Jump to content
1MegaMan10

Help with rootkit.0access

Recommended Posts

Malwarebytes recently quarantined and i deleted a rootkit.0access, but it had happened before and was quarantined but I didn’t delete it so when it happened a second time I looked at the list and deleted it...is there a way to make sure the system is rid of it?

Share this post


Link to post
Share on other sites

Hello 1MegaMan10 and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In your next reply, post the following log files:

  • TDSSKiller log
  • Malwarebytes' Anti-Malware log
  • OTL log with Extras.txt

Share this post


Link to post
Share on other sites

Ok here are the logs:

TDSS-

09:25:46.0743 2096 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35

09:25:47.0283 2096 ============================================================

09:25:47.0283 2096 Current date / time: 2012/07/10 09:25:47.0283

09:25:47.0283 2096 SystemInfo:

09:25:47.0283 2096

09:25:47.0283 2096 OS Version: 6.1.7601 ServicePack: 1.0

09:25:47.0283 2096 Product type: Workstation

09:25:47.0283 2096 ComputerName: PAM-PC

09:25:47.0283 2096 UserName: Pam

09:25:47.0283 2096 Windows directory: C:\Windows

09:25:47.0283 2096 System windows directory: C:\Windows

09:25:47.0283 2096 Running under WOW64

09:25:47.0283 2096 Processor architecture: Intel x64

09:25:47.0283 2096 Number of processors: 4

09:25:47.0283 2096 Page size: 0x1000

09:25:47.0283 2096 Boot type: Normal boot

09:25:47.0283 2096 ============================================================

09:25:47.0974 2096 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

09:25:47.0994 2096 ============================================================

09:25:47.0994 2096 \Device\Harddisk0\DR0:

09:25:47.0994 2096 MBR partitions:

09:25:47.0994 2096 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x34000, BlocksNum 0x2710000

09:25:47.0994 2096 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2744000, BlocksNum 0x37C41830

09:25:47.0994 2096 ============================================================

09:25:48.0014 2096 C: <-> \Device\Harddisk0\DR0\Partition1

09:25:48.0014 2096 ============================================================

09:25:48.0014 2096 Initialize success

09:25:48.0014 2096 ============================================================

09:26:15.0953 0788 ============================================================

09:26:15.0953 0788 Scan started

09:26:15.0953 0788 Mode: Manual; SigCheck; TDLFS;

09:26:15.0953 0788 ============================================================

09:26:19.0774 0788 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

09:26:20.0014 0788 1394ohci - ok

09:26:20.0084 0788 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

09:26:20.0104 0788 ACPI - ok

09:26:20.0124 0788 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

09:26:20.0224 0788 AcpiPmi - ok

09:26:20.0404 0788 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

09:26:20.0454 0788 AdobeARMservice - ok

09:26:20.0674 0788 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

09:26:20.0704 0788 AdobeFlashPlayerUpdateSvc - ok

09:26:20.0824 0788 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

09:26:20.0874 0788 adp94xx - ok

09:26:20.0954 0788 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

09:26:21.0004 0788 adpahci - ok

09:26:21.0064 0788 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

09:26:21.0084 0788 adpu320 - ok

09:26:21.0154 0788 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

09:26:21.0324 0788 AeLookupSvc - ok

09:26:21.0424 0788 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

09:26:21.0514 0788 AERTFilters - ok

09:26:21.0594 0788 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

09:26:21.0674 0788 AFD - ok

09:26:21.0714 0788 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

09:26:21.0754 0788 agp440 - ok

09:26:21.0784 0788 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

09:26:21.0834 0788 ALG - ok

09:26:21.0864 0788 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

09:26:21.0894 0788 aliide - ok

09:26:21.0914 0788 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

09:26:21.0944 0788 amdide - ok

09:26:21.0964 0788 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

09:26:22.0044 0788 AmdK8 - ok

09:26:22.0054 0788 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

09:26:22.0094 0788 AmdPPM - ok

09:26:22.0164 0788 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

09:26:22.0194 0788 amdsata - ok

09:26:22.0244 0788 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

09:26:22.0274 0788 amdsbs - ok

09:26:22.0294 0788 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

09:26:22.0304 0788 amdxata - ok

09:26:22.0384 0788 ApfiltrService (6690e42ced5d067233abad42da141213) C:\Windows\system32\DRIVERS\Apfiltr.sys

09:26:22.0454 0788 ApfiltrService - ok

09:26:22.0474 0788 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

09:26:22.0674 0788 AppID - ok

09:26:22.0704 0788 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

09:26:22.0815 0788 AppIDSvc - ok

09:26:22.0846 0788 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

09:26:22.0986 0788 Appinfo - ok

09:26:23.0181 0788 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

09:26:23.0211 0788 Apple Mobile Device - ok

09:26:23.0271 0788 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

09:26:23.0301 0788 arc - ok

09:26:23.0341 0788 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

09:26:23.0361 0788 arcsas - ok

09:26:23.0481 0788 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

09:26:23.0561 0788 aspnet_state - ok

09:26:23.0591 0788 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

09:26:23.0641 0788 AsyncMac - ok

09:26:23.0711 0788 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

09:26:23.0741 0788 atapi - ok

09:26:23.0861 0788 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

09:26:23.0961 0788 AudioEndpointBuilder - ok

09:26:23.0971 0788 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

09:26:24.0001 0788 AudioSrv - ok

09:26:24.0051 0788 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

09:26:24.0191 0788 AxInstSV - ok

09:26:24.0292 0788 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

09:26:24.0372 0788 b06bdrv - ok

09:26:24.0452 0788 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

09:26:24.0492 0788 b57nd60a - ok

09:26:24.0572 0788 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

09:26:24.0642 0788 BDESVC - ok

09:26:24.0652 0788 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

09:26:24.0692 0788 Beep - ok

09:26:24.0722 0788 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

09:26:24.0772 0788 blbdrive - ok

09:26:25.0032 0788 Bluetooth Device Monitor (c620c59d46f43beecc556f65e801312b) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

09:26:26.0163 0788 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - warning

09:26:26.0163 0788 Bluetooth Device Monitor - detected UnsignedFile.Multi.Generic (1)

09:26:26.0323 0788 Bluetooth Media Service (5e5edcceea4fa3fdf3a907ac204b5828) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

09:26:27.0523 0788 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - warning

09:26:27.0523 0788 Bluetooth Media Service - detected UnsignedFile.Multi.Generic (1)

09:26:27.0623 0788 Bluetooth OBEX Service (826e65c945738cbd64f89eae4406687f) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

09:26:28.0674 0788 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - warning

09:26:28.0674 0788 Bluetooth OBEX Service - detected UnsignedFile.Multi.Generic (1)

