccgp - ok

13:09:55.0732 6892 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

13:09:55.0733 6892 usbcir - ok

13:09:55.0787 6892 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

13:09:55.0788 6892 usbehci - ok

13:09:55.0821 6892 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

13:09:55.0822 6892 usbhub - ok

13:09:55.0853 6892 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

13:09:55.0854 6892 usbohci - ok

13:09:55.0870 6892 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

13:09:55.0870 6892 usbprint - ok

13:09:55.0910 6892 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

13:09:55.0911 6892 USBSTOR - ok

13:09:55.0981 6892 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys

13:09:55.0982 6892 usbuhci - ok

13:09:56.0033 6892 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

13:09:56.0101 6892 UxSms - ok

13:09:56.0142 6892 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

13:09:56.0143 6892 VaultSvc - ok

13:09:56.0165 6892 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

13:09:56.0166 6892 vdrvroot - ok

13:09:56.0579 6892 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

13:09:56.0583 6892 vds - ok

13:09:56.0666 6892 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

13:09:56.0667 6892 vga - ok

13:09:56.0729 6892 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

13:09:56.0730 6892 VgaSave - ok

13:09:56.0917 6892 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

13:09:56.0918 6892 vhdmp - ok

13:09:56.0946 6892 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

13:09:56.0948 6892 viaide - ok

13:09:57.0087 6892 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys

13:09:57.0089 6892 vmbus - ok

13:09:57.0119 6892 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

13:09:57.0119 6892 VMBusHID - ok

13:09:57.0188 6892 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

13:09:57.0189 6892 volmgr - ok

13:09:57.0497 6892 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

13:09:57.0500 6892 volmgrx - ok

13:09:57.0729 6892 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

13:09:57.0732 6892 volsnap - ok

13:09:57.0885 6892 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

13:09:57.0887 6892 vsmraid - ok

13:09:59.0199 6892 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

13:09:59.0207 6892 VSS - ok

13:09:59.0247 6892 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

13:09:59.0248 6892 vwifibus - ok

13:09:59.0339 6892 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

13:09:59.0373 6892 W32Time - ok

13:09:59.0446 6892 W3SVC (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll

13:09:59.0449 6892 W3SVC - ok

13:09:59.0460 6892 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

13:09:59.0461 6892 WacomPen - ok

13:09:59.0489 6892 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

13:09:59.0489 6892 WANARP - ok

13:09:59.0500 6892 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

13:09:59.0500 6892 Wanarpv6 - ok

13:09:59.0504 6892 WAS (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll

13:09:59.0506 6892 WAS - ok

13:09:59.0572 6892 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

13:09:59.0577 6892 WatAdminSvc - ok

13:09:59.0638 6892 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

13:09:59.0645 6892 wbengine - ok

13:09:59.0822 6892 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

13:09:59.0825 6892 WbioSrvc - ok

13:10:00.0115 6892 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

13:10:00.0118 6892 wcncsvc - ok

13:10:00.0173 6892 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

13:10:00.0174 6892 WcsPlugInService - ok

13:10:00.0197 6892 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

13:10:00.0197 6892 Wd - ok

13:10:00.0501 6892 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

13:10:00.0506 6892 Wdf01000 - ok

13:10:00.0638 6892 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

13:10:00.0658 6892 WdiServiceHost - ok

13:10:00.0661 6892 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

13:10:00.0662 6892 WdiSystemHost - ok

13:10:00.0844 6892 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

13:10:00.0847 6892 WebClient - ok

13:10:01.0022 6892 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

13:10:01.0051 6892 Wecsvc - ok

13:10:01.0100 6892 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

13:10:01.0102 6892 wercplsupport - ok

13:10:01.0268 6892 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

13:10:01.0270 6892 WerSvc - ok

13:10:01.0297 6892 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

13:10:01.0297 6892 WfpLwf - ok

13:10:01.0473 6892 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys

13:10:01.0474 6892 WimFltr - ok

13:10:01.0489 6892 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

13:10:01.0512 6892 WIMMount - ok

13:10:01.0583 6892 WinDefend - ok

13:10:01.0587 6892 WinHttpAutoProxySvc - ok

13:10:01.0897 6892 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

13:10:01.0898 6892 Winmgmt - ok

13:10:02.0708 6892 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

13:10:02.0719 6892 WinRM - ok

13:10:02.0829 6892 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

13:10:02.0830 6892 WinUsb - ok

13:10:02.0929 6892 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

13:10:02.0935 6892 Wlansvc - ok

13:10:03.0248 6892 wlidsvc (98f138897ef4246381d197cb81846d62) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

13:10:03.0258 6892 wlidsvc - ok

13:10:03.0277 6892 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

13:10:03.0278 6892 WmiAcpi - ok

13:10:03.0309 6892 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

13:10:03.0311 6892 wmiApSrv - ok

13:10:03.0312 6892 WMPNetworkSvc - ok

13:10:03.0353 6892 WMSVC (b5bd872122a2ce82d196abf2d5d8d80a) C:\Windows\system32\inetsrv\wmsvc.exe

13:10:03.0353 6892 WMSVC - ok

13:10:03.0372 6892 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

13:10:03.0376 6892 WPCSvc - ok

13:10:03.0492 6892 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

13:10:03.0494 6892 WPDBusEnum - ok

13:10:03.0533 6892 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

13:10:03.0534 6892 ws2ifsl - ok

13:10:03.0600 6892 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll

13:10:03.0602 6892 wscsvc - ok

13:10:03.0605 6892 WSearch - ok

13:10:05.0321 6892 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

13:10:05.0331 6892 wuauserv - ok

13:10:05.0443 6892 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

13:10:05.0444 6892 WudfPf - ok

13:10:05.0574 6892 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

13:10:05.0575 6892 WUDFRd - ok

13:10:05.0655 6892 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

13:10:05.0658 6892 wudfsvc - ok

13:10:05.0879 6892 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

13:10:05.0882 6892 WwanSvc - ok

13:10:05.0933 6892 MBR (0x1B8) (faf3db026c90f586e5993588661e2612) \Device\Harddisk0\DR0

