ScottWGast Posted April 26, 2012 ID:546180 Share Posted April 26, 2012 (edited) Running MalwareBytes Personal (registered), but, unhappily, it looks like Happili redirect virus has struck. Running Windows 7 ProAttached files: DDS.txt Attach.txtThank you in advance for any help you can provide.Scott GastAttach.txtDDS.txt Edited April 26, 2012 by Maurice Naggar Link to post Share on other sites More sharing options...
ScottWGast Posted April 26, 2012 Author ID:546192 Share Posted April 26, 2012 Here is my TDSSKiller log:11:41:07.0126 11160 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:4311:41:07.0654 11160 ============================================================11:41:07.0654 11160 Current date / time: 2012/04/26 11:41:07.065411:41:07.0654 11160 SystemInfo:11:41:07.0655 11160 11:41:07.0655 11160 OS Version: 6.1.7601 ServicePack: 1.011:41:07.0655 11160 Product type: Workstation11:41:07.0655 11160 ComputerName: DEV11:41:07.0655 11160 UserName: Scottg11:41:07.0655 11160 Windows directory: C:\Windows11:41:07.0655 11160 System windows directory: C:\Windows11:41:07.0655 11160 Running under WOW6411:41:07.0655 11160 Processor architecture: Intel x6411:41:07.0655 11160 Number of processors: 811:41:07.0655 11160 Page size: 0x100011:41:07.0655 11160 Boot type: Normal boot11:41:07.0655 11160 ============================================================11:41:08.0067 11160 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0300000 (931.50 Gb), SectorSize: 0x200, Cylinders: 0x1DAFF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004011:41:08.0072 11160 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'11:41:08.0094 11160 ============================================================11:41:08.0094 11160 \Device\Harddisk0\DR0:11:41:08.0094 11160 MBR partitions:11:41:08.0094 11160 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x15C300011:41:08.0094 11160 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x15D7000, BlocksNum 0x7312A00011:41:08.0094 11160 \Device\Harddisk1\DR1:11:41:08.0094 11160 MBR partitions:11:41:08.0094 11160 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A384C0211:41:08.0094 11160 ============================================================11:41:08.0125 11160 C: <-> \Device\Harddisk0\DR0\Partition111:41:08.0126 11160 E: <-> \Device\Harddisk1\DR1\Partition011:41:08.0126 11160 ============================================================11:41:08.0126 11160 Initialize success11:41:08.0126 11160 ============================================================11:41:20.0233 10324 ============================================================11:41:20.0233 10324 Scan started11:41:20.0233 10324 Mode: Manual;11:41:20.0233 10324 ============================================================11:41:20.0795 10324 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys11:41:20.0797 10324 1394ohci - ok11:41:20.0840 10324 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys11:41:20.0842 10324 ACPI - ok11:41:20.0864 10324 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys11:41:20.0864 10324 AcpiPmi - ok11:41:21.0002 10324 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe11:41:21.0003 10324 AdobeARMservice - ok11:41:21.0129 10324 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe11:41:21.0130 10324 AdobeFlashPlayerUpdateSvc - ok11:41:21.0165 10324 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys11:41:21.0167 10324 adp94xx - ok11:41:21.0224 10324 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys11:41:21.0226 10324 adpahci - ok11:41:21.0245 10324 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys11:41:21.0246 10324 adpu320 - ok11:41:21.0277 10324 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll11:41:21.0278 10324 AeLookupSvc - ok11:41:21.0343 10324 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys11:41:21.0345 10324 AFD - ok11:41:21.0364 10324 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys11:41:21.0364 10324 agp440 - ok11:41:21.0397 10324 aksdf (44f360b65c37a42eb5b71c2e5179fdd5) C:\Windows\system32\drivers\aksdf.sys11:41:21.0397 10324 aksdf - ok11:41:21.0420 10324 aksfridge (43415af4f20e9867974623840a22fe98) C:\Windows\system32\DRIVERS\aksfridge.sys11:41:21.0421 10324 aksfridge - ok11:41:21.0443 10324 akshasp (a56f1b0f967aef8a82d7771e6d166def) C:\Windows\system32\DRIVERS\akshasp.sys11:41:21.0443 10324 akshasp - ok11:41:21.0490 10324 akshhl (bc0ee7f8d0be561793b80871f4f10627) C:\Windows\system32\DRIVERS\akshhl.sys11:41:21.0490 10324 akshhl - ok11:41:21.0547 10324 aksusb (27f2e2c89a1855b063fcac21eb7d6a73) C:\Windows\system32\DRIVERS\aksusb.sys11:41:21.0548 10324 aksusb - ok11:41:21.0582 10324 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe11:41:21.0583 10324 ALG - ok11:41:21.0595 10324 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys11:41:21.0603 10324 aliide - ok11:41:21.0657 10324 AMD External Events Utility (f0e61cf2c0fda5b011cd1cb2e2353c9a) C:\Windows\system32\atiesrxx.exe11:41:21.0659 10324 AMD External Events Utility - ok11:41:21.0676 10324 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys11:41:21.0676 10324 amdide - ok11:41:21.0720 10324 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys11:41:21.0721 10324 AmdK8 - ok11:41:21.0887 10324 amdkmdag (cf3db4d8b2ce0b282ab39c9d846eca74) C:\Windows\system32\DRIVERS\atikmdag.sys11:41:21.0969 10324 amdkmdag - ok11:41:22.0012 10324 amdkmdap (7d07db26f6d3a16a6c8d34ce6c09fd01) C:\Windows\system32\DRIVERS\atikmpag.sys11:41:22.0013 10324 amdkmdap - ok11:41:22.0029 10324 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys11:41:22.0029 10324 AmdPPM - ok11:41:22.0057 10324 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys11:41:22.0058 10324 amdsata - ok11:41:22.0082 10324 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys11:41:22.0083 10324 amdsbs - ok11:41:22.0108 10324 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys11:41:22.0108 10324 amdxata - ok11:41:22.0188 10324 AppHostSvc (59d01fa91962c9c1e9b4022b2d3b46db) C:\Windows\system32\inetsrv\apphostsvc.dll11:41:22.0189 10324 AppHostSvc - ok11:41:22.0269 10324 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys11:41:22.0269 10324 AppID - ok11:41:22.0294 10324 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll11:41:22.0295 10324 AppIDSvc - ok11:41:22.0328 10324 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll11:41:22.0329 10324 Appinfo - ok11:41:22.0375 10324 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll11:41:22.0376 10324 AppMgmt - ok11:41:22.0443 10324 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys11:41:22.0444 10324 arc - ok11:41:22.0474 10324 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys11:41:22.0475 10324 arcsas - ok11:41:22.0562 10324 aspnet_state (1838f16e9ce03b993fc500703b711dab) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe11:41:22.0563 10324 aspnet_state - ok11:41:22.0592 10324 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys11:41:22.0592 10324 AsyncMac - ok11:41:22.0628 10324 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys11:41:22.0629 10324 atapi - ok11:41:22.0663 10324 AtiHdmiService (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys11:41:22.0663 10324 AtiHdmiService - ok11:41:22.0707 10324 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll11:41:22.0710 10324 AudioEndpointBuilder - ok11:41:22.0715 10324 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll11:41:22.0718 10324 AudioSrv - ok11:41:22.0732 10324 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll11:41:22.0734 10324 AxInstSV - ok11:41:22.0775 10324 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys11:41:22.0777 10324 b06bdrv - ok11:41:22.0807 10324 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys11:41:22.0809 10324 b57nd60a - ok11:41:22.0844 10324 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll11:41:22.0845 10324 BDESVC - ok11:41:22.0860 10324 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys11:41:22.0860 10324 Beep - ok11:41:22.0937 10324 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll11:41:22.0949 10324 BFE - ok11:41:22.0992 10324 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll11:41:22.0997 10324 BITS - ok11:41:23.0022 10324 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys11:41:23.0022 10324 blbdrive - ok11:41:23.0054 10324 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys11:41:23.0055 10324 bowser - ok11:41:23.0075 10324 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys11:41:23.0076 10324 BrFiltLo - ok11:41:23.0095 10324 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys11:41:23.0096 10324 BrFiltUp - ok11:41:23.0121 10324 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys11:41:23.0121 10324 BridgeMP - ok11:41:23.0157 10324 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll11:41:23.0158 10324 Browser - ok11:41:23.0175 10324 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys11:41:23.0177 10324 Brserid - ok11:41:23.0197 10324 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys11:41:23.0198 10324 BrSerWdm - ok11:41:23.0211 10324 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys11:41:23.0212 10324 BrUsbMdm - ok11:41:23.0227 10324 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys11:41:23.0227 10324 BrUsbSer - ok11:41:23.0249 10324 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys11:41:23.0249 10324 BTHMODEM - ok11:41:23.0268 10324 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll11:41:23.0269 10324 bthserv - ok11:41:23.0290 10324 catchme - ok11:41:23.0311 10324 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys11:41:23.0315 10324 cdfs - ok11:41:23.0358 10324 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys11:41:23.0358 10324 cdrom - ok11:41:23.0409 10324 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll11:41:23.0410 10324 CertPropSvc - ok11:41:23.0447 10324 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys11:41:23.0447 10324 circlass - ok11:41:23.0469 10324 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys11:41:23.0471 10324 CLFS - ok11:41:23.0556 10324 CLKMSVC10_9EC60124 (fdff50af8a708a23b7de1d69c285a2ae) c:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe11:41:23.0558 10324 CLKMSVC10_9EC60124 - ok11:41:23.0617 10324 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe11:41:23.0618 10324 clr_optimization_v2.0.50727_32 - ok11:41:23.0665 10324 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe11:41:23.0665 10324 clr_optimization_v2.0.50727_64 - ok11:41:23.0760 10324 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe11:41:23.0762 10324 clr_optimization_v4.0.30319_32 - ok11:41:23.0814 10324 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe11:41:23.0816 10324 clr_optimization_v4.0.30319_64 - ok11:41:23.0839 10324 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys11:41:23.0840 10324 CmBatt - ok11:41:23.0869 10324 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys11:41:23.0870 10324 cmdide - ok11:41:23.0901 10324 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys11:41:23.0903 10324 CNG - ok11:41:23.0939 10324 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys11:41:23.0939 10324 Compbatt - ok11:41:23.0965 10324 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys11:41:23.0966 10324 CompositeBus - ok11:41:23.0972 10324 COMSysApp - ok11:41:23.0992 10324 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys11:41:23.0992 10324 crcdisk - ok11:41:24.0031 10324 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll11:41:24.0032 10324 CryptSvc - ok11:41:24.0068 10324 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys11:41:24.0083 10324 CSC - ok11:41:24.0117 10324 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll11:41:24.0120 10324 CscService - ok11:41:24.0167 10324 dc3d (7f61fbe259c18666d8ddf862f13a5eb0) C:\Windows\system32\DRIVERS\dc3d.sys11:41:24.0167 10324 dc3d - ok11:41:24.0194 10324 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll11:41:24.0197 10324 DcomLaunch - ok11:41:24.0217 10324 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll11:41:24.0219 10324 defragsvc - ok11:41:24.0248 10324 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys11:41:24.0249 10324 DfsC - ok11:41:24.0276 10324 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll11:41:24.0278 10324 Dhcp - ok11:41:24.0290 10324 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys11:41:24.0290 10324 discache - ok11:41:24.0297 10324 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys11:41:24.0297 10324 Disk - ok11:41:24.0324 10324 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll11:41:24.0326 10324 Dnscache - ok11:41:24.0437 10324 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe11:41:24.0438 10324 DockLoginService - ok11:41:24.0466 10324 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll11:41:24.0474 10324 dot3svc - ok11:41:24.0509 10324 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll11:41:24.0510 10324 DPS - ok11:41:24.0540 10324 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys11:41:24.0541 10324 drmkaud - ok11:41:24.0571 10324 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys11:41:24.0579 10324 DXGKrnl - ok11:41:24.0590 10324 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll11:41:24.0592 10324 EapHost - ok11:41:24.0718 10324 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys11:41:24.0755 10324 ebdrv - ok11:41:24.0797 10324 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe11:41:24.0798 10324 EFS - ok11:41:24.0858 10324 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe11:41:24.0861 10324 ehRecvr - ok11:41:24.0895 10324 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe11:41:24.0896 10324 ehSched - ok11:41:24.0933 10324 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys11:41:24.0936 10324 elxstor - ok11:41:24.0958 10324 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys11:41:24.0959 10324 ErrDev - ok11:41:25.0022 10324 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll11:41:25.0024 10324 EventSystem - ok11:41:25.0051 10324 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys11:41:25.0052 10324 exfat - ok11:41:25.0074 10324 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys11:41:25.0075 10324 fastfat - ok11:41:25.0125 10324 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe11:41:25.0128 10324 Fax - ok11:41:25.0145 10324 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys11:41:25.0145 10324 fdc - ok11:41:25.0160 10324 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll11:41:25.0160 10324 fdPHost - ok11:41:25.0188 10324 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll11:41:25.0194 10324 FDResPub - ok11:41:25.0213 10324 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys11:41:25.0214 10324 FileInfo - ok11:41:25.0235 10324 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys11:41:25.0236 10324 Filetrace - ok11:41:25.0323 10324 FLEXnet Licensing Service (8669be94f63944e4f899c3950b520241) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe11:41:25.0328 10324 FLEXnet Licensing Service - ok11:41:25.0354 10324 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys11:41:25.0354 10324 flpydisk - ok11:41:25.0396 10324 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys11:41:25.0397 10324 FltMgr - ok11:41:25.0438 10324 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll11:41:25.0443 10324 FontCache - ok11:41:25.0526 10324 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe11:41:25.0526 10324 FontCache3.0.0.0 - ok11:41:25.0550 10324 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys11:41:25.0551 10324 FsDepends - ok11:41:25.0600 10324 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys11:41:25.0601 10324 Fs_Rec - ok11:41:25.0683 10324 ftpsvc (79179c6f8a3784cc3a20cde998d5bd2c) C:\Windows\system32\inetsrv\ftpsvc.dll11:41:25.0685 10324 ftpsvc - ok11:41:25.0727 10324 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys11:41:25.0728 10324 fvevol - ok11:41:25.0748 10324 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys11:41:25.0749 10324 gagp30kx - ok11:41:25.0837 10324 GoToAssist (8f6ae606eb0cc884ee12c41948424422) C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe11:41:25.0838 10324 GoToAssist - ok11:41:25.0877 10324 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll11:41:25.0882 10324 gpsvc - ok11:41:25.0935 10324 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe11:41:25.0936 10324 gupdate - ok11:41:25.0950 10324 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe11:41:25.0951 10324 gupdatem - ok11:41:25.0980 10324 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe11:41:25.0981 10324 gusvc - ok11:41:26.0022 10324 Hardlock (d619ba1712b83d14149850e758b835ad) C:\Windows\system32\drivers\hardlock.sys11:41:26.0024 10324 Hardlock - ok11:41:26.0026 10324 hasplms - ok11:41:26.0051 10324 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys11:41:26.0052 10324 hcw85cir - ok11:41:26.0090 10324 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys11:41:26.0091 10324 HDAudBus - ok11:41:26.0137 10324 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys11:41:26.0137 10324 HidBatt - ok11:41:26.0151 10324 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys11:41:26.0152 10324 HidBth - ok11:41:26.0169 10324 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys11:41:26.0169 10324 HidIr - ok11:41:26.0198 10324 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll11:41:26.0199 10324 hidserv - ok11:41:26.0224 10324 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys11:41:26.0224 10324 HidUsb - ok11:41:26.0278 10324 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll11:41:26.0280 10324 hkmsvc - ok11:41:26.0321 10324 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll11:41:26.0323 10324 HomeGroupListener - ok11:41:26.0341 10324 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll11:41:26.0342 10324 HomeGroupProvider - ok11:41:26.0366 10324 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys11:41:26.0367 10324 HpSAMD - ok11:41:26.0415 10324 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys11:41:26.0419 10324 HTTP - ok11:41:26.0450 10324 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys11:41:26.0451 10324 hwpolicy - ok11:41:26.0506 10324 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys11:41:26.0507 10324 i8042prt - ok11:41:26.0536 10324 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys11:41:26.0538 10324 iaStor - ok11:41:26.0588 10324 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe11:41:26.0588 10324 IAStorDataMgrSvc - ok11:41:26.0626 10324 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys11:41:26.0628 10324 iaStorV - ok11:41:26.0669 10324 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe11:41:26.0673 10324 idsvc - ok11:41:26.0704 10324 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys11:41:26.0705 10324 iirsp - ok11:41:26.0743 10324 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll11:41:26.0748 10324 IKEEXT - ok11:41:26.0848 10324 IntcAzAudAddService (a0eab13a78cc5fb960ec76e3d6408da3) C:\Windows\system32\drivers\RTKVHD64.sys11:41:26.0859 10324 IntcAzAudAddService - ok11:41:26.0919 10324 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys11:41:26.0920 10324 intelide - ok11:41:26.0934 10324 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys11:41:26.0935 10324 intelppm - ok11:41:26.0974 10324 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll11:41:26.0976 10324 IPBusEnum - ok11:41:27.0010 10324 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys11:41:27.0011 10324 IpFilterDriver - ok11:41:27.0044 10324 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll11:41:27.0047 10324 iphlpsvc - ok11:41:27.0078 10324 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys11:41:27.0084 10324 IPMIDRV - ok11:41:27.0116 10324 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys11:41:27.0117 10324 IPNAT - ok11:41:27.0133 10324 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys11:41:27.0141 10324 IRENUM - ok11:41:27.0189 10324 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys11:41:27.0189 10324 isapnp - ok11:41:27.0214 10324 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys11:41:27.0215 10324 iScsiPrt - ok11:41:27.0243 10324 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys11:41:27.0244 10324 kbdclass - ok11:41:27.0275 10324 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys11:41:27.0275 10324 kbdhid - ok11:41:27.0309 10324 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe11:41:27.0310 10324 KeyIso - ok11:41:27.0318 10324 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys11:41:27.0319 10324 KSecDD - ok11:41:27.0340 10324 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys11:41:27.0341 10324 KSecPkg - ok11:41:27.0357 10324 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys11:41:27.0358 10324 ksthunk - ok11:41:27.0384 10324 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll11:41:27.0418 10324 KtmRm - ok11:41:27.0456 10324 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll11:41:27.0458 10324 LanmanServer - ok11:41:27.0495 10324 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll11:41:27.0497 10324 LanmanWorkstation - ok11:41:27.0524 10324 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys11:41:27.0525 10324 lltdio - ok11:41:27.0555 10324 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll11:41:27.0557 10324 lltdsvc - ok11:41:27.0577 10324 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll11:41:27.0578 10324 lmhosts - ok11:41:27.0603 10324 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys11:41:27.0604 10324 LSI_FC - ok11:41:27.0626 10324 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys11:41:27.0627 10324 LSI_SAS - ok11:41:27.0647 10324 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys11:41:27.0649 10324 LSI_SAS2 - ok11:41:27.0705 10324 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys11:41:27.0705 10324 LSI_SCSI - ok11:41:27.0722 10324 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys11:41:27.0722 10324 luafv - ok11:41:27.0779 10324 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys11:41:27.0779 10324 MBAMProtector - ok11:41:27.0853 10324 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe11:41:27.0857 10324 MBAMService - ok11:41:27.0886 10324 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll11:41:27.0887 10324 Mcx2Svc - ok11:41:27.0906 10324 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys11:41:27.0907 10324 megasas - ok11:41:27.0941 10324 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys11:41:27.0943 10324 MegaSR - ok11:41:27.0965 10324 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll11:41:27.0966 10324 MMCSS - ok11:41:27.0984 10324 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys11:41:27.0984 10324 Modem - ok11:41:28.0024 10324 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys11:41:28.0024 10324 monitor - ok11:41:28.0056 10324 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys11:41:28.0056 10324 mouclass - ok11:41:28.0077 10324 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys11:41:28.0077 10324 mouhid - ok11:41:28.0107 10324 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys11:41:28.0108 10324 mountmgr - ok11:41:28.0119 10324 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys11:41:28.0120 10324 mpio - ok11:41:28.0124 10324 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys11:41:28.0124 10324 mpsdrv - ok11:41:28.0173 10324 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll11:41:28.0177 10324 MpsSvc - ok11:41:28.0199 10324 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys11:41:28.0200 10324 MRxDAV - ok11:41:28.0232 10324 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys11:41:28.0233 10324 mrxsmb - ok11:41:28.0275 10324 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys11:41:28.0277 10324 mrxsmb10 - ok11:41:28.0291 10324 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys11:41:28.0291 10324 mrxsmb20 - ok11:41:28.0314 10324 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys11:41:28.0315 10324 msahci - ok11:41:28.0336 10324 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys11:41:28.0337 10324 msdsm - ok11:41:28.0362 10324 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe11:41:28.0363 10324 MSDTC - ok11:41:28.0478 10324 MsDtsServer (00eb6a7fdebfdd30dc348f7e5bf3a2e3) C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe11:41:28.0480 10324 MsDtsServer - ok11:41:28.0515 10324 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys11:41:28.0515 10324 Msfs - ok11:41:28.0621 10324 msftesql (27dcd5f3cf89655556c5f89717d24d65) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe11:41:28.0622 10324 msftesql - ok11:41:28.0644 10324 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys11:41:28.0645 10324 mshidkmdf - ok11:41:28.0674 10324 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys11:41:28.0675 10324 msisadrv - ok11:41:28.0710 10324 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll11:41:28.0712 10324 MSiSCSI - ok11:41:28.0713 10324 msiserver - ok11:41:28.0742 10324 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys11:41:28.0743 10324 MSKSSRV - ok11:41:28.0746 10324 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys11:41:28.0758 10324 MSPCLOCK - ok11:41:28.0761 10324 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys11:41:28.0762 10324 MSPQM - ok11:41:28.0795 10324 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys11:41:28.0796 10324 MsRPC - ok11:41:28.0832 10324 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys11:41:28.0832 10324 mssmbios - ok11:41:28.0842 10324 MSSQLSERVER - ok11:41:28.0887 10324 MSSQLServerADHelper (af07844e1016c959ff54303b12f92993) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe11:41:28.0888 10324 MSSQLServerADHelper - ok11:41:28.0902 10324 MSSQLServerOLAPService - ok11:41:28.0905 10324 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys11:41:28.0906 10324 MSTEE - ok11:41:28.0925 10324 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys11:41:28.0926 10324 MTConfig - ok11:41:28.0945 10324 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys11:41:28.0945 10324 Mup - ok11:41:28.0984 10324 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll11:41:28.0987 10324 napagent - ok11:41:29.0010 10324 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys11:41:29.0012 10324 NativeWifiP - ok11:41:29.0089 10324 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys11:41:29.0094 10324 NDIS - ok11:41:29.0128 10324 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys11:41:29.0128 10324 NdisCap - ok11:41:29.0147 10324 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys11:41:29.0147 