09:26:28.0794 0788 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

09:26:28.0894 0788 Bonjour Service - ok

09:26:29.0048 0788 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

09:26:29.0110 0788 bowser - ok

09:26:29.0141 0788 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

09:26:29.0173 0788 BrFiltLo - ok

09:26:29.0173 0788 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

09:26:29.0188 0788 BrFiltUp - ok

09:26:29.0235 0788 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

09:26:29.0360 0788 Browser - ok

09:26:29.0391 0788 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

09:26:29.0485 0788 Brserid - ok

09:26:29.0485 0788 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

09:26:29.0531 0788 BrSerWdm - ok

09:26:29.0547 0788 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

09:26:29.0578 0788 BrUsbMdm - ok

09:26:29.0578 0788 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

09:26:29.0594 0788 BrUsbSer - ok

09:26:29.0641 0788 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys

09:26:29.0719 0788 BthEnum - ok

09:26:29.0797 0788 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

09:26:29.0875 0788 BTHMODEM - ok

09:26:29.0935 0788 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

09:26:30.0005 0788 BthPan - ok

09:26:30.0085 0788 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys

09:26:30.0135 0788 BTHPORT - ok

09:26:30.0205 0788 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

09:26:30.0245 0788 bthserv - ok

09:26:30.0265 0788 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys

09:26:30.0425 0788 BTHUSB - ok

09:26:30.0475 0788 btmaux (962bd3689e2c85f0ba97f3d7e7ba540b) C:\Windows\system32\DRIVERS\btmaux.sys

09:26:30.0585 0788 btmaux - ok

09:26:30.0635 0788 btmhsf (ec1220b647f0d995da5cad4153454779) C:\Windows\system32\DRIVERS\btmhsf.sys

09:26:30.0685 0788 btmhsf - ok

09:26:30.0715 0788 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

09:26:30.0785 0788 cdfs - ok

09:26:30.0845 0788 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

09:26:30.0905 0788 cdrom - ok

09:26:30.0955 0788 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

09:26:31.0095 0788 CertPropSvc - ok

09:26:31.0145 0788 cfwids (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys

09:26:31.0175 0788 cfwids - ok

09:26:31.0225 0788 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

09:26:31.0285 0788 circlass - ok

09:26:31.0355 0788 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

09:26:31.0415 0788 CLFS - ok

09:26:31.0525 0788 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

09:26:31.0555 0788 clr_optimization_v2.0.50727_32 - ok

09:26:31.0625 0788 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

09:26:31.0655 0788 clr_optimization_v2.0.50727_64 - ok

09:26:31.0735 0788 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

09:26:31.0835 0788 clr_optimization_v4.0.30319_32 - ok

09:26:31.0885 0788 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

09:26:32.0015 0788 clr_optimization_v4.0.30319_64 - ok

09:26:32.0035 0788 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

09:26:32.0075 0788 CmBatt - ok

09:26:32.0095 0788 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

09:26:32.0105 0788 cmdide - ok

09:26:32.0185 0788 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

09:26:32.0255 0788 CNG - ok

09:26:32.0275 0788 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

09:26:32.0295 0788 Compbatt - ok

09:26:32.0315 0788 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys

09:26:32.0345 0788 CompositeBus - ok

09:26:32.0355 0788 COMSysApp - ok

09:26:32.0365 0788 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

09:26:32.0405 0788 crcdisk - ok

09:26:32.0465 0788 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

09:26:32.0565 0788 CryptSvc - ok

09:26:32.0655 0788 CtClsFlt (bc3d4f90978cd7c8eabd1baf3bf7873a) C:\Windows\system32\DRIVERS\CtClsFlt.sys

09:26:32.0725 0788 CtClsFlt - ok

09:26:32.0965 0788 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

09:26:33.0055 0788 cvhsvc - ok

09:26:33.0115 0788 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys

09:26:33.0175 0788 dc3d - ok

09:26:33.0276 0788 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

09:26:33.0416 0788 DcomLaunch - ok

09:26:33.0486 0788 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

09:26:33.0576 0788 defragsvc - ok

09:26:33.0626 0788 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

09:26:33.0666 0788 DfsC - ok

09:26:33.0736 0788 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

09:26:33.0886 0788 Dhcp - ok

09:26:33.0926 0788 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

09:26:34.0026 0788 discache - ok

09:26:34.0046 0788 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

09:26:34.0056 0788 Disk - ok

09:26:34.0106 0788 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

09:26:34.0188 0788 Dnscache - ok

09:26:34.0235 0788 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

09:26:34.0375 0788 dot3svc - ok

09:26:34.0406 0788 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

09:26:34.0469 0788 DPS - ok

09:26:34.0500 0788 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

09:26:34.0547 0788 drmkaud - ok

09:26:34.0609 0788 dualshock3 (171e4a2987620e57d121e19337c7ade3) C:\Windows\system32\DRIVERS\dualshock3_x64.sys

09:26:34.0656 0788 dualshock3 ( UnsignedFile.Multi.Generic ) - warning

09:26:34.0656 0788 dualshock3 - detected UnsignedFile.Multi.Generic (1)

09:26:34.0796 0788 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

09:26:34.0874 0788 DXGKrnl - ok

09:26:34.0921 0788 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

09:26:35.0046 0788 EapHost - ok

09:26:35.0431 0788 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

09:26:35.0491 0788 ebdrv - ok

09:26:35.0611 0788 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

09:26:35.0661 0788 EFS - ok

09:26:35.0791 0788 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

09:26:35.0971 0788 ehRecvr - ok

09:26:36.0021 0788 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

09:26:36.0071 0788 ehSched - ok

09:26:36.0151 0788 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

09:26:36.0171 0788 elxstor - ok

09:26:36.0171 0788 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

09:26:36.0221 0788 ErrDev - ok

09:26:36.0321 0788 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

09:26:36.0431 0788 EventSystem - ok

09:26:36.0641 0788 EvtEng (8b6c9924b0d333dbf76086b8258a0891) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

09:26:36.0691 0788 EvtEng - ok

09:26:36.0831 0788 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

09:26:36.0861 0788 exfat - ok

09:26:36.0891 0788 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

09:26:36.0961 0788 fastfat - ok

09:26:37.0041 0788 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

09:26:37.0171 0788 Fax - ok

09:26:37.0171 0788 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

09:26:37.0231 0788 fdc - ok

09:26:37.0261 0788 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

09:26:37.0301 0788 fdPHost - ok

09:26:37.0311 0788 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

09:26:37.0353 0788 FDResPub - ok

09:26:37.0383 0788 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

09:26:37.0393 0788 FileInfo - ok

09:26:37.0413 0788 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

09:26:37.0453 0788 Filetrace - ok

09:26:37.0453 0788 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

09:26:37.0473 0788 flpydisk - ok

09:26:37.0503 0788 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

09:26:37.0523 0788 FltMgr - ok

09:26:37.0603 0788 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

09:26:37.0663 0788 FontCache - ok

09:26:37.0743 0788 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

09:26:37.0813 0788 FontCache3.0.0.0 - ok

09:26:37.0863 0788 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

09:26:37.0873 0788 FsDepends - ok

09:26:37.0903 0788 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

09:26:37.0943 0788 Fs_Rec - ok

09:26:38.0003 0788 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

09:26:38.0053 0788 fvevol - ok

09:26:38.0083 0788 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

09:26:38.0113 0788 gagp30kx - ok

09:26:38.0293 0788 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

09:26:38.0423 0788 GamesAppService - ok

09:26:38.0473 0788 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

09:26:38.0493 0788 GEARAspiWDM - ok

09:26:38.0603 0788 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

09:26:38.0633 0788 gpsvc - ok

09:26:38.0812 0788 GSService (62961af854420d94675a72514b297d1b) C:\Windows\SysWOW64\GSService.exe

09:26:38.0937 0788 GSService ( UnsignedFile.Multi.Generic ) - warning

09:26:38.0937 0788 GSService - detected UnsignedFile.Multi.Generic (1)