13:10:05.0967 6892 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

13:10:05.0967 6892 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

13:10:05.0988 6892 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

13:10:05.0993 6892 \Device\Harddisk1\DR1 - ok

13:10:05.0995 6892 Boot (0x1200) (f3bae82eca5dd01b891d889120f9108d) \Device\Harddisk0\DR0\Partition0

13:10:05.0995 6892 \Device\Harddisk0\DR0\Partition0 - ok

13:10:06.0041 6892 Boot (0x1200) (4e06d1d7f5ff07592a2270da4b4ae24a) \Device\Harddisk0\DR0\Partition1

13:10:06.0051 6892 \Device\Harddisk0\DR0\Partition1 - ok

13:10:06.0053 6892 Boot (0x1200) (255f0ea6f890cccdfbb00b2201ab3452) \Device\Harddisk1\DR1\Partition0

13:10:06.0054 6892 \Device\Harddisk1\DR1\Partition0 - ok

13:10:06.0055 6892 ============================================================

13:10:06.0055 6892 Scan finished

13:10:06.0055 6892 ============================================================

13:10:06.0062 6840 Detected object count: 1

13:10:06.0062 6840 Actual detected object count: 1

13:10:11.0824 6840 \Device\Harddisk0\DR0\# - copied to quarantine

13:10:11.0824 6840 \Device\Harddisk0\DR0 - copied to quarantine

13:10:11.0853 6840 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

13:10:11.0854 6840 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

13:10:11.0855 6840 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

13:10:11.0899 6840 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

13:10:11.0978 6840 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

13:10:11.0981 6840 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

13:10:11.0981 6840 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

13:10:11.0982 6840 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

13:10:11.0982 6840 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

13:10:11.0983 6840 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

13:10:11.0984 6840 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

13:10:11.0985 6840 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

13:10:12.0034 6840 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

13:10:12.0034 6840 \Device\Harddisk0\DR0 - ok

13:10:12.0315 6840 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

Link to post
Share on other sites

Does this system have a resident antivirus program installed? If so, which one? If not, how long has it been without an antivirus?

A rootkit is an extremely serious infection. Do you have a recent disk-image-backup of this system from before the infection?

Please download Listparts64

Run the tool, click Scan and post the log (Result.txt) it makes.

Link to post
Share on other sites

I have been running MalwareBytes Personal (purchased/registered) for quite some time now.

I have Dell Safe Backup running, so I _should_ have a good backup, although I do not know exactly when the virus hit.. Seems that the virus started out just redirecting google, but it's gotten worse over time. At least two weeks, I'd think.

Here is Result.txt from Listparts64:

ListParts by Farbar Version: 12-03-2012 03

Ran by Scottg (administrator) on 26-04-2012 at 14:04:11

Windows 7 (X64)

Running From: C:\Users\Scottg\Desktop

Language: 0409

************************************************************

========================= Memory info ======================

Percentage of memory in use: 31%

Total physical RAM: 12278.89 MB

Available physical RAM: 8391.95 MB

Total Pagefile: 24555.98 MB

Available Pagefile: 20161.52 MB

Total Virtual: 8192 MB

Available Virtual: 8191.88 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:920.58 GB) (Free:814.21 GB) NTFS

3 Drive e: (SDMINI) (Fixed) (Total:465.65 GB) (Free:371.4 GB) FAT32

4 Drive s: (OS) (Network) (Total:920.58 GB) (Free:814.21 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 931 GB 0 B

Disk 1 Online 465 GB 1024 KB

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 OEM 39 MB 31 KB

Partition 2 Primary 10 GB 40 MB

Partition 3 Primary 920 GB 10 GB

======================================================================================================

Disk: 0

Partition 1

Type : DE

Hidden: Yes

Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 RECOVERY NTFS Partition 10 GB Healthy System (partition with boot components)

======================================================================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C OS NTFS Partition 920 GB Healthy Boot

======================================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 465 GB 31 KB

======================================================================================================

Disk: 1

Partition 1

Type : 0C

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 E SDMINI FAT32 Partition 465 GB Healthy

======================================================================================================

****** End Of Log ******

Link to post
Share on other sites

Did this Dell come with an Antivirus program? (McAffee or Norton/Symantec, or other )?

MBAM is an anti-malware program. It does not have an antivirus component. You must have an antivirus app.

If this system does not have an antivirus and IF cost is an issue, get one (and only one) of these free anti-virus programs. Save the setup program to your Desktop. Do not run the setup program just yet.

Avira Free for home use http://www.avira.com...-free-antivirus

MS Security Essentials http://windows.micro...rity-essentials

Avast http://www.avast.com...ivirus-download

Now then, run the Setup program for your new anti-virus program.

Bring up your new AV and do an UPDATE run to insure the new program is all up-to-date.

Run a full scan of your system and save the log.

Step 2

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a FULL Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Step 3

Reply with results from the antivirus scan, and copy of the MBAM scan log.

Link to post
Share on other sites

All I have installed is MalwareBytes... I thought that it was full protection, so I uninstalled Norton right after I purchased the machine over a year ago.

My bad :(

I have downloaded and installed Avast and when I attempt a Full Scan, I get a typical Windows Blue Screen of Death: BAD_POOL_CALL. Should I uninstall and try a different anti-virus program?

Also, all during this process, Malwarebytes has continued to block outgoing ports from svchost.exe and now it's blocking outgoing port 50046, Process avastsvc.exe and Avast is now popping up with blocked web urls too.

Link to post
Share on other sites

De-Install Avast. Then immediately Logoff & Restart.

Get the MS Security Essentials, setup. Don't do a scan yet. Exit MSE.

Next, setup Trust Exclusions in both MBAM and MSE as shown in section I at http://forums.malwarebytes.org/index.php?act=findpost&pid=181018

Then, Start MSE and do a Full scan.

As to MBAM, for the time being, do a Quick scan.

Reply with logs from MSE & MBAM scan log

Edited by Maurice Naggar
Link to post
Share on other sites

Here is the MBAM log file. (I'm still looking for the MSE log file).

Malwarebytes Anti-Malware (PRO) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.30.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Scottg :: DEV [administrator]

Protection: Enabled

05/01/2012 12:41:47 PM

mbam-log-2012-05-01 (12-43-45).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 247772

Time elapsed: 1 minute(s), 42 second(s)

Memory Processes Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> 3784 -> No action taken.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 2

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

(end)

Link to post
Share on other sites

Maurice,

The MSE application scanned and found a virus and directed me to download and use Defender offline, so I downloaded it to a USB flash drive and booted from that drive. It _looks_ like it successfully removed the virus from my computer!