10324 NdisTapi - ok11:41:29.0170 10324 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys11:41:29.0184 10324 Ndisuio - ok11:41:29.0223 10324 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys11:41:29.0224 10324 NdisWan - ok11:41:29.0245 10324 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys11:41:29.0246 10324 NDProxy - ok11:41:29.0283 10324 Net Driver HPZ12 (b6cba9a0403e2c1a9ea03c33a4932e89) C:\Windows\system32\HPZinw12.dll11:41:29.0284 10324 Net Driver HPZ12 - ok11:41:29.0299 10324 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys11:41:29.0300 10324 NetBIOS - ok11:41:29.0327 10324 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys11:41:29.0328 10324 NetBT - ok11:41:29.0331 10324 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe11:41:29.0331 10324 Netlogon - ok11:41:29.0368 10324 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll11:41:29.0371 10324 Netman - ok11:41:29.0386 10324 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll11:41:29.0389 10324 netprofm - ok11:41:29.0455 10324 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe11:41:29.0456 10324 NetTcpPortSharing - ok11:41:29.0476 10324 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys11:41:29.0477 10324 nfrd960 - ok11:41:29.0530 10324 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll11:41:29.0532 10324 NlaSvc - ok11:41:29.0546 10324 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys11:41:29.0546 10324 Npfs - ok11:41:29.0563 10324 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll11:41:29.0564 10324 nsi - ok11:41:29.0587 10324 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys11:41:29.0587 10324 nsiproxy - ok11:41:29.0655 10324 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys11:41:29.0664 10324 Ntfs - ok11:41:29.0773 10324 NuidFltr (317020d31f1696334679b9d0416eb62e) C:\Windows\system32\DRIVERS\NuidFltr.sys11:41:29.0774 10324 NuidFltr - ok11:41:29.0790 10324 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys11:41:29.0791 10324 Null - ok11:41:29.0827 10324 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys11:41:29.0829 10324 nvraid - ok11:41:29.0864 10324 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys11:41:29.0866 10324 nvstor - ok11:41:29.0886 10324 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys11:41:29.0887 10324 nv_agp - ok11:41:29.0912 10324 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys11:41:29.0925 10324 ohci1394 - ok11:41:29.0994 10324 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE11:41:29.0995 10324 ose - ok11:41:30.0017 10324 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll11:41:30.0020 10324 p2pimsvc - ok11:41:30.0059 10324 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll11:41:30.0062 10324 p2psvc - ok11:41:30.0093 10324 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys11:41:30.0094 10324 Parport - ok11:41:30.0109 10324 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys11:41:30.0109 10324 partmgr - ok11:41:30.0155 10324 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll11:41:30.0157 10324 PcaSvc - ok11:41:30.0232 10324 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms11:41:30.0233 10324 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok11:41:30.0248 10324 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys11:41:30.0249 10324 pci - ok11:41:30.0291 10324 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys11:41:30.0292 10324 pciide - ok11:41:30.0316 10324 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys11:41:30.0325 10324 pcmcia - ok11:41:30.0350 10324 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys11:41:30.0351 10324 pcw - ok11:41:30.0382 10324 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys11:41:30.0385 10324 PEAUTH - ok11:41:30.0433 10324 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll11:41:30.0440 10324 PeerDistSvc - ok11:41:30.0511 10324 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe11:41:30.0511 10324 PerfHost - ok11:41:30.0565 10324 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll11:41:30.0577 10324 pla - ok11:41:30.0623 10324 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll11:41:30.0626 10324 PlugPlay - ok11:41:30.0669 10324 Pml Driver HPZ12 (35ccb20b0d730b7764d049463e4b2ac5) C:\Windows\system32\HPZipm12.dll11:41:30.0669 10324 Pml Driver HPZ12 - ok11:41:30.0693 10324 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll11:41:30.0694 10324 PNRPAutoReg - ok11:41:30.0704 10324 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll11:41:30.0706 10324 PNRPsvc - ok11:41:30.0761 10324 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys11:41:30.0762 10324 Point64 - ok11:41:30.0899 10324 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll11:41:30.0902 10324 PolicyAgent - ok11:41:30.0929 10324 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll11:41:30.0931 10324 Power - ok11:41:30.0965 10324 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys11:41:30.0966 10324 PptpMiniport - ok11:41:30.0984 10324 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys11:41:30.0985 10324 Processor - ok11:41:31.0021 10324 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll11:41:31.0025 10324 ProfSvc - ok11:41:31.0026 10324 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe11:41:31.0027 10324 ProtectedStorage - ok11:41:31.0089 10324 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys11:41:31.0090 10324 Psched - ok11:41:31.0124 10324 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys11:41:31.0125 10324 PxHlpa64 - ok11:41:31.0169 10324 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys11:41:31.0185 10324 ql2300 - ok11:41:31.0217 10324 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys11:41:31.0218 10324 ql40xx - ok11:41:31.0264 10324 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll11:41:31.0266 10324 QWAVE - ok11:41:31.0286 10324 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys11:41:31.0286 10324 QWAVEdrv - ok11:41:31.0302 10324 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys11:41:31.0303 10324 RasAcd - ok11:41:31.0330 10324 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys11:41:31.0331 10324 RasAgileVpn - ok11:41:31.0341 10324 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll11:41:31.0343 10324 RasAuto - ok11:41:31.0350 10324 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys11:41:31.0351 10324 Rasl2tp - ok11:41:31.0386 10324 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll11:41:31.0388 10324 RasMan - ok11:41:31.0411 10324 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys11:41:31.0412 10324 RasPppoe - ok11:41:31.0419 10324 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys11:41:31.0420 10324 RasSstp - ok11:41:31.0443 10324 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys11:41:31.0444 10324 rdbss - ok11:41:31.0458 10324 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys11:41:31.0458 10324 rdpbus - ok11:41:31.0479 10324 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys11:41:31.0479 10324 RDPCDD - ok11:41:31.0514 10324 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys11:41:31.0515 10324 RDPDR - ok11:41:31.0548 10324 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys11:41:31.0548 10324 RDPENCDD - ok11:41:31.0552 10324 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys11:41:31.0553 10324 RDPREFMP - ok11:41:31.0582 10324 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys11:41:31.0583 10324 RDPWD - ok11:41:31.0614 10324 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys11:41:31.0615 10324 rdyboost - ok11:41:31.0644 10324 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll11:41:31.0650 10324 RemoteAccess - ok11:41:31.0670 10324 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll11:41:31.0672 10324 RemoteRegistry - ok11:41:31.0740 10324 RichVideo64 (0b169fe016039571ecc6db70073f8979) C:\Program Files\CyberLink\Shared files\RichVideo64.exe11:41:31.0742 10324 RichVideo64 - ok11:41:31.0851 10324 RoxMediaDB10 (05fc44d32a144925eae45570029fd6e1) c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe11:41:31.0855 10324 RoxMediaDB10 - ok11:41:31.0874 10324 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll11:41:31.0875 10324 RpcEptMapper - ok11:41:31.0907 10324 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe11:41:31.0908 10324 RpcLocator - ok11:41:31.0985 10324 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll11:41:31.0988 10324 RpcSs - ok11:41:32.0024 10324 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys11:41:32.0024 10324 rspndr - ok11:41:32.0061 10324 RSUSBSTOR (5aab4808e8ccae8c2ecda5b791260616) C:\Windows\system32\Drivers\RtsUStor.sys11:41:32.0062 10324 RSUSBSTOR - ok11:41:32.0102 10324 RTL8167 (777fc2c418465404e3d8a290dc247d24) C:\Windows\system32\DRIVERS\Rt64win7.sys11:41:32.0104 10324 RTL8167 - ok11:41:32.0106 10324 RxFilter - ok11:41:32.0135 10324 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys11:41:32.0136 10324 s3cap - ok11:41:32.0138 10324 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe11:41:32.0139 10324 SamSs - ok11:41:32.0161 10324 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys11:41:32.0161 10324 sbp2port - ok11:41:32.0188 10324 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll11:41:32.0190 10324 SCardSvr - ok11:41:32.0222 10324 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys11:41:32.0223 10324 scfilter - ok11:41:32.0283 10324 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll11:41:32.0297 10324 Schedule - ok11:41:32.0335 10324 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll11:41:32.0336 10324 SCPolicySvc - ok11:41:32.0362 10324 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll11:41:32.0363 10324 SDRSVC - ok11:41:32.0382 10324 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys11:41:32.0383 10324 secdrv - ok11:41:32.0410 10324 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll11:41:32.0411 10324 seclogon - ok11:41:32.0432 10324 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll11:41:32.0433 10324 SENS - ok11:41:32.0449 10324 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll11:41:32.0450 10324 SensrSvc - ok11:41:32.0479 10324 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys11:41:32.0479 10324 Serenum - ok11:41:32.0520 10324 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys11:41:32.0521 10324 Serial - ok11:41:32.0558 10324 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys11:41:32.0559 10324 sermouse - ok11:41:32.0599 10324 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll11:41:32.0600 10324 SessionEnv - ok11:41:32.0634 10324 SessionLauncher - ok11:41:32.0651 10324 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys11:41:32.0659 10324 sffdisk - ok11:41:32.0676 10324 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys11:41:32.0677 10324 sffp_mmc - ok11:41:32.0694 10324 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys11:41:32.0694 10324 sffp_sd - ok11:41:32.0713 10324 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys11:41:32.0714 10324 sfloppy - ok11:41:32.0820 10324 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE11:41:32.0828 10324 SftService - ok11:41:32.0863 10324 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll11:41:32.0865 10324 SharedAccess - ok11:41:32.0890 10324 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll11:41:32.0893 10324 ShellHWDetection - ok11:41:32.0911 10324 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys11:41:32.0911 10324 SiSRaid2 - ok11:41:32.0930 10324 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys11:41:32.0931 10324 SiSRaid4 - ok11:41:32.0949 10324 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys11:41:32.0950 10324 Smb - ok11:41:32.0989 10324 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe11:41:32.0996 10324 SNMPTRAP - ok11:41:33.0013 10324 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys11:41:33.0013 10324 spldr - ok11:41:33.0079 10324 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe11:41:33.0082 10324 Spooler - ok11:41:33.0210 10324 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe11:41:33.0254 10324 sppsvc - ok11:41:33.0273 10324 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll11:41:33.0275 10324 sppuinotify - ok11:41:33.0358 10324 SQLBrowser (b2ec3e1deac5f0a764bd3486d213a0af) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe11:41:33.0359 10324 SQLBrowser - ok11:41:33.0485 10324 SQLSERVERAGENT (00b0e9f0ffd98b829345dff292650470) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE11:41:33.0487 10324 SQLSERVERAGENT - ok11:41:33.0563 10324 SQLWriter (d63fc56c7c3f9b576bc25f617e3f7963) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe11:41:33.0563 10324 SQLWriter - ok11:41:33.0606 10324 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys11:41:33.0608 10324 srv - ok11:41:33.0652 10324 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys11:41:33.0654 10324 srv2 - ok11:41:33.0674 10324 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys11:41:33.0675 10324 srvnet - ok11:41:33.0726 10324 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll11:41:33.0728 10324 SSDPSRV - ok11:41:33.0753 10324 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll11:41:33.0754 10324 SstpSvc - ok11:41:33.0777 10324 Steam Client Service - ok11:41:33.0803 10324 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys11:41:33.0803 10324 stexstor - ok11:41:33.0842 10324 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys11:41:33.0843 10324 StillCam - ok11:41:33.0888 10324 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll11:41:33.0892 10324 stisvc - ok11:41:33.0924 10324 stllssvr (ff5eb78af7dfb68c2fb363537aaf753e) c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe11:41:33.0924 10324 stllssvr - ok11:41:33.0957 10324 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys11:41:33.0957 10324 storflt - ok11:41:33.0979 10324 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll11:41:33.0980 10324 StorSvc - ok11:41:33.0990 10324 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys11:41:33.0997 10324 storvsc - ok11:41:34.0021 10324 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys11:41:34.0022 10324 swenum - ok11:41:34.0054 10324 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll11:41:34.0058 10324 swprv - ok11:41:34.0164 10324 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll11:41:34.0174 10324 SysMain - ok11:41:34.0193 10324 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll11:41:34.0195 10324 TabletInputService - ok11:41:34.0225 10324 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll11:41:34.0237 10324 TapiSrv - ok11:41:34.0258 10324 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll11:41:34.0260 10324 TBS - ok11:41:34.0325 10324 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys11:41:34.0334 10324 Tcpip - ok11:41:34.0395 10324 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys11:41:34.0402 10324 TCPIP6 - ok11:41:34.0437 10324 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys11:41:34.0438 10324 tcpipreg - ok11:41:34.0458 10324 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys11:41:34.0459 10324 TDPIPE - ok11:41:34.0492 10324 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys11:41:34.0492 10324 TDTCP - ok11:41:34.0502 10324 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys11:41:34.0510 10324 tdx - ok11:41:34.0524 10324 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys11:41:34.0525 10324 TermDD - ok11:41:34.0561 10324 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll11:41:34.0565 10324 TermService - ok11:41:34.0586 10324 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll11:41:34.0587 10324 Themes - ok11:41:34.0613 10324 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll11:41:34.0614 10324 THREADORDER - ok11:41:34.0652 10324 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll11:41:34.0654 10324 TrkWks - ok11:41:34.0694 10324 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe11:41:34.0695 10324 TrustedInstaller - ok11:41:34.0728 10324 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys11:41:34.0729 10324 tssecsrv - ok11:41:34.0780 10324 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys11:41:34.0781 10324 TsUsbFlt - ok11:41:34.0822 10324 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys11:41:34.0823 10324 tunnel - ok11:41:34.0849 10324 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys11:41:34.0850 10324 uagp35 - ok11:41:34.0880 10324 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys11:41:34.0882 10324 udfs - ok11:41:34.0918 10324 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe11:41:34.0919 10324 UI0Detect - ok11:41:34.0949 10324 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys11:41:34.0950 10324 uliagpkx - ok11:41:34.0976 10324 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys11:41:34.0977 10324 umbus - ok11:41:35.0009 10324 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys11:41:35.0010 10324 UmPass - ok11:41:35.0034 10324 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll11:41:35.0036 10324 UmRdpService - ok11:41:35.0061 10324 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll11:41:35.0064 10324 upnphost - ok11:41:35.0093 10324 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys11:41:35.0093 10324 usbccgp - ok11:41:35.0116 10324 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys11:41:35.0117 10324 usbcir - ok11:41:35.0147 10324 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys11:41:35.0147 10324 usbehci - ok11:41:35.0184 10324 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys11:41:35.0186 10324 usbhub - ok11:41:35.0206 10324 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys11:41:35.0206 10324 usbohci - ok11:41:35.0230 10324 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys11:41:35.0231 10324 usbprint - ok11:41:35.0262 10324 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS11:41:35.0263 10324 USBSTOR - ok11:41:35.0292 10324 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys11:41:35.0293 10324 usbuhci - ok11:41:35.0303 10324 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll11:41:35.0325 10324 UxSms - ok11:41:35.0350 10324 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe11:41:35.0351 10324 VaultSvc - ok11:41:35.0370 10324 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys11:41:35.0371 10324 vdrvroot - ok11:41:35.0401 10324 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe11:41:35.0405 10324 vds - ok11:41:35.0426 10324 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys11:41:35.0427 10324 vga - ok11:41:35.0430 10324 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys11:41:35.0431 10324 VgaSave - ok11:41:35.0457 10324 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys11:41:35.0458 10324 vhdmp - ok11:41:35.0498 10324 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys11:41:35.0499 10324 viaide - ok11:41:35.0524 10324 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys11:41:35.0525 10324 vmbus - ok11:41:35.0545 10324 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys11:41:35.0546 10324 VMBusHID - ok11:41:35.0571 10324 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys11:41:35.0571 10324 volmgr - ok11:41:35.0604 10324 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys11:41:35.0606 10324 volmgrx - ok11:41:35.0618 10324 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys11:41:35.0620 10324 volsnap - ok11:41:35.0665 10324 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys11:41:35.0666 10324 vsmraid - ok11:41:35.0737 10324 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe11:41:35.0745 10324 VSS - ok11:41:35.0766 10324 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys11:41:35.0766 10324 vwifibus - ok11:41:35.0791 10324 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll11:41:35.0794 10324 W32Time - ok11:41:35.0844 10324 W3SVC (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll11:41:35.0846 10324 W3SVC - ok11:41:35.0871 10324 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys11:41:35.0881 10324 WacomPen - ok11:41:35.0902 10324 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys11:41:35.0907 10324 WANARP - ok11:41:35.0908 10324 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys11:41:35.0909 10324 Wanarpv6 - ok11:41:35.0927 10324 WAS (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll11:41:35.0928 10324 WAS - ok11:41:36.0013 10324 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe11:41:36.0019 10324 WatAdminSvc - ok11:41:36.0074 10324 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe11:41:36.0081 10324 wbengine - ok11:41:36.0112 10324 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll11:41:36.0114 10324 WbioSrvc - ok11:41:36.0146 10324 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll11:41:36.0149 10324 wcncsvc - ok11:41:36.0167 10324 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll11:41:36.0168 10324 WcsPlugInService - ok11:41:36.0189 10324 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys11:41:36.0190 10324 Wd - ok11:41:36.0219 10324 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys11:41:36.0222 10324 Wdf01000 - ok11:41:36.0235 10324 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll11:41:36.0237 10324 WdiServiceHost - ok11:41:36.0238 10324 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll11:41:36.0240 10324 WdiSystemHost - ok11:41:36.0261 10324 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll11:41:36.0263 10324 WebClient - ok11:41:36.0277 10324 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll11:41:36.0283 10324 Wecsvc - ok11:41:36.0301 10324 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll11:41:36.0302 10324 wercplsupport - ok11:41:36.0324 10324 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll11:41:36.0325 10324 WerSvc - ok11:41:36.0364 10324 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys11:41:36.0364 10324 WfpLwf - ok11:41:36.0415 10324 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys11:41:36.0417 10324 WimFltr - ok11:41:36.0433 10324 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys11:41:36.0443 10324 WIMMount - ok11:41:36.0455 10324 WinDefend - ok11:41:36.0459 10324 WinHttpAutoProxySvc - ok11:41:36.0521 10324 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll11:41:36.0522 10324 Winmgmt - ok11:41:36.0606 10324 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll11:41:36.0615 10324 WinRM - ok11:41:36.0654 10324 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys11:41:36.0655 10324 WinUsb - ok11:41:36.0695 10324 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll11:41:36.0700 10324 Wlansvc - ok11:41:36.0823 10324 wlidsvc (98f138897ef4246381d197cb81846d62) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE11:41:36.0833 10324 wlidsvc - ok11:41:36.0857 10324 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys11:41:36.0865 10324 WmiAcpi - ok11:41:36.0882 10324 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe11:41:36.0898 10324 wmiApSrv - ok11:41:36.0900 10324 WMPNetworkSvc - ok11:41:36.0934 10324 WMSVC (b5bd872122a2ce82d196abf2d5d8d80a) C:\Windows\system32\inetsrv\wmsvc.exe11:41:36.0935 10324 WMSVC - ok11:41:36.0972 10324 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll11:41:36.0973 10324 WPCSvc - ok11:41:37.0010 10324 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll11:41:37.0012 10324 WPDBusEnum - ok11:41:37.0040 10324 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys11:41:37.0040 10324 ws2ifsl - ok11:41:37.0073 10324 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll11:41:37.0074 10324 wscsvc - ok11:41:37.0076 10324 WSearch - ok11:41:37.0184 10324 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll11:41:37.0195 10324 wuauserv - ok11:41:37.0228 10324 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys11:41:37.0229 10324 WudfPf - ok11:41:37.0260 10324 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys11:41:37.0262 10324 WUDFRd - ok11:41:37.0284 10324 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll11:41:37.0285 10324 wudfsvc - ok11:41:37.0304 10324 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll11:41:37.0307 10324 WwanSvc - ok11:41:37.0327 10324 MBR (0x1B8) (faf3db026c90f586e5993588661e2612) \Device\Harddisk0\DR011:41:37.0352 10324 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected11:41:37.0352 10324 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)11:41:37.0382 10324 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR111:41:37.0387 10324 \Device\Harddisk1\DR1 - ok11:41:37.0401 10324 Boot (0x1200) (f3bae82eca5dd01b891d889120f9108d) \Device\Harddisk0\DR0\Partition011:41:37.0410 10324 \Device\Harddisk0\DR0\Partition0 - ok11:41:37.0429 10324 Boot (0x1200) (4e06d1d7f5ff07592a2270da4b4ae24a) \Device\Harddisk0\DR0\Partition111:41:37.0438 10324 \Device\Harddisk0\DR0\Partition1 - ok11:41:37.0441 10324 Boot (0x1200) (8cc0880b263558aabf413ae4214513c0) \Device\Harddisk1\DR1\Partition011:41:37.0442 10324 \Device\Harddisk1\DR1\Partition0 - ok11:41:37.0442 10324 ============================================================11:41:37.0442 10324 Scan finished11:41:37.0442 10324 ============================================================11:41:37.0450 10804 Detected object count: 111:41:37.0450 10804 Actual detected object count: 111:41:46.0511 10804 \Device\Harddisk0\DR0\# - copied to quarantine11:41:46.0511 10804 \Device\Harddisk0\DR0 - copied to quarantine11:41:46.0518 10804 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine11:41:46.0519 10804 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine11:41:46.0520 10804 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine11:41:46.0521 10804 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine11:41:46.0524 10804 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine11:41:46.0526 10804 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine11:41:46.0526 10804 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine11:41:46.0527 10804 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine11:41:46.0527 10804 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine11:41:46.0528 10804 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine11:41:46.0528 10804 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine11:41:46.0529 10804 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine11:41:46.0537 10804 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot11:41:46.0537 10804 \Device\Harddisk0\DR0 - ok11:41:46.0550 10804 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure11:42:00.0000 10596 Deinitialize success Link to post Share on other sites More sharing options...