09:26:39.0093 0788 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

09:26:39.0186 0788 gupdate - ok

09:26:39.0218 0788 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

09:26:39.0369 0788 gupdatem - ok

09:26:39.0409 0788 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

09:26:39.0559 0788 gusvc - ok

09:26:39.0679 0788 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

09:26:39.0759 0788 hcw85cir - ok

09:26:39.0809 0788 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

09:26:39.0869 0788 HDAudBus - ok

09:26:39.0879 0788 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

09:26:39.0929 0788 HidBatt - ok

09:26:39.0949 0788 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

09:26:39.0979 0788 HidBth - ok

09:26:39.0989 0788 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

09:26:39.0999 0788 HidIr - ok

09:26:40.0029 0788 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

09:26:40.0079 0788 hidserv - ok

09:26:40.0129 0788 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

09:26:40.0239 0788 HidUsb - ok

09:26:40.0289 0788 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

09:26:40.0429 0788 hkmsvc - ok

09:26:40.0469 0788 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

09:26:40.0559 0788 HomeGroupListener - ok

09:26:40.0609 0788 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

09:26:40.0719 0788 HomeGroupProvider - ok

09:26:40.0769 0788 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

09:26:40.0799 0788 HpSAMD - ok

09:26:40.0899 0788 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

09:26:41.0039 0788 HTTP - ok

09:26:41.0069 0788 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

09:26:41.0079 0788 hwpolicy - ok

09:26:41.0119 0788 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

09:26:41.0139 0788 i8042prt - ok

09:26:41.0209 0788 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\drivers\iaStor.sys

09:26:41.0219 0788 iaStor - ok

09:26:41.0299 0788 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

09:26:41.0349 0788 iaStorV - ok

09:26:41.0389 0788 iBtFltCoex (e44f0b4dc753c14930b8dc48bb7a1644) C:\Windows\system32\DRIVERS\iBtFltCoex.sys

09:26:41.0459 0788 iBtFltCoex - ok

09:26:41.0619 0788 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

09:26:41.0689 0788 idsvc - ok

09:26:42.0510 0788 igfx (a47d902f5c0c43dcf5ee2cae02bf39a8) C:\Windows\system32\DRIVERS\igdkmd64.sys

09:26:42.0890 0788 igfx - ok

09:26:43.0050 0788 IHA_MessageCenter (c135bff15563592b8ea070ea109967f7) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe

09:26:43.0130 0788 IHA_MessageCenter - ok

09:26:43.0320 0788 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

09:26:43.0350 0788 iirsp - ok

09:26:43.0510 0788 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

09:26:43.0630 0788 IKEEXT - ok

09:26:43.0680 0788 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys

09:26:43.0750 0788 Impcd - ok

09:26:43.0810 0788 intaud_WaveExtensible (caddf0927dac63edae48f5c35a61d87d) C:\Windows\system32\drivers\intelaud.sys

09:26:43.0840 0788 intaud_WaveExtensible - ok

09:26:44.0110 0788 IntcAzAudAddService (8fed6428fde53d7f4c105095f22524be) C:\Windows\system32\drivers\RTKVHD64.sys

09:26:44.0150 0788 IntcAzAudAddService - ok

09:26:44.0300 0788 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

09:26:44.0340 0788 intelide - ok

09:26:44.0370 0788 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

09:26:44.0430 0788 intelppm - ok

09:26:44.0480 0788 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

09:26:44.0600 0788 IPBusEnum - ok

09:26:44.0620 0788 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

09:26:44.0650 0788 IpFilterDriver - ok

09:26:44.0660 0788 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

09:26:44.0690 0788 IPMIDRV - ok

09:26:44.0720 0788 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

09:26:44.0830 0788 IPNAT - ok

09:26:45.0000 0788 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe

09:26:45.0110 0788 iPod Service - ok

09:26:45.0140 0788 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

09:26:45.0160 0788 IRENUM - ok

09:26:45.0160 0788 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

09:26:45.0170 0788 isapnp - ok

09:26:45.0220 0788 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

09:26:45.0230 0788 iScsiPrt - ok

09:26:45.0290 0788 iwdbus (716f66336f10885d935b08174dc54242) C:\Windows\system32\DRIVERS\iwdbus.sys

09:26:45.0310 0788 iwdbus - ok

09:26:45.0360 0788 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

09:26:45.0400 0788 kbdclass - ok

09:26:45.0410 0788 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

09:26:45.0480 0788 kbdhid - ok

09:26:45.0510 0788 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

09:26:45.0560 0788 KeyIso - ok

09:26:45.0580 0788 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

09:26:45.0590 0788 KSecDD - ok

09:26:45.0630 0788 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

09:26:45.0640 0788 KSecPkg - ok

09:26:45.0650 0788 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

09:26:45.0760 0788 ksthunk - ok

09:26:45.0870 0788 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

09:26:46.0030 0788 KtmRm - ok

09:26:46.0100 0788 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

09:26:46.0150 0788 LanmanServer - ok

09:26:46.0200 0788 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

09:26:46.0320 0788 LanmanWorkstation - ok

09:26:46.0371 0788 libusb0 - ok

09:26:46.0401 0788 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

09:26:46.0511 0788 lltdio - ok

09:26:46.0571 0788 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

09:26:46.0631 0788 lltdsvc - ok

09:26:46.0651 0788 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

09:26:46.0681 0788 lmhosts - ok

09:26:46.0821 0788 LMS (7f32d4c47a50e7223491e8fb9359907d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

09:26:46.0971 0788 LMS - ok

09:26:47.0021 0788 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

09:26:47.0031 0788 LSI_FC - ok

09:26:47.0051 0788 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

09:26:47.0061 0788 LSI_SAS - ok

09:26:47.0061 0788 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

09:26:47.0081 0788 LSI_SAS2 - ok

09:26:47.0091 0788 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

09:26:47.0101 0788 LSI_SCSI - ok

09:26:47.0141 0788 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

09:26:47.0191 0788 luafv - ok

09:26:47.0381 0788 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

09:26:47.0411 0788 MBAMProtector - ok

09:26:47.0571 0788 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

09:26:47.0691 0788 MBAMService - ok

09:26:47.0841 0788 McAfee SiteAdvisor Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

09:26:47.0971 0788 McAfee SiteAdvisor Service - ok

09:26:48.0071 0788 McAWFwk (b6bd99c3e23507a732c474caa620c0d7) c:\PROGRA~1\mcafee\msc\mcawfwk.exe

09:26:48.0141 0788 McAWFwk - ok

09:26:48.0151 0788 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

09:26:48.0201 0788 McMPFSvc - ok

09:26:48.0201 0788 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

09:26:48.0251 0788 mcmscsvc - ok

09:26:48.0251 0788 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

09:26:48.0291 0788 McNaiAnn - ok

09:26:48.0311 0788 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

09:26:48.0351 0788 McNASvc - ok

09:26:48.0501 0788 McODS (dd2321925274f2902929d76ce2b0eb45) C:\Program Files\mcafee\VirusScan\mcods.exe

09:26:48.0551 0788 McODS - ok

09:26:48.0551 0788 McOobeSv (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