But, it looks like the virus has left most of my folders "empty". I'm pretty sure that the files are still there, they may just be marked as "hidden".

Do you have any suggestions on how to make the files and folders reappear?

Thank you so much for your excellent help so far!

Scott

Link to post
Share on other sites

Maurice,

The MSE application scanned and found a virus and directed me to download and use Defender offline, so I downloaded it to a USB flash drive and booted from that drive. It _looks_ like it successfully removed the virus from my computer!

But, it looks like the virus has left most of my folders "empty". I'm pretty sure that the files are still there, they may just be marked as "hidden".

Do you have any suggestions on how to make the files and folders reappear?

Thank you so much for your excellent help so far!

Scott

Hold on and I'll assist on that. We can likley find hidden items. Please 1st do that new MBAM scan
Link to post
Share on other sites

Maurice,

Actually, I did have MBAM quarantine the virus and reboot, but when the computer came back up, MalwareBytes continued to block outgoing ports from svchost.exe. At that point, I restarted the computer and booted from the USB drive with Defender.

Here are the results from MBAM Quick scan after Defender completed:

Malwarebytes Anti-Malware (PRO) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.05.01.10

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Scottg :: DEV [administrator]

Protection: Enabled

05/01/2012 1:26:12 PM

mbam-log-2012-05-01 (13-26-12).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 247564

Time elapsed: 1 minute(s), 7 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

After I restarted the computer following the above scan, I scanned again using MBAM Quick Scan and here are the results:

Malwarebytes Anti-Malware (PRO) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.05.01.10

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Scottg :: DEV [administrator]

Protection: Enabled

05/01/2012 1:30:52 PM

mbam-log-2012-05-01 (13-30-52).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 247653

Time elapsed: 3 minute(s), 20 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

The last run of MBAM did not detect anything. Knock wood__ let's hope that means that that trojan is fully gone.

I need a fresh new log for review.

Please close any of your open windows/programs and exit; saving any open work you have.

Go slow and careful. This is a Custom scan. Have infinite patience while it runs.

Temporarily turn OFF your antivirus program so that it does not interfere. Leave the firewall on

For a how-to-reference, see this How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

I'd like to have you do a special run of OTL to generate some searches & a new log-report.

  • Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe
  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %ALLUSERSPROFILE%\Application Data\*.dll /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    c:|Fun4IM;true;true;true; /FP
    c:|Bandoo;true;true;true; /FP
    c:|Searchn;true;true;true; /FP
    c:|Searchq;true;true;true; /FP
    c:|datamngr;true;true;true; /FP
    c:|iLivid;true;true;true; /FP
    c:|whitesmoke;true;true;true; /FP
    %USERPROFILE%\..|smtmp;true;true;true /FP
    %systemroot%\*. /mp /s
    CLEARALLRESTOREPOINTS
    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • :excl: Close any browser(s) windows that may be open.
  • Using your mouse, click on Run Scan.
  • The scan won't take long. Have inifinite patience. OTL may appear to stall but it will finish.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    These are saved in the same location as OTL.
  • Please Copy and Paste the OTL log(s) . Do not enclose in Code or Quote.

Link to post
Share on other sites

OTL logfile created on: 05/01/2012 2:57:20 PM - Run 1

OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Scottg\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

11.99 Gb Total Physical Memory | 9.65 Gb Available Physical Memory | 80.51% Memory free

23.98 Gb Paging File | 21.28 Gb Available in Paging File | 88.74% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 920.58 Gb Total Space | 812.98 Gb Free Space | 88.31% Space Free | Partition Type: NTFS

Drive E: | 465.65 Gb Total Space | 350.20 Gb Free Space | 75.21% Space Free | Partition Type: FAT32

Drive S: | 920.58 Gb Total Space | 812.98 Gb Free Space | 88.31% Space Free | Partition Type: NTFS

Computer Name: DEV | User Name: Scottg | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --

PRC - [2012/05/01 14:54:01 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Scottg\Desktop\OTL.exe

PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/09/06 12:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

PRC - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

PRC - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe

PRC - [2011/08/01 12:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

PRC - [2010/04/26 21:10:16 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe

PRC - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2010/03/03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2009/07/06 15:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe

PRC - [2009/06/09 09:11:14 | 000,155,648 | -H-- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/11 03:22:17 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\43e23da6683962ea1168aaf007bbc35d\PresentationFramework.ni.dll

MOD - [2012/04/11 03:22:05 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll

MOD - [2012/04/11 03:22:00 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll

MOD - [2012/04/11 03:21:57 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\74d980e52c1791f1b8608d767a393144\PresentationCore.ni.dll

MOD - [2012/02/15 04:28:41 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f01c5c76d0a19516a37b7bd191a02cda\System.Core.ni.dll

MOD - [2012/02/15 04:27:43 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\5be773440afa1e1f565f9021d8fd9730\IAStorUtil.ni.dll

MOD - [2012/02/15 04:24:13 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll

MOD - [2012/02/15 04:24:02 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll

MOD - [2012/02/15 04:23:28 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll

MOD - [2012/02/15 04:23:24 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll

MOD - [2012/02/15 04:23:20 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll

MOD - [2012/02/15 04:23:19 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll

MOD - [2011/10/14 03:27:09 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll

MOD - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2011/12/30 07:39:40 | 004,889,032 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)

SRV:64bit: - [2011/01/26 06:38:11 | 000,350,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\ftpsvc.dll -- (ftpsvc)

SRV:64bit: - [2010/08/19 17:43:23 | 000,386,344 | -H-- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64) Cyberlink RichVideo64 Service(CRVS)

SRV:64bit: - [2010/05/17 16:03:54 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV:64bit: - [2009/07/13 20:39:56 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\WMSvc.exe -- (WMSVC)

SRV:64bit: - [2009/06/09 09:11:14 | 000,155,648 | -H-- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)

SRV - [2012/04/17 14:38:06 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)

SRV - [2011/03/21 13:28:55 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)

SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)

SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)