ScottWGast Posted April 26, 2012 Author ID:546193 Share Posted April 26, 2012 Here is my ComboFix log:ComboFix 12-04-25.02 - Scottg 04/26/2012 11:52:55.2.8 - x64Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12279.9763 [GMT -5:00]Running from: c:\temp\ComboFix.exeSP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\aebbbeaaffdecbdct.exec:\programdata\XkFcjVGVgWJhiQK.exec:\windows\svchost.exeT:\Autorun.infU:\Autorun.inf..((((((((((((((((((((((((( Files Created from 2012-03-26 to 2012-04-26 )))))))))))))))))))))))))))))))..2012-04-26 17:04 . 2012-04-26 17:04 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp2012-04-26 17:04 . 2012-04-26 17:04 -------- d-----w- c:\users\Default\AppData\Local\temp2012-04-26 17:04 . 2012-04-26 17:04 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp2012-04-25 18:23 . 2012-04-25 23:26 -------- d-----w- c:\programdata\Norton2012-04-25 18:23 . 2012-04-25 20:34 -------- d--h--w- c:\users\Scottg\AppData\Local\NPE2012-04-24 16:55 . 2012-04-24 16:55 -------- d-----we c:\windows\system642012-04-19 17:54 . 2012-04-19 17:54 -------- d--h--w- c:\users\Scottg\AppData\Roaming\Windows Live Writer2012-04-19 17:54 . 2012-04-19 17:54 -------- d--h--w- c:\users\Scottg\AppData\Local\Windows Live Writer2012-04-19 09:26 . 2012-04-25 00:30 -------- d-----w- C:\OpenSSL-Win322012-04-18 22:20 . 2012-04-25 23:26 -------- d-----w- c:\program files (x86)\SSLBuddy2012-04-17 19:38 . 2012-04-17 19:38 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe2012-04-17 18:57 . 2012-04-17 19:38 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2012-04-13 22:30 . 2011-05-13 16:19 198088 ----a-w- c:\windows\SysWow64\hlvdd.dll2012-04-13 22:30 . 2011-12-30 12:39 4889032 ----a-w- c:\windows\system32\aksllmtp.exe2012-04-13 22:30 . 2012-04-13 22:30 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard2012-04-13 22:17 . 2012-04-13 22:17 -------- d-----w- c:\program files (x86)\Common Files\Aladdin Shared2012-04-13 22:17 . 2011-12-30 12:39 4889032 ----a-w- c:\windows\system32\hasplms.exe2012-04-13 21:58 . 2012-04-13 21:58 -------- d-----w- c:\program files (x86)\Chief Architect Inc2012-04-13 21:58 . 2004-10-22 07:17 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll2012-04-13 21:58 . 2004-10-22 07:17 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll2012-04-13 21:58 . 2004-10-22 07:16 180224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll2012-04-13 21:58 . 2004-10-22 07:16 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe2012-04-13 21:58 . 2012-04-13 21:58 192644 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll2012-04-13 21:58 . 2004-10-22 07:18 749568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll2012-04-13 21:58 . 2012-04-13 21:58 323716 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll2012-04-13 19:27 . 2012-04-13 19:27 -------- d-----w- c:\programdata\Cadsoft2012-04-13 19:22 . 2012-04-13 19:22 -------- d-----w- c:\programdata\Nova Development2012-04-13 19:22 . 2012-04-13 19:22 -------- d-----w- c:\program files (x86)\Nova Development2012-04-11 14:58 . 2012-04-11 14:58 -------- d--h--w- c:\users\Scottg\AppData\Roaming\Malwarebytes2012-04-11 14:58 . 2012-04-11 14:58 -------- d-----w- c:\programdata\Malwarebytes2012-04-11 14:58 . 2012-04-25 23:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2012-04-11 14:58 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys2012-04-11 08:00 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys2012-04-11 08:00 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll2012-04-11 08:00 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll2012-04-11 08:00 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll2012-04-11 08:00 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll2012-04-11 08:00 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll2012-04-11 08:00 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll2012-03-28 22:06 . 2012-03-28 22:06 -------- d--h--w- c:\users\Scottg\AppData\Roaming\tmssoftware2012-03-28 21:28 . 2012-03-10 07:16 2648064 ----a-w- c:\windows\SysWow64\Intraweb_120_160.bpl2012-03-28 21:27 . 2012-01-24 19:24 100352 ----a-w- c:\windows\SysWow64\zlib1.dll2012-03-28 21:27 . 2012-04-25 23:26 -------- d-----w- c:\users\Scottg\AppData\Roaming\IntraWeb XII2012-03-28 20:00 . 2000-06-27 17:07 1305200 ------w- c:\windows\SysWow64\sbe6_32.dll2012-03-28 20:00 . 2000-06-19 04:53 512560 ------w- c:\windows\SysWow64\sb6ent.ocx2012-03-28 19:58 . 2012-03-28 19:58 -------- d-----w- c:\programdata\Kaed2012-03-28 19:55 . 2012-03-28 19:55 -------- d-----w- c:\program files (x86)\nsoftware2012-03-28 19:25 . 2012-03-28 19:36 -------- dc-h--w- c:\programdata\{671BC913-F5C9-4A39-9F4C-D7522A418F2F}2012-03-28 19:25 . 2012-03-28 19:25 -------- d-----w- c:\programdata\SmartBear2012-03-28 19:23 . 2012-03-28 19:23 -------- d-----w- c:\programdata\Raize2012-03-28 19:23 . 2011-10-27 20:55 3402752 ----a-w- c:\windows\SysWow64\vcl160.bpl2012-03-28 19:23 . 2011-10-27 20:55 2876416 ----a-w- c:\windows\SysWow64\rtl160.bpl2012-03-28 19:23 . 2012-03-28 19:57 -------- d-----w- c:\program files (x86)\Raize2012-03-28 19:23 . 2012-03-28 19:23 -------- d-----w- c:\programdata\VSoft2012-03-28 19:23 . 2012-03-28 21:13 -------- d-----w- c:\program files (x86)\FinalBuilder 7 XE22012-03-28 19:23 . 2012-03-28 21:13 -------- d-----w- c:\program files (x86)\Common Files\VSoft2012-03-28 19:21 . 2012-03-28 19:21 -------- d-----w- c:\program files (x86)\SmartBear2012-03-28 19:04 . 2011-08-15 13:10 1312768 ----a-w- c:\windows\SysWow64\Rave100VCL160.bpl2012-03-28 19:04 . 2012-03-28 19:04 -------- d-----w- c:\program files (x86)\CollabNet2012-03-28 19:04 . 2012-03-28 21:12 -------- d-----w- c:\program files (x86)\DevJet2012-03-28 18:58 . 2012-03-28 20:00 -------- d-----w- c:\programdata\Embarcadero2012-03-28 18:58 . 2012-03-28 20:00 -------- d-----w- c:\program files (x86)\Embarcadero2012-03-28 18:58 . 2012-03-28 18:58 -------- d-----w- c:\program files (x86)\Common Files\CodeGear Shared2012-03-28 18:58 . 2012-03-28 18:58 -------- d-----w- c:\program files (x86)\Common Files\Borland Shared2012-03-28 18:34 . 2012-03-28 21:08 -------- d--h--w- c:\programdata\{05500BA0-5731-46FD-9326-FA79A36E6D46}2012-03-28 14:40 . 2012-03-28 14:40 -------- d--h--w- c:\users\Scottg\AppData\Roaming\Subversion2012-03-28 14:02 . 2011-10-30 11:00 421888 ----a-w- c:\windows\SysWow64\RaizeComponentsVclDb160.bpl2012-03-28 14:02 . 2011-10-30 11:00 2115072 ----a-w- c:\windows\SysWow64\RaizeComponentsVcl160.bpl2012-03-28 13:56 . 2012-03-28 19:54 416256 ----a-w- c:\windows\SysWow64\vclZipForged16.bpl2012-03-27 22:25 . 2011-08-29 20:53 891104 ----a-w- c:\windows\ipworks8.dll2012-03-27 22:22 . 2012-03-27 22:22 -------- d--h--w- c:\users\Scottg\AppData\Roaming\SmartBear2012-03-27 22:22 . 2012-04-25 23:26 -------- d-----w- c:\users\Scottg\AppData\Roaming\DevJET2012-03-27 22:22 . 2012-03-27 22:22 -------- d--h--w- c:\users\Scottg\AppData\Local\Embarcadero2012-03-27 22:22 . 2012-03-27 22:22 -------- d--h--w- c:\users\Scottg\AppData\Local\SmartBear2012-03-27 22:19 . 2011-12-11 10:00 512160 ----a-w- c:\windows\SysWow64\CodeSiteExpressPkg160.bpl2012-03-27 22:19 . 2011-12-11 10:00 144536 ----a-w- c:\windows\SysWow64\CodeSitePlugIns160.bpl2012-03-27 22:19 . 2007-09-11 20:21 150528 ----a-w- c:\windows\SysWow64\TLBINF32.dll2012-03-27 21:29 . 2012-03-28 18:05 -------- dc-h--w- c:\programdata\{B0A6C550-7640-4BB9-A44C-C9A7B5257584}2012-03-27 20:47 . 2012-03-27 20:47 -------- d--h--w- c:\users\Scottg\AppData\Local\PackageAware...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-04-17 19:38 . 2011-05-31 14:46 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2012-02-23 22:55 . 2012-02-23 22:55 28672 ----a-w- c:\windows\SysWow64\BDSSR160.dll2012-02-23 22:55 . 2012-02-23 22:55 28672 ----a-w- c:\windows\SysWow64\BDSSR.dll2012-02-17 06:38 . 2012-03-14 08:05 1031680 ----a-w- c:\windows\system32\rdpcore.dll2012-02-17 05:34 . 2012-03-14 08:05 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll2012-02-17 04:58 . 2012-03-14 08:05 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys2012-02-17 04:57 . 2012-03-14 08:05 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys2012-02-10 06:36 . 2012-03-14 08:06 1544192 ----a-w- c:\windows\system32\DWrite.dll2012-02-10 05:38 . 2012-03-14 08:06 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll2012-02-03 04:34 . 2012-03-14 08:06 3145728 ----a-w- c:\windows\system32\win32k.sys..((((((((((((((((((((((((((((( SnapShot@2012-04-26_00.12.54 ))))))))))))))))))))))))))))))))))))))))).+ 2012-04-09 15:50 . 2012-04-26 16:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat- 2012-04-09 15:50 . 2012-04-25 23:54 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat+ 2012-04-25 23:33 . 2012-04-26 00:25 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012042520120426\index.dat+ 2012-04-09 15:50 . 2012-04-26 00:25 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat- 2012-04-09 15:50 . 2012-04-25 23:54 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat+ 2010-11-11 00:42 . 2012-04-26 16:47 44968 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin+ 2009-07-14 05:10 . 2012-04-26 16:47 27544 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin+ 2010-11-14 03:43 . 2012-04-26 16:47 12894 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3010258393-3416120133-4182077219-1000_UserData.bin+ 2010-11-11 00:42 . 2012-04-26 16:47 44968 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin+ 2009-07-14 05:10 . 2012-04-26 16:47 27544 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin+ 2010-11-14 03:43 . 2012-04-26 16:47 12894 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3010258393-3416120133-4182077219-1000_UserData.bin+ 2010-11-23 21:41 . 2012-04-26 17:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat- 2010-11-23 21:41 . 2012-04-26 00:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat- 2010-11-23 21:41 . 2012-04-26 00:12 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat+ 2010-11-23 21:41 . 2012-04-26 17:06 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat+ 2010-11-23 21:41 . 2012-04-26 17:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat- 2010-11-23 21:41 . 2012-04-26 00:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat- 2010-11-14 00:48 . 2012-04-26 00:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat+ 2010-11-14 00:48 . 2012-04-26 16:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat+ 2010-11-14 00:48 . 2012-04-26 16:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat- 2010-11-14 00:48 . 2012-04-26 00:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat- 2012-04-26 00:12 . 2012-04-26 00:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat+ 2012-04-26 17:06 . 2012-04-26 17:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat+ 2012-04-26 17:06 . 2012-04-26 17:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat- 2012-04-26 00:12 . 2012-04-26 00:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat+ 2009-07-14 04:54 . 2012-04-26 17:07 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat+ 2009-07-14 04:54 . 2012-04-26 17:07 933888 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2009-07-14 02:36 . 2012-04-26 00:17 824186 c:\windows\system64\perfh009.dat- 2009-07-14 02:36 . 2012-04-25 23:58 824186 c:\windows\system64\perfh009.dat+ 2009-07-14 02:36 . 2012-04-26 00:17 178858 c:\windows\system64\perfc009.dat- 2009-07-14 02:36 . 2012-04-25 23:58 178858 c:\windows\system64\perfc009.dat+ 2009-07-14 02:36 . 2012-04-26 00:17 824186 c:\windows\system32\perfh009.dat- 2009-07-14 02:36 . 2012-04-25 23:58 824186 c:\windows\system32\perfh009.dat+ 2009-07-14 02:36 . 2012-04-26 00:17 178858 c:\windows\system32\perfc009.dat- 2009-07-14 02:36 . 2012-04-25 23:58 178858 c:\windows\system32\perfc009.dat- 2009-07-14 05:01 . 2012-04-26 00:11 270692 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat+ 2009-07-14 05:01 . 2012-04-26 17:05 270692 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat+ 2009-07-14 04:54 . 2012-04-26 17:07 4734976 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat- 2009-07-14 04:54 . 2012-04-25 23:54 4734976 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-15 39408]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-17 98304]"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-14 50472]"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2010-04-27 75048]"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-09-16 560128].c:\users\Scottg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384].c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 0 (0x0)"ConsentPromptBehaviorUser"= 5 (0x5)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0)"ConsentPromptBehaviorAdminShOrigSetting"= 5 (0x5)"ConsentPromptBehaviorUserShOrigSetting"= 3 (0x3)"PromptOnSecureDesktopShOrigSetting"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux1"=wdmaud.drv.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".R2 CLKMSVC10_9EC60124;CyberLink Product - 2010/11/10 18:57;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-04-27 232944]R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-15 136176]R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 253088]R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-15 136176]R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2010-07-30 25072]R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [x]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]S2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe [2009-07-14 27136]S2 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe [x]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]S2 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [2008-11-25 199520]S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2010-08-19 386344]S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]..--- Other Services/Drivers In Memory ---.*Deregistered* - CLKMDRV10_9EC60124.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]iissvcs REG_MULTI_SZ w3svc wasapphost REG_MULTI_SZ apphostsvc.Contents of the 'Scheduled Tasks' folder.2012-04-26 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 19:38].2012-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-15 17:31].2012-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-15 17:31].2012-04-09 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job- c:\program files\Dell Support Center\uaclauncher.exe [2010-10-27 16:27].2012-04-26 c:\windows\Tasks\SystemToolsDailyTest.job- c:\program files\Dell Support Center\pcdrcui.exe [2010-10-27 16:27]..--------- x86-64 -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-23 10081312]"RunDLLEntry_THXCfg"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]"RunDLLEntry_EptMon"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1860496].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.google.com/mLocal Page = c:\windows\SysWOW64\blank.htmIE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.htmlTCP: Interfaces\{EDFE8E86-B437-443B-AE84-E6F40B9D476F}: NameServer = 207.70.128.240,207.70.172.240FF - ProfilePath - c:\users\Scottg\AppData\Roaming\Mozilla\Firefox\Profiles\qw1aw24t.default\FF - prefs.js: network.proxy.type - 0.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)Wow6432Node-HKCU-Run-aebbbeaaffdecbdct - c:\programdata\aebbbeaaffdecbdct.exeWow6432Node-HKLM-Run-XkFcjVGVgWJhiQK.exe - c:\programdata\XkFcjVGVgWJhiQK.exeWow6432Node-HKU-Default-Run-aebbbeaaffdecbdct - c:\programdata\aebbbeaaffdecbdct.exe...[HKEY_LOCAL_MACHINE\system\ControlSet001\services\msftesql]"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER""ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z[\]^_¬\00\00¬\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~¬\00\00¬\00\00\00\00¬\00\00\00\00\00\00\00\00‘’“"..[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exec:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXEc:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exec:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXEc:\\.\globalroot\systemroot\svchost.exe.**************************************************************************.Completion time: 2012-04-26 12:11:41 - machine was rebootedComboFix-quarantined-files.txt 2012-04-26 17:11ComboFix2.txt 2012-04-26 00:17.Pre-Run: 875,017,629,696 bytes freePost-Run: 874,567,888,896 bytes free.- - End Of File - - 91BB6153B786D7ED2D32A0DAFCE77A74 Link to post Share on other sites More sharing options...
Maurice Naggar Posted April 26, 2012 ID:546197 Share Posted April 26, 2012 Please STOP self-medicating by running tools on your own. You could be turning your system into a brick.Please await my next reply to you !!!I'll provide guided help. But you have to promise to not run things on your own. Link to post Share on other sites More sharing options...
ScottWGast Posted April 26, 2012 Author ID:546204 Share Posted April 26, 2012 OK! I promise... no more self-medicating. (removing hands from keyboard and mouse).I appreciate any help you can provide.Scott Link to post Share on other sites More sharing options...
Maurice Naggar Posted April 26, 2012 ID:546205 Share Posted April 26, 2012 Step 11. Go >> Here << and download ERUNT(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)2. Install ERUNT by following the prompts(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)3. Start ERUNT by doing a RIGHT click and select Run as Administrator.(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)4. Choose a location for the backup(the default location is C:\WINDOWS\ERDNT which is acceptable).5. Make sure that at least the first two check boxes are ticked6. Press OK7. Press YES to create the folder.Step 2To show all files:Go to your DesktopDouble-Click the Computer icon.From the menu options, Select Tools, then Folder Options.Next click the View tab.Locate and uncheck Hide file extensions for known file types.Locate and uncheck Hide protected operating system files (Recommended).Locate and click Show hidden files and folders and drives.Click Apply > OK.Step 3Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Step 4Download Security Check by screen317 and save it to your Desktop: here or hereRun Security CheckFollow the onscreen instructions inside of the command window.A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!Step 5Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsFor directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsDo NOT turn off the firewallDownload aswMBR.exe ( 511KB ) to your desktop.On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.On Windows XP, double click the exe to start.change the a-v scan to None.uncheck trace disk IO callsClick the "Scan" button to start scanOn completion of the scan click save log, save it to your desktop and post in your next reply. Exit aswMBR.Step 6Please read carefully and follow these steps.Double-Click on TDSSKiller.exe to run the application, then on Start Scan.If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.RE-Enable your antivirus program.Copy & Paste contents of Log.txt & Info.txt & Checkup.txt & log from aswMBR & TDSSKILLER.Use separate replies as needed if logs do not fit into one reply box. Link to post Share on other sites More sharing options...
ScottWGast Posted April 26, 2012 Author ID:546213 Share Posted April 26, 2012 Log.txtLogfile of random's system information tool 1.09 (written by random/random)Run by Scottg at 2012-04-26 12:57:30Microsoft Windows 7 Professional Service Pack 1System drive C: has 834 GB (88%) free of 943 GBTotal RAM: 12279 MB (69% free)Logfile of Trend Micro HijackThis v2.0.4Scan saved at 12:57:35 PM, on 04/26/2012Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v8.00 (8.00.7601.17514)Boot mode: NormalRunning processes:C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXEC:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exeC:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXEC:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exeC:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exeC:\Program Files (x86)\CyberLink\Shared files\brs.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\trend micro\Scottg.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllO3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllO4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeO4 - HKLM\..\Run: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunO4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /mO4 - HKLM\..\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /rO4 - HKLM\..\Run: [updReg] C:\Windows\UpdReg.EXEO4 - HKLM\..\Run: [RemoteControl9] "c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"O4 - HKLM\..\Run: [bDRegion] c:\Program Files (x86)\Cyberlink\Shared Files\brs.exeO4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exeO4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttrayO4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunO4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exeO8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.htmlO9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CABO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{EDFE8E86-B437-443B-AE84-E6F40B9D476F}: NameServer = 207.70.128.240,207.70.172.240O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - (no file)O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)O23 - Service: CyberLink Product - 2010/11/10 18:57:30 (CLKMSVC10_9EC60124) - CyberLink - c:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exeO23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exeO23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: Sentinel Local License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exeO23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exeO23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: SessionLauncher - Unknown owner - c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXEO23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exeO23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-20001 (WMSVC) - Unknown owner - C:\Windows\system32\inetsrv\wmsvc.exe (file missing)--End of file - 11121 bytes======Listing Processes======\SystemRoot\System32\smss.exe%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16wininit.exe%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16winlogon.exeC:\Windows\system32\services.exeC:\Windows\system32\lsass.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalService"C:\Program Files\Dell\DellDock\DockLogin.exe"C:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetwork"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"C:\Windows\system32\svchost.exe -k apphostatieclxxC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\svchost.exe -k ftpsvcC:\Windows\system32\hasplms.exe -run"C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe""taskhost.exe""C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe" -s:MSSQL.1 -f:MSSQLSERVER"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER"C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\Config""C:\Windows\system32\Dwm.exe"C:\Windows\Explorer.EXEC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\System32\svchost.exe -k HPZ12"C:\Program Files\CyberLink\Shared files\RichVideo64.exe""C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE""C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe""C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"C:\Windows\system32\svchost.exe -k imgsvcC:\Windows\system32\svchost.exe -k iissvcs"c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE""C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE" C:\Users\Scottg"C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe""C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE""C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s"C:\Windows\System32\rundll32.exe" C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64"C:\Windows\System32\rundll32.exe" C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64"C:\Program Files\Microsoft IntelliType Pro\itype.exe"WLIDSvcM.exe 2296"C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe""C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun"C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe""C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m"C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe""C:\Program Files (x86)\CyberLink\Shared files\brs.exe""C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe""C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray-netsvcs\??\C:\Windows\system32\conhost.exe "11372854851607368472-191567626-1853967901-660816592-118062816695676418212803595C:\Windows\system32\SearchIndexer.exe /Embedding"C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe""C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe""C:\Windows\system32\wuauclt.exe"C:\Windows\system32\svchost.exe -k SDRSVC"C:\Windows\System32\mstsc.exe" /v:"sancho""C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon""C:\Windows\system32\SearchFilterHost.exe" 0 544 548 556 65536 552"C:\Users\Scottg\Desktop\RSITx64.exe"C:\Windows\system32\wbem\wmiprvse.exe======Scheduled tasks folder======C:\Windows\tasks\Adobe Flash Player Updater.jobC:\Windows\tasks\GoogleUpdateTaskMachineCore.jobC:\Windows\tasks\GoogleUpdateTaskMachineUA.jobC:\Windows\tasks\PCDoctorBackgroundMonitorTask.jobC:\Windows\tasks\SystemToolsDailyTest.job=========Mozilla firefox=========ProfilePath - C:\Users\Scottg\AppData\Roaming\Mozilla\Firefox\Profiles\qw1aw24t.defaultprefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.28"[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]"Description"=Adobe® Flash® Player 11.2.202.233 Plugin"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]"Description"=Oracle® Next Generation Java™ Plug-In"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@mcafee.com/MSC,version=10]"Description"=McAfee Total Protection MIME Plugin"Path"=c:\progra~2\mcafee\msc\npmcsn~1.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]"Description"="Path"=disabled[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]"Description"=Ag Player Plugin"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709]"Description"=WLPG Install MIME type"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]"Description"=Google Update"Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]"Description"=Google Update"Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]"Description"=Handles PDFs in-place in Firefox"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]"Description"=Adobe® Flash® Player 11.2.202.233 Plugin"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]"Description"=Oracle® Next Generation Java™ Plug-In"Path"=C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mcafee.com/MSC,version=10]"Description"=McAfee Total Protection MIME Plugin"Path"=c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]"Description"="Path"=disabledC:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}C:\Program Files (x86)\Mozilla Firefox\components\binary.manifestbrowsercomps.dllnsIQTScriptablePlugin.xptScriptff.dllC:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dllnppdf32.dllnpqtplugin.dllnpqtplugin2.dllnpqtplugin3.dllnpqtplugin4.dllnpqtplugin5.dllnpqtplugin6.dllnpqtplugin7.dllQuickTimePlugin.classC:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xmlbing.xmleBay.xmlgoogle.xmltwitter.xmlwikipedia.xmlyahoo.xml======Registry dump======[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]Windows Live ID Sign-in Helper - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2010-11-15 398512][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll [2010-11-15 317496][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2011-12-12 75656][HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912][HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}][HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]Windows Live ID Sign-in Helper - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840][HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-11-15 297648][HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll [2010-11-15 843832][HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2010-11-15 398512][HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-11-15 297648][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-02-22 10081312]"RunDLLEntry_THXCfg"=C:\Windows\system32\THXCfg64.dll [2009-10-15 17920]"RunDLLEntry_EptMon"=C:\Windows\system32\EptMon64.dll [2009-10-15 21504]"IntelliPoint"=c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2011-04-13 2399632]"itype"=c:\Program Files\Microsoft IntelliType Pro\itype.exe [2011-04-13 1860496][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-11-15 39408]"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584][HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]"IAStorIcon"=C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [2010-03-03 284696]"StartCCC"=c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-05-17 98304]"Dell DataSafe Online"=C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [2010-02-09 1807680]"THX Audio Control Panel"=C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [2009-12-01 963584]"UpdReg"=C:\Windows\UpdReg.EXE [2000-05-11 90112]"RemoteControl9"=c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [2009-07-06 87336]"PDVD9LanguageShortcut"=c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [2010-04-13 50472]"BDRegion"=c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [2010-04-26 75048]"amd_dc_opt"=C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2011-10-24 421888]"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-09-27 59240]"Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2012-04-04 462408][HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]""C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe""=C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [2011-09-16 560128]C:\Users\Scottg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartupDell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll [2011-03-21 13672][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2010-11-20 290304][HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"SecurityProviders"=credssp.