09:26:48.0601 0788 McOobeSv - ok

09:26:48.0601 0788 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

09:26:48.0651 0788 McProxy - ok

09:26:48.0741 0788 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

09:26:48.0861 0788 McShield - ok

09:26:49.0001 0788 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

09:26:49.0111 0788 Mcx2Svc - ok

09:26:49.0161 0788 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

09:26:49.0171 0788 megasas - ok

09:26:49.0221 0788 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

09:26:49.0261 0788 MegaSR - ok

09:26:49.0311 0788 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys

09:26:49.0341 0788 MEIx64 - ok

09:26:49.0401 0788 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys

09:26:49.0431 0788 mfeapfk - ok

09:26:49.0491 0788 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys

09:26:49.0571 0788 mfeavfk - ok

09:26:49.0591 0788 mfeavfk01 - ok

09:26:49.0641 0788 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

09:26:49.0651 0788 mfefire - ok

09:26:49.0721 0788 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys

09:26:49.0731 0788 mfefirek - ok

09:26:49.0841 0788 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys

09:26:49.0901 0788 mfehidk - ok

09:26:49.0941 0788 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys

09:26:49.0961 0788 mfenlfk - ok

09:26:50.0001 0788 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys

09:26:50.0031 0788 mferkdet - ok

09:26:50.0071 0788 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Windows\system32\mfevtps.exe

09:26:50.0121 0788 mfevtp - ok

09:26:50.0161 0788 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys

09:26:50.0171 0788 mfewfpk - ok

09:26:50.0211 0788 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

09:26:50.0301 0788 MMCSS - ok

09:26:50.0341 0788 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

09:26:50.0411 0788 Modem - ok

09:26:50.0451 0788 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

09:26:50.0511 0788 monitor - ok

09:26:50.0561 0788 MotioninJoyXFilter (c030f9e822a057c1a7a9bb4ea3e8877e) C:\Windows\system32\DRIVERS\MijXfilt.sys

09:26:50.0591 0788 MotioninJoyXFilter - ok

09:26:50.0611 0788 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

09:26:50.0621 0788 mouclass - ok

09:26:50.0641 0788 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

09:26:50.0661 0788 mouhid - ok

09:26:50.0701 0788 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

09:26:50.0721 0788 mountmgr - ok

09:26:50.0761 0788 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

09:26:50.0801 0788 mpio - ok

09:26:50.0831 0788 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

09:26:50.0931 0788 mpsdrv - ok

09:26:50.0971 0788 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

09:26:51.0011 0788 MRxDAV - ok

09:26:51.0061 0788 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

09:26:51.0131 0788 mrxsmb - ok

09:26:51.0171 0788 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

09:26:51.0181 0788 mrxsmb10 - ok

09:26:51.0221 0788 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

09:26:51.0231 0788 mrxsmb20 - ok

09:26:51.0261 0788 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

09:26:51.0291 0788 msahci - ok

09:26:51.0331 0788 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

09:26:51.0371 0788 msdsm - ok

09:26:51.0431 0788 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

09:26:51.0511 0788 MSDTC - ok

09:26:51.0541 0788 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

09:26:51.0571 0788 Msfs - ok

09:26:51.0581 0788 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

09:26:51.0631 0788 mshidkmdf - ok

09:26:51.0651 0788 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

09:26:51.0661 0788 msisadrv - ok

09:26:51.0711 0788 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

09:26:51.0791 0788 MSiSCSI - ok

09:26:51.0801 0788 msiserver - ok

09:26:51.0951 0788 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

09:26:52.0051 0788 MSK80Service - ok

09:26:52.0081 0788 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

09:26:52.0121 0788 MSKSSRV - ok

09:26:52.0131 0788 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

09:26:52.0181 0788 MSPCLOCK - ok

09:26:52.0181 0788 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

09:26:52.0221 0788 MSPQM - ok

09:26:52.0291 0788 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

09:26:52.0341 0788 MsRPC - ok

09:26:52.0401 0788 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

09:26:52.0431 0788 mssmbios - ok

09:26:52.0461 0788 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

09:26:52.0521 0788 MSTEE - ok

09:26:52.0531 0788 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

09:26:52.0601 0788 MTConfig - ok

09:26:52.0631 0788 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

09:26:52.0641 0788 Mup - ok

09:26:52.0751 0788 MyWiFiDHCPDNS (6ed8935257672f4cd04a88a0f3de093d) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

09:26:52.0881 0788 MyWiFiDHCPDNS - ok

09:26:52.0961 0788 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

09:26:53.0101 0788 napagent - ok

09:26:53.0191 0788 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

09:26:53.0291 0788 NativeWifiP - ok

09:26:53.0422 0788 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys

09:26:53.0472 0788 NDIS - ok

09:26:53.0492 0788 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

09:26:53.0522 0788 NdisCap - ok

09:26:53.0542 0788 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

09:26:53.0572 0788 NdisTapi - ok

09:26:53.0602 0788 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

09:26:53.0642 0788 Ndisuio - ok

09:26:53.0682 0788 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

09:26:53.0772 0788 NdisWan - ok

09:26:53.0802 0788 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

09:26:53.0832 0788 NDProxy - ok

09:26:53.0852 0788 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

09:26:53.0892 0788 NetBIOS - ok

09:26:53.0942 0788 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

09:26:54.0022 0788 NetBT - ok

09:26:54.0072 0788 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

09:26:54.0082 0788 Netlogon - ok

09:26:54.0142 0788 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

09:26:54.0232 0788 Netman - ok

09:26:54.0342 0788 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

09:26:54.0402 0788 NetMsmqActivator - ok

09:26:54.0412 0788 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

09:26:54.0422 0788 NetPipeActivator - ok

09:26:54.0482 0788 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

09:26:54.0622 0788 netprofm - ok

09:26:54.0622 0788 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

09:26:54.0632 0788 NetTcpActivator - ok

09:26:54.0642 0788 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

09:26:54.0652 0788 NetTcpPortSharing - ok

09:26:55.0412 0788 NETwNs64 (5d262402b0634c998f8cbcead7dd8676) C:\Windows\system32\DRIVERS\NETwNs64.sys

09:26:55.0722 0788 NETwNs64 - ok

09:26:55.0852 0788 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

09:26:55.0892 0788 nfrd960 - ok

09:26:55.0962 0788 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

09:26:56.0122 0788 NlaSvc - ok

09:26:56.0503 0788 NOBU (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

09:26:56.0603 0788 NOBU - ok

09:26:56.0763 0788 npf (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys

09:26:56.0793 0788 npf - ok

09:26:56.0823 0788 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

09:26:56.0923 0788 Npfs - ok

09:26:56.0963 0788 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

09:26:57.0073 0788 nsi - ok

09:26:57.0093 0788 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

09:26:57.0133 0788 nsiproxy - ok

09:26:57.0403 0788 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

09:26:57.0523 0788 Ntfs - ok

09:26:57.0663 0788 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

09:26:57.0763 0788 Null - ok

09:26:57.0813 0788 nusb3hub (0ebc9d13cd96c15b1b18d8678a609e4b) C:\Windows\system32\DRIVERS\nusb3hub.sys

09:26:57.0873 0788 nusb3hub - ok

09:26:57.0933 0788 nusb3xhc (7bdec000d56d485021d9c1e63c2f81ca) C:\Windows\system32\DRIVERS\nusb3xhc.sys

09:26:58.0013 0788 nusb3xhc - ok

09:26:58.0843 0788 nvlddmkm (573b0941a37aebee96085d56a103f57b) C:\Windows\system32\DRIVERS\nvlddmkm.sys

09:26:59.0193 0788 nvlddmkm - ok

09:26:59.0333 0788 nvpciflt (43af7ebeac2ab623468e32caddcb61a4) C:\Windows\system32\DRIVERS\nvpciflt.sys