SRV - [2010/11/20 07:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)

SRV - [2010/11/10 19:53:42 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010/04/26 19:10:14 | 000,232,944 | ---- | M] (CyberLink) [Auto | Stopped] -- c:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)

SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®

SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2009/06/26 12:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe -- (RoxMediaDB10)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/11/22 14:14:54 | 000,139,592 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)

DRV:64bit: - [2011/11/22 14:14:54 | 000,078,208 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)

DRV:64bit: - [2011/09/28 15:31:30 | 000,321,536 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (Hardlock)

DRV:64bit: - [2011/09/08 08:23:30 | 000,057,088 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\akshhl.sys -- (akshhl)

DRV:64bit: - [2011/08/09 07:11:50 | 000,021,120 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb)

DRV:64bit: - [2011/04/13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)

DRV:64bit: - [2011/04/13 15:04:38 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)

DRV:64bit: - [2011/04/12 13:01:38 | 000,052,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)

DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/09 09:36:00 | 000,053,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\akshasp.sys -- (akshasp)

DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/07/30 18:36:38 | 000,025,072 | -H-- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Running] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)

DRV:64bit: - [2010/05/17 16:35:30 | 006,853,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2010/05/17 15:30:28 | 000,263,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2010/04/08 02:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2010/03/12 14:23:16 | 000,242,720 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2010/03/03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/11/27 20:45:06 | 000,295,424 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)

DRV:64bit: - [2009/07/09 05:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2009/06/26 11:27:28 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{42A2E03E-203C-4B53-A1B0-58B2385638F1}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{3DA618C0-3DD1-49D1-BE9B-EA0B15F1EB09}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/30 11:14:40 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/25 18:26:10 | 000,000,000 | ---D | M]

[2010/12/16 18:25:11 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Scottg\AppData\Roaming\Mozilla\Extensions

[2012/04/20 12:49:05 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Scottg\AppData\Roaming\Mozilla\Firefox\Profiles\qw1aw24t.default\extensions

[2012/03/30 11:14:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/03/12 23:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll

[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2012/03/12 23:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/03/12 23:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/04/26 12:06:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)

O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.)

O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)

O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [bDRegion] c:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)

O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [PDVD9LanguageShortcut] c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)

O4 - HKLM..\Run: [RemoteControl9] c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [startCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [updReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)

O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)

O4 - Startup: C:\Users\Scottg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdminShOrigSetting = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUserShOrigSetting = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktopShOrigSetting = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.70.128.240 207.70.172.240

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EDFE8E86-B437-443B-AE84-E6F40B9D476F}: DhcpNameServer = 207.70.128.240 207.70.172.240

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-mfe-ipt - No CLSID value found

O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\615\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: MCODS -

SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: MCODS -

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

... continued on next post.

Link to post
Share on other sites

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {16822C7D-95D3-CCA9-D232-D84E902DB533} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {23036C23-ECDE-47F5-A908-BEC94EE0456F} - Security Update for Microsoft Visual Studio 2005 Premier Partner Edition - ENU (KB2251481)

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3355B5B7-9EEB-5370-2923-B930E55AAB2A} - Browser Customizations

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {9AD2FB23-AC50-435C-8ABC-8119D29CF0C1} - Update for Microsoft Visual Studio 2005 Premier Partner Edition - ENU (KB932232)

ActiveX: {C1E97EED-808B-F95A-7B38-81ED4BD59733} - Java (Sun)

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D93F9C7C-AB57-44C8-BAD6-1494674BCAF7} - Microsoft Visual Studio 2005 Premier Partner Edition - ENU Service Pack 1 (KB926601)

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E8F0011F-2C69-020A-0598-2048FA4420FF} - Java (Sun)

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CLEARALLRESTOREPOINTS

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/05/01 15:49:51 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware

[2012/05/01 14:55:43 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Scottg\Desktop\OTL.exe

[2012/05/01 13:29:51 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5

[2012/05/01 08:55:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client

[2012/05/01 08:55:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2012/04/26 17:38:42 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

[2012/04/26 17:38:12 | 000,000,000 | -H-D | C] -- C:\Program Files\AVAST Software

[2012/04/26 17:38:12 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software

[2012/04/26 13:06:16 | 004,731,392 | -H-- | C] (AVAST Software) -- C:\Users\Scottg\Desktop\aswMBR.exe

[2012/04/26 12:57:30 | 000,000,000 | -H-D | C] -- C:\Program Files\trend micro

[2012/04/26 12:57:30 | 000,000,000 | ---D | C] -- C:\rsit

[2012/04/26 12:53:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

[2012/04/26 12:53:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT

[2012/04/26 12:07:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/04/26 11:41:46 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2012/04/26 11:41:01 | 002,074,160 | -H-- | C] (Kaspersky Lab ZAO) -- C:\Users\Scottg\Desktop\TDSSKiller.exe

[2012/04/25 19:02:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/04/25 19:02:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/04/25 19:02:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/04/25 19:02:45 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012/04/25 19:02:43 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/04/25 13:23:30 | 000,000,000 | -H-D | C] -- C:\Users\Scottg\AppData\Local\NPE

[2012/04/25 13:23:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton

[2012/04/25 12:51:55 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SSLBuddy

[2012/04/24 11:55:30 | 000,000,000 | ---D | C] -- C:\Windows\system64

[2012/04/19 12:54:34 | 000,000,000 | -H-D | C] -- C:\Users\Scottg\AppData\Roaming\Windows Live Writer

[2012/04/19 12:54:34 | 000,000,000 | -H-D | C] -- C:\Users\Scottg\Documents\My Weblog Posts

[2012/04/19 12:54:33 | 000,000,000 | -H-D | C] -- C:\Users\Scottg\AppData\Local\Windows Live Writer

[2012/04/19 04:26:27 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenSSL

[2012/04/19 04:26:22 | 000,000,000 | ---D | C] -- C:\OpenSSL-Win32

[2012/04/18 17:20:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SSLBuddy

[2012/04/17 14:38:04 | 008,741,536 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe

[2012/04/17 13:57:28 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012/04/14 14:26:57 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information

[2012/04/14 14:26:57 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ

[2012/04/14 14:26:57 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX700 series

[2012/04/14 14:26:54 | 000,258,560 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMLM95.DLL