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]"ConsentPromptBehaviorAdmin"=0"ConsentPromptBehaviorUser"=5"EnableLUA"=0"EnableUIADesktopToggle"=0"PromptOnSecureDesktop"=0"dontdisplaylastusername"=0"legalnoticecaption"="legalnoticetext"="shutdownwithoutlogon"=1"undockwithoutlogon"=1"ConsentPromptBehaviorAdminShOrigSetting"=5"ConsentPromptBehaviorUserShOrigSetting"=3"PromptOnSecureDesktopShOrigSetting"=0[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]"NoDriveTypeAutoRun"=145"NoDrives"=0[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]"NoDrives"=0[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list][HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]"vidc.mrle"=msrle32.dll"vidc.msvc"=msvidc32.dll"msacm.imaadpcm"=imaadp32.acm"msacm.msg711"=msg711.acm"msacm.msgsm610"=msgsm32.acm"msacm.msadpcm"=msadp32.acm"midimapper"=midimap.dll"wavemapper"=msacm32.drv"vidc.uyvy"=msyuv.dll"vidc.yuy2"=msyuv.dll"vidc.yvyu"=msyuv.dll"vidc.iyuv"=iyuv_32.dll"vidc.i420"=iyuv_32.dll"vidc.yvu9"=tsbyuv.dll"msacm.l3acm"=C:\Windows\System32\l3codeca.acm"wave"=wdmaud.drv"midi"=wdmaud.drv"mixer"=wdmaud.drv"aux"=wdmaud.drv"wave1"=wdmaud.drv"midi1"=wdmaud.drv"mixer1"=wdmaud.drv"aux1"=wdmaud.drv======File associations======.js - edit - C:\Windows\System32\Notepad.exe %1======List of files/folders created in the last 1 month======2012-04-26 12:57:30 ----D---- C:\rsit2012-04-26 12:57:30 ----D---- C:\Program Files\trend micro2012-04-26 12:53:45 ----D---- C:\Program Files (x86)\ERUNT2012-04-26 12:11:42 ----A---- C:\ComboFix.txt2012-04-26 12:07:02 ----SHD---- C:\$RECYCLE.BIN2012-04-26 11:44:31 ----A---- C:\Windows\svchost.exe2012-04-26 11:41:46 ----D---- C:\TDSSKiller_Quarantine2012-04-26 11:41:07 ----A---- C:\TDSSKiller.2.7.33.0_26.04.2012_11.41.07_log.txt2012-04-25 19:02:55 ----A---- C:\Windows\zip.exe2012-04-25 19:02:55 ----A---- C:\Windows\SWSC.exe2012-04-25 19:02:55 ----A---- C:\Windows\SWREG.exe2012-04-25 19:02:55 ----A---- C:\Windows\sed.exe2012-04-25 19:02:55 ----A---- C:\Windows\PEV.exe2012-04-25 19:02:55 ----A---- C:\Windows\NIRCMD.exe2012-04-25 19:02:55 ----A---- C:\Windows\MBR.exe2012-04-25 19:02:55 ----A---- C:\Windows\grep.exe2012-04-25 19:02:45 ----D---- C:\Windows\ERDNT2012-04-25 19:02:43 ----D---- C:\Qoobox2012-04-25 18:28:29 ----A---- C:\Windows\ntbtlog.txt2012-04-25 13:23:30 ----D---- C:\ProgramData\Norton2012-04-24 11:55:30 ----D---- C:\Windows\system642012-04-19 12:54:34 ----HD---- C:\Users\Scottg\AppData\Roaming\Windows Live Writer2012-04-19 04:26:22 ----D---- C:\OpenSSL-Win322012-04-18 17:20:07 ----D---- C:\Program Files (x86)\SSLBuddy2012-04-17 14:38:04 ----A---- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe2012-04-17 13:57:28 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe2012-04-16 08:06:21 ----D---- C:\Config.Msi2012-04-14 14:26:57 ----HD---- C:\Windows\system32\CanonIJ Uninstaller Information2012-04-14 14:26:57 ----HD---- C:\ProgramData\CanonBJ2012-04-14 14:26:54 ----A---- C:\Windows\system32\CNMLM95.DLL2012-04-14 14:26:51 ----A---- C:\Windows\system32\CNC700O.DLL2012-04-14 14:26:51 ----A---- C:\Windows\system32\CNC700L.DLL2012-04-14 14:26:51 ----A---- C:\Windows\system32\CNC700I.DLL2012-04-14 14:26:51 ----A---- C:\Windows\system32\CNC700C.DLL2012-04-14 14:26:50 ----A---- C:\Windows\system32\CNCFMSe.EXE2012-04-14 14:26:50 ----A---- C:\Windows\system32\CNCFLeUS.DLL2012-04-14 14:26:50 ----A---- C:\Windows\system32\CNCFLeJP.DLL2012-04-14 14:26:50 ----A---- C:\Windows\system32\CNCF2Le.DLL2012-04-14 14:26:47 ----HD---- C:\Program Files\CanonBJ2012-04-13 17:30:23 ----A---- C:\Windows\SYSWOW64\hlvdd.dll2012-04-13 17:30:16 ----A---- C:\Windows\system32\aksllmtp.exe2012-04-13 17:17:11 ----A---- C:\Windows\system32\hasplms.exe2012-04-13 16:58:50 ----D---- C:\Program Files (x86)\Chief Architect Inc2012-04-13 14:27:18 ----D---- C:\ProgramData\Cadsoft2012-04-13 14:22:31 ----D---- C:\ProgramData\Nova Development2012-04-13 14:22:31 ----D---- C:\Program Files (x86)\Nova Development2012-04-11 09:58:40 ----HD---- C:\Users\Scottg\AppData\Roaming\Malwarebytes2012-04-11 09:58:37 ----D---- C:\ProgramData\Malwarebytes2012-04-11 09:58:35 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware2012-04-11 09:58:35 ----A---- C:\Windows\system32\drivers\mbam.sys2012-04-11 03:02:07 ----A---- C:\Windows\system32\MRT.INI2012-04-11 03:00:29 ----A---- C:\Windows\system32\imagehlp.dll2012-04-11 03:00:29 ----A---- C:\Windows\system32\drivers\fs_rec.sys2012-04-11 03:00:28 ----A---- C:\Windows\SYSWOW64\wmi.dll2012-04-11 03:00:28 ----A---- C:\Windows\SYSWOW64\wintrust.dll2012-04-11 03:00:28 ----A---- C:\Windows\SYSWOW64\imagehlp.dll2012-04-11 03:00:28 ----A---- C:\Windows\system32\wmi.dll2012-04-11 03:00:28 ----A---- C:\Windows\system32\wintrust.dll2012-04-11 00:52:39 ----A---- C:\Windows\system32\mshtml.dll2012-04-11 00:52:35 ----A---- C:\Windows\SYSWOW64\mshtml.dll2012-04-11 00:52:35 ----A---- C:\Windows\SYSWOW64\ieframe.dll2012-04-11 00:52:34 ----A---- C:\Windows\system32\iertutil.dll2012-04-11 00:52:34 ----A---- C:\Windows\system32\ieframe.dll2012-04-11 00:52:33 ----A---- C:\Windows\SYSWOW64\wininet.dll2012-04-11 00:52:33 ----A---- C:\Windows\SYSWOW64\urlmon.dll2012-04-11 00:52:33 ----A---- C:\Windows\SYSWOW64\url.dll2012-04-11 00:52:33 ----A---- C:\Windows\SYSWOW64\mshtmled.dll2012-04-11 00:52:33 ----A---- C:\Windows\SYSWOW64\msfeeds.dll2012-04-11 00:52:33 ----A---- C:\Windows\SYSWOW64\jsproxy.dll2012-04-11 00:52:33 ----A---- C:\Windows\SYSWOW64\ieui.dll2012-04-11 00:52:33 ----A---- C:\Windows\SYSWOW64\iertutil.dll2012-04-11 00:52:33 ----A---- C:\Windows\system32\wininet.dll2012-04-11 00:52:33 ----A---- C:\Windows\system32\urlmon.dll2012-04-11 00:52:33 ----A---- C:\Windows\system32\url.dll2012-04-11 00:52:33 ----A---- C:\Windows\system32\mshtmled.dll2012-04-11 00:52:33 ----A---- C:\Windows\system32\msfeeds.dll2012-04-11 00:52:33 ----A---- C:\Windows\system32\jsproxy.dll2012-04-11 00:52:33 ----A---- C:\Windows\system32\ieui.dll2012-03-28 17:06:35 ----HD---- C:\Users\Scottg\AppData\Roaming\tmssoftware2012-03-28 16:27:57 ----A---- C:\Windows\SYSWOW64\zlib1.dll2012-03-28 16:27:52 ----D---- C:\Users\Scottg\AppData\Roaming\IntraWeb XII2012-03-28 15:00:50 ----N---- C:\Windows\SYSWOW64\sbe6_32.dll2012-03-28 14:58:23 ----D---- C:\ProgramData\Kaed2012-03-28 14:55:33 ----D---- C:\Program Files (x86)\nsoftware2012-03-28 14:25:42 ----HDC---- C:\ProgramData\{671BC913-F5C9-4A39-9F4C-D7522A418F2F}2012-03-28 14:25:10 ----D---- C:\ProgramData\SmartBear2012-03-28 14:23:54 ----D---- C:\ProgramData\Raize2012-03-28 14:23:52 ----D---- C:\Program Files (x86)\Raize2012-03-28 14:23:38 ----D---- C:\ProgramData\VSoft2012-03-28 14:23:35 ----D---- C:\Program Files (x86)\FinalBuilder 7 XE22012-03-28 14:21:23 ----D---- C:\Program Files (x86)\SmartBear2012-03-28 14:04:13 ----D---- C:\Program Files (x86)\CollabNet2012-03-28 14:04:09 ----D---- C:\Program Files (x86)\DevJet2012-03-28 13:58:41 ----D---- C:\ProgramData\Embarcadero2012-03-28 13:58:41 ----D---- C:\Program Files (x86)\Embarcadero2012-03-28 13:34:09 ----HD---- C:\ProgramData\{05500BA0-5731-46FD-9326-FA79A36E6D46}2012-03-28 09:40:31 ----HD---- C:\Users\Scottg\AppData\Roaming\Subversion2012-03-27 17:25:02 ----A---- C:\Windows\ipworks8.dll2012-03-27 17:22:35 ----HD---- C:\Users\Scottg\AppData\Roaming\SmartBear2012-03-27 17:22:34 ----D---- C:\Users\Scottg\AppData\Roaming\DevJET2012-03-27 17:19:22 ----A---- C:\Windows\SYSWOW64\TLBINF32.dll2012-03-27 17:19:22 ----A---- C:\Windows\SYSWOW64\CapiCom.dll2012-03-27 16:29:11 ----HDC---- C:\ProgramData\{B0A6C550-7640-4BB9-A44C-C9A7B5257584}======List of files/folders modified in the last 1 month======2012-04-26 12:57:35 ----D---- C:\Windows\Prefetch2012-04-26 12:57:30 ----RD---- C:\Program Files2012-04-26 12:57:03 ----D---- C:\Temp2012-04-26 12:55:10 ----D---- C:\Windows\Temp2012-04-26 12:53:45 ----RD---- C:\Program Files (x86)2012-04-26 12:22:09 ----D---- C:\Windows\system32\config2012-04-26 12:11:44 ----D---- C:\Windows\system32\drivers2012-04-26 12:07:47 ----D---- C:\Program Files (x86)\Dell DataSafe Local Backup2012-04-26 12:07:16 ----D---- C:\Windows2012-04-26 12:07:06 ----D---- C:\ProgramData2012-04-26 12:07:04 ----A---- C:\Windows\system.ini2012-04-26 12:06:42 ----D---- C:\Windows\system32\drivers\etc2012-04-26 12:00:34 ----D---- C:\Windows\SYSWOW64\drivers2012-04-26 12:00:34 ----D---- C:\Windows\SysWOW642012-04-26 12:00:34 ----D---- C:\Windows\System322012-04-26 12:00:34 ----D---- C:\Windows\AppPatch2012-04-26 12:00:33 ----D---- C:\Program Files\Common Files2012-04-26 12:00:33 ----D---- C:\Program Files (x86)\Common Files2012-04-26 03:00:25 ----SHD---- C:\System Volume Information2012-04-25 19:17:42 ----D---- C:\Windows\inf2012-04-25 19:17:42 ----A---- C:\Windows\system32\PerfStringBackup.INI2012-04-25 18:26:40 ----D---- C:\Windows\Tasks2012-04-25 18:26:40 ----D---- C:\Windows\SYSWOW64\Macromed2012-04-25 18:26:40 ----D---- C:\Windows\system32\wfp2012-04-25 18:26:40 ----D---- C:\Windows\system32\DriverStore2012-04-25 18:26:40 ----D---- C:\Windows\system32\catroot22012-04-25 18:26:17 ----D---- C:\Windows\system32\wbem2012-04-25 18:26:17 ----D---- C:\Windows\system32\Tasks2012-04-25 18:26:16 ----SHD---- C:\Windows\Installer2012-04-25 18:26:16 ----D---- C:\Windows\system32\Macromed2012-04-25 18:26:16 ----D---- C:\Windows\system32\CodeIntegrity2012-04-25 18:26:16 ----D---- C:\Windows\AppCompat2012-04-25 18:26:15 ----SD---- C:\Users\Scottg\AppData\Roaming\Microsoft2012-04-25 18:26:15 ----D---- C:\Users\Scottg\AppData\Roaming\CodeGear2012-04-25 18:26:13 ----D---- C:\ProgramData\Temp2012-04-25 18:26:10 ----D---- C:\ProgramData\Microsoft Help2012-04-25 18:26:10 ----D---- C:\ProgramData\eSellerate2012-04-25 18:26:08 ----D---- C:\CYABackup2012-04-25 18:25:25 ----D---- C:\Windows\registration2012-04-25 18:18:30 ----D---- C:\Users\Scottg\AppData\Roaming\PCDr2012-04-25 18:18:30 ----D---- C:\Users\Scottg\AppData\Roaming\Mozilla2012-04-25 18:18:23 ----D---- C:\Users\Scottg\AppData\Roaming\Forte2012-04-25 18:18:22 ----D---- C:\Users\Scottg\AppData\Roaming\Embarcadero2012-04-25 18:18:22 ----D---- C:\Users\Scottg\AppData\Roaming\CyberLink2012-04-25 18:18:22 ----D---- C:\Users\Scottg\AppData\Roaming\Adobe2012-04-25 18:17:45 ----SD---- C:\ProgramData\Microsoft2012-04-24 19:21:29 ----D---- C:\Windows\system32\LogFiles2012-04-14 14:27:00 ----RSD---- C:\Windows\Media2012-04-14 14:26:56 ----D---- C:\Windows\twain_322012-04-14 14:26:56 ----D---- C:\Windows\system32\catroot2012-04-13 17:30:40 ----D---- C:\Windows\system32\Setup2012-04-13 16:58:50 ----HD---- C:\Program Files (x86)\InstallShield Installation Information2012-04-13 14:24:19 ----D---- C:\Windows\winsxs2012-04-11 03:30:24 ----D---- C:\Windows\Microsoft.NET2012-04-11 03:30:16 ----RSD---- C:\Windows\assembly2012-04-11 03:19:59 ----D---- C:\Windows\SYSWOW64\migration2012-04-11 03:19:59 ----D---- C:\Windows\system32\migration2012-04-11 03:19:59 ----D---- C:\Program Files\Internet Explorer2012-04-11 03:19:59 ----D---- C:\Program Files (x86)\Internet Explorer2012-04-11 03:00:46 ----A---- C:\Windows\system32\MRT.exe2012-04-10 15:34:17 ----D---- C:\HAL2012-03-30 11:14:40 ----D---- C:\Program Files (x86)\Mozilla Firefox2012-03-28 13:59:17 ----D---- C:\Windows\SYSWOW64\en-US2012-03-28 13:31:45 ----D---- C:\Program Files (x86)\Steam2012-03-28 13:13:00 ----D---- C:\Program Files (x86)\Microsoft2012-03-28 13:11:35 ----D---- C:\Program Files (x86)\IntraWeb 10.0======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R0 iaStor;Intel RAID Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-03-03 540696]R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]R2 aksdf;aksdf; \??\C:\Windows\system32\drivers\aksdf.sys [2011-11-22 78208]R2 aksfridge;Sentinel Fridge; C:\Windows\system32\DRIVERS\aksfridge.sys [2011-11-22 139592]R2 Hardlock;Hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2011-09-28 321536]R3 akshasp;SafeNet Inc. HASP Key; C:\Windows\system32\DRIVERS\akshasp.sys [2011-02-09 53760]R3 akshhl;SafeNet Inc. Sentinel HL Key; C:\Windows\system32\DRIVERS\akshhl.sys [2011-09-08 57088]R3 aksusb;SafeNet Inc. USB Key; C:\Windows\system32\DRIVERS\aksusb.sys [2011-08-09 21120]R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-05-17 6853632]R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-05-17 263680]R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-04-08 124944]R3 dc3d;MS Hardware Device Detection Driver (USB); C:\Windows\system32\DRIVERS\dc3d.sys [2011-04-12 52632]R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-02-22 2271648]R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2012-04-04 24904]R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2011-04-13 23960]R3 Point64;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point64.sys [2011-04-13 45432]R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-03-12 242720]R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-11-27 295424]S1 RxFilter;RxFilter; C:\Windows\system32\DRIVERS\RxFilter.sys []S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-13 95232]S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [2010-07-30 25072]S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-13 12352]S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]S3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-13 12288]S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2006-11-01 151656]S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-05-17 203264]R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2009-07-13 27136]R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-13 27136]R2 DockLoginService;Dock Login Service; C:\Program Files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]R2 ftpsvc;@%windir%\system32\inetsrv\ftpres.dll,-30001; C:\Windows\system32\svchost.exe [2009-07-13 27136]R2 hasplms;Sentinel Local License Manager; C:\Windows\system32\hasplms.exe [2011-12-30 4889032]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]R2 MsDtsServer;SQL Server Integration Services; C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [2008-11-25 199520]R2 msftesql;SQL Server FullText Search (MSSQLSERVER); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [2007-06-22 158568]R2 MSSQLSERVER;SQL Server (MSSQLSERVER); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-25 39626592]R2 MSSQLServerOLAPService;SQL Server Analysis Services (MSSQLSERVER); C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe [2008-11-25 31648608]R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-13 27136]R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-13 27136]R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2010-08-19 386344]R2 SftService;SoftThinks Agent Service; C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]R2 SQLBrowser;SQL Server Browser; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-25 153952]R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2009-07-13 27136]R2 wlidsvc;Windows Live ID Sign-in Assistant; c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-13 27136]R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2009-07-13 27136]S2 CLKMSVC10_9EC60124;CyberLink Product - 2010/11/10 18:57:30; c:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-04-26 232944]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-15 136176]S2 SessionLauncher;SessionLauncher; c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe []S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 253088]S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-13 27136]S3 aspnet_state;@%windir%\system32\inetsrv\iisres.dll,-30009; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe [2009-06-10 42840]S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-11-10 1045256]S3 GoToAssist;GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe [2011-03-21 13160]S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-15 136176]S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-11-15 182768]S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-13 27136]S3 RoxMediaDB10;RoxMediaDB10; c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]S3 SQLSERVERAGENT;SQL Server Agent (MSSQLSERVER); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE [2008-11-25 426336]S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2009-07-16 316664]S3 stllssvr;stllssvr; c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [2009-04-30 74392]S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-13 27136]S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-11-13 1255736]S3 WMSVC;@%windir%\system32\inetsrv\iisres.dll,-20001; C:\Windows\system32\inetsrv\wmsvc.exe [2009-07-13 10752]S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-25 64352]-----------------EOF-----------------INFO.txtinfo.txt logfile of random's system information tool 1.09 2012-04-26 12:57:36======Uninstall list======-->"C:\Program Files (x86)\InstallShield Installation Information\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}\setup.exe" /z-uninstall-->C:\ProgramData\{D19C2D22-6043-47E7-B400-83A351841204}\delldock.exe-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{DDCCBB78-8FFB-4FDE-912F-930E4D9FBC67}\setup.exe" -l0x9-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{DDCCBB78-8FFB-4FDE-912F-930E4D9FBC67}\setup.exe" -l0x9 /remove64 Bit HP CIO Components Installer-->MsiExec.exe /I{FDD06F32-C9C8-429C-A7B0-915D8A5AD406}7-Zip 9.20 (x64 edition)-->MsiExec.exe /I{23170F69-40C1-2702-0920-000001000000}Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstallAdobe AIR-->MsiExec.exe /I{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}Adobe Flash Player 11 ActiveX 64-bit-->C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_233_ActiveX.exe -maintain activexAdobe Flash Player 11 Plugin 64-bit-->C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_233_Plugin.exe -maintain pluginAdobe Reader X (10.1.3)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001}Android SDK Tools-->C:\Program Files (x86)\Android\android-sdk\uninstall.exeApple Application Support-->MsiExec.exe /I{A83279FD-CA4B-4206-9535-90974DE76654}Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}Art Effects for PDR10-->C:\Program Files\CyberLink\PowerDirector10\..\Shared files\Plugin\NewBlue\\UninstallArtEffectsBundleForPDR10.exeATI Catalyst Control Center-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x9BDE_ENT-->MsiExec.exe /I{E966F0CC-76B3-11D3-945B-00C04FB1760A}Better Homes and Gardens Home Designer Pro 7.0-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{6E613434-312D-4786-B879-8659B0EB0FCA}\setup.exe" -l0x9 -removeonlyC3FaxWSClientAPI 8.0.5.0-->C:\Program Files (x86)\Concord Technologies\C3FaxWSClientAPI\C3FaxWSClientAPIUninst.EXECanon MX700 series-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series /L0x0009Catalyst Control Center - Branding-->MsiExec.exe /I{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}CodeSite Express 5.1-->C:\PROGRA~2\Raize\CS5\UNWISE.EXE C:\PROGRA~2\Raize\CS5\CS5_EX~1.LOGCollabNet Subversion Client 1.6.17-->C:\Program Files (x86)\CollabNet\uninst.exeCyberLink PhotoNow-->"C:\Program Files (x86)\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe" /z-uninstallCyberLink PhotoNow-->"C:\Program Files (x86)\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe" /z-uninstallCyberLink PowerDirector 10 Content Pack I-->"C:\Program Files (x86)\InstallShield Installation Information\{9AA216FE-501D-4169-A239-709F67B5B060}\setup.exe" /z-uninstallCyberLink PowerDirector 10 Content Pack I-->"C:\Program Files (x86)\InstallShield Installation Information\{9AA216FE-501D-4169-A239-709F67B5B060}\setup.exe" /z-uninstallCyberLink PowerDirector 10 Content Pack II-->"C:\Program Files (x86)\InstallShield Installation Information\{AABB78C0-A435-486A-84E3-17E6684828C2}\setup.exe" /z-uninstallCyberLink PowerDirector 10 Content Pack II-->"C:\Program Files (x86)\InstallShield Installation Information\{AABB78C0-A435-486A-84E3-17E6684828C2}\setup.exe" /z-uninstallCyberLink PowerDirector 10-->"C:\Program Files (x86)\InstallShield Installation Information\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}\setup.exe" /z-uninstallCyberLink PowerDirector 10-->"C:\Program Files (x86)\InstallShield Installation Information\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}\setup.exe" /z-uninstallCyberLink PowerDVD 9.5-->"C:\Program Files (x86)\InstallShield Installation Information\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\setup.exe" /z-uninstallCyberLink PowerDVD 9.5-->"C:\Program Files (x86)\InstallShield Installation Information\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\setup.exe" /z-uninstallCyberLink Romance Pack v3-->"C:\Program Files (x86)\InstallShield Installation Information\{D66DE2CC-64DF-402D-B270-33F2A6C67F0C}\Setup.exe" /z-uninstallCyberLink Romance Pack v3-->"C:\Program Files (x86)\InstallShield Installation Information\{D66DE2CC-64DF-402D-B270-33F2A6C67F0C}\Setup.exe" /z-uninstallCyberLink WaveEditor-->"C:\Program Files (x86)\InstallShield Installation Information\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\Setup.exe" /z-uninstallCyberLink WaveEditor-->"C:\Program Files (x86)\InstallShield Installation Information\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\Setup.exe" /z-uninstallDell DataSafe Local Backup - Support Software-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}\setup.exe" -l0x9 -removeonly /z"dsu"Dell DataSafe Local Backup-->"C:\Program Files (x86)\InstallShield Installation Information\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}\setup.exe" -runfromtemp -l0x9 -removeonlyDell DataSafe Online-->MsiExec.exe /X{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}Dell Dock-->"C:\ProgramData\{D19C2D22-6043-47E7-B400-83A351841204}\delldock.exe" REMOVE=TRUE MODIFY=FALSEDell Edoc Viewer-->MsiExec.exe /I{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}Dell Getting Started Guide-->MsiExec.exe /I{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}Dell Support Center-->C:\PROGRA~1\DELLSU~1\uninst.exeDell Support Center-->MsiExec.exe /X{0090A87C-3E0E-43D4-AA71-A71B06563A4A}DevJET Documentation Insight Express Edition V2.0.3.251-->"C:\Program Files (x86)\DevJet\unins000.exe"DirectXInstallService-->MsiExec.exe /X{098122AB-C605-4853-B441-C0A4EB359B75}Dual-Core Optimizer-->MsiExec.exe /X{9FD6F1A8-5550-46AF-8509-271DF0E768B5}Duke Nukem Forever-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/57900Embarcadero Delphi and C++Builder XE2 Help System-->"C:\ProgramData\{671BC913-F5C9-4A39-9F4C-D7522A418F2F}\Setup.exe" REMOVE=TRUE MODIFY=FALSEEmbarcadero Delphi and C++Builder XE2 Help System-->C:\ProgramData\{671BC913-F5C9-4A39-9F4C-D7522A418F2F}\Setup.exeEmbarcadero ER/Studio v9.0 Developer Edition-->"C:\Program Files (x86)\InstallShield Installation Information\{10386097-AC77-4D10-A63F-D0B854648F25}\setup.exe" -runfromtemp -l0x0009 -removeonlyEmbarcadero RAD Studio XE2-->"C:\ProgramData\{05500BA0-5731-46FD-9326-FA79A36E6D46}\Setup.exe" REMOVE=TRUE MODIFY=FALSEEmbarcadero RAD Studio XE2-->C:\ProgramData\{05500BA0-5731-46FD-9326-FA79A36E6D46}\Setup.exeEMC 10 Content-->MsiExec.exe /X{FDB46DE7-9045-47BB-970A-3E4ED5369E03}EMCGadgets64-->MsiExec.exe /I{02AD9D20-03D2-4DE0-8793-E8253026AD86}ERUNT 1.1j-->"C:\Program Files (x86)\ERUNT\unins000.exe"FinalBuilder 7.0.0.1725 Embarcadero Edition-->"C:\Program Files (x86)\FinalBuilder 7 XE2\unins000.exe"Forté Agent-->C:\PROGRA~2\Agent\UNWISE.EXE C:\PROGRA~2\Agent\INSTALL.LOGGoogle Toolbar for Internet Explorer-->"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_AC0049E063DE2AEA.exe" /uninstallGoogle Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}GoToAssist Corporate-->C:\Program Files (x86)\Citrix\GoToAssist\615\G2AUninstaller.exe /uninstallHGTV Ultimate Home Design with Landscaping & Decks-->"C:\Program Files (x86)\InstallShield Installation Information\{0363C7DA-291C-454E-A318-570D4FC0A040}\setup.exe" -runfromtemp -l0x0409 -removeonlyHGTV Ultimate Home Design with Landscaping & Decks-->MsiExec.exe /X{0363C7DA-291C-454E-A318-570D4FC0A040}Intel® Control Center-->C:\Program Files (x86)\Intel\Intel Control Center\uninstaller\SetupICC.exe -uninstall -force -confirmIntel® Rapid Storage Technology-->C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\Uninstall\setup.exe -uninstallIntraWeb XII-->"C:\Users\Scottg\AppData\Roaming\IntraWeb XII\unins000.exe"IP*Works! V8 Delphi Edition-->C:\Program Files (x86)\nsoftware\IPWorks V8 Delphi Edition\uninstall.exeJava 6 Update 20 (64-bit)-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F86416020FF}Java 6 Update 29-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}Java 7 Update 1 (64-bit)-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F86417001FF}Java SE Development Kit 7 Update 1 (64-bit)-->MsiExec.exe /I{64A3A4F4-B792-11D6-A78A-00B0D0170010}Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}KDImage Editor version 3.3 (Build 57)-->"C:\ProgramData\Kaed\KDImage Editor\3.3\unins000.exe"KDTele Tools version 4.0 (Build 34).-->"C:\ProgramData\Kaed\KDTele Tools\4.0\unins000.exe"Malwarebytes Anti-Malware version 1.61.0.1400-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder ClientMicrosoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}Microsoft Document Explorer 2008-->C:\Program Files (x86)\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.exeMicrosoft Document Explorer 2008-->MsiExec.exe /X{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}Microsoft IntelliPoint 8.1-->msiexec.exe /I {3ED4AD02-F631-4A4C-AAC8-2325996E5A56}Microsoft IntelliPoint 8.1-->MsiExec.exe /X{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}Microsoft IntelliType Pro 8.1-->msiexec.exe /I {446EE0D9-1F6B-42BF-8278-8D0B172BA15D}Microsoft IntelliType Pro 8.1-->MsiExec.exe /X{446EE0D9-1F6B-42BF-8278-8D0B172BA15D}Microsoft Office 2003 Web Components-->MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}Microsoft Office Access database engine 2007 (English)-->MsiExec.exe /I{90120000-00D1-0409-0000-0000000FF1CE}Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}Microsoft SQL Server 2005 (64-bit)-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /RemoveMicrosoft SQL Server 2005 (64-bit)-->MsiExec.exe /I{F14F2E25-99AF-42A9-977C-F6D0352DC59F}Microsoft SQL Server 2005 Analysis Services (64-bit)-->MsiExec.exe /I{54C2B4E9-DD13-4AA4-B09A-A6EF68F9359A}Microsoft SQL Server 2005 Backward compatibility-->MsiExec.exe /I{62D2F823-0EAA-496D-B0F9-A869BFC51550}Microsoft SQL Server 2005 Books Online (English)-->MsiExec.exe /I{0B43A744-B1B8-4089-9BD1-9D41C7EC0AA3}Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}Microsoft SQL Server 2005 Integration Services (64-bit)-->MsiExec.exe /I{8A52D844-0DA7-40B0-8602-0567C068C081}Microsoft SQL Server 2005 Notification Services (64-bit)-->MsiExec.exe /I{EA145881-7452-4004-80B9-971FC3D1D8D8}Microsoft SQL Server 2005 Tools (64-bit)-->MsiExec.exe /I{FE7C8861-3195-4CA5-98EB-094652478192}Microsoft SQL Server Native Client-->MsiExec.exe /I{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{18C5A65B-0A39-40B5-B958-63055AFAB65C}Microsoft SQL Server VSS Writer-->MsiExec.exe /I{86177DAE-38B1-49DD-912E-35CB703AB779}Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}Microsoft Visual C++ 2005 Redistributable - KB2467175-->MsiExec.exe /X{a0fe116e-9a8a-466f-aee0-625cb7c207e3}Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{820B6609-4C97-3A2B-B644-573B06A0F0CC}Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E}Microsoft Visual J# 2.0 Redistributable Package-->C:\Windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exeMicrosoft Visual Studio 2005 Premier Partner Edition - ENU-->MsiExec.exe /I{C25EF637-BE7A-4761-9B45-9069989C319F}Mozilla Firefox 11.0 (x86 en-US)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exeMSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}QuickTime-->MsiExec.exe /I{7BE15435-2D3E-4B58-867F-9C75BED0208C}Raize Components 6.0-->C:\PROGRA~2\Raize\RC6\UNWISE.EXE C:\PROGRA~2\Raize\RC6\INSTALL.LOGRave Reports 10.0.0 BE-->"C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\RaveReports\unins000.exe"Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709Roxio Activation Module-->MsiExec.exe /I{EC877639-07AB-495C-BFD1-D63AF9140810}Roxio BackOnTrack-->MsiExec.exe /I{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}Roxio Central Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}Roxio Central Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}Roxio Central Core-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}Roxio Central Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}Roxio Central Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}Roxio Easy CD and DVD Burning-->C:\ProgramData\Uninstall\{537BF16E-7412-448C-95D8-846E85A1D817}\setup.exe /x {537BF16E-7412-448C-95D8-846E85A1D817}Roxio Easy CD and DVD Burning-->MsiExec.exe /I{612B5D2E-8084-4102-91DE-24281E4EFB2C}Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}Roxio File Backup-->MsiExec.exe /I{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder ClientSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder ClientSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder ClientSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder ClientSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder ClientSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder ClientSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder ClientSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder ClientSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FDD13F1E-9C6B-311E-A0D9-D6E172FC28FF} /parameterfolder ClientSentinel Runtime-->MsiExec.exe /X{2A414CBE-CDF3-48C6-A91B-D3D4522F8EB5}Service Pack 3 for SQL Server Analysis Services 2005 (64-bit) ENU (KB955706)-->C:\Windows\OLAP9_KB955706_ENU_64\Hotfix.exe /UninstallService Pack 3 for SQL Server Database Services 2005 (64-bit) ENU (KB955706)-->C:\Windows\SQL9_KB955706_ENU_64\Hotfix.exe /UninstallService Pack 3 for SQL Server Integration Services 2005 (64-bit) ENU (KB955706)-->C:\Windows\DTS9_KB955706_ENU_64\Hotfix.exe /UninstallService Pack 3 for SQL Server Notification Services 2005 (64-bit) ENU (KB955706)-->C:\Windows\NS9_KB955706_ENU_64\Hotfix.exe /UninstallService Pack 3 for SQL Server Tools and Workstation Components 2005 (64-bit) ENU (KB955706)-->C:\Windows\SQLTools9_KB955706_ENU_64\Hotfix.exe /UninstallSmartBear AQtime 7 Standard for Embarcadero RAD Studio XE and XE2-->"C:\Windows\Installer\{DC73000A-9FD8-4445-A578-C52209A90522}\Setup\setup.exe" -runfromtemp -l0x0409 -removeonlySmartBear AQtime 7 Standard for Embarcadero RAD Studio XE and XE2-->MsiExec.exe /I{DC73000A-9FD8-4445-A578-C52209A90522}SmartSound Quicktracks 5-->"C:\Program Files (x86)\InstallShield Installation Information\{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}\setup.exe" -runfromtemp -l0x0409 -removeonlySmartSound Quicktracks 5-->MsiExec.exe /I{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}Sonic CinePlayer Decoder Pack-->MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}SQLXML4-->MsiExec.exe /I{B358C627-4492-469A-8D0A-FCA1EC769DA9}Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}THX TruStudio PC-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{010A785B-F920-4350-821B-6309909C20BB}\setup.exe" -l0x9 /removeTMS Async32 for Delphi / C++ Builder v1.5.0.0-->"C:\Users\Scottg\Documents\tmssoftware\TMS Async32\unins000.exe"TMS Component Pack for Delphi / C++ Builder v6.3.2.0-->"C:\Users\Scottg\Documents\tmssoftware\TMS Component Pack\unins000.exe"TMS Component Pack Help Files for Delphi XE2 for VCL-->"C:\Users\Scottg\Documents\tmssoftware\TMS Component Pack\Help\Delphi XE2\unins000.exe"TMS Component Pack Samples-->"C:\Users\Scottg\Documents\tmssoftware\TMS Component Pack\Samples\unins000.exe"TMS Instrumentation Workshop for Delphi / C++ Builder v1.5.0.0-->"C:\Users\Scottg\Documents\tmssoftware\TMS Instrumentation Workshop\unins000.exe"Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder ClientUpdate