09:26:59.0363 0788 nvpciflt - ok

09:26:59.0413 0788 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

09:26:59.0443 0788 nvraid - ok

09:26:59.0483 0788 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

09:26:59.0493 0788 nvstor - ok

09:26:59.0623 0788 NVSvc (c500760572c6059918fb0c960967695b) C:\Windows\system32\nvvsvc.exe

09:26:59.0753 0788 NVSvc - ok

09:27:00.0003 0788 nvUpdatusService (f28169a7adf7b41809cf92d369e744f0) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

09:27:00.0083 0788 nvUpdatusService - ok

09:27:00.0273 0788 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

09:27:00.0313 0788 nv_agp - ok

09:27:00.0503 0788 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

09:27:00.0593 0788 odserv - ok

09:27:00.0623 0788 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

09:27:00.0653 0788 ohci1394 - ok

09:27:00.0763 0788 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

09:27:00.0793 0788 ose - ok

09:27:01.0310 0788 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

09:27:01.0595 0788 osppsvc - ok

09:27:01.0775 0788 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

09:27:01.0875 0788 p2pimsvc - ok

09:27:01.0955 0788 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

09:27:02.0045 0788 p2psvc - ok

09:27:02.0085 0788 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

09:27:02.0105 0788 Parport - ok

09:27:02.0135 0788 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

09:27:02.0145 0788 partmgr - ok

09:27:02.0185 0788 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

09:27:02.0285 0788 PcaSvc - ok

09:27:02.0365 0788 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

09:27:02.0405 0788 pci - ok

09:27:02.0445 0788 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

09:27:02.0465 0788 pciide - ok

09:27:02.0505 0788 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

09:27:02.0515 0788 pcmcia - ok

09:27:02.0545 0788 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

09:27:02.0555 0788 pcw - ok

09:27:02.0625 0788 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

09:27:02.0715 0788 PEAUTH - ok

09:27:02.0855 0788 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

09:27:02.0915 0788 PerfHost - ok

09:27:03.0125 0788 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

09:27:03.0255 0788 pla - ok

09:27:03.0335 0788 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

09:27:03.0515 0788 PlugPlay - ok

09:27:03.0555 0788 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

09:27:03.0635 0788 PNRPAutoReg - ok

09:27:03.0685 0788 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

09:27:03.0695 0788 PNRPsvc - ok

09:27:03.0775 0788 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

09:27:03.0895 0788 PolicyAgent - ok

09:27:03.0935 0788 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

09:27:04.0065 0788 Power - ok

09:27:04.0145 0788 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

09:27:04.0195 0788 PptpMiniport - ok

09:27:04.0215 0788 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

09:27:04.0275 0788 Processor - ok

09:27:04.0345 0788 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

09:27:04.0415 0788 ProfSvc - ok

09:27:04.0436 0788 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

09:27:04.0446 0788 ProtectedStorage - ok

09:27:04.0496 0788 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

09:27:04.0626 0788 Psched - ok

09:27:04.0666 0788 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys

09:27:04.0676 0788 PxHlpa64 - ok

09:27:04.0836 0788 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

09:27:04.0876 0788 ql2300 - ok

09:27:05.0046 0788 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

09:27:05.0066 0788 ql40xx - ok

09:27:05.0116 0788 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

09:27:05.0146 0788 QWAVE - ok

09:27:05.0176 0788 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

09:27:05.0216 0788 QWAVEdrv - ok

09:27:05.0236 0788 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

09:27:05.0336 0788 RasAcd - ok

09:27:05.0386 0788 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

09:27:05.0446 0788 RasAgileVpn - ok

09:27:05.0476 0788 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

09:27:05.0596 0788 RasAuto - ok

09:27:05.0626 0788 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

09:27:05.0666 0788 Rasl2tp - ok

09:27:05.0736 0788 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

09:27:05.0946 0788 RasMan - ok

09:27:05.0986 0788 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

09:27:06.0106 0788 RasPppoe - ok

09:27:06.0136 0788 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

09:27:06.0176 0788 RasSstp - ok

09:27:06.0226 0788 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

09:27:06.0296 0788 rdbss - ok

09:27:06.0316 0788 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

09:27:06.0366 0788 rdpbus - ok

09:27:06.0396 0788 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

09:27:06.0486 0788 RDPCDD - ok

09:27:06.0526 0788 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

09:27:06.0596 0788 RDPENCDD - ok

09:27:06.0616 0788 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

09:27:06.0646 0788 RDPREFMP - ok

09:27:06.0706 0788 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

09:27:06.0756 0788 RDPWD - ok

09:27:06.0806 0788 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

09:27:06.0846 0788 rdyboost - ok

09:27:07.0046 0788 RegSrvc (189c5a8d2098e0aa14fd157a954b34fc) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

09:27:07.0136 0788 RegSrvc - ok

09:27:07.0206 0788 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

09:27:07.0346 0788 RemoteAccess - ok

09:27:07.0426 0788 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

09:27:07.0516 0788 RemoteRegistry - ok

09:27:07.0606 0788 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

09:27:07.0666 0788 RFCOMM - ok

09:27:07.0956 0788 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe

09:27:08.0106 0788 RoxMediaDB12OEM - ok

09:27:08.0156 0788 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe

09:27:08.0296 0788 RoxWatch12 - ok

09:27:08.0447 0788 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

09:27:08.0537 0788 RpcEptMapper - ok

09:27:08.0567 0788 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

09:27:08.0577 0788 RpcLocator - ok

09:27:08.0647 0788 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

09:27:08.0767 0788 RpcSs - ok

09:27:08.0837 0788 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

09:27:08.0947 0788 rspndr - ok

09:27:09.0007 0788 RSUSBSTOR (135a64530d7699ad48f29d73a658dd11) C:\Windows\system32\Drivers\RtsUStor.sys

09:27:09.0017 0788 RSUSBSTOR - ok

09:27:09.0087 0788 RTL8167 (a73ed14670220307874ad6bc2f279349) C:\Windows\system32\DRIVERS\Rt64win7.sys