[2012/04/14 14:26:51 | 001,439,744 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNC700C.DLL

[2012/04/14 14:26:51 | 000,247,296 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNC700L.DLL

[2012/04/14 14:26:51 | 000,229,888 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNC700O.DLL

[2012/04/14 14:26:51 | 000,092,672 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNC700I.DLL

[2012/04/14 14:26:50 | 000,183,296 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCF2Le.DLL

[2012/04/14 14:26:50 | 000,143,360 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFMSe.EXE

[2012/04/14 14:26:50 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLeUS.DLL

[2012/04/14 14:26:50 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLeJP.DLL

[2012/04/14 14:26:47 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ

[2012/04/13 17:30:23 | 000,198,088 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysWow64\hlvdd.dll

[2012/04/13 17:30:16 | 004,889,032 | ---- | C] (SafeNet Inc.) -- C:\Windows\SysNative\aksllmtp.exe

[2012/04/13 17:30:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard

[2012/04/13 17:29:47 | 000,000,000 | -H-D | C] -- C:\Users\Scottg\Desktop\Sentinel_LDK_Run-time_setup

[2012/04/13 17:17:11 | 004,889,032 | ---- | C] (SafeNet Inc.) -- C:\Windows\SysNative\hasplms.exe

[2012/04/13 17:17:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Aladdin Shared

[2012/04/13 16:58:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Chief Architect Inc

[2012/04/13 16:58:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Better Homes and Gardens

[2012/04/13 14:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Cadsoft

[2012/04/13 14:24:29 | 000,000,000 | -H-D | C] -- C:\Users\Scottg\Documents\HGTV Ultimate Home Design with Landscaping & Decks

[2012/04/13 14:24:10 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nova Development

[2012/04/13 14:22:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Nova Development

[2012/04/13 14:22:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nova Development

[2012/04/11 09:58:40 | 000,000,000 | -H-D | C] -- C:\Users\Scottg\AppData\Roaming\Malwarebytes

[2012/04/11 09:58:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/04/11 09:58:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/04/11 09:58:35 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/04/11 09:58:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/04/11 03:00:29 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll

[2012/04/11 03:00:29 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys

[2012/04/11 03:00:28 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll

[2012/04/11 00:52:33 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2012/04/11 00:52:33 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012/04/11 00:52:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012/04/11 00:52:33 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012/04/11 00:52:33 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012/04/11 00:52:33 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012/04/11 00:52:33 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

========== Files - Modified Within 30 Days ==========

[2012/05/01 14:54:01 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Scottg\Desktop\OTL.exe

[2012/05/01 14:38:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/05/01 14:16:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/05/01 14:01:16 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job

[2012/05/01 13:37:28 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/05/01 13:37:28 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/05/01 13:30:08 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/05/01 13:28:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/05/01 13:28:37 | 1066,577,918 | -HS- | M] () -- C:\hiberfil.sys

[2012/05/01 13:04:26 | 001,010,478 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/05/01 13:04:26 | 000,826,314 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/05/01 13:04:26 | 000,179,886 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/05/01 08:59:33 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

[2012/05/01 08:55:56 | 001,024,136 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/05/01 07:58:07 | 622,730,436 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012/04/26 21:55:42 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[2012/04/26 15:37:34 | 000,002,052 | -H-- | M] () -- C:\Users\Scottg\Documents\Default.rdp

[2012/04/26 12:53:45 | 000,000,930 | -H-- | M] () -- C:\Users\Scottg\Desktop\NTREGOPT.lnk

[2012/04/26 12:53:45 | 000,000,911 | -H-- | M] () -- C:\Users\Scottg\Desktop\ERUNT.lnk

[2012/04/26 12:06:42 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/04/26 11:02:09 | 000,801,997 | -H-- | M] () -- C:\Users\Scottg\Desktop\ListParts64.exe

[2012/04/26 10:05:56 | 004,731,392 | -H-- | M] (AVAST Software) -- C:\Users\Scottg\Desktop\aswMBR.exe

[2012/04/26 10:02:07 | 000,879,714 | -H-- | M] () -- C:\Users\Scottg\Desktop\SecurityCheck.exe

[2012/04/26 09:56:46 | 000,935,175 | -H-- | M] () -- C:\Users\Scottg\Desktop\RSITx64.exe

[2012/04/24 18:45:52 | 002,074,160 | -H-- | M] (Kaspersky Lab ZAO) -- C:\Users\Scottg\Desktop\TDSSKiller.exe

[2012/04/19 05:37:55 | 000,001,024 | ---- | M] () -- C:\.rnd

[2012/04/17 14:38:06 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012/04/17 14:38:06 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012/04/17 14:38:04 | 008,741,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe

[2012/04/14 14:16:01 | 016,692,552 | -H-- | M] () -- C:\Users\Scottg\Desktop\mx700swin64101ej.exe

[2012/04/13 17:29:43 | 015,102,493 | -H-- | M] () -- C:\Users\Scottg\Desktop\Sentinel_LDK_Run-time_setup.zip

[2012/04/13 14:24:10 | 000,002,587 | -H-- | M] () -- C:\Users\Scottg\Application Data\Microsoft\Internet Explorer\Quick Launch\HGTV Ultimate Home Design.lnk

[2012/04/11 03:02:07 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI

[2012/04/09 14:00:00 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job

[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/05/01 08:59:33 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif

[2012/05/01 08:55:58 | 000,001,917 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2012/04/26 17:38:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt

[2012/04/26 14:03:51 | 000,801,997 | -H-- | C] () -- C:\Users\Scottg\Desktop\ListParts64.exe

[2012/04/26 13:02:24 | 000,879,714 | -H-- | C] () -- C:\Users\Scottg\Desktop\SecurityCheck.exe

[2012/04/26 12:57:07 | 000,935,175 | -H-- | C] () -- C:\Users\Scottg\Desktop\RSITx64.exe

[2012/04/26 12:53:45 | 000,000,930 | -H-- | C] () -- C:\Users\Scottg\Desktop\NTREGOPT.lnk

[2012/04/26 12:53:45 | 000,000,911 | -H-- | C] () -- C:\Users\Scottg\Desktop\ERUNT.lnk