for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder ClientUpdate for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder ClientVD64Inst-->MsiExec.exe /I{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exeWindows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}Windows Live ID Sign-in Assistant-->MsiExec.exe /X{9B48B0AC-C813-4174-9042-476A887592C7}Windows Live Mail-->MsiExec.exe /I{6412CECE-8172-4BE5-935B-6CECACD2CA87}Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}Windows Live Movie Maker-->MsiExec.exe /X{3D5044A5-97B8-45C0-B956-BB2376569188}Windows Live Photo Gallery-->MsiExec.exe /X{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}Windows Live Writer-->MsiExec.exe /X{178832DE-9DE0-4C87-9F82-9315A9B03985}======System event log======Computer Name: DEVEvent Code: 7000Message: The SessionLauncher service failed to start due to the following error:The system cannot find the file specified.Record Number: 4954540Source Name: Service Control ManagerTime Written: 20120112091820.245263-000Event Type: ErrorUser:Computer Name: DEVEvent Code: 1Message: Realtek PCIe GBE Family Controller is disconnected from network.Record Number: 4954489Source Name: RTL8167Time Written: 20120112091806.371238-000Event Type: WarningUser:Computer Name: DEVEvent Code: 36882Message: The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The SSL connection request has failed. The attached data contains the server certificate.Record Number: 4953538Source Name: SchannelTime Written: 20120103204202.749094-000Event Type: ErrorUser: DEV\ScottgComputer Name: DEVEvent Code: 36888Message: The following fatal alert was generated: 48. The internal error state is 552.Record Number: 4953537Source Name: SchannelTime Written: 20120103204202.749094-000Event Type: ErrorUser: DEV\ScottgComputer Name: DEVEvent Code: 1014Message: Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.Record Number: 4953177Source Name: Microsoft-Windows-DNS-ClientTime Written: 20111230160136.369941-000Event Type: WarningUser: NT AUTHORITY\NETWORK SERVICE=====Application event log=====Computer Name: DEVEvent Code: 1130Message: .NET Runtime Optimization Service (2.0.50727.4952) - Version or flavor did not match with repository: mcepgRecord Number: 908Source Name: .NET Runtime Optimization ServiceTime Written: 20101114005711.000000-000Event Type: WarningUser:Computer Name: DEVEvent Code: 1130Message: .NET Runtime Optimization Service (2.0.50727.4952) - Version or flavor did not match with repository: ehRecObjRecord Number: 907Source Name: .NET Runtime Optimization ServiceTime Written: 20101114005708.000000-000Event Type: WarningUser:Computer Name: DEVEvent Code: 1130Message: .NET Runtime Optimization Service (2.0.50727.4952) - Version or flavor did not match with repository: Microsoft.MediaCenterRecord Number: 906Source Name: .NET Runtime Optimization ServiceTime Written: 20101114005707.000000-000Event Type: WarningUser:Computer Name: DEVEvent Code: 1130Message: .NET Runtime Optimization Service (2.0.50727.4952) - Version or flavor did not match with repository: Microsoft.MediaCenter.UIRecord Number: 902Source Name: .NET Runtime Optimization ServiceTime Written: 20101114005628.000000-000Event Type: WarningUser:Computer Name: DEVEvent Code: 1530Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-3010258393-3416120133-4182077219-1000:Process 732 (\Device\HarddiskVolume3\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-3010258393-3416120133-4182077219-1000Record Number: 877Source Name: Microsoft-Windows-User Profiles ServiceTime Written: 20101114005208.646667-000Event Type: WarningUser: NT AUTHORITY\SYSTEM=====Security event log=====Computer Name: DEVEvent Code: 4648Message: A logon was attempted using explicit credentials.Subject: Security ID: S-1-5-18 Account Name: DEV$ Account Domain: S2 Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000}Account Whose Credentials Were Used: Account Name: Scottg Account Domain: DEV Logon GUID: {00000000-0000-0000-0000-000000000000}Target Server: Target Server Name: localhost Additional Information: localhostProcess Information: Process ID: 0x370 Process Name: C:\Windows\System32\winlogon.exeNetwork Information: Network Address: 127.0.0.1 Port: 0This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.Record Number: 1528Source Name: Microsoft-Windows-Security-AuditingTime Written: 20101125020334.511250-000Event Type: Audit SuccessUser:Computer Name: DEVEvent Code: 4634Message: An account was logged off.Subject: Security ID: S-1-5-21-3010258393-3416120133-4182077219-1000 Account Name: Scottg Account Domain: DEV Logon ID: 0x13460f5Logon Type: 7This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.Record Number: 1527Source Name: Microsoft-Windows-Security-AuditingTime Written: 20101125013733.312955-000Event Type: Audit SuccessUser:Computer Name: DEVEvent Code: 4634Message: An account was logged off.Subject: Security ID: S-1-5-21-3010258393-3416120133-4182077219-1000 Account Name: Scottg Account Domain: DEV Logon ID: 0x1346103Logon Type: 7This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.Record Number: 1526Source Name: Microsoft-Windows-Security-AuditingTime Written: 20101125013733.312955-000Event Type: Audit SuccessUser:Computer Name: DEVEvent Code: 4672Message: Special privileges assigned to new logon.Subject: Security ID: S-1-5-21-3010258393-3416120133-4182077219-1000 Account Name: Scottg Account Domain: DEV Logon ID: 0x13460f5Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilegeRecord Number: 1525Source Name: Microsoft-Windows-Security-AuditingTime Written: 20101125013733.311954-000Event Type: Audit SuccessUser:Computer Name: DEVEvent Code: 4624Message: An account was successfully logged on.Subject: Security ID: S-1-5-18 Account Name: DEV$ Account Domain: S2 Logon ID: 0x3e7Logon Type: 7New Logon: Security ID: S-1-5-21-3010258393-3416120133-4182077219-1000 Account Name: Scottg Account Domain: DEV Logon ID: 0x1346103 Logon GUID: {00000000-0000-0000-0000-000000000000}Process Information: Process ID: 0x370 Process Name: C:\Windows\System32\winlogon.exeNetwork Information: Workstation Name: DEV Source Network Address: 127.0.0.1 Source Port: 0Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0This event is generated when a logon session is created. It is generated on the computer that was accessed.The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.Record Number: 1524Source Name: Microsoft-Windows-Security-AuditingTime Written: 20101125013733.311954-000Event Type: Audit SuccessUser:======Environment variables======"CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip"ComSpec"=%SystemRoot%\system32\cmd.exe"EMC_AUTOPLAY"=c:\Program Files (x86)\Common Files\Roxio Shared\"FP_NO_HOST_CHECK"=NO"lib"=C:\Program Files\SQLXML 4.0\bin\"NUMBER_OF_PROCESSORS"=8"OS"=Windows_NT"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files (x86)\CollabNet;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;%CommonProgramFiles%\Microsoft Shared\Windows Live;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;c:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared;c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared;C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn;C:\Program Files\Microsoft SQL Server\90\DTS\Binn;C:\Program Files\Microsoft SQL Server\90\Tools\binn;C:\Program Files (x86)\Microsoft SQL Server\90\Tools\binn;C:\Program Files (x86)\Microsoft SQL Server\90\DTS\Binn;C:\Program Files (x86)\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE;C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies;C:\Program Files (x86)\QuickTime\QTSystem;C:\Users\Scottg\Documents\tmssoftware\TMS Component Pack;C:\Users\Scottg\Documents\tmssoftware\TMS Component Pack\DelphiXE2;C:\Users\Scottg\Documents\tmssoftware\TMS Component Pack\bpl;C:\Users\Scottg\Documents\tmssoftware\TMS Async32\bpl;C:\Users\Scottg\Documents\tmssoftware\TMS Async32\DelphiXE2;C:\Users\Scottg\Documents\tmssoftware\TMS Instrumentation Workshop\bpl"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC"PROCESSOR_ARCHITECTURE"=AMD64"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 26 Stepping 5, GenuineIntel"PROCESSOR_LEVEL"=6"PROCESSOR_REVISION"=1a05"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\"QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip"RoxioCentral"=c:\Program Files (x86)\Common Files\Roxio Shared\10.0\Roxio Central36\"TEMP"=%SystemRoot%\TEMP"TMP"=%SystemRoot%\TEMP"USERNAME"=SYSTEM"windir"=%SystemRoot%-----------------EOF-----------------Checkup.txt Results of screen317's Security Check version 0.99.32 Windows 7 x64 (UAC is disabled!) Internet Explorer 8 Out of date!``````````````````````````````Antivirus/Firewall Check: Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update.```````````````````````````````Anti-malware/Other Utilities Check: Java 6 Update 29 Java version out of date! Adobe Reader X (10.1.3) Mozilla Firefox (11.0.)````````````````````````````````Process Check: objlist.exe by Laurent Malwarebytes' Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamgui.exe ``````````End of Log````````````aswMBR.txtaswMBR version 0.9.9.1665 Copyright© 2011 AVAST SoftwareRun date: 2012-04-26 13:06:25-----------------------------13:06:25.562 OS Version: Windows x64 6.1.7601 Service Pack 113:06:25.562 Number of processors: 8 586 0x1A0513:06:25.562 ComputerName: DEV UserName:13:06:36.435 Initialize success13:07:16.286 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-113:07:16.289 Disk 0 Vendor: Intel___ 1.0. Size: 953859MB BusType: 813:07:16.291 Device \Driver\iaStor -> MajorFunction fffffa800d6865c413:07:16.294 Disk 0 MBR read successfully13:07:16.296 Disk 0 MBR scan13:07:16.299 Disk 0 Windows VISTA default MBR code13:07:16.324 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 6313:07:16.327 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 11142 MB offset 8192013:07:16.349 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 942676 MB offset 2290073613:07:16.407 Disk 0 scanning C:\Windows\system32\drivers13:07:39.983 Service scanning13:08:04.549 Modules scanning13:08:04.558 Scan finished successfully13:08:27.261 Disk 0 MBR has been saved successfully to "C:\Temp\MBR.dat"13:08:27.264 The log file has been saved successfully to "C:\Temp\aswMBR.txt" Link to post Share on other sites More sharing options...
ScottWGast Posted April 26, 2012 Author ID:546214 Share Posted April 26, 2012 TDSSKiller13:08:45.0321 7420 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:4313:08:45.0727 7420 ============================================================13:08:45.0727 7420 Current date / time: 2012/04/26 13:08:45.072713:08:45.0727 7420 SystemInfo:13:08:45.0727 7420 13:08:45.0727 7420 OS Version: 6.1.7601 ServicePack: 1.013:08:45.0727 7420 Product type: Workstation13:08:45.0727 7420 ComputerName: DEV13:08:45.0727 7420 UserName: Scottg13:08:45.0727 7420 Windows directory: C:\Windows13:08:45.0727 7420 System windows directory: C:\Windows13:08:45.0727 7420 Running under WOW6413:08:45.0727 7420 Processor architecture: Intel x6413:08:45.0727 7420 Number of processors: 813:08:45.0727 7420 Page size: 0x100013:08:45.0727 7420 Boot type: Normal boot13:08:45.0727 7420 ============================================================13:08:46.0200 7420 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0300000 (931.50 Gb), SectorSize: 0x200, Cylinders: 0x1DAFF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004013:08:46.0205 7420 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'13:08:46.0232 7420 ============================================================13:08:46.0232 7420 \Device\Harddisk0\DR0:13:08:46.0232 7420 MBR partitions:13:08:46.0232 7420 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x15C300013:08:46.0232 7420 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x15D7000, BlocksNum 0x7312A00013:08:46.0232 7420 \Device\Harddisk1\DR1:13:08:46.0232 7420 MBR partitions:13:08:46.0232 7420 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A384C0213:08:46.0232 7420 ============================================================13:08:46.0292 7420 C: <-> \Device\Harddisk0\DR0\Partition113:08:46.0296 7420 E: <-> \Device\Harddisk1\DR1\Partition013:08:46.0296 7420 ============================================================13:08:46.0296 7420 Initialize success13:08:46.0296 7420 ============================================================13:08:53.0475 6892 ============================================================13:08:53.0475 6892 Scan started13:08:53.0475 6892 Mode: Manual;13:08:53.0475 6892 ============================================================13:08:53.0930 6892 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys13:08:53.0932 6892 1394ohci - ok13:08:54.0085 6892 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys13:08:54.0088 6892 ACPI - ok13:08:54.0163 6892 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys13:08:54.0163 6892 AcpiPmi - ok13:08:54.0399 6892 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe13:08:54.0400 6892 AdobeARMservice - ok13:08:54.0793 6892 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe13:08:54.0795 6892 AdobeFlashPlayerUpdateSvc - ok13:08:55.0124 6892 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys13:08:55.0126 6892 adp94xx - ok13:08:55.0155 6892 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys13:08:55.0157 6892 adpahci - ok13:08:55.0285 6892 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys13:08:55.0287 6892 adpu320 - ok13:08:55.0382 6892 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll13:08:55.0383 6892 AeLookupSvc - ok13:08:55.0847 6892 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys13:08:55.0851 6892 AFD - ok13:08:55.0958 6892 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys13:08:55.0958 6892 agp440 - ok13:08:56.0110 6892 aksdf (44f360b65c37a42eb5b71c2e5179fdd5) C:\Windows\system32\drivers\aksdf.sys13:08:56.0111 6892 aksdf - ok13:08:56.0249 6892 aksfridge (43415af4f20e9867974623840a22fe98) C:\Windows\system32\DRIVERS\aksfridge.sys13:08:56.0251 6892 aksfridge - ok13:08:56.0362 6892 akshasp (a56f1b0f967aef8a82d7771e6d166def) C:\Windows\system32\DRIVERS\akshasp.sys13:08:56.0363 6892 akshasp - ok13:08:56.0443 6892 akshhl (bc0ee7f8d0be561793b80871f4f10627) C:\Windows\system32\DRIVERS\akshhl.sys13:08:56.0444 6892 akshhl - ok13:08:56.0560 6892 aksusb (27f2e2c89a1855b063fcac21eb7d6a73) C:\Windows\system32\DRIVERS\aksusb.sys13:08:56.0561 6892 aksusb - ok13:08:56.0654 6892 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe13:08:56.0655 6892 ALG - ok13:08:56.0729 6892 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys13:08:56.0729 6892 aliide - ok13:08:56.0908 6892 AMD External Events Utility (f0e61cf2c0fda5b011cd1cb2e2353c9a) C:\Windows\system32\atiesrxx.exe13:08:56.0910 6892 AMD External Events Utility - ok13:08:56.0956 6892 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys13:08:56.0956 6892 amdide - ok13:08:57.0055 6892 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys13:08:57.0055 6892 AmdK8 - ok13:08:58.0963 6892 amdkmdag (cf3db4d8b2ce0b282ab39c9d846eca74) C:\Windows\system32\DRIVERS\atikmdag.sys13:08:58.0990 6892 amdkmdag - ok13:08:59.0084 6892 amdkmdap (7d07db26f6d3a16a6c8d34ce6c09fd01) C:\Windows\system32\DRIVERS\atikmpag.sys13:08:59.0085 6892 amdkmdap - ok13:08:59.0179 6892 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys13:08:59.0179 6892 AmdPPM - ok13:08:59.0229 6892 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys13:08:59.0229 6892 amdsata - ok13:08:59.0273 6892 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys13:08:59.0274 6892 amdsbs - ok13:08:59.0295 6892 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys13:08:59.0295 6892 amdxata - ok13:08:59.0508 6892 AppHostSvc (59d01fa91962c9c1e9b4022b2d3b46db) C:\Windows\system32\inetsrv\apphostsvc.dll13:08:59.0509 6892 AppHostSvc - ok13:08:59.0630 6892 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys13:08:59.0631 6892 AppID - ok13:08:59.0664 6892 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll13:08:59.0664 6892 AppIDSvc - ok13:08:59.0750 6892 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll13:08:59.0751 6892 Appinfo - ok13:08:59.0865 6892 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll13:08:59.0867 6892 AppMgmt - ok13:08:59.0948 6892 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys13:08:59.0948 6892 arc - ok13:09:00.0026 6892 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys13:09:00.0027 6892 arcsas - ok13:09:00.0200 6892 aspnet_state (1838f16e9ce03b993fc500703b711dab) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe13:09:00.0200 6892 aspnet_state - ok13:09:00.0253 6892 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys13:09:00.0253 6892 AsyncMac - ok13:09:00.0313 6892 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys13:09:00.0314 6892 atapi - ok13:09:00.0432 6892 AtiHdmiService (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys13:09:00.0433 6892 AtiHdmiService - ok13:09:00.0956 6892 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll13:09:00.0960 6892 AudioEndpointBuilder - ok13:09:00.0964 6892 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll13:09:00.0967 6892 AudioSrv - ok13:09:00.0996 6892 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll13:09:00.0997 6892 AxInstSV - ok13:09:01.0042 6892 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys13:09:01.0044 6892 b06bdrv - ok13:09:01.0224 6892 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys13:09:01.0226 6892 b57nd60a - ok13:09:01.0285 6892 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll13:09:01.0290 6892 BDESVC - ok13:09:01.0293 6892 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys13:09:01.0293 6892 Beep - ok13:09:01.0427 6892 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll13:09:01.0430 6892 BFE - ok13:09:02.0010 6892 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll13:09:02.0017 6892 BITS - ok13:09:02.0069 6892 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys13:09:02.0070 6892 blbdrive - ok13:09:02.0179 6892 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys13:09:02.0180 6892 bowser - ok13:09:02.0208 6892 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys13:09:02.0209 6892 BrFiltLo - ok13:09:02.0243 6892 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys13:09:02.0243 6892 BrFiltUp - ok13:09:02.0343 6892 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys13:09:02.0344 6892 BridgeMP - ok13:09:02.0465 6892 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll13:09:02.0466 6892 Browser - ok13:09:02.0486 6892 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys13:09:02.0488 6892 Brserid - ok13:09:02.0554 6892 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys13:09:02.0555 6892 BrSerWdm - ok13:09:02.0569 6892 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys13:09:02.0569 6892 BrUsbMdm - ok13:09:02.0600 6892 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys13:09:02.0602 6892 BrUsbSer - ok13:09:02.0671 6892 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys13:09:02.0672 6892 BTHMODEM - ok13:09:02.0774 6892 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll13:09:02.0797 6892 bthserv - ok13:09:02.0806 6892 catchme - ok13:09:02.0923 6892 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys13:09:02.0924 6892 cdfs - ok13:09:03.0051 6892 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys13:09:03.0052 6892 cdrom - ok13:09:03.0130 6892 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll13:09:03.0131 6892 CertPropSvc - ok13:09:03.0261 6892 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys13:09:03.0262 6892 circlass - ok13:09:03.0285 6892 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys13:09:03.0288 6892 CLFS - ok13:09:03.0525 6892 CLKMSVC10_9EC60124 (fdff50af8a708a23b7de1d69c285a2ae) c:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe13:09:03.0526 6892 CLKMSVC10_9EC60124 - ok13:09:03.0692 6892 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe13:09:03.0693 6892 clr_optimization_v2.0.50727_32 - ok13:09:03.0754 6892 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe13:09:03.0755 6892 clr_optimization_v2.0.50727_64 - ok13:09:03.0924 6892 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe13:09:03.0926 6892 clr_optimization_v4.0.30319_32 - ok13:09:04.0100 6892 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe13:09:04.0101 6892 clr_optimization_v4.0.30319_64 - ok13:09:04.0193 6892 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys13:09:04.0194 6892 CmBatt - ok13:09:04.0251 6892 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys13:09:04.0251 6892 cmdide - ok13:09:04.0706 6892 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys13:09:04.0709 6892 CNG - ok13:09:04.0745 6892 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys13:09:04.0745 6892 Compbatt - ok13:09:04.0820 6892 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys13:09:04.0820 6892 CompositeBus - ok13:09:04.0836 6892 COMSysApp - ok13:09:04.0881 6892 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys13:09:04.0882 6892 crcdisk - ok13:09:05.0040 6892 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll13:09:05.0042 6892 CryptSvc - ok13:09:05.0113 6892 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys13:09:05.0116 6892 CSC - ok13:09:05.0258 6892 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll13:09:05.0261 6892 CscService - ok13:09:05.0375 6892 dc3d (7f61fbe259c18666d8ddf862f13a5eb0) C:\Windows\system32\DRIVERS\dc3d.sys13:09:05.0376 6892 dc3d - ok13:09:05.0579 6892 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll13:09:05.0584 6892 DcomLaunch - ok13:09:05.0805 6892 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll13:09:05.0808 6892 defragsvc - ok13:09:05.0928 6892 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys13:09:05.0929 6892 DfsC - ok13:09:06.0201 6892 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll13:09:06.0203 6892 Dhcp - ok13:09:06.0271 6892 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys13:09:06.0271 6892 discache - ok13:09:06.0359 6892 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys13:09:06.0359 6892 Disk - ok13:09:06.0513 6892 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll13:09:06.0515 6892 Dnscache - ok13:09:06.0752 6892 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe13:09:06.0753 6892 DockLoginService - ok13:09:06.0829 6892 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll13:09:06.0832 6892 dot3svc - ok13:09:06.0869 6892 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll13:09:06.0871 6892 DPS - ok13:09:06.0951 6892 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys13:09:06.0952 6892 drmkaud - ok13:09:07.0167 6892 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys13:09:07.0171 6892 DXGKrnl - ok13:09:07.0243 6892 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll13:09:07.0249 6892 EapHost - ok13:09:09.0421 6892 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys13:09:09.0434 6892 ebdrv - ok13:09:09.0531 6892 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe13:09:09.0532 6892 EFS - ok13:09:10.0052 6892 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe13:09:10.0057 6892 ehRecvr - ok13:09:10.0151 6892 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe13:09:10.0152 6892 ehSched - ok13:09:10.0527 6892 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys13:09:10.0531 6892 elxstor - ok13:09:10.0580 6892 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys13:09:10.0580 6892 ErrDev - ok13:09:10.0925 6892 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll13:09:10.0928 6892 EventSystem - ok13:09:11.0479 6892 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys13:09:11.0481 6892 exfat - ok13:09:11.0508 6892 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys13:09:11.0509 6892 fastfat - ok13:09:11.0553 6892 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe13:09:11.0557 6892 Fax - ok13:09:11.0572 6892 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys13:09:11.0573 6892 fdc - ok13:09:11.0598 6892 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll13:09:11.0598 6892 fdPHost - ok13:09:11.0657 6892 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll13:09:11.0658 6892 FDResPub - ok13:09:11.0674 6892 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys13:09:11.0674 6892 FileInfo - ok13:09:11.0689 6892 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys13:09:11.0689 6892 Filetrace - ok13:09:12.0223 6892 FLEXnet Licensing Service (8669be94f63944e4f899c3950b520241) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe13:09:12.0230 6892 FLEXnet Licensing Service - ok13:09:12.0264 6892 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys13:09:12.0264 6892 flpydisk - ok13:09:12.0486 6892 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys13:09:12.0488 6892 FltMgr - ok13:09:13.0368 6892 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll13:09:13.0375 6892 FontCache - ok13:09:13.0504 6892 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe13:09:13.0504 6892 FontCache3.0.0.0 - ok13:09:13.0579 6892 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys13:09:13.0579 6892 FsDepends - ok13:09:13.0654 6892 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys13:09:13.0654 6892 Fs_Rec - ok13:09:13.0905 6892 ftpsvc (79179c6f8a3784cc3a20cde998d5bd2c) C:\Windows\system32\inetsrv\ftpsvc.dll13:09:13.0908 6892 ftpsvc - ok13:09:13.0931 6892 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys13:09:13.0932 6892 fvevol - ok13:09:13.0979 6892 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys13:09:13.0980 6892 gagp30kx - ok13:09:14.0088 6892 GoToAssist (8f6ae606eb0cc884ee12c41948424422) C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe13:09:14.0088 6892 GoToAssist - ok13:09:14.0772 6892 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll13:09:14.0776 6892 gpsvc - ok13:09:14.0888 6892 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe13:09:14.0889 6892 gupdate - ok13:09:14.0891 6892 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe13:09:14.0892 6892 gupdatem - ok13:09:15.0028 6892 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe13:09:15.0029 6892 gusvc - ok13:09:15.0291 6892 Hardlock (d619ba1712b83d14149850e758b835ad) C:\Windows\system32\drivers\hardlock.sys13:09:15.0294 6892 Hardlock - ok13:09:15.0296 6892 hasplms - ok13:09:15.0363 6892 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys13:09:15.0363 6892 hcw85cir - ok13:09:15.0501 6892 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys13:09:15.0502 6892 HDAudBus - ok13:09:15.0534 6892 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys13:09:15.0557 6892 HidBatt - ok13:09:15.0679 6892 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys13:09:15.0680 6892 HidBth - ok13:09:15.0736 6892 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys13:09:15.0736 6892 HidIr - ok13:09:15.0802 6892 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll13:09:15.0803 6892 hidserv - ok13:09:15.0848 6892 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys13:09:15.0848 6892 HidUsb - ok13:09:15.0956 6892 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll13:09:15.0957 6892 hkmsvc - ok13:09:16.0165 6892 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll13:09:16.0168 6892 HomeGroupListener - ok13:09:16.0344 6892 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll13:09:16.0347 6892 HomeGroupProvider - ok13:09:16.0406 6892 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys13:09:16.0406 6892 HpSAMD - ok13:09:16.0696 6892 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys13:09:16.0702 6892 HTTP - ok13:09:16.0766 6892 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys13:09:16.0767 6892 hwpolicy - ok13:09:16.0905 6892 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys13:09:16.0906 6892 i8042prt - ok13:09:17.0132 6892 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys13:09:17.0136 6892 iaStor - ok13:09:17.0169 6892 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe13:09:17.0169 6892 IAStorDataMgrSvc - ok13:09:17.0483 6892 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys13:09:17.0485 6892 iaStorV - ok13:09:18.0141 6892 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe13:09:18.0147 6892 idsvc - ok13:09:18.0267 6892 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys13:09:18.0268 6892 iirsp - ok13:09:18.0823 6892 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll13:09:18.0842 6892 IKEEXT - ok13:09:19.0539 6892 IntcAzAudAddService (a0eab13a78cc5fb960ec76e3d6408da3) C:\Windows\system32\drivers\RTKVHD64.sys13:09:19.0548 6892 IntcAzAudAddService - ok13:09:19.0729 6892 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys13:09:19.0729 6892 intelide - ok13:09:19.0753 6892 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys13:09:19.0754 6892 intelppm - ok13:09:19.0843 6892 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll13:09:19.0844 6892 IPBusEnum - ok13:09:19.0881 6892 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys13:09:19.0881 6892 IpFilterDriver - ok13:09:19.0930 6892 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll13:09:19.0933 6892 iphlpsvc - ok13:09:20.0019 6892 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys13:09:20.0020 6892 IPMIDRV - ok13:09:20.0114 6892 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys13:09:20.0115 6892 IPNAT - ok13:09:20.0140 6892 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys13:09:20.0140 6892 IRENUM - ok13:09:20.0174 6892 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys13:09:20.0174 6892 isapnp - ok13:09:20.0354 6892 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys13:09:20.0378 6892 iScsiPrt - ok13:09:20.0446 6892 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys13:09:20.0447 6892 kbdclass - ok13:09:20.0498 6892 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys13:09:20.0499 6892 kbdhid - ok13:09:20.0537 6892 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe13:09:20.0538 6892 KeyIso - ok13:09:20.0615 6892 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys13:09:20.0616 6892 KSecDD - ok13:09:20.0723 6892 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys13:09:20.0724 6892 KSecPkg - ok13:09:20.0756 6892 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys13:09:20.0756 6892 ksthunk - ok13:09:21.0026 6892 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll13:09:21.0062 6892 KtmRm - ok13:09:21.0166 6892 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll13:09:21.0176 6892 LanmanServer - ok13:09:21.0318 6892 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll13:09:21.0320 6892 LanmanWorkstation - ok13:09:21.0409 6892 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys13:09:21.0409 6892 lltdio - ok13:09:21.0742 6892 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll13:09:21.0745 6892 lltdsvc - ok13:09:21.0749 6892 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll13:09:21.0749 6892 lmhosts - ok13:09:21.0837 6892 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys13:09:21.0868 6892 LSI_FC - ok13:09:21.0990 6892 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys13:09:21.0991 6892 LSI_SAS - ok13:09:22.0072 6892 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys13:09:22.0075 6892 LSI_SAS2 - ok13:09:22.0192 6892 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys13:09:22.0194 6892 LSI_SCSI - ok13:09:22.0263 6892 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys13:09:22.0264 6892 luafv - ok13:09:22.0379 6892 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys13:09:22.0379 6892 MBAMProtector - ok13:09:22.0886 6892 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe13:09:22.0889 6892 MBAMService - ok13:09:23.0010 6892 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll13:09:23.0011 6892 Mcx2Svc - ok13:09:23.0054 6892 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys13:09:23.0155 6892 megasas - ok13:09:23.0191 6892 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys13:09:23.0193 6892 MegaSR - ok13:09:23.0246 6892 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll13:09:23.0248 6892 MMCSS - ok13:09:23.0314 6892 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys13:09:23.0315 6892 Modem - ok13:09:23.0371 6892 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys13:09:23.0371 6892 monitor - ok13:09:23.0437 6892 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys13:09:23.0437 6892 mouclass - ok13:09:23.0493 6892 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys13:09:23.0493 6892 mouhid - ok13:09:23.0664 6892 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys13:09:23.0665 6892 mountmgr - ok13:09:23.0787 6892 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys13:09:23.0788 6892 mpio - ok13:09:23.0798 6892 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys13:09:23.0798 6892 mpsdrv - ok13:09:24.0445 6892 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll13:09:24.0450 6892 MpsSvc - ok13:09:24.0568 6892 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys13:09:24.0569 6892 MRxDAV - ok13:09:24.0710 6892 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys13:09:24.0712 6892 mrxsmb - ok13:09:24.0945 6892 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys13:09:24.0947 6892 mrxsmb10 - ok13:09:25.0108 6892 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys13:09:25.0109 6892 mrxsmb20 - ok13:09:25.0148 6892 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys13:09:25.0148 6892 msahci - ok13:09:25.0241 6892 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys13:09:25.0242 6892 msdsm - ok13:09:25.0377 6892 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe13:09:25.0379 6892 MSDTC - ok13:09:25.0751 6892 MsDtsServer (00eb6a7fdebfdd30dc348f7e5bf3a2e3) C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe13:09:25.0752 6892 MsDtsServer - ok13:09:25.0800 6892 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys13:09:25.0801 6892 Msfs - ok13:09:26.0023 6892 msftesql (27dcd5f3cf89655556c5f89717d24d65) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe13:09:26.0024 6892 msftesql - ok13:09:26.0074 6892 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys13:09:26.0074 6892 mshidkmdf - ok13:09:26.0113 6892 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys13:09:26.0113 6892 msisadrv - ok13:09:26.0312 6892 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll13:09:26.0314 6892 MSiSCSI - ok13:09:26.0317 6892 msiserver - ok13:09:26.0371 6892 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys13:09:26.0372 6892 MSKSSRV - ok13:09:26.0375 6892 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys13:09:26.0375 6892 MSPCLOCK - ok13:09:26.0378 6892 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys13:09:26.0378 6892 MSPQM - ok13:09:26.0646 6892 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys13:09:26.0649 6892 MsRPC - ok13:09:26.0672 6892 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys13:09:26.0673 6892 mssmbios - ok13:09:26.0696 6892 MSSQLSERVER - ok13:09:26.0891 6892 MSSQLServerADHelper (af07844e1016c959ff54303b12f92993) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe13:09:26.0892 6892 MSSQLServerADHelper - ok13:09:26.0914 6892 MSSQLServerOLAPService - ok13:09:26.0918 6892 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys13:09:26.0919 6892 MSTEE - ok13:09:26.0942 6892 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys13:09:26.0942 6892 MTConfig - ok13:09:27.0013 6892 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys13:09:27.0013 6892 Mup - ok13:09:27.0342 6892 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll13:09:27.0359 6892 napagent - ok13:09:27.0657 6892 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys13:09:27.0660 6892 NativeWifiP - ok13:09:28.0281 6892 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys13:09:28.0287 6892 NDIS - ok13:09:28.0312 6892 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys13:09:28.0335 6892 NdisCap - ok13:09:28.0365 6892 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys13:09:28.0365 6892 NdisTapi - ok13:09:28.0415 6892 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys13:09:28.0416 6892 Ndisuio - ok13:09:28.0575 6892 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys13:09:28.0576 6892 NdisWan - ok13:09:28.0669 6892 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys13:09:28.0670 6892 NDProxy - ok13:09:28.0785 6892 Net Driver HPZ12 (b6cba9a0403e2c1a9ea03c33a4932e89) C:\Windows\system32\HPZinw12.dll13:09:28.0786 6892 Net Driver HPZ12 - ok13:09:28.0820 6892 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys13:09:28.0821 6892 NetBIOS - ok13:09:28.0861 6892 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys13:09:28.0862 6892 NetBT - ok13:09:28.0865 6892 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe13:09:28.0866 6892 Netlogon - ok13:09:29.0003 6892 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll13:09:29.0005 6892 Netman - ok13:09:29.0021 6892 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll13:09:29.0024 6892 netprofm - ok13:09:29.0185 6892 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe13:09:29.0186 6892 NetTcpPortSharing - ok13:09:29.0212 6892 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys13:09:29.0212 6892 nfrd960 - ok13:09:29.0433 6892 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll13:09:29.0435 6892 NlaSvc - ok13:09:29.0489 6892 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys13:09:29.0490 6892 Npfs - ok13:09:29.0527 6892 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll13:09:29.0528 6892 nsi - ok13:09:29.0565 6892 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys13:09:29.0565 6892 nsiproxy - ok13:09:30.0670 6892 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys13:09:30.0677 6892 Ntfs - ok13:09:30.0998 6892 NuidFltr (317020d31f1696334679b9d0416eb62e) C:\Windows\system32\DRIVERS\NuidFltr.sys13:09:30.0999 6892 NuidFltr - ok13:09:31.0032 6892 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys13:09:31.0032 6892 Null - ok13:09:31.0204 6892 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys13:09:31.0205 6892 nvraid - ok13:09:31.0337 6892 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys13:09:31.0338 6892 nvstor - ok13:09:31.0444 6892 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys13:09:31.0445 6892 nv_agp - ok13:09:31.0587 6892 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys13:09:31.0589 6892 ohci1394 - ok13:09:31.0774 6892 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE13:09:31.0775 6892 ose - ok13:09:32.0040 6892 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll13:09:32.0043 6892 p2pimsvc - ok13:09:32.0404 6892 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll13:09:32.0408 6892 p2psvc - ok13:09:32.0512 6892 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys13:09:32.0513 6892 Parport - ok13:09:32.0586 6892 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys13:09:32.0587 6892 partmgr - ok13:09:32.0778 6892 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll13:09:32.0781 6892 PcaSvc - ok13:09:33.0017 6892 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms13:09:33.0018 6892 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok13:09:33.0031 6892 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys13:09:33.0032 6892 pci - ok13:09:33.0043 6892 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys13:09:33.0044 6892 pciide - ok13:09:33.0062 6892 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys13:09:33.0064 6892 pcmcia - ok13:09:33.0092 6892 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys13:09:33.0092 6892 pcw - ok13:09:33.0151 6892 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys13:09:33.0154 6892 PEAUTH - ok13:09:33.0239 6892 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll13:09:33.0245 6892 PeerDistSvc - ok13:09:33.0308 6892 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe13:09:33.0309 6892 PerfHost - ok13:09:33.0366 6892 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll13:09:33.0376 6892 pla - ok13:09:33.0803 6892 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll13:09:33.0807 6892 PlugPlay - ok13:09:33.0939 6892 Pml Driver HPZ12 (35ccb20b0d730b7764d049463e4b2ac5) C:\Windows\system32\HPZipm12.dll13:09:33.0940 6892 Pml Driver HPZ12 - ok13:09:34.0004 6892 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll13:09:34.0037 6892 PNRPAutoReg - ok13:09:34.0062 6892 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll13:09:34.0064 6892 PNRPsvc - ok13:09:34.0217 6892 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys13:09:34.0218 6892 Point64 - ok13:09:34.0563 6892 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll13:09:34.0567 6892 PolicyAgent - ok13:09:34.0693 6892 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll13:09:34.0695 6892 Power - ok13:09:34.0811 6892 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys13:09:34.0812 6892 PptpMiniport - ok13:09:34.0873 6892 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys13:09:34.0874 6892 Processor - ok13:09:35.0058 6892 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll13:09:35.0082 6892 ProfSvc - ok13:09:35.0086 6892 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe13:09:35.0087 6892 ProtectedStorage - ok13:09:35.0246 6892 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys13:09:35.0247 6892 Psched - ok13:09:35.0330 6892 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys13:09:35.0331 6892 PxHlpa64 - ok13:09:36.0313 6892 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys13:09:36.0319 6892 ql2300 - ok13:09:36.0421 6892 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys13:09:36.0422 6892 ql40xx - ok13:09:36.0515 6892 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll13:09:36.0517 6892 QWAVE - ok13:09:36.0522 6892 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys13:09:36.0522 6892 QWAVEdrv - ok13:09:36.0534 6892 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys13:09:36.0534 6892 RasAcd - ok13:09:36.0606 6892 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys13:09:36.0607 6892 RasAgileVpn - ok13:09:36.0642 6892 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll13:09:36.0643 6892 RasAuto - ok13:09:36.0651 6892 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys13:09:36.0652 6892 Rasl2tp - ok13:09:36.0952 6892 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll13:09:36.0971 6892 RasMan - ok13:09:37.0050 6892 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys13:09:37.0051 6892 RasPppoe - ok13:09:37.0149 6892 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys13:09:37.0150 6892 RasSstp - ok13:09:37.0402 6892 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys13:09:37.0404 6892 rdbss - ok13:09:37.0461 6892 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys13:09:37.0462 6892 rdpbus - ok13:09:37.0543 6892 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys13:09:37.0543 6892 RDPCDD - ok13:09:37.0743 6892 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys13:09:37.0745 6892 RDPDR - ok13:09:37.0803 6892 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys13:09:37.0804 6892 RDPENCDD - ok13:09:37.0815 6892 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys13:09:37.0815 6892 RDPREFMP - ok13:09:37.0890 6892 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys13:09:37.0891 6892 RDPWD - ok13:09:37.0917 6892 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys13:09:37.0919 6892 rdyboost - ok13:09:37.0934 6892 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll13:09:37.0935 6892 RemoteAccess - ok13:09:37.0960 6892 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll13:09:37.0962 6892 RemoteRegistry - ok13:09:38.0032 6892 RichVideo64 (0b169fe016039571ecc6db70073f8979) C:\Program Files\CyberLink\Shared files\RichVideo64.exe13:09:38.0034 6892 RichVideo64 - ok13:09:38.0989 6892 RoxMediaDB10 (05fc44d32a144925eae45570029fd6e1) c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe13:09:38.0996 6892 RoxMediaDB10 - ok13:09:39.0058 6892 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll13:09:39.0060 6892 RpcEptMapper - ok13:09:39.0108 6892 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe13:09:39.0111 6892 RpcLocator - ok13:09:39.0519 6892 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll13:09:39.0522 6892 RpcSs - ok13:09:39.0599 6892 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys13:09:39.0599 6892 rspndr - ok13:09:39.0831 6892 RSUSBSTOR (5aab4808e8ccae8c2ecda5b791260616) C:\Windows\system32\Drivers\RtsUStor.sys13:09:39.0833 6892 RSUSBSTOR - ok13:09:39.0997 6892 RTL8167 (777fc2c418465404e3d8a290dc247d24) C:\Windows\system32\DRIVERS\Rt64win7.sys13:09:39.0999 6892 RTL8167 - ok13:09:40.0002 6892 RxFilter - ok13:09:40.0073 6892 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys13:09:40.0073 6892 s3cap - ok13:09:40.0076 6892 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe13:09:40.0077 6892 SamSs - ok13:09:40.0100 6892 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys13:09:40.0101 6892 sbp2port - ok13:09:40.0282 6892 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll13:09:40.0284 6892 SCardSvr - ok13:09:40.0333 6892 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys13:09:40.0333 6892 scfilter - ok13:09:41.0291 6892 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll13:09:41.0297 6892 Schedule - ok13:09:41.0391 6892 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll13:09:41.0391 6892 SCPolicySvc - ok13:09:41.0533 6892 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll13:09:41.0535 6892 SDRSVC - ok13:09:41.0596 6892 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys13:09:41.0596 6892 secdrv - ok13:09:41.0635 6892 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll13:09:41.0636 6892 seclogon - ok13:09:41.0712 6892 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll13:09:41.0713 6892 SENS - ok13:09:41.0788 6892 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll13:09:41.0790 6892 SensrSvc - ok13:09:41.0840 6892 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys13:09:41.0840 6892 Serenum - ok13:09:41.0936 6892 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys13:09:41.0936 6892 Serial - ok13:09:41.0998 6892 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys13:09:41.0999 6892 sermouse - ok13:09:42.0058 6892 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll13:09:42.0060 6892 SessionEnv - ok13:09:42.0077 6892 SessionLauncher - ok13:09:42.0086 6892 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys13:09:42.0086 6892 sffdisk - ok13:09:42.0128 6892 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys13:09:42.0128 6892 sffp_mmc - ok13:09:42.0186 6892 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys13:09:42.0187 6892 sffp_sd - ok13:09:42.0207 6892 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys13:09:42.0208 6892 sfloppy - ok13:09:43.0525 6892 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE13:09:43.0532 6892 SftService - ok13:09:43.0930 6892 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll13:09:43.0934 6892 SharedAccess - ok13:09:44.0225 6892 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll13:09:44.0229 6892 ShellHWDetection - ok13:09:44.0276 6892 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys13:09:44.0276 6892 SiSRaid2 - ok13:09:44.0354 6892 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys13:09:44.0354 6892 SiSRaid4 - ok13:09:44.0501 6892 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys13:09:44.0502 6892 Smb - ok13:09:44.0578 6892 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe13:09:44.0581 6892 SNMPTRAP - ok13:09:44.0628 6892 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys13:09:44.0629 6892 spldr - ok13:09:44.0719 6892 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe13:09:44.0723 6892 Spooler - ok13:09:46.0798 6892 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe13:09:46.0813 6892 sppsvc - ok13:09:46.0888 6892 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll13:09:46.0891 6892 sppuinotify - ok13:09:47.0204 6892 SQLBrowser (b2ec3e1deac5f0a764bd3486d213a0af) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe13:09:47.0206 6892 SQLBrowser - ok13:09:47.0637 6892 SQLSERVERAGENT (00b0e9f0ffd98b829345dff292650470) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE13:09:47.0640 6892 SQLSERVERAGENT - ok13:09:47.0830 6892 SQLWriter (d63fc56c7c3f9b576bc25f617e3f7963) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe13:09:47.0831 6892 SQLWriter - ok13:09:48.0214 6892 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys13:09:48.0218 6892 srv - ok13:09:48.0510 6892 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys13:09:48.0513 6892 srv2 - ok13:09:48.0648 6892 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys13:09:48.0649 6892 srvnet - ok13:09:48.0859 6892 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll13:09:48.0862 6892 SSDPSRV - ok13:09:48.0931 6892 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll13:09:48.0933 6892 SstpSvc - ok13:09:48.0969 6892 Steam Client Service - ok13:09:49.0024 6892 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys13:09:49.0024 6892 stexstor - ok13:09:49.0080 6892 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys13:09:49.0080 6892 StillCam - ok13:09:49.0522 6892 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll13:09:49.0526 6892 stisvc - ok13:09:49.0634 6892 stllssvr (ff5eb78af7dfb68c2fb363537aaf753e) c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe13:09:49.0634 6892 stllssvr - ok13:09:49.0701 6892 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys13:09:49.0702 6892 storflt - ok13:09:49.0740 6892 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll13:09:49.0742 6892 StorSvc - ok13:09:49.0799 6892 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys13:09:49.0800 6892 storvsc - ok13:09:49.0824 6892 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys13:09:49.0824 6892 swenum - ok13:09:49.0917 6892 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll13:09:49.0921 6892 swprv - ok13:09:51.0208 6892 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll13:09:51.0216 6892 SysMain - ok13:09:51.0296 6892 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll13:09:51.0301 6892 TabletInputService - ok13:09:51.0516 6892 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll13:09:51.0518 6892 TapiSrv - ok13:09:51.0581 6892 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll13:09:51.0583 6892 TBS - ok13:09:52.0950 6892 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys13:09:52.0958 6892 Tcpip - ok13:09:53.0094 6892 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys13:09:53.0101 6892 TCPIP6 - ok13:09:53.0178 6892 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys13:09:53.0179 6892 tcpipreg - ok13:09:53.0201 6892 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys13:09:53.0201 6892 TDPIPE - ok13:09:53.0242 6892 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys13:09:53.0243 6892 TDTCP - ok13:09:53.0358 6892 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys13:09:53.0359 6892 tdx - ok13:09:53.0425 6892 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys13:09:53.0426 6892 TermDD - ok13:09:53.0917 6892 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll13:09:53.0923 6892 TermService - ok13:09:53.0965 6892 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll13:09:53.0966 6892 Themes - ok13:09:54.0042 6892 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll13:09:54.0043 6892 THREADORDER - ok13:09:54.0190 6892 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll13:09:54.0191 6892 TrkWks - ok13:09:54.0240 6892 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe13:09:54.0241 6892 TrustedInstaller - ok13:09:54.0262 6892 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys13:09:54.0262 6892 tssecsrv - ok13:09:54.0296 6892 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys13:09:54.0296 6892 TsUsbFlt - ok13:09:54.0470 6892 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys13:09:54.0471 6892 tunnel - ok13:09:54.0522 6892 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys13:09:54.0523 6892 uagp35 - ok13:09:54.0864 6892 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys13:09:54.0867 6892 udfs - ok13:09:54.0918 6892 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe13:09:54.0919 6892 UI0Detect - ok13:09:54.0982 6892 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys13:09:54.0982 6892 uliagpkx - ok13:09:55.0090 6892 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys13:09:55.0091 6892 umbus - ok13:09:55.0125 6892 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys13:09:55.0125 6892 UmPass - ok13:09:55.0290 6892 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll13:09:55.0293 6892 UmRdpService - ok13:09:55.0566 6892 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll13:09:55.0568 6892 upnphost - ok13:09:55.0650 6892 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys13:09:55.0650 6892 usbccgp - ok13:09:55.0732 6892 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys13:09:55.0733 6892 usbcir - ok13:09:55.0787 6892 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys13:09:55.0788 6892 usbehci - ok13:09:55.0821 6892 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys13:09:55.0822 6892 usbhub - ok13:09:55.0853 6892 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys13:09:55.0854 6892 usbohci - ok13:09:55.0870 6892 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys13:09:55.0870 6892 usbprint - ok13:09:55.0910 6892 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS13:09:55.0911 6892 USBSTOR - ok13:09:55.0981 6892 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys13:09:55.0982 6892 usbuhci - ok13:09:56.0033 6892 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll13:09:56.0101 6892 UxSms - ok13:09:56.0142 6892 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe13:09:56.0143 6892 VaultSvc - ok13:09:56.0165 6892 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys13:09:56.0166 6892 vdrvroot - ok13:09:56.0579 6892 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe13:09:56.0583 6892 vds - ok13:09:56.0666 6892 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys13:09:56.0667 6892 vga - ok13:09:56.0729 6892 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys13:09:56.0730 6892 VgaSave - ok13:09:56.0917 6892 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys13:09:56.0918 6892 vhdmp - ok13:09:56.0946 6892 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys13:09:56.0948 6892 viaide - ok13:09:57.0087 6892 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys13:09:57.0089 6892 vmbus - ok13:09:57.0119 6892 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys13:09:57.0119 6892 VMBusHID - ok13:09:57.0188 6892 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys13:09:57.0189 6892 volmgr - ok13:09:57.0497 6892 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys13:09:57.0500 6892 volmgrx - ok13:09:57.0729 6892 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys13:09:57.0732 6892 volsnap - ok13:09:57.0885 6892 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys13:09:57.0887 6892 vsmraid - ok13:09:59.0199 6892 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe13:09:59.0207 6892 VSS - ok13:09:59.0247 6892 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys13:09:59.0248 6892 vwifibus - ok13:09:59.0339 6892 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll13:09:59.0373 6892 W32Time - ok13:09:59.0446 6892 W3SVC (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll13:09:59.0449 6892 W3SVC - ok13:09:59.0460 6892 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys13:09:59.0461 6892 WacomPen - ok13:09:59.0489 6892 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys13:09:59.0489 6892 WANARP - ok13:09:59.0500 6892 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys13:09:59.0500 6892 Wanarpv6 - ok13:09:59.0504 6892 WAS (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll13:09:59.0506 6892 WAS - ok13:09:59.0572 6892 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe13:09:59.0577 6892 WatAdminSvc - ok13:09:59.0638 6892 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe13:09:59.0645 6892 wbengine - ok13:09:59.0822 6892 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll13:09:59.0825 6892 WbioSrvc - ok13:10:00.0115 6892 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll13:10:00.0118 6892 wcncsvc - ok13:10:00.0173 6892 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll13:10:00.0174 6892 WcsPlugInService - ok13:10:00.0197 6892 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys13:10:00.0197 6892 Wd - ok13:10:00.0501 6892 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys13:10:00.0506 6892 Wdf01000 - ok13:10:00.0638 6892 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll13:10:00.0658 6892 WdiServiceHost - ok13:10:00.0661 6892 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll13:10:00.0662 6892 WdiSystemHost - ok13:10:00.0844 6892 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll13:10:00.0847 6892 WebClient - ok13:10:01.0022 6892 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll13:10:01.0051 6892 Wecsvc - ok13:10:01.0100 6892 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll13:10:01.0102 6892 wercplsupport - ok13:10:01.0268 6892 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll13:10:01.0270 6892 WerSvc - ok13:10:01.0297 6892 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys13:10:01.0297 6892 WfpLwf - ok13:10:01.0473 6892 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys13:10:01.0474 6892 WimFltr - ok13:10:01.0489 6892 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys13:10:01.0512 6892 WIMMount - ok13:10:01.0583 6892 WinDefend - ok13:10:01.0587 6892 WinHttpAutoProxySvc - ok13:10:01.0897 6892 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll13:10:01.0898 6892 Winmgmt - ok13:10:02.0708 6892 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll13:10:02.0719 6892 WinRM - ok13:10:02.0829 6892 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys13:10:02.0830 6892 WinUsb - ok13:10:02.0929 6892 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll13:10:02.0935 6892 Wlansvc - ok13:10:03.0248 6892 wlidsvc (98f138897ef4246381d197cb81846d62) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE13:10:03.0258 6892 wlidsvc - ok13:10:03.0277 6892 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys13:10:03.0278 6892 WmiAcpi - ok13:10:03.0309 6892 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe13:10:03.0311 6892 wmiApSrv - ok13:10:03.0312 6892 WMPNetworkSvc - ok13:10:03.0353 6892 WMSVC (b5bd872122a2ce82d196abf2d5d8d80a) C:\Windows\system32\inetsrv\wmsvc.exe13:10:03.0353 6892 WMSVC - ok13:10:03.0372 6892 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll13:10:03.0376 6892 WPCSvc - ok13:10:03.0492 6892 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll13:10:03.0494 6892 WPDBusEnum - ok13:10:03.0533 6892 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys13:10:03.0534 6892 ws2ifsl - ok13:10:03.0600 6892 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll13:10:03.0602 6892 wscsvc - ok13:10:03.0605 6892 WSearch - ok13:10:05.0321 6892 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll13:10:05.0331 6892 wuauserv - ok13:10:05.0443 6892 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys13:10:05.0444 6892 WudfPf - ok13:10:05.0574 6892 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys13:10:05.0575 6892 WUDFRd - ok13:10:05.0655 6892 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll13:10:05.0658 6892 wudfsvc - ok13:10:05.0879 6892 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll13:10:05.0882 6892 WwanSvc - ok13:10:05.0933 6892 MBR (0x1B8) (faf3db026c90f586e5993588661e2612) \Device\Harddisk0\DR013:10:05.0967 6892 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected13:10:05.0967 6892 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)13:10:05.0988 6892 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR113:10:05.0993 6892 \Device\Harddisk1\DR1 - ok13:10:05.0995 6892 Boot (0x1200) (f3bae82eca5dd01b891d889120f9108d) \Device\Harddisk0\DR0\Partition013:10:05.0995 6892 \Device\Harddisk0\DR0\Partition0 - ok13:10:06.0041 6892 Boot (0x1200) (4e06d1d7f5ff07592a2270da4b4ae24a) \Device\Harddisk0\DR0\Partition113:10:06.0051 6892 \Device\Harddisk0\DR0\Partition1 - ok13:10:06.0053 6892 Boot (0x1200) (255f0ea6f890cccdfbb00b2201ab3452) \Device\Harddisk1\DR1\Partition013:10:06.0054 6892 \Device\Harddisk1\DR1\Partition0 - ok13:10:06.0055 6892 ============================================================13:10:06.0055 6892 Scan finished13:10:06.0055 6892 ============================================================13:10:06.0062 6840 Detected object count: 113:10:06.0062 6840 Actual detected object count: 113:10:11.0824 6840 \Device\Harddisk0\DR0\# - copied to quarantine13:10:11.0824 6840 \Device\Harddisk0\DR0 - copied to quarantine13:10:11.0853 6840 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine13:10:11.0854 6840 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine13:10:11.0855 6840 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine13:10:11.0899 6840 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine13:10:11.0978 6840 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine13:10:11.0981 6840 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine13:10:11.0981 6840 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine13:10:11.0982 6840 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine13:10:11.0982 6840 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine13:10:11.0983 6840 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine13:10:11.0984 6840 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine13:10:11.0985 6840 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine13:10:12.0034 6840 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot13:10:12.0034 6840 \Device\Harddisk0\DR0 - ok13:10:12.0315 6840 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure Link to post Share on other sites More sharing options...