09:27:09.0097 0788 RTL8167 - ok

09:27:09.0137 0788 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

09:27:09.0177 0788 SamSs - ok

09:27:09.0217 0788 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

09:27:09.0257 0788 sbp2port - ok

09:27:09.0307 0788 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

09:27:09.0387 0788 SCardSvr - ok

09:27:09.0397 0788 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

09:27:09.0517 0788 scfilter - ok

09:27:09.0627 0788 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

09:27:09.0797 0788 Schedule - ok

09:27:09.0847 0788 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

09:27:09.0947 0788 SCPolicySvc - ok

09:27:09.0977 0788 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

09:27:09.0997 0788 SDRSVC - ok

09:27:10.0057 0788 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

09:27:10.0107 0788 secdrv - ok

09:27:10.0127 0788 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

09:27:10.0187 0788 seclogon - ok

09:27:10.0207 0788 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

09:27:10.0247 0788 SENS - ok

09:27:10.0277 0788 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

09:27:10.0357 0788 SensrSvc - ok

09:27:10.0397 0788 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

09:27:10.0457 0788 Serenum - ok

09:27:10.0487 0788 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

09:27:10.0557 0788 Serial - ok

09:27:10.0607 0788 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

09:27:10.0617 0788 sermouse - ok

09:27:10.0657 0788 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

09:27:10.0827 0788 SessionEnv - ok

09:27:10.0837 0788 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

09:27:10.0857 0788 sffdisk - ok

09:27:10.0867 0788 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

09:27:10.0877 0788 sffp_mmc - ok

09:27:10.0887 0788 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

09:27:10.0907 0788 sffp_sd - ok

09:27:10.0907 0788 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

09:27:10.0937 0788 sfloppy - ok

09:27:11.0067 0788 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys

09:27:11.0107 0788 Sftfs - ok

09:27:11.0277 0788 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

09:27:11.0327 0788 sftlist - ok

09:27:11.0387 0788 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys

09:27:11.0397 0788 Sftplay - ok

09:27:11.0407 0788 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys

09:27:11.0437 0788 Sftredir - ok

09:27:11.0617 0788 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

09:27:11.0697 0788 SftService - ok

09:27:11.0847 0788 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys

09:27:11.0877 0788 Sftvol - ok

09:27:12.0017 0788 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

09:27:12.0107 0788 sftvsa - ok

09:27:12.0187 0788 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

09:27:12.0307 0788 ShellHWDetection - ok

09:27:12.0347 0788 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

09:27:12.0357 0788 SiSRaid2 - ok

09:27:12.0367 0788 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

09:27:12.0397 0788 SiSRaid4 - ok

09:27:12.0447 0788 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

09:27:12.0547 0788 Smb - ok

09:27:12.0567 0788 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

09:27:12.0597 0788 SNMPTRAP - ok

09:27:12.0697 0788 Sony SCSI Helper Service (3bb48f7e33c2b76184ddf233000c09cd) C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe

09:27:12.0817 0788 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - warning

09:27:12.0817 0788 Sony SCSI Helper Service - detected UnsignedFile.Multi.Generic (1)

09:27:12.0837 0788 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

09:27:12.0847 0788 spldr - ok

09:27:12.0937 0788 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

09:27:13.0067 0788 Spooler - ok

09:27:13.0378 0788 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

09:27:13.0643 0788 sppsvc - ok

09:27:13.0768 0788 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

09:27:13.0877 0788 sppuinotify - ok

09:27:13.0955 0788 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

09:27:14.0049 0788 srv - ok

09:27:14.0096 0788 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

09:27:14.0127 0788 srv2 - ok

09:27:14.0174 0788 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

09:27:14.0205 0788 srvnet - ok

09:27:14.0267 0788 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

09:27:14.0392 0788 SSDPSRV - ok

09:27:14.0423 0788 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

09:27:14.0454 0788 SstpSvc - ok

09:27:14.0579 0788 Steam Client Service - ok

09:27:14.0688 0788 Stereo Service (0683504bbb3ffc0a73d9d217b63dd0e0) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

09:27:14.0829 0788 Stereo Service - ok

09:27:14.0860 0788 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

09:27:14.0876 0788 stexstor - ok

09:27:14.0986 0788 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

09:27:15.0096 0788 stisvc - ok

09:27:15.0156 0788 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

09:27:15.0206 0788 stllssvr - ok

09:27:15.0246 0788 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

09:27:15.0256 0788 swenum - ok

09:27:15.0336 0788 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

09:27:15.0486 0788 swprv - ok

09:27:15.0666 0788 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

09:27:15.0816 0788 SysMain - ok

09:27:15.0946 0788 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

09:27:16.0046 0788 TabletInputService - ok

09:27:16.0086 0788 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

09:27:16.0156 0788 TapiSrv - ok

09:27:16.0176 0788 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

09:27:16.0216 0788 TBS - ok

09:27:16.0436 0788 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

09:27:16.0566 0788 Tcpip - ok

09:27:16.0906 0788 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

09:27:16.0946 0788 TCPIP6 - ok

09:27:17.0056 0788 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

09:27:17.0106 0788 tcpipreg - ok

09:27:17.0126 0788 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

09:27:17.0196 0788 TDPIPE - ok

09:27:17.0226 0788 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

09:27:17.0276 0788 TDTCP - ok

09:27:17.0326 0788 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

09:27:17.0406 0788 tdx - ok

09:27:17.0446 0788 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys

09:27:17.0456 0788 TermDD - ok

09:27:17.0546 0788 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

09:27:17.0656 0788 TermService - ok

09:27:17.0686 0788 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

09:27:17.0746 0788 Themes - ok

09:27:17.0787 0788 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

09:27:17.0849 0788 THREADORDER - ok

09:27:17.0880 0788 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

09:27:18.0005 0788 TrkWks - ok

09:27:18.0099 0788 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

09:27:18.0255 0788 TrustedInstaller - ok

09:27:18.0270 0788 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

09:27:18.0333 0788 tssecsrv - ok

09:27:18.0395 0788 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

09:27:18.0458 0788 TsUsbFlt - ok

09:27:18.0473 0788 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

09:27:18.0489 0788 TsUsbGD - ok

09:27:18.0536 0788 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

09:27:18.0567 0788 tunnel - ok

09:27:18.0645 0788 TurboB (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys

09:27:18.0676 0788 TurboB - ok

09:27:18.0782 0788 TurboBoost (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe

09:27:18.0872 0788 TurboBoost - ok

09:27:18.0902 0788 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

09:27:18.0912 0788 uagp35 - ok

09:27:18.0982 0788 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

09:27:19.0052 0788 udfs - ok

09:27:19.0092 0788 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

09:27:19.0102 0788 UI0Detect - ok

09:27:19.0132 0788 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

09:27:19.0142 0788 uliagpkx - ok

09:27:19.0192 0788 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

09:27:19.0242 0788 umbus - ok

09:27:19.0292 0788 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

09:27:19.0352 0788 UmPass - ok

09:27:19.0642 0788 UNS (2c16648a12999ae69a9ebf41974b0ba2) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

09:27:19.0832 0788 UNS - ok

09:27:19.0992 0788 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

09:27:20.0092 0788 upnphost - ok

09:27:20.0162 0788 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys

09:27:20.0242 0788 USBAAPL64 - ok

09:27:20.0292 0788 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys

09:27:20.0372 0788 usbccgp - ok

09:27:20.0432 0788 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

09:27:20.0472 0788 usbcir - ok

09:27:20.0502 0788 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

09:27:20.0542 0788 usbehci - ok

09:27:20.0602 0788 usbhub (8b892002d7b79312821169a14317ab86) C:\Windows\system32\DRIVERS\usbhub.sys

09:27:20.0632 0788 usbhub - ok

09:27:20.0652 0788 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

09:27:20.0712 0788 usbohci - ok

09:27:20.0732 0788 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys

09:27:20.0792 0788 usbprint - ok

09:27:20.0852 0788 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

09:27:20.0922 0788 USBSTOR - ok

09:27:20.0982 0788 USBTINSP (c44d96b1cdde705b23f55ab423cca73d) C:\Windows\system32\DRIVERS\tinspusb.sys