[2012/04/25 19:02:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/04/25 19:02:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/04/25 19:02:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/04/25 19:02:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/04/25 19:02:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/04/19 04:33:30 | 000,001,024 | ---- | C] () -- C:\.rnd

[2012/04/17 13:57:35 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/04/14 14:15:54 | 016,692,552 | -H-- | C] () -- C:\Users\Scottg\Desktop\mx700swin64101ej.exe

[2012/04/13 17:29:43 | 015,102,493 | -H-- | C] () -- C:\Users\Scottg\Desktop\Sentinel_LDK_Run-time_setup.zip

[2012/04/13 14:24:10 | 000,002,587 | -H-- | C] () -- C:\Users\Scottg\Application Data\Microsoft\Internet Explorer\Quick Launch\HGTV Ultimate Home Design.lnk

[2012/04/11 03:02:07 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI

[2012/03/28 16:27:57 | 000,100,352 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll

[2012/02/24 13:17:56 | 001,024,136 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/02/23 17:55:00 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\BDSSR160.dll

[2012/02/23 17:55:00 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\BDSSR.dll

[2011/03/12 14:39:32 | 000,000,017 | -H-- | C] () -- C:\Users\Scottg\AppData\Local\resmon.resmoncfg

[2010/11/18 12:42:46 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI

[2010/11/10 21:30:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2010/11/10 21:08:17 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2010/11/10 19:54:20 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini

[2010/11/10 19:54:20 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini

[2010/11/10 19:54:20 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini

[2010/11/10 19:54:17 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL

[2010/11/10 19:54:17 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

========== Custom Scans ==========

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %ALLUSERSPROFILE%\Application Data\*.dll /s >

< %APPDATA%\*. >

[2012/04/25 18:18:22 | 000,000,000 | -H-D | M] -- C:\Users\Scottg\AppData\Roaming\Adobe

[2011/11/07 20:57:35 | 000,000,000 | -H-D | M] -- C:\Users\Scottg\AppData\Roaming\Apple Computer

[2010/11/13 19:38:41 | 000,000,000 | -H-D | M] -- C:\Users\Scottg\AppData\Roaming\ATI

[2012/04/25 18:26:15 | 000,000,000 | -H-D | M] -- C:\Users\Scottg\AppData\Roaming\CodeGear

[2012/04/25 18:18:22 | 000,000,000 | -H-D | M] -- C:\Users\Scottg\AppData\Roaming\CyberLink

[2010/11/13 19:39:03 | 000,000,000 | -H-D | M] -- C:\Users\Scottg\AppData\Roaming\Dell

[2012/04/25 18:26:15 | 000,000,000 | -H-D | M] -- C:\Users\Scottg\AppData\Roaming\DevJET

[2012/04/25 18:18:22 | 000,000,000 | -H-D | M] -- C:\Users\Scottg\AppData\Roaming\Embarcadero

[2012/04/25 18:18:23 | 000,000,000 | -H-D | M] -- C:\Users\Scottg\AppData\Roaming\Forte

[2010/11/15 12:32:40 | 000,000,000 | -H-D | M] -- C:\Users\Scottg\AppData\Roaming\Google

[2010/11/13 19:38:11 | 000,000,000 | -H-D | M] -- C:\Users\Scottg\AppData\Roaming\Identities

[2010/11/13 19:38:40 | 000,000,000 | -H-D | M] -- C:\Users\Scottg\AppData\Roaming\Intel Corporation

[2012/04/25 18:26:15 | 000,000,000 | -H-D | M] -- C:\Users\Scottg\AppData\Roaming\IntraWeb XII

[2010/11/15 12:53:46 | 000,000,000 | -H-D | M] -- C:\Users\Scottg\AppData\Roaming\Macromedia

[2012/04/11 09:58:40 | 000,000,000 | -H-D | M] -- C:\Users\Scottg\AppData\Roaming\Malwarebytes

[2009/07/14 02:45:37 | 000,000,000 | -H-D | M] -- C:\Users\Scottg\AppData\Roaming\Media Center Programs

[2012/04/25 18:26:15 | 000,000,000 | --SD | M] -- C:\Users\Scottg\AppData\Roaming\Microsoft

[2012/04/25 18:18:30 | 000,000,000 | -H-D | M] -- C:\Users\Scottg\AppData\Roaming\Mozilla

[2012/04/25 18:18:30 | 000,000,000 | -H-D | M] -- C:\Users\Scottg\AppData\Roaming\PCDr

[2011/12/20 23:45:35 | 000,000,000 | -H-D | M] -- C:\Users\Scottg\AppData\Roaming\Roxio

[2012/03/27 17:22:35 | 000,000,000 | -H-D | M] -- C:\Users\Scottg\AppData\Roaming\SmartBear

[2012/03/28 09:40:31 | 000,000,000 | -H-D | M] -- C:\Users\Scottg\AppData\Roaming\Subversion

[2012/03/28 17:06:35 | 000,000,000 | -H-D | M] -- C:\Users\Scottg\AppData\Roaming\tmssoftware

[2012/04/19 12:54:34 | 000,000,000 | -H-D | M] -- C:\Users\Scottg\AppData\Roaming\Windows Live Writer

< %APPDATA%\*.exe /s >

[2012/03/10 02:17:16 | 001,704,448 | -H-- | M] () -- C:\Users\Scottg\AppData\Roaming\IntraWeb XII\LicenseRegistration.exe

[2012/03/28 16:27:29 | 000,685,913 | -H-- | M] () -- C:\Users\Scottg\AppData\Roaming\IntraWeb XII\unins000.exe

[2011/07/07 17:58:25 | 000,010,134 | -H-- | M] () -- C:\Users\Scottg\AppData\Roaming\Microsoft\Installer\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}\ARPPRODUCTICON.exe

[2010/11/24 15:01:17 | 021,327,600 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Binaries\patch_5694_to_5744_02_64_01.exe