Maurice Naggar Posted April 26, 2012 ID:546246 Share Posted April 26, 2012 Does this system have a resident antivirus program installed? If so, which one? If not, how long has it been without an antivirus?A rootkit is an extremely serious infection. Do you have a recent disk-image-backup of this system from before the infection?Please download Listparts64Run the tool, click Scan and post the log (Result.txt) it makes. Link to post Share on other sites More sharing options...
ScottWGast Posted April 26, 2012 Author ID:546254 Share Posted April 26, 2012 I have been running MalwareBytes Personal (purchased/registered) for quite some time now.I have Dell Safe Backup running, so I _should_ have a good backup, although I do not know exactly when the virus hit.. Seems that the virus started out just redirecting google, but it's gotten worse over time. At least two weeks, I'd think.Here is Result.txt from Listparts64:ListParts by Farbar Version: 12-03-2012 03Ran by Scottg (administrator) on 26-04-2012 at 14:04:11Windows 7 (X64)Running From: C:\Users\Scottg\DesktopLanguage: 0409************************************************************========================= Memory info ======================Percentage of memory in use: 31%Total physical RAM: 12278.89 MBAvailable physical RAM: 8391.95 MBTotal Pagefile: 24555.98 MBAvailable Pagefile: 20161.52 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.88 MB======================= Partitions =========================1 Drive c: (OS) (Fixed) (Total:920.58 GB) (Free:814.21 GB) NTFS3 Drive e: (SDMINI) (Fixed) (Total:465.65 GB) (Free:371.4 GB) FAT324 Drive s: (OS) (Network) (Total:920.58 GB) (Free:814.21 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 931 GB 0 B Disk 1 Online 465 GB 1024 KB Partitions of Disk 0:=============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 39 MB 31 KB Partition 2 Primary 10 GB 40 MB Partition 3 Primary 920 GB 10 GB======================================================================================================Disk: 0Partition 1Type : DEHidden: YesActive: NoThere is no volume associated with this partition.======================================================================================================Disk: 0Partition 2Type : 07Hidden: NoActive: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 1 RECOVERY NTFS Partition 10 GB Healthy System (partition with boot components) ======================================================================================================Disk: 0Partition 3Type : 07Hidden: NoActive: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 2 C OS NTFS Partition 920 GB Healthy Boot ======================================================================================================Partitions of Disk 1:=============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 465 GB 31 KB======================================================================================================Disk: 1Partition 1Type : 0CHidden: NoActive: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 3 E SDMINI FAT32 Partition 465 GB Healthy ======================================================================================================****** End Of Log ****** Link to post Share on other sites More sharing options...
Maurice Naggar Posted April 26, 2012 ID:546322 Share Posted April 26, 2012 Did this Dell come with an Antivirus program? (McAffee or Norton/Symantec, or other )?MBAM is an anti-malware program. It does not have an antivirus component. You must have an antivirus app.If this system does not have an antivirus and IF cost is an issue, get one (and only one) of these free anti-virus programs. Save the setup program to your Desktop. Do not run the setup program just yet.Avira Free for home use http://www.avira.com...-free-antivirusMS Security Essentials http://windows.micro...rity-essentialsAvast http://www.avast.com...ivirus-downloadNow then, run the Setup program for your new anti-virus program.Bring up your new AV and do an UPDATE run to insure the new program is all up-to-date.Run a full scan of your system and save the log.Step 2Save and close any work documents, close any apps that you started.Start your MBAM MalwareBytes' Anti-Malware.Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.Next, Click the Update tab. Press the "Check for Updates" button.If prompted for a Restart, do that.When done, click the Scanner tab.Do a FULL Scan.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Step 3Reply with results from the antivirus scan, and copy of the MBAM scan log. Link to post Share on other sites More sharing options...
ScottWGast Posted April 26, 2012 Author ID:546348 Share Posted April 26, 2012 All I have installed is MalwareBytes... I thought that it was full protection, so I uninstalled Norton right after I purchased the machine over a year ago.My bad I have downloaded and installed Avast and when I attempt a Full Scan, I get a typical Windows Blue Screen of Death: BAD_POOL_CALL. Should I uninstall and try a different anti-virus program?Also, all during this process, Malwarebytes has continued to block outgoing ports from svchost.exe and now it's blocking outgoing port 50046, Process avastsvc.exe and Avast is now popping up with blocked web urls too. Link to post Share on other sites More sharing options...
Maurice Naggar Posted April 26, 2012 ID:546402 Share Posted April 26, 2012 (edited) De-Install Avast. Then immediately Logoff & Restart.Get the MS Security Essentials, setup. Don't do a scan yet. Exit MSE.Next, setup Trust Exclusions in both MBAM and MSE as shown in section I at http://forums.malwarebytes.org/index.php?act=findpost&pid=181018Then, Start MSE and do a Full scan.As to MBAM, for the time being, do a Quick scan.Reply with logs from MSE & MBAM scan log Edited April 26, 2012 by Maurice Naggar Link to post Share on other sites More sharing options...
Maurice Naggar Posted April 30, 2012 ID:547459 Share Posted April 30, 2012 Are you still around? Kindly provide a status update and logs. Link to post Share on other sites More sharing options...
ScottWGast Posted May 1, 2012 Author ID:547833 Share Posted May 1, 2012 I apologize for missing you this weekend, I was at a wedding.I am running MS Security Essentials now and will post the log shortly.Scott Link to post Share on other sites More sharing options...
ScottWGast Posted May 1, 2012 Author ID:547912 Share Posted May 1, 2012 I have completed the full scan with MSE, but was unable to locate the log file. Do you know where the file is created? I am running the MBAM quick scan now. Link to post Share on other sites More sharing options...
ScottWGast Posted May 1, 2012 Author ID:547921 Share Posted May 1, 2012 Here is the MBAM log file. (I'm still looking for the MSE log file).Malwarebytes Anti-Malware (PRO) 1.61.0.1400www.malwarebytes.orgDatabase version: v2012.04.30.08Windows 7 Service Pack 1 x64 NTFSInternet Explorer 8.0.7601.17514Scottg :: DEV [administrator]Protection: Enabled05/01/2012 12:41:47 PMmbam-log-2012-05-01 (12-43-45).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 247772Time elapsed: 1 minute(s), 42 second(s)Memory Processes Detected: 1C:\Windows\svchost.exe (Trojan.Agent) -> 3784 -> No action taken.Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 2HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.Folders Detected: 0(No malicious items detected)Files Detected: 1C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.(end) Link to post Share on other sites More sharing options...
ScottWGast Posted May 1, 2012 Author ID:547929 Share Posted May 1, 2012 Maurice,The MSE application scanned and found a virus and directed me to download and use Defender offline, so I downloaded it to a USB flash drive and booted from that drive. It _looks_ like it successfully removed the virus from my computer!But, it looks like the virus has left most of my folders "empty". I'm pretty sure that the files are still there, they may just be marked as "hidden". Do you have any suggestions on how to make the files and folders reappear?Thank you so much for your excellent help so far!Scott Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 1, 2012 ID:547930 Share Posted May 1, 2012 WHY did you not have MBAM either quarantine or remove the 3 things it tagged?? One of them is a trojan.Please repeat the MBAM scan. Have it removed all that it finds. Then post the new MBAM scan log. Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 1, 2012 ID:547931 Share Posted May 1, 2012 Maurice,The MSE application scanned and found a virus and directed me to download and use Defender offline, so I downloaded it to a USB flash drive and booted from that drive. It _looks_ like it successfully removed the virus from my computer!But, it looks like the virus has left most of my folders "empty". I'm pretty sure that the files are still there, they may just be marked as "hidden".Do you have any suggestions on how to make the files and folders reappear?Thank you so much for your excellent help so far!ScottHold on and I'll assist on that. We can likley find hidden items. Please 1st do that new MBAM scan Link to post Share on other sites More sharing options...
ScottWGast Posted May 1, 2012 Author ID:547938 Share Posted May 1, 2012 Maurice,Actually, I did have MBAM quarantine the virus and reboot, but when the computer came back up, MalwareBytes continued to block outgoing ports from svchost.exe. At that point, I restarted the computer and booted from the USB drive with Defender.Here are the results from MBAM Quick scan after Defender completed:Malwarebytes Anti-Malware (PRO) 1.61.0.1400www.malwarebytes.orgDatabase version: v2012.05.01.10Windows 7 Service Pack 1 x64 NTFSInternet Explorer 8.0.7601.17514Scottg :: DEV [administrator]Protection: Enabled05/01/2012 1:26:12 PMmbam-log-2012-05-01 (13-26-12).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 247564Time elapsed: 1 minute(s), 7 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 1C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.(end)After I restarted the computer following the above scan, I scanned again using MBAM Quick Scan and here are the results:Malwarebytes Anti-Malware (PRO) 1.61.0.1400www.malwarebytes.orgDatabase version: v2012.05.01.10Windows 7 Service Pack 1 x64 NTFSInternet Explorer 8.0.7601.17514Scottg :: DEV [administrator]Protection: Enabled05/01/2012 1:30:52 PMmbam-log-2012-05-01 (13-30-52).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 247653Time elapsed: 3 minute(s), 20 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
ScottWGast Posted May 1, 2012 Author ID:547939 Share Posted May 1, 2012 I reviewed the MBAM log above and am at a loss as to why is says that I didn't have them quarantine and/or delete the virus files. Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 1, 2012 ID:547944 Share Posted May 1, 2012 The last run of MBAM did not detect anything. Knock wood__ let's hope that means that that trojan is fully gone.I need a fresh new log for review.Please close any of your open windows/programs and exit; saving any open work you have.Go slow and careful. This is a Custom scan. Have infinite patience while it runs.Temporarily turn OFF your antivirus program so that it does not interfere. Leave the firewall onFor a how-to-reference, see this How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsI'd like to have you do a special run of OTL to generate some searches & a new log-report.Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe Please double-click OTL.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):*****************************************************************netsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%ALLUSERSPROFILE%\Application Data\*.%ALLUSERSPROFILE%\Application Data\*.exe /s%ALLUSERSPROFILE%\Application Data\*.dll /s%APPDATA%\*.%APPDATA%\*.exe /s%SYSTEMDRIVE%\*.exec:|Fun4IM;true;true;true; /FPc:|Bandoo;true;true;true; /FPc:|Searchn;true;true;true; /FPc:|Searchq;true;true;true; /FPc:|datamngr;true;true;true; /FPc:|iLivid;true;true;true; /FPc:|whitesmoke;true;true;true; /FP%USERPROFILE%\..|smtmp;true;true;true /FP %systemroot%\*. /mp /sCLEARALLRESTOREPOINTS*****************************************************************Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste. Close any browser(s) windows that may be open.Using your mouse, click on Run Scan.The scan won't take long. Have inifinite patience. OTL may appear to stall but it will finish.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please Copy and Paste the OTL log(s) . Do not enclose in Code or Quote. Link to post Share on other sites More sharing options...
ScottWGast Posted May 1, 2012 Author ID:547957 Share Posted May 1, 2012 OTL logfile created on: 05/01/2012 2:57:20 PM - Run 1OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Scottg\Desktop64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 8.0.7601.17514)Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy11.99 Gb Total Physical Memory | 9.65 Gb Available Physical Memory | 80.51% Memory free23.98 Gb Paging File | 21.28 Gb Available in Paging File | 88.74% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 920.58 Gb Total Space | 812.98 Gb Free Space | 88.31% Space Free | Partition Type: NTFSDrive E: | 465.65 Gb Total Space | 350.20 Gb Free Space | 75.21% Space Free | Partition Type: FAT32Drive S: | 920.58 Gb Total Space | 812.98 Gb Free Space | 88.31% Space Free | Partition Type: NTFSComputer Name: DEV | User Name: Scottg | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current user | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - File not found --PRC - [2012/05/01 14:54:01 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Scottg\Desktop\OTL.exePRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exePRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exePRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exePRC - [2011/09/06 12:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exePRC - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exePRC - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exePRC - [2011/08/01 12:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exePRC - [2010/04/26 21:10:16 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exePRC - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exePRC - [2010/03/03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exePRC - [2009/07/06 15:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exePRC - [2009/06/09 09:11:14 | 000,155,648 | -H-- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe========== Modules (No Company Name) ==========MOD - [2012/04/11 03:22:17 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\43e23da6683962ea1168aaf007bbc35d\PresentationFramework.ni.dllMOD - [2012/04/11 03:22:05 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dllMOD - [2012/04/11 03:22:00 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dllMOD - [2012/04/11 03:21:57 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\74d980e52c1791f1b8608d767a393144\PresentationCore.ni.dllMOD - [2012/02/15 04:28:41 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f01c5c76d0a19516a37b7bd191a02cda\System.Core.ni.dllMOD - [2012/02/15 04:27:43 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\5be773440afa1e1f565f9021d8fd9730\IAStorUtil.ni.dllMOD - [2012/02/15 04:24:13 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dllMOD - [2012/02/15 04:24:02 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dllMOD - [2012/02/15 04:23:28 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dllMOD - [2012/02/15 04:23:24 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dllMOD - [2012/02/15 04:23:20 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dllMOD - [2012/02/15 04:23:19 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dllMOD - [2011/10/14 03:27:09 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dllMOD - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe========== Win32 Services (SafeList) ==========SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)SRV:64bit: - [2011/12/30 07:39:40 | 004,889,032 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)SRV:64bit: - [2011/01/26 06:38:11 | 000,350,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\ftpsvc.dll -- (ftpsvc)SRV:64bit: - [2010/08/19 17:43:23 | 000,386,344 | -H-- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64) Cyberlink RichVideo64 Service(CRVS)SRV:64bit: - [2010/05/17 16:03:54 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)SRV:64bit: - [2009/07/13 20:39:56 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\WMSvc.exe -- (WMSVC)SRV:64bit: - [2009/06/09 09:11:14 | 000,155,648 | -H-- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)SRV - [2012/04/17 14:38:06 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)SRV - [2011/03/21 13:28:55 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)SRV - [2010/11/20 07:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)SRV - [2010/11/10 19:53:42 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)SRV - [2010/04/26 19:10:14 | 000,232,944 | ---- | M] (CyberLink) [Auto | Stopped] -- c:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)SRV - [2009/06/26 12:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe -- (RoxMediaDB10)SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)========== Driver Services (SafeList) ==========DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2011/11/22 14:14:54 | 000,139,592 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)DRV:64bit: - [2011/11/22 14:14:54 | 000,078,208 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)DRV:64bit: - [2011/09/28 15:31:30 | 000,321,536 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (Hardlock)DRV:64bit: - [2011/09/08 08:23:30 | 000,057,088 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\akshhl.sys -- (akshhl)DRV:64bit: - [2011/08/09 07:11:50 | 000,021,120 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb)DRV:64bit: - [2011/04/13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)DRV:64bit: - [2011/04/13 15:04:38 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)DRV:64bit: - [2011/04/12 13:01:38 | 000,052,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2011/02/09 09:36:00 | 000,053,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\akshasp.sys -- (akshasp)DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2010/07/30 18:36:38 | 000,025,072 | -H-- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Running] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)DRV:64bit: - [2010/05/17 16:35:30 | 006,853,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)DRV:64bit: - [2010/05/17 15:30:28 | 000,263,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)DRV:64bit: - [2010/04/08 02:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)DRV:64bit: - [2010/03/12 14:23:16 | 000,242,720 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)DRV:64bit: - [2010/03/03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)DRV:64bit: - [2009/11/27 20:45:06 | 000,295,424 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)DRV:64bit: - [2009/07/09 05:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)DRV - [2009/06/26 11:27:28 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}IE:64bit: - HKLM\..\SearchScopes\{42A2E03E-203C-4B53-A1B0-58B2385638F1}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBoxIE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}IE - HKLM\..\SearchScopes\{3DA618C0-3DD1-49D1-BE9B-EA0B15F1EB09}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBoxIE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_enIE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29FF - prefs.js..network.proxy.type: 0FF - user.js - File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll File not foundFF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/30 11:14:40 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/25 18:26:10 | 000,000,000 | ---D | M][2010/12/16 18:25:11 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Scottg\AppData\Roaming\Mozilla\Extensions[2012/04/20 12:49:05 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Scottg\AppData\Roaming\Mozilla\Firefox\Profiles\qw1aw24t.default\extensions[2012/03/30 11:14:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions[2012/03/12 23:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll[2012/03/12 23:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml[2012/03/12 23:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xmlO1 HOSTS File: ([2012/04/26 12:06:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.)O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)O4 - HKLM..\Run: [bDRegion] c:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)O4 - HKLM..\Run: [PDVD9LanguageShortcut] c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)O4 - HKLM..\Run: [RemoteControl9] c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)O4 - HKLM..\Run: [startCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)O4 - HKLM..\Run: [updReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)O4 - Startup: C:\Users\Scottg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not foundO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdminShOrigSetting = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUserShOrigSetting = 3O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktopShOrigSetting = 0O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.70.128.240 207.70.172.240O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EDFE8E86-B437-443B-AE84-E6F40B9D476F}: DhcpNameServer = 207.70.128.240 207.70.172.240O18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Filter\application/x-mfe-ipt - No CLSID value foundO18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value foundO20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\615\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)O32 - HKLM CDRom: AutoRun - 1O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)SafeBootMin:64bit: Base - Driver GroupSafeBootMin:64bit: Boot Bus Extender - Driver GroupSafeBootMin:64bit: Boot file system - Driver GroupSafeBootMin:64bit: File system - Driver GroupSafeBootMin:64bit: Filter - Driver GroupSafeBootMin:64bit: HelpSvc - ServiceSafeBootMin:64bit: MCODS -SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)SafeBootMin:64bit: PCI Configuration - Driver GroupSafeBootMin:64bit: PNP Filter - Driver GroupSafeBootMin:64bit: Primary disk - Driver GroupSafeBootMin:64bit: sacsvr - ServiceSafeBootMin:64bit: SCSI Class - Driver GroupSafeBootMin:64bit: System Bus Extender - Driver GroupSafeBootMin:64bit: vmms - ServiceSafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllersSafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM DriveSafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDriveSafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controllerSafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - HdcSafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - KeyboardSafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - MouseSafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA AdaptersSafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapterSafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - SystemSafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk driveSafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copySafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllersSafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - VolumeSafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface DevicesSafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 DevicesSafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevicesSafeBootMin: Base - Driver GroupSafeBootMin: Boot Bus Extender - Driver GroupSafeBootMin: Boot file system - Driver GroupSafeBootMin: File system - Driver GroupSafeBootMin: Filter - Driver GroupSafeBootMin: HelpSvc - ServiceSafeBootMin: MCODS -SafeBootMin: PCI Configuration - Driver GroupSafeBootMin: PNP Filter - Driver GroupSafeBootMin: Primary disk - Driver GroupSafeBootMin: sacsvr - ServiceSafeBootMin: SCSI Class - Driver GroupSafeBootMin: System Bus Extender - Driver GroupSafeBootMin: vmms - ServiceSafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllersSafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM DriveSafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDriveSafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controllerSafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - HdcSafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - KeyboardSafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - MouseSafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA AdaptersSafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapterSafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - SystemSafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk driveSafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copySafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllersSafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - VolumeSafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface DevicesSafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 DevicesSafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevicesSafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)SafeBootNet:64bit: Base - Driver GroupSafeBootNet:64bit: Boot Bus Extender - Driver GroupSafeBootNet:64bit: Boot file system - Driver GroupSafeBootNet:64bit: File system - Driver GroupSafeBootNet:64bit: Filter - Driver GroupSafeBootNet:64bit: HelpSvc - ServiceSafeBootNet:64bit: Messenger - ServiceSafeBootNet:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)SafeBootNet:64bit: NDIS Wrapper - Driver GroupSafeBootNet:64bit: NetBIOSGroup - Driver GroupSafeBootNet:64bit: NetDDEGroup - Driver GroupSafeBootNet:64bit: Network - Driver GroupSafeBootNet:64bit: NetworkProvider - Driver GroupSafeBootNet:64bit: PCI Configuration - Driver GroupSafeBootNet:64bit: PNP Filter - Driver GroupSafeBootNet:64bit: PNP_TDI - Driver GroupSafeBootNet:64bit: Primary disk - Driver GroupSafeBootNet:64bit: rdsessmgr - ServiceSafeBootNet:64bit: sacsvr - ServiceSafeBootNet:64bit: SCSI Class - Driver GroupSafeBootNet:64bit: Streams Drivers - Driver GroupSafeBootNet:64bit: System Bus Extender - Driver GroupSafeBootNet:64bit: TDI - Driver GroupSafeBootNet:64bit: vmms - ServiceSafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)SafeBootNet:64bit: WudfUsbccidDriver - DriverSafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllersSafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM DriveSafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDriveSafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controllerSafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - HdcSafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - KeyboardSafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - MouseSafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - NetSafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClientSafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetServiceSafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTransSafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA AdaptersSafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapterSafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - SystemSafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk driveSafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readersSafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copySafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllersSafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - VolumeSafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface DevicesSafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 DevicesSafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevicesSafeBootNet: Base - Driver GroupSafeBootNet: Boot Bus Extender - Driver GroupSafeBootNet: Boot file system - Driver GroupSafeBootNet: File system - Driver GroupSafeBootNet: Filter - Driver GroupSafeBootNet: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)SafeBootNet: HelpSvc - ServiceSafeBootNet: Messenger - ServiceSafeBootNet: NDIS Wrapper - Driver GroupSafeBootNet: NetBIOSGroup - Driver GroupSafeBootNet: NetDDEGroup - Driver GroupSafeBootNet: Network - Driver GroupSafeBootNet: NetworkProvider - Driver GroupSafeBootNet: PCI Configuration - Driver GroupSafeBootNet: PNP Filter - Driver GroupSafeBootNet: PNP_TDI - Driver GroupSafeBootNet: Primary disk - Driver GroupSafeBootNet: rdsessmgr - ServiceSafeBootNet: sacsvr - ServiceSafeBootNet: SCSI Class - Driver GroupSafeBootNet: Streams Drivers - Driver GroupSafeBootNet: System Bus Extender - Driver GroupSafeBootNet: TDI - Driver GroupSafeBootNet: vmms - ServiceSafeBootNet: WudfUsbccidDriver - DriverSafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllersSafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM DriveSafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDriveSafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controllerSafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - HdcSafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - KeyboardSafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - MouseSafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - NetSafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClientSafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetServiceSafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTransSafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA AdaptersSafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapterSafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - SystemSafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk driveSafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readersSafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copySafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllersSafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - VolumeSafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface DevicesSafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 DevicesSafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices... continued on next post. Link to post Share on other sites More sharing options...