09:27:21.0032 0788 USBTINSP - ok

09:27:21.0072 0788 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

09:27:21.0102 0788 usbuhci - ok

09:27:21.0182 0788 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys

09:27:21.0222 0788 usbvideo - ok

09:27:21.0292 0788 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

09:27:21.0402 0788 UxSms - ok

09:27:21.0432 0788 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

09:27:21.0452 0788 VaultSvc - ok

09:27:21.0482 0788 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

09:27:21.0503 0788 vdrvroot - ok

09:27:21.0563 0788 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

09:27:21.0676 0788 vds - ok

09:27:21.0707 0788 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

09:27:21.0723 0788 vga - ok

09:27:21.0739 0788 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

09:27:21.0785 0788 VgaSave - ok

09:27:21.0801 0788 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

09:27:21.0817 0788 vhdmp - ok

09:27:21.0817 0788 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

09:27:21.0832 0788 viaide - ok

09:27:21.0863 0788 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

09:27:21.0863 0788 volmgr - ok

09:27:21.0926 0788 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

09:27:21.0957 0788 volmgrx - ok

09:27:22.0019 0788 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

09:27:22.0035 0788 volsnap - ok

09:27:22.0076 0788 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

09:27:22.0086 0788 vsmraid - ok

09:27:22.0296 0788 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

09:27:22.0386 0788 VSS - ok

09:27:22.0516 0788 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

09:27:22.0566 0788 vwifibus - ok

09:27:22.0606 0788 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

09:27:22.0626 0788 vwififlt - ok

09:27:22.0656 0788 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

09:27:22.0676 0788 vwifimp - ok

09:27:22.0736 0788 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

09:27:22.0856 0788 W32Time - ok

09:27:22.0876 0788 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

09:27:22.0906 0788 WacomPen - ok

09:27:22.0946 0788 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

09:27:23.0046 0788 WANARP - ok

09:27:23.0056 0788 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

09:27:23.0086 0788 Wanarpv6 - ok

09:27:23.0336 0788 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

09:27:23.0486 0788 WatAdminSvc - ok

09:27:23.0636 0788 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

09:27:23.0876 0788 wbengine - ok

09:27:24.0026 0788 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

09:27:24.0076 0788 WbioSrvc - ok

09:27:24.0117 0788 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

09:27:24.0164 0788 wcncsvc - ok

09:27:24.0180 0788 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

09:27:24.0211 0788 WcsPlugInService - ok

09:27:24.0242 0788 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

09:27:24.0258 0788 Wd - ok

09:27:24.0367 0788 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

09:27:24.0414 0788 Wdf01000 - ok

09:27:24.0445 0788 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

09:27:24.0554 0788 WdiServiceHost - ok

09:27:24.0554 0788 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

09:27:24.0617 0788 WdiSystemHost - ok

09:27:24.0663 0788 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

09:27:24.0741 0788 WebClient - ok

09:27:24.0788 0788 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

09:27:24.0913 0788 Wecsvc - ok

09:27:24.0944 0788 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

09:27:24.0975 0788 wercplsupport - ok

09:27:24.0991 0788 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

09:27:25.0022 0788 WerSvc - ok

09:27:25.0069 0788 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

09:27:25.0116 0788 WfpLwf - ok

09:27:25.0178 0788 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys

09:27:25.0225 0788 WimFltr - ok

09:27:25.0241 0788 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

09:27:25.0272 0788 WIMMount - ok

09:27:25.0287 0788 WinHttpAutoProxySvc - ok

09:27:25.0365 0788 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

09:27:25.0459 0788 Winmgmt - ok

09:27:25.0622 0788 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

09:27:25.0825 0788 WinRM - ok

09:27:25.0996 0788 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

09:27:26.0059 0788 WinUsb - ok

09:27:26.0160 0788 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

09:27:26.0270 0788 Wlansvc - ok

09:27:26.0350 0788 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

09:27:26.0490 0788 wlcrasvc - ok

09:27:26.0770 0788 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

09:27:27.0020 0788 wlidsvc - ok

09:27:27.0170 0788 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

09:27:27.0220 0788 WmiAcpi - ok

09:27:27.0320 0788 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

09:27:27.0390 0788 wmiApSrv - ok

09:27:27.0470 0788 WMPNetworkSvc - ok

09:27:27.0500 0788 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

09:27:27.0550 0788 WPCSvc - ok

09:27:27.0570 0788 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

09:27:27.0630 0788 WPDBusEnum - ok

09:27:27.0660 0788 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

09:27:27.0750 0788 ws2ifsl - ok

09:27:27.0760 0788 WSearch - ok

09:27:27.0810 0788 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

09:27:27.0890 0788 WudfPf - ok

09:27:27.0950 0788 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

09:27:28.0000 0788 WUDFRd - ok

09:27:28.0040 0788 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

09:27:28.0070 0788 wudfsvc - ok

09:27:28.0120 0788 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

09:27:28.0160 0788 WwanSvc - ok

09:27:28.0210 0788 xusb21 (9176c0822faa649e45121875be32f5d2) C:\Windows\system32\DRIVERS\xusb21.sys

09:27:28.0290 0788 xusb21 - ok

09:27:28.0330 0788 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

09:27:28.0811 0788 \Device\Harddisk0\DR0 - ok

09:27:28.0811 0788 Boot (0x1200) (119ec4fd4956138ed61a44a1279d8c5d) \Device\Harddisk0\DR0\Partition0

09:27:28.0821 0788 \Device\Harddisk0\DR0\Partition0 - ok

09:27:28.0861 0788 Boot (0x1200) (935d9df834fa10b64d14e1f5bc549fdb) \Device\Harddisk0\DR0\Partition1

09:27:28.0861 0788 \Device\Harddisk0\DR0\Partition1 - ok

09:27:28.0871 0788 ============================================================

09:27:28.0871 0788 Scan finished

09:27:28.0871 0788 ============================================================

09:27:28.0891 6600 Detected object count: 6

09:27:28.0891 6600 Actual detected object count: 6

09:27:59.0866 6600 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - skipped by user

09:27:59.0866 6600 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:27:59.0876 6600 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - skipped by user

09:27:59.0876 6600 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:27:59.0876 6600 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - skipped by user

09:27:59.0876 6600 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:27:59.0886 6600 dualshock3 ( UnsignedFile.Multi.Generic ) - skipped by user

09:27:59.0886 6600 dualshock3 ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:27:59.0886 6600 GSService ( UnsignedFile.Multi.Generic ) - skipped by user

09:27:59.0886 6600 GSService ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:27:59.0886 6600 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - skipped by user

09:27:59.0886 6600 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

MALWAREBYTES-

Malwarebytes Anti-Malware (PRO) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.07.10.09

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Pam :: PAM-PC [administrator]

Protection: Enabled

7/10/2012 9:30:20 AM

mbam-log-2012-07-10 (09-30-20).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 231302

Time elapsed: 4 minute(s), 44 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)

Share this post


Link to post
Share on other sites

OTL-

OTL logfile created on: 7/10/2012 9:42:40 AM - Run 1

OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Pam\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.92 Gb Total Physical Memory | 3.81 Gb Available Physical Memory | 64.47% Memory free

11.83 Gb Paging File | 9.43 Gb Available in Paging File | 79.72% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 446.13 Gb Total Space | 359.93 Gb Free Space | 80.68% Space Free | Partition Type: NTFS

Drive D: | 183.72 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: PAM-PC | User Name: Pam | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/10 09:41:36 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Pam\Downloads\OTL.exe

PRC - [2012/07/01 18:57:32 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe

PRC - [2012/06/14 11:06:23 | 002,039,536 | ---- | M] (GameStop Corp.) -- C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe

PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/11/23 09:59:08 | 000,892,928 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe

PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2011/09/06 14:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

PRC - [2011/08/18 12:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

PRC - [2011/08/18 12:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe

PRC - [2011/08/01 14:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

PRC - [2011/04/22 12:13:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

PRC - [2011/04/21 22:32:26 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2011/04/13 11:39:14 | 000,503,942 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

PRC - [2010/12/20 19:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2010/12/20 19:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2010/12/14 02:21:34 | 000,974,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