[2010/11/17 15:05:30 | 021,484,632 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Binaries\patch_5694_21_64_01\patch_5694_21_64_01.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\003d4343-2e6d-43fe-b514-ae898d7b0b2a\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\02bfa23b-8a12-4161-b7e3-a5f7d0e71aa8\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\05e0a59b-44b6-40be-8297-7b9edb2aa039\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\079e5733-1983-4f3f-9ba2-5875e737e565\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\07e6c148-e996-4c1b-82cb-88184f7f9e66\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\08a8cc35-f85c-4289-88d3-017a9a54d5ef\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\09ec38df-4eed-47f1-aa63-8c3ccd49a12c\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\0af347cd-a250-4fbe-b631-ada97234de1c\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\0e3cc111-9930-4f0a-9534-d29e82563c42\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\0edd5871-9a9c-498f-a00f-2f9dbe988818\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\0fe45bbc-09e4-49d3-8723-843c3b24dbf5\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\1067917f-cc00-47ae-a460-604c70d5119b\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\131fd16e-d670-45f4-bd29-f9b2a65858ec\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\152dd2a4-187e-435c-b058-633c15ed518e\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\15493363-bfdb-482a-a413-ba0bf702cdfa\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\17ae5ef7-b628-434b-b99d-37f518f3455b\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\185becd3-7cb9-4540-b7a4-f4c194b2b41d\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\19dc3c42-f42e-4419-9c69-e49dae048ea1\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\1b1df37e-79c1-450f-b2e7-9821702d72c8\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\1c509cf8-ecb2-4a78-8758-8fa8c099c807\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\1cc65c6a-3ecb-4783-9e00-d572b0969bca\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\1edb8b69-103d-4f8b-ac47-ea051e97dbe9\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\1fc7fdd2-40ca-427a-b44a-a8f6045c0a30\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\216b2cb3-d277-4e5b-bf02-24199b6a5940\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\22992cca-cc63-40b3-b53b-45178a63585d\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\22f53140-9d81-4049-a590-b46a3ffc56b5\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\23b567fa-cf22-4bdf-b0e8-4e7eb3c5666c\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\23c45998-5a7b-47cd-9d8e-1ec2d8ae35d9\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\24472dd1-b015-4048-a9cb-534444024fa4\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\24e6f9ba-8c95-4ad3-bb0c-19a3349b81d9\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\25b9d489-715c-41f3-92cd-1690e5b8ae72\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\2b2f03e9-8f2f-45e6-952f-ca3c6fedd48b\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\2c2a2613-9536-4864-b137-8e5d1a4fd42f\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\2d120501-39f3-4075-aaa9-93035fbe7030\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\2d4e5cfa-125a-498b-8ae2-5f94fad7f933\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\2dedd7d9-ad4f-4022-9a0d-aad58cd771bb\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\2eb3a59a-6e3c-44d4-87d6-08f7285f0166\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\35836f43-1dc9-4238-847f-e949feee5833\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\380dbc8e-a8a9-4bda-98ab-26168b95376c\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\38147f2b-676a-4257-ab47-c7a65d846392\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\3c7aec13-018a-4342-b4f8-0ae7b1162742\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\3dbb2a4b-6ce9-445b-a637-774f89bf240d\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\3ef27f8f-0e9d-4490-9d43-bcf1e0024745\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\3fc465be-2fc2-4fe2-8ff5-f83957240359\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\3fe933c1-c77d-4277-857b-04e6dbd6a656\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\40ae0e35-e312-4afd-95c6-c567628a8c16\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\41465014-0c50-4a0b-b7fb-580aecce1d3d\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\434caba1-ad41-42a7-8639-6c15e3c501c7\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\43684a1e-390b-4e4c-b58d-8ced2f376d4d\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\43d4f959-de13-49e8-afb9-01adb2f71d42\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\4461f035-c12a-4172-9e50-81809ee5c9ea\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\4486c3ea-91ec-4970-bc7b-cf83ff399ab4\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\4656bbf2-2ede-42ef-b23b-4014820217d0\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\46a42ddc-641b-460f-91ce-18663eeaf2c8\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\49a77d0f-7946-4d36-8d33-b09c3567add5\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\4b648ec5-b8a6-4364-9b72-c5d26662688a\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\4bf85eef-6d8e-4d70-965c-b5d100478037\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\4d120b54-367e-41f1-9d5f-2751b288340f\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\4d3a00c2-257e-4a5e-9a2a-0736c55f801a\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\4fbbc5fb-dc1c-4243-a131-8e8222000485\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\5130603b-9f32-40e7-a090-29ad4595f0d2\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\549b9aef-8538-4990-b2ac-44e1110127ca\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\5598bdd2-f33c-442c-a047-dac977047610\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\58246c38-51f9-4e36-8f25-abbf6bc18e09\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\58dc435e-51f4-48da-a854-8c5277e74e4e\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\5e4a3c8c-1089-46c8-8fba-dc23ed2fed62\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\5eb3a1c9-3546-459d-b461-6d97756864d4\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\5ee21efa-040f-4ca8-98b0-bb3f222f040b\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\643b11f5-46fe-4fc8-a6b1-ecda5cd89884\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\644a1a1d-3f5b-4e17-b1f8-7908c655ef2b\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\696f74f2-a2b7-40cd-a205-cd88d7f8bb8e\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\6a69ef4b-298a-420c-bb60-259fb8e11232\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\6c12407a-ec50-4ef6-aba4-1552923d14b0\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\71afc34f-8cfb-4d9d-beae-9dd2ce71ec71\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\7336f6ad-89bf-4558-b40a-e243effffee9\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\74044e58-eb6c-4a09-82fa-b6f5704b2b1c\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\7414007b-80ac-4874-967b-22a0fe8e3adf\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\74a0a368-f952-4ccc-ad01-66a3ed046e7b\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\7626cd73-9fe6-4698-ac0c-652ded5ca219\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\777439c5-7186-41f4-b170-9af641d2933d\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\792b089b-d102-4aaa-a15a-0189dd5b5efb\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\831ddfa1-2226-44b9-a143-b39191d08535\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\84e3b819-e7c3-4307-b66b-ef6b6efccdf0\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\86a8ef61-d836-4aef-84fb-ec396a52bd1b\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\8892bba7-67bc-457d-bef8-36c558316629\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\891625b7-18fc-4c28-b514-303c6a460433\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\89c41339-35a1-4f96-b6bc-b20b21789696\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\8ab2e138-5119-4669-b7b0-4ecbde352275\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\8bc29d51-e8f1-4bb7-abaf-8bd778d69fdd\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\8cc48361-8f2f-42b1-9eb7-baf7308a1a86\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\8db1c407-0ecb-4b0a-a4c0-b12ba9f01b69\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\8f3e108e-0329-45be-9529-d051de334475\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\91ea969b-3b8f-436b-b97f-0a7d2b9e4fe7\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\99fb6e9f-5225-4579-9d06-54adf2195c7b\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\9adebf48-a693-4ec4-8f47-a1a2fda1b5ea\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\9b005f7d-a761-4a03-8e59-7c0a5bac9bee\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\9bffb041-1ebe-48a7-9e85-e8644f2bbbbd\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\9c2a538b-7c00-4d67-acd6-86da241a4dbd\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\9d8a8b29-9291-46f5-a10a-fdeb056e690d\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\a2929df2-3367-484b-b26b-15751b889b9b\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\a31f56a2-77a6-4983-861d-55c254fdb1e3\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\a57e210e-1e8b-4d06-9640-0fa6ff715378\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\a755581f-bb17-4e8d-a7e2-6e8995d94a0b\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\a7f6d787-f63e-40e0-813a-ebe879551ae4\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\a80f3c59-883d-4174-8f4f-081fcacaf656\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\a813ff59-2834-46fa-8bdb-55e119cc4e0c\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\a9158a39-ed1a-455d-a92a-82a138d3359b\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\aac21048-eb0a-427d-bf28-4484c5c6db66\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\aba443e0-dce4-45d2-a5c8-b675148bbf48\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\acd6d854-b675-4935-9342-163eaa5abbd6\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\aef60f89-dce9-49d0-a275-91ab8440c870\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\b1a3237a-d248-42a0-922f-34a7dbfc5a3d\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\b3273707-bfff-478f-846b-627abbce4383\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\b7e47bd5-1021-4610-923a-ff78e2263445\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\b9eb1e01-6ee7-4c78-9f53-a8d834892737\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\ba340cf0-9005-4063-82d3-4f7831876808\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\babc9388-c4dc-40b5-87e3-3dd0a5799baa\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\bb464d01-fbc1-4554-a496-0a20d88fe211\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\bfd0eb98-a3a0-426f-8cda-a46c59d2a149\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\c4ea88f8-d4b4-4f22-b9b7-0e986651d7c4\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\c8240926-f83c-4a61-9e29-734ac069dda2\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\c857aaed-d1fc-4143-b2c6-c7830db0b154\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\c9430611-26ba-4efd-a1d1-0e856bd5f67d\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\ccd3da88-150a-431f-a996-2e554fdd11ea\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\cf63e622-03c7-40ae-b8b3-11b34ebf3103\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\d0ddaf00-25b2-4c02-a8d1-7484bbb8f13a\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\d0ddce39-e144-4ccb-919e-ba24f81f96b1\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\d162042e-6188-4d45-abe8-c36430ec1dd7\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\d24a17f7-e6a7-4597-9cfb-5295073f143a\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\d3e97d8d-c5c8-4b42-96a2-236569a5f12d\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\d509769a-74b0-4f17-b7a1-493bd8a14a10\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\d526f16e-277c-4db8-b793-bfd0f435747e\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\d617902e-1e50-451d-9f21-38e2735a3665\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\d6eb9146-7224-4b14-a1b2-6b10ceed0f71\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\d7a6afee-b547-41e1-b72b-8a908087473d\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\d825a9fb-9781-44e8-be6d-0495f235330a\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\d8804195-a255-4548-9c05-5781ce7fab3c\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\d9683d53-6998-4615-97f3-95479fd92920\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\db34cf81-05a9-4505-8372-027de086546f\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\dbddc0f1-4405-4b7e-9080-d351d5fa238e\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\e0381ce6-92b1-4fd9-89a7-357c49d3e2f0\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\e4e34019-8bae-4a9a-80bb-921955293101\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\e6c49e61-55ff-4b13-b18f-ff86d9122c4b\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\e83971b2-6412-42a4-bfa7-d3614197242f\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\e8899d1c-451d-456b-91df-c4802055c779\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\ebf395e6-d418-4205-b935-872f3f0bfd7f\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\ec851b21-de36-47c3-897d-eba8827afb31\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\ef1bfcd7-9730-4a8e-8c4a-4a6479c5385a\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\efc14cdf-5197-478b-896d-a1214b474ffb\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\f00cb8e5-fbef-4622-81f2-9419e5585288\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\f011a0f5-5a43-486b-9e6f-4bb5e45afeda\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\f3775933-b4d2-40a7-aba3-ac90ea91e98b\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\f83bda22-85af-4094-a87d-8796964f256c\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\fe782d8a-d77b-4ce7-94cd-0e8ee16127a5\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\ff8c4b7a-40f0-4b34-b060-8beb464395f7\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\ff8fa098-cc5c-447c-8ea9-404d3f270534\DellSignedAppUpdaterRules\AddCertificate.exe