ScottWGast Posted May 1, 2012 Author ID:547958 Share Posted May 1, 2012 ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dllActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing PackActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOEActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawExActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer HelpActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup ToolsActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing EnhancementsActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media PlayerActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site AccessActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dllActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettingsActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,InstallActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data BindingActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core FontsActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML HelpActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service InterfaceActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET FrameworkActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET FrameworkActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMPActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfigActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUPActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)ActiveX: {16822C7D-95D3-CCA9-D232-D84E902DB533} - Java (Sun)ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0ActiveX: {23036C23-ECDE-47F5-A908-BEC94EE0456F} - Security Update for Microsoft Visual Studio 2005 Premier Partner Edition - ENU (KB2251481)ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dllActiveX: {3355B5B7-9EEB-5370-2923-B930E55AAB2A} - Browser CustomizationsActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing PackActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOEActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawExActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer HelpActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup ToolsActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing EnhancementsActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media PlayerActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site AccessActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET FrameworkActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dllActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettingsActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,InstallActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data BindingActiveX: {9AD2FB23-AC50-435C-8ABC-8119D29CF0C1} - Update for Microsoft Visual Studio 2005 Premier Partner Edition - ENU (KB932232)ActiveX: {C1E97EED-808B-F95A-7B38-81ED4BD59733} - Java (Sun)ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core FontsActiveX: {D93F9C7C-AB57-44C8-BAD6-1494674BCAF7} - Microsoft Visual Studio 2005 Premier Partner Edition - ENU Service Pack 1 (KB926601)ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML HelpActiveX: {E8F0011F-2C69-020A-0598-2048FA4420FF} - Java (Sun)ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service InterfaceActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET FrameworkActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMPActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfigActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUPDrivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)CLEARALLRESTOREPOINTSRestore point Set: OTL Restore Point========== Files/Folders - Created Within 30 Days ==========[2012/05/01 15:49:51 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware[2012/05/01 14:55:43 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Scottg\Desktop\OTL.exe[2012/05/01 13:29:51 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5[2012/05/01 08:55:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client[2012/05/01 08:55:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client[2012/04/26 17:38:42 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe[2012/04/26 17:38:12 | 000,000,000 | -H-D | C] -- C:\Program Files\AVAST Software[2012/04/26 17:38:12 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software[2012/04/26 13:06:16 | 004,731,392 | -H-- | C] (AVAST Software) -- C:\Users\Scottg\Desktop\aswMBR.exe[2012/04/26 12:57:30 | 000,000,000 | -H-D | C] -- C:\Program Files\trend micro[2012/04/26 12:57:30 | 000,000,000 | ---D | C] -- C:\rsit[2012/04/26 12:53:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT[2012/04/26 12:53:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT[2012/04/26 12:07:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN[2012/04/26 11:41:46 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine[2012/04/26 11:41:01 | 002,074,160 | -H-- | C] (Kaspersky Lab ZAO) -- C:\Users\Scottg\Desktop\TDSSKiller.exe[2012/04/25 19:02:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe[2012/04/25 19:02:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe[2012/04/25 19:02:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe[2012/04/25 19:02:45 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT[2012/04/25 19:02:43 | 000,000,000 | ---D | C] -- C:\Qoobox[2012/04/25 13:23:30 | 000,000,000 | -H-D | C] -- C:\Users\Scottg\AppData\Local\NPE[2012/04/25 13:23:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton[2012/04/25 12:51:55 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SSLBuddy[2012/04/24 11:55:30 | 000,000,000 | ---D | C] -- C:\Windows\system64[2012/04/19 12:54:34 | 000,000,000 | -H-D | C] -- C:\Users\Scottg\AppData\Roaming\Windows Live Writer[2012/04/19 12:54:34 | 000,000,000 | -H-D | C] -- C:\Users\Scottg\Documents\My Weblog Posts[2012/04/19 12:54:33 | 000,000,000 | -H-D | C] -- C:\Users\Scottg\AppData\Local\Windows Live Writer[2012/04/19 04:26:27 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenSSL[2012/04/19 04:26:22 | 000,000,000 | ---D | C] -- C:\OpenSSL-Win32[2012/04/18 17:20:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SSLBuddy[2012/04/17 14:38:04 | 008,741,536 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe[2012/04/17 13:57:28 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe[2012/04/14 14:26:57 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information[2012/04/14 14:26:57 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ[2012/04/14 14:26:57 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX700 series[2012/04/14 14:26:54 | 000,258,560 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMLM95.DLL[2012/04/14 14:26:51 | 001,439,744 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNC700C.DLL[2012/04/14 14:26:51 | 000,247,296 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNC700L.DLL[2012/04/14 14:26:51 | 000,229,888 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNC700O.DLL[2012/04/14 14:26:51 | 000,092,672 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNC700I.DLL[2012/04/14 14:26:50 | 000,183,296 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCF2Le.DLL[2012/04/14 14:26:50 | 000,143,360 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFMSe.EXE[2012/04/14 14:26:50 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLeUS.DLL[2012/04/14 14:26:50 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNCFLeJP.DLL[2012/04/14 14:26:47 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ[2012/04/13 17:30:23 | 000,198,088 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysWow64\hlvdd.dll[2012/04/13 17:30:16 | 004,889,032 | ---- | C] (SafeNet Inc.) -- C:\Windows\SysNative\aksllmtp.exe[2012/04/13 17:30:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard[2012/04/13 17:29:47 | 000,000,000 | -H-D | C] -- C:\Users\Scottg\Desktop\Sentinel_LDK_Run-time_setup[2012/04/13 17:17:11 | 004,889,032 | ---- | C] (SafeNet Inc.) -- C:\Windows\SysNative\hasplms.exe[2012/04/13 17:17:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Aladdin Shared[2012/04/13 16:58:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Chief Architect Inc[2012/04/13 16:58:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Better Homes and Gardens[2012/04/13 14:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Cadsoft[2012/04/13 14:24:29 | 000,000,000 | -H-D | C] -- C:\Users\Scottg\Documents\HGTV Ultimate Home Design with Landscaping & Decks[2012/04/13 14:24:10 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nova Development[2012/04/13 14:22:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Nova Development[2012/04/13 14:22:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nova Development[2012/04/11 09:58:40 | 000,000,000 | -H-D | C] -- C:\Users\Scottg\AppData\Roaming\Malwarebytes[2012/04/11 09:58:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware[2012/04/11 09:58:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes[2012/04/11 09:58:35 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys[2012/04/11 09:58:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware[2012/04/11 03:00:29 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll[2012/04/11 03:00:29 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys[2012/04/11 03:00:28 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll[2012/04/11 00:52:33 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll[2012/04/11 00:52:33 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll[2012/04/11 00:52:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll[2012/04/11 00:52:33 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll[2012/04/11 00:52:33 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll[2012/04/11 00:52:33 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll[2012/04/11 00:52:33 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll========== Files - Modified Within 30 Days ==========[2012/05/01 14:54:01 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Scottg\Desktop\OTL.exe[2012/05/01 14:38:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2012/05/01 14:16:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2012/05/01 14:01:16 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job[2012/05/01 13:37:28 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2012/05/01 13:37:28 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2012/05/01 13:30:08 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2012/05/01 13:28:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2012/05/01 13:28:37 | 1066,577,918 | -HS- | M] () -- C:\hiberfil.sys[2012/05/01 13:04:26 | 001,010,478 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2012/05/01 13:04:26 | 000,826,314 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2012/05/01 13:04:26 | 000,179,886 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2012/05/01 08:59:33 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif[2012/05/01 08:55:56 | 001,024,136 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI[2012/05/01 07:58:07 | 622,730,436 | ---- | M] () -- C:\Windows\MEMORY.DMP[2012/04/26 21:55:42 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt[2012/04/26 15:37:34 | 000,002,052 | -H-- | M] () -- C:\Users\Scottg\Documents\Default.rdp[2012/04/26 12:53:45 | 000,000,930 | -H-- | M] () -- C:\Users\Scottg\Desktop\NTREGOPT.lnk[2012/04/26 12:53:45 | 000,000,911 | -H-- | M] () -- C:\Users\Scottg\Desktop\ERUNT.lnk[2012/04/26 12:06:42 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts[2012/04/26 11:02:09 | 000,801,997 | -H-- | M] () -- C:\Users\Scottg\Desktop\ListParts64.exe[2012/04/26 10:05:56 | 004,731,392 | -H-- | M] (AVAST Software) -- C:\Users\Scottg\Desktop\aswMBR.exe[2012/04/26 10:02:07 | 000,879,714 | -H-- | M] () -- C:\Users\Scottg\Desktop\SecurityCheck.exe[2012/04/26 09:56:46 | 000,935,175 | -H-- | M] () -- C:\Users\Scottg\Desktop\RSITx64.exe[2012/04/24 18:45:52 | 002,074,160 | -H-- | M] (Kaspersky Lab ZAO) -- C:\Users\Scottg\Desktop\TDSSKiller.exe[2012/04/19 05:37:55 | 000,001,024 | ---- | M] () -- C:\.rnd[2012/04/17 14:38:06 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe[2012/04/17 14:38:06 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl[2012/04/17 14:38:04 | 008,741,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe[2012/04/14 14:16:01 | 016,692,552 | -H-- | M] () -- C:\Users\Scottg\Desktop\mx700swin64101ej.exe[2012/04/13 17:29:43 | 015,102,493 | -H-- | M] () -- C:\Users\Scottg\Desktop\Sentinel_LDK_Run-time_setup.zip[2012/04/13 14:24:10 | 000,002,587 | -H-- | M] () -- C:\Users\Scottg\Application Data\Microsoft\Internet Explorer\Quick Launch\HGTV Ultimate Home Design.lnk[2012/04/11 03:02:07 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI[2012/04/09 14:00:00 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys========== Files Created - No Company Name ==========[2012/05/01 08:59:33 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif[2012/05/01 08:55:58 | 000,001,917 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk[2012/04/26 17:38:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt[2012/04/26 14:03:51 | 000,801,997 | -H-- | C] () -- C:\Users\Scottg\Desktop\ListParts64.exe[2012/04/26 13:02:24 | 000,879,714 | -H-- | C] () -- C:\Users\Scottg\Desktop\SecurityCheck.exe[2012/04/26 12:57:07 | 000,935,175 | -H-- | C] () -- C:\Users\Scottg\Desktop\RSITx64.exe[2012/04/26 12:53:45 | 000,000,930 | -H-- | C] () -- C:\Users\Scottg\Desktop\NTREGOPT.lnk[2012/04/26 12:53:45 | 000,000,911 | -H-- | C] () -- C:\Users\Scottg\Desktop\ERUNT.lnk[2012/04/25 19:02:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe[2012/04/25 19:02:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe[2012/04/25 19:02:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe[2012/04/25 19:02:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe[2012/04/25 19:02:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe[2012/04/19 04:33:30 | 000,001,024 | ---- | C] () -- C:\.rnd[2012/04/17 13:57:35 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2012/04/14 14:15:54 | 016,692,552 | -H-- | C] () -- C:\Users\Scottg\Desktop\mx700swin64101ej.exe[2012/04/13 17:29:43 | 015,102,493 | -H-- | C] () -- C:\Users\Scottg\Desktop\Sentinel_LDK_Run-time_setup.zip[2012/04/13 14:24:10 | 000,002,587 | -H-- | C] () -- C:\Users\Scottg\Application Data\Microsoft\Internet Explorer\Quick Launch\HGTV Ultimate Home Design.lnk[2012/04/11 03:02:07 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI[2012/03/28 16:27:57 | 000,100,352 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll[2012/02/24 13:17:56 | 001,024,136 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI[2012/02/23 17:55:00 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\BDSSR160.dll[2012/02/23 17:55:00 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\BDSSR.dll[2011/03/12 14:39:32 | 000,000,017 | -H-- | C] () -- C:\Users\Scottg\AppData\Local\resmon.resmoncfg[2010/11/18 12:42:46 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI[2010/11/10 21:30:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin[2010/11/10 21:08:17 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat[2010/11/10 19:54:20 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini[2010/11/10 19:54:20 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini[2010/11/10 19:54:20 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini[2010/11/10 19:54:17 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL[2010/11/10 19:54:17 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL========== Custom Scans ==========< %ALLUSERSPROFILE%\Application Data\*. >< %ALLUSERSPROFILE%\Application Data\*.exe /s >< %ALLUSERSPROFILE%\Application Data\*.dll /s >< %APPDATA%\*. >[2012/04/25 18:18:22 | 000,000,000 | -H-D | M] -- C:\Users\Scottg\AppData\Roaming\Adobe[2011/11/07 20:57:35 | 000,000,000 | -H-D | M] -- C:\Users\Scottg\AppData\Roaming\Apple Computer[2010/11/13 19:38:41 | 000,000,000 | -H-D | M] -- C:\Users\Scottg\AppData\Roaming\ATI[2012/04/25 18:26:15 | 000,000,000 | -H-D | M] -- C:\Users\Scottg\AppData\Roaming\CodeGear[2012/04/25 18:18:22 | 000,000,000 | -H-D | M] -- C:\Users\Scottg\AppData\Roaming\CyberLink[2010/11/13 19:39:03 | 000,000,000 | -H-D | M] -- C:\Users\Scottg\AppData\Roaming\Dell[2012/04/25 18:26:15 | 000,000,000 | -H-D | M] -- C:\Users\Scottg\AppData\Roaming\DevJET[2012/04/25 18:18:22 | 000,000,000 | -H-D | M] -- C:\Users\Scottg\AppData\Roaming\Embarcadero[2012/04/25 18:18:23 | 000,000,000 | -H-D | M] -- C:\Users\Scottg\AppData\Roaming\Forte[2010/11/15 12:32:40 | 000,000,000 | -H-D | M] -- C:\Users\Scottg\AppData\Roaming\Google[2010/11/13 19:38:11 | 000,000,000 | -H-D | M] -- C:\Users\Scottg\AppData\Roaming\Identities[2010/11/13 19:38:40 | 000,000,000 | -H-D | M] -- C:\Users\Scottg\AppData\Roaming\Intel Corporation[2012/04/25 18:26:15 | 000,000,000 | -H-D | M] -- C:\Users\Scottg\AppData\Roaming\IntraWeb XII[2010/11/15 12:53:46 | 000,000,000 | -H-D | M] -- C:\Users\Scottg\AppData\Roaming\Macromedia[2012/04/11 09:58:40 | 000,000,000 | -H-D | M] -- C:\Users\Scottg\AppData\Roaming\Malwarebytes[2009/07/14 02:45:37 | 000,000,000 | -H-D | M] -- C:\Users\Scottg\AppData\Roaming\Media Center Programs[2012/04/25 18:26:15 | 000,000,000 | --SD | M] -- C:\Users\Scottg\AppData\Roaming\Microsoft[2012/04/25 18:18:30 | 000,000,000 | -H-D | M] -- C:\Users\Scottg\AppData\Roaming\Mozilla[2012/04/25 18:18:30 | 000,000,000 | -H-D | M] -- C:\Users\Scottg\AppData\Roaming\PCDr[2011/12/20 23:45:35 | 000,000,000 | -H-D | M] -- C:\Users\Scottg\AppData\Roaming\Roxio[2012/03/27 17:22:35 | 000,000,000 | -H-D | M] -- C:\Users\Scottg\AppData\Roaming\SmartBear[2012/03/28 09:40:31 | 000,000,000 | -H-D | M] -- C:\Users\Scottg\AppData\Roaming\Subversion[2012/03/28 17:06:35 | 000,000,000 | -H-D | M] -- C:\Users\Scottg\AppData\Roaming\tmssoftware[2012/04/19 12:54:34 | 000,000,000 | -H-D | M] -- C:\Users\Scottg\AppData\Roaming\Windows Live Writer< %APPDATA%\*.exe /s >[2012/03/10 02:17:16 | 001,704,448 | -H-- | M] () -- C:\Users\Scottg\AppData\Roaming\IntraWeb XII\LicenseRegistration.exe[2012/03/28 16:27:29 | 000,685,913 | -H-- | M] () -- C:\Users\Scottg\AppData\Roaming\IntraWeb XII\unins000.exe[2011/07/07 17:58:25 | 000,010,134 | -H-- | M] () -- C:\Users\Scottg\AppData\Roaming\Microsoft\Installer\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}\ARPPRODUCTICON.exe[2010/11/24 15:01:17 | 021,327,600 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Binaries\patch_5694_to_5744_02_64_01.exe[2010/11/17 15:05:30 | 021,484,632 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Binaries\patch_5694_21_64_01\patch_5694_21_64_01.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\003d4343-2e6d-43fe-b514-ae898d7b0b2a\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\02bfa23b-8a12-4161-b7e3-a5f7d0e71aa8\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\05e0a59b-44b6-40be-8297-7b9edb2aa039\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\079e5733-1983-4f3f-9ba2-5875e737e565\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\07e6c148-e996-4c1b-82cb-88184f7f9e66\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\08a8cc35-f85c-4289-88d3-017a9a54d5ef\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\09ec38df-4eed-47f1-aa63-8c3ccd49a12c\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\0af347cd-a250-4fbe-b631-ada97234de1c\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\0e3cc111-9930-4f0a-9534-d29e82563c42\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\0edd5871-9a9c-498f-a00f-2f9dbe988818\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\0fe45bbc-09e4-49d3-8723-843c3b24dbf5\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\1067917f-cc00-47ae-a460-604c70d5119b\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\131fd16e-d670-45f4-bd29-f9b2a65858ec\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\152dd2a4-187e-435c-b058-633c15ed518e\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\15493363-bfdb-482a-a413-ba0bf702cdfa\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\17ae5ef7-b628-434b-b99d-37f518f3455b\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\185becd3-7cb9-4540-b7a4-f4c194b2b41d\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\19dc3c42-f42e-4419-9c69-e49dae048ea1\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\1b1df37e-79c1-450f-b2e7-9821702d72c8\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\1c509cf8-ecb2-4a78-8758-8fa8c099c807\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\1cc65c6a-3ecb-4783-9e00-d572b0969bca\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\1edb8b69-103d-4f8b-ac47-ea051e97dbe9\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\1fc7fdd2-40ca-427a-b44a-a8f6045c0a30\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\216b2cb3-d277-4e5b-bf02-24199b6a5940\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\22992cca-cc63-40b3-b53b-45178a63585d\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\22f53140-9d81-4049-a590-b46a3ffc56b5\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\23b567fa-cf22-4bdf-b0e8-4e7eb3c5666c\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\23c45998-5a7b-47cd-9d8e-1ec2d8ae35d9\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\24472dd1-b015-4048-a9cb-534444024fa4\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\24e6f9ba-8c95-4ad3-bb0c-19a3349b81d9\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\25b9d489-715c-41f3-92cd-1690e5b8ae72\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\2b2f03e9-8f2f-45e6-952f-ca3c6fedd48b\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\2c2a2613-9536-4864-b137-8e5d1a4fd42f\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\2d120501-39f3-4075-aaa9-93035fbe7030\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\2d4e5cfa-125a-498b-8ae2-5f94fad7f933\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\2dedd7d9-ad4f-4022-9a0d-aad58cd771bb\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\2eb3a59a-6e3c-44d4-87d6-08f7285f0166\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\35836f43-1dc9-4238-847f-e949feee5833\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\380dbc8e-a8a9-4bda-98ab-26168b95376c\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\38147f2b-676a-4257-ab47-c7a65d846392\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\3c7aec13-018a-4342-b4f8-0ae7b1162742\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\3dbb2a4b-6ce9-445b-a637-774f89bf240d\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\3ef27f8f-0e9d-4490-9d43-bcf1e0024745\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\3fc465be-2fc2-4fe2-8ff5-f83957240359\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\3fe933c1-c77d-4277-857b-04e6dbd6a656\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\40ae0e35-e312-4afd-95c6-c567628a8c16\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\41465014-0c50-4a0b-b7fb-580aecce1d3d\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\434caba1-ad41-42a7-8639-6c15e3c501c7\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\43684a1e-390b-4e4c-b58d-8ced2f376d4d\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\43d4f959-de13-49e8-afb9-01adb2f71d42\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\4461f035-c12a-4172-9e50-81809ee5c9ea\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\4486c3ea-91ec-4970-bc7b-cf83ff399ab4\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\4656bbf2-2ede-42ef-b23b-4014820217d0\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\46a42ddc-641b-460f-91ce-18663eeaf2c8\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\49a77d0f-7946-4d36-8d33-b09c3567add5\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\4b648ec5-b8a6-4364-9b72-c5d26662688a\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\4bf85eef-6d8e-4d70-965c-b5d100478037\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\4d120b54-367e-41f1-9d5f-2751b288340f\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\4d3a00c2-257e-4a5e-9a2a-0736c55f801a\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\4fbbc5fb-dc1c-4243-a131-8e8222000485\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\5130603b-9f32-40e7-a090-29ad4595f0d2\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\549b9aef-8538-4990-b2ac-44e1110127ca\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\5598bdd2-f33c-442c-a047-dac977047610\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\58246c38-51f9-4e36-8f25-abbf6bc18e09\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\58dc435e-51f4-48da-a854-8c5277e74e4e\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\5e4a3c8c-1089-46c8-8fba-dc23ed2fed62\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\5eb3a1c9-3546-459d-b461-6d97756864d4\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\5ee21efa-040f-4ca8-98b0-bb3f222f040b\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\643b11f5-46fe-4fc8-a6b1-ecda5cd89884\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\644a1a1d-3f5b-4e17-b1f8-7908c655ef2b\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\696f74f2-a2b7-40cd-a205-cd88d7f8bb8e\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\6a69ef4b-298a-420c-bb60-259fb8e11232\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\6c12407a-ec50-4ef6-aba4-1552923d14b0\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\71afc34f-8cfb-4d9d-beae-9dd2ce71ec71\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\7336f6ad-89bf-4558-b40a-e243effffee9\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\74044e58-eb6c-4a09-82fa-b6f5704b2b1c\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\7414007b-80ac-4874-967b-22a0fe8e3adf\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\74a0a368-f952-4ccc-ad01-66a3ed046e7b\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\7626cd73-9fe6-4698-ac0c-652ded5ca219\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\777439c5-7186-41f4-b170-9af641d2933d\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\792b089b-d102-4aaa-a15a-0189dd5b5efb\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\831ddfa1-2226-44b9-a143-b39191d08535\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\84e3b819-e7c3-4307-b66b-ef6b6efccdf0\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\86a8ef61-d836-4aef-84fb-ec396a52bd1b\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\8892bba7-67bc-457d-bef8-36c558316629\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\891625b7-18fc-4c28-b514-303c6a460433\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\89c41339-35a1-4f96-b6bc-b20b21789696\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\8ab2e138-5119-4669-b7b0-4ecbde352275\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\8bc29d51-e8f1-4bb7-abaf-8bd778d69fdd\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\8cc48361-8f2f-42b1-9eb7-baf7308a1a86\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\8db1c407-0ecb-4b0a-a4c0-b12ba9f01b69\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\8f3e108e-0329-45be-9529-d051de334475\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\91ea969b-3b8f-436b-b97f-0a7d2b9e4fe7\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\99fb6e9f-5225-4579-9d06-54adf2195c7b\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\9adebf48-a693-4ec4-8f47-a1a2fda1b5ea\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\9b005f7d-a761-4a03-8e59-7c0a5bac9bee\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\9bffb041-1ebe-48a7-9e85-e8644f2bbbbd\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\9c2a538b-7c00-4d67-acd6-86da241a4dbd\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\9d8a8b29-9291-46f5-a10a-fdeb056e690d\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\a2929df2-3367-484b-b26b-15751b889b9b\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\a31f56a2-77a6-4983-861d-55c254fdb1e3\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\a57e210e-1e8b-4d06-9640-0fa6ff715378\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\a755581f-bb17-4e8d-a7e2-6e8995d94a0b\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\a7f6d787-f63e-40e0-813a-ebe879551ae4\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\a80f3c59-883d-4174-8f4f-081fcacaf656\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\a813ff59-2834-46fa-8bdb-55e119cc4e0c\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\a9158a39-ed1a-455d-a92a-82a138d3359b\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\aac21048-eb0a-427d-bf28-4484c5c6db66\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\aba443e0-dce4-45d2-a5c8-b675148bbf48\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\acd6d854-b675-4935-9342-163eaa5abbd6\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\aef60f89-dce9-49d0-a275-91ab8440c870\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\b1a3237a-d248-42a0-922f-34a7dbfc5a3d\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\b3273707-bfff-478f-846b-627abbce4383\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\b7e47bd5-1021-4610-923a-ff78e2263445\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\b9eb1e01-6ee7-4c78-9f53-a8d834892737\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\ba340cf0-9005-4063-82d3-4f7831876808\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\babc9388-c4dc-40b5-87e3-3dd0a5799baa\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\bb464d01-fbc1-4554-a496-0a20d88fe211\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\bfd0eb98-a3a0-426f-8cda-a46c59d2a149\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\c4ea88f8-d4b4-4f22-b9b7-0e986651d7c4\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\c8240926-f83c-4a61-9e29-734ac069dda2\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\c857aaed-d1fc-4143-b2c6-c7830db0b154\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\c9430611-26ba-4efd-a1d1-0e856bd5f67d\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\ccd3da88-150a-431f-a996-2e554fdd11ea\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\cf63e622-03c7-40ae-b8b3-11b34ebf3103\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\d0ddaf00-25b2-4c02-a8d1-7484bbb8f13a\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\d0ddce39-e144-4ccb-919e-ba24f81f96b1\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\d162042e-6188-4d45-abe8-c36430ec1dd7\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\d24a17f7-e6a7-4597-9cfb-5295073f143a\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\d3e97d8d-c5c8-4b42-96a2-236569a5f12d\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\d509769a-74b0-4f17-b7a1-493bd8a14a10\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\d526f16e-277c-4db8-b793-bfd0f435747e\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\d617902e-1e50-451d-9f21-38e2735a3665\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\d6eb9146-7224-4b14-a1b2-6b10ceed0f71\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\d7a6afee-b547-41e1-b72b-8a908087473d\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\d825a9fb-9781-44e8-be6d-0495f235330a\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\d8804195-a255-4548-9c05-5781ce7fab3c\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\d9683d53-6998-4615-97f3-95479fd92920\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\db34cf81-05a9-4505-8372-027de086546f\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\dbddc0f1-4405-4b7e-9080-d351d5fa238e\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\e0381ce6-92b1-4fd9-89a7-357c49d3e2f0\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\e4e34019-8bae-4a9a-80bb-921955293101\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\e6c49e61-55ff-4b13-b18f-ff86d9122c4b\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\e83971b2-6412-42a4-bfa7-d3614197242f\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\e8899d1c-451d-456b-91df-c4802055c779\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\ebf395e6-d418-4205-b935-872f3f0bfd7f\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\ec851b21-de36-47c3-897d-eba8827afb31\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\ef1bfcd7-9730-4a8e-8c4a-4a6479c5385a\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\efc14cdf-5197-478b-896d-a1214b474ffb\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\f00cb8e5-fbef-4622-81f2-9419e5585288\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\f011a0f5-5a43-486b-9e6f-4bb5e45afeda\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\f3775933-b4d2-40a7-aba3-ac90ea91e98b\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\f83bda22-85af-4094-a87d-8796964f256c\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\fe782d8a-d77b-4ce7-94cd-0e8ee16127a5\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\ff8c4b7a-40f0-4b34-b060-8beb464395f7\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\ff8fa098-cc5c-447c-8ea9-404d3f270534\DellSignedAppUpdaterRules\AddCertificate.exe[2010/10/12 14:36:00 | 000,016,976 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\Scottg\AppData\Roaming\PCDr\Update\Rules\ffef2839-dfee-43f5-a235-26c8ee49ce81\DellSignedAppUpdaterRules\AddCertificate.exe< %SYSTEMDRIVE%\*.exe >< c:|Fun4IM;true;true;true; /FP >< c:|Bandoo;true;true;true; /FP >< c:|Searchn;true;true;true; /FP >[2012/04/26 13:23:39 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SWD4KUA8\click.searchnation.net[2012/04/26 13:23:39 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#click.searchnation.net< c:|Searchq;true;true;true; /FP >< c:|datamngr;true;true;true; /FP >< c:|iLivid;true;true;true; /FP >< c:|whitesmoke;true;true;true; /FP >< %USERPROFILE%\..|smtmp;true;true;true /FP >[2012/04/26 20:16:16 | 000,000,000 | -H-D | M] -- C:\Users\Scottg\..\Scottg\AppData\Local\Temp\smtmp[2012/04/26 20:16:16 | 000,000,000 | -H-D | M] -- C:\Users\Scottg\..\Scottg\AppData\Local\Temp\smtmp\1[2012/04/26 20:16:16 | 000,000,000 | -H-D | M] -- C:\Users\Scottg\..\Scottg\AppData\Local\Temp\smtmp\4< %systemroot%\*. /mp /s >< >========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========[C:\Windows\system64] -> \systemroot\system32 -> Mount Point< End of report > Link to post Share on other sites
Recommended Posts