[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\ffef2839-dfee-43f5-a235-26c8ee49ce81\DellSignedAppUpdaterRules\AddCertificate.exe

< %SYSTEMDRIVE%\*.exe >

< c:|Fun4IM;true;true;true; /FP >

< c:|Bandoo;true;true;true; /FP >

< c:|Searchn;true;true;true; /FP >

[2012/04/26 13:23:39 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SWD4KUA8\click.searchnation.net

[2012/04/26 13:23:39 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#click.searchnation.net

< c:|Searchq;true;true;true; /FP >

< c:|datamngr;true;true;true; /FP >

< c:|iLivid;true;true;true; /FP >

< c:|whitesmoke;true;true;true; /FP >

< %USERPROFILE%\..|smtmp;true;true;true /FP >

[2012/04/26 20:16:16 | 000,000,000 | -H-D | M] -- C:\Users\Scottg\..\Scottg\AppData\Local\Temp\smtmp

[2012/04/26 20:16:16 | 000,000,000 | -H-D | M] -- C:\Users\Scottg\..\Scottg\AppData\Local\Temp\smtmp\1

[2012/04/26 20:16:16 | 000,000,000 | -H-D | M] -- C:\Users\Scottg\..\Scottg\AppData\Local\Temp\smtmp\4

< %systemroot%\*. /mp /s >

< >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========

[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

< End of report >

Link to post
Share on other sites