PRC - [2010/12/14 02:21:30 | 001,298,496 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

PRC - [2010/12/14 02:21:18 | 000,901,184 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

PRC - [2010/12/14 02:21:12 | 000,979,008 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe

PRC - [2010/11/17 11:35:40 | 001,440,240 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe

PRC - [2010/11/17 11:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

PRC - [2010/07/13 01:34:46 | 000,906,648 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/14 03:38:03 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll

MOD - [2012/06/14 03:37:49 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll

MOD - [2012/06/14 03:37:44 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll

MOD - [2012/06/14 03:37:42 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll

MOD - [2012/05/10 03:41:26 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll

MOD - [2012/05/10 03:39:41 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll

MOD - [2012/05/10 03:38:50 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll

MOD - [2012/05/10 03:38:45 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll

MOD - [2012/05/10 03:38:42 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll

MOD - [2012/05/10 03:38:41 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll

MOD - [2012/05/10 03:38:34 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll

MOD - [2011/11/23 10:00:00 | 000,884,736 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll

MOD - [2011/11/23 09:59:08 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll

MOD - [2011/11/23 09:58:18 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll

MOD - [2011/11/23 09:57:28 | 000,018,432 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll

MOD - [2011/11/23 09:57:26 | 000,009,728 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll

MOD - [2011/11/23 09:57:24 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll

MOD - [2011/11/23 09:57:24 | 000,008,704 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll

MOD - [2011/11/23 09:57:22 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll

MOD - [2011/11/23 09:57:20 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll

MOD - [2011/11/23 09:56:02 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll

MOD - [2011/11/23 09:55:58 | 000,010,752 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll

MOD - [2011/11/23 09:55:56 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll

MOD - [2011/11/23 09:55:26 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll

MOD - [2011/11/17 23:06:54 | 000,798,720 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll

MOD - [2011/11/17 21:47:08 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/08/18 12:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

MOD - [2011/04/22 12:13:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll

MOD - [2010/11/24 23:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll

MOD - [2010/11/17 11:35:40 | 001,440,240 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe

MOD - [2010/11/17 11:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

MOD - [2010/11/17 11:35:28 | 000,657,904 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\BBEngineAS.dll

MOD - [2010/07/13 01:29:42 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\connectionDetector.dll

MOD - [2010/07/13 01:28:42 | 000,856,064 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\fsk.dll

MOD - [2010/07/13 01:26:12 | 000,018,432 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\FskNetInterface.dll

MOD - [2010/07/13 01:25:56 | 000,008,704 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\FskTimeHardware.dll

MOD - [2010/07/13 01:25:50 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\ticket.dll

MOD - [2010/07/13 01:25:42 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\ebookDeviceNotifier.dll

MOD - [2010/07/13 01:22:36 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\FskinLocalize.dll

MOD - [2010/07/13 01:22:02 | 000,009,728 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\FskPower.dll

MOD - [2010/07/13 01:16:16 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\FskDocumentViewer.dll

MOD - [2010/07/13 01:15:58 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\FskMobileMediaDevice.dll

MOD - [2010/07/13 01:15:52 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\Fskin.dll

MOD - [2010/07/13 01:13:42 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\FskMediaPlayers.dll

MOD - [2010/07/13 01:10:56 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\USBDetector.dll

MOD - [2010/04/02 21:23:36 | 000,815,104 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\FskSecurity.dll

MOD - [2010/04/02 20:44:16 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\ebookUsb.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/04/19 08:22:48 | 000,502,032 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS)

SRV:64bit: - [2012/03/20 13:11:30 | 000,162,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)

SRV:64bit: - [2012/03/20 12:56:24 | 000,210,584 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)

SRV:64bit: - [2012/03/20 12:55:54 | 000,199,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)

SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)

SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)

SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)

SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)

SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)

SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)

SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)

SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)

SRV:64bit: - [2010/12/17 15:41:32 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®

SRV:64bit: - [2010/12/17 15:28:46 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)

SRV:64bit: - [2010/12/17 15:26:50 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®

SRV:64bit: - [2010/11/29 16:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel®

SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2010/08/30 15:42:00 | 000,220,528 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\mcafee\msc\McAWFwk.exe -- (McAWFwk)

SRV:64bit: - [2009/11/17 22:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)

SRV - [2012/07/01 18:57:32 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/06/19 18:44:33 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/12/12 12:03:40 | 000,290,832 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)

SRV - [2011/10/04 19:21:56 | 000,452,096 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\GSService.exe -- (GSService)

SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2011/08/18 12:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)

SRV - [2011/04/22 12:13:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)

SRV - [2011/04/21 22:32:26 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2010/12/20 19:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®

SRV - [2010/12/20 19:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®

SRV - [2010/12/14 02:21:34 | 000,974,912 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)

SRV - [2010/12/14 02:21:30 | 001,298,496 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)

SRV - [2010/12/14 02:21:18 | 000,901,184 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)

SRV - [2010/11/25 06:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)

SRV - [2010/11/25 06:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)

SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

SRV - [2010/08/25 21:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)

SRV - [2010/04/02 21:34:12 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)

SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/09 18:24:02 | 000,026,752 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\dualshock3_x64.sys -- (dualshock3) SIXAXIS/DUALSHOCK3 DX (USB)

DRV:64bit: - [2012/07/05 10:21:29 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/22 13:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)

DRV:64bit: - [2012/02/22 13:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)

DRV:64bit: - [2012/02/22 13:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)

DRV:64bit: - [2012/02/22 13:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)

DRV:64bit: - [2012/02/22 13:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)

DRV:64bit: - [2012/02/22 13:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)

DRV:64bit: - [2012/02/22 13:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)

DRV:64bit: - [2012/02/22 13:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)

DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)

DRV:64bit: - [2011/04/26 12:04:22 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)

DRV:64bit: - [2011/04/26 12:04:20 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)

DRV:64bit: - [2011/04/22 12:13:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)

DRV:64bit: - [2011/03/31 23:35:12 | 000,355,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)

DRV:64bit: - [2011/03/26 20:19:48 | 012,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/10 18:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2011/02/10 18:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2011/01/20 12:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)

DRV:64bit: - [2011/01/12 21:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/12/21 21:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®

DRV:64bit: - [2010/12/14 09:18:50 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)

DRV:64bit: - [2010/12/14 09:10:10 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)

DRV:64bit: - [2010/12/14 02:21:06 | 000,274,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)

DRV:64bit: - [2010/12/01 12:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2010/11/30 18:02:54 | 000,412,264 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010/11/29 16:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)

DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/10/19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®

DRV:64bit: - [2010/08/19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)

DRV:64bit: - [2010/07/15 20:45:42 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)

DRV:64bit: - [2010/03/29 17:31:18 | 000,142,848 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tinspusb.sys -- (USBTINSP) TI-Nspire™

DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2010/02/26 20:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)

DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2005/03/09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE:64bit: - HKLM\..\SearchScopes\{9DE1C888-64B3-4978-9258-E68E4B2F0BAE}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKLM\..\SearchScopes\{9DE1C888-64B3-4978-9258-E68E4B2F0BAE}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-124102960-2561643217-3813134236-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

IE - HKU\S-1-5-21-124102960-2561643217-3813134236-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKU\S-1-5-21-124102960-2561643217-3813134236-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKU\S-1-5-21-124102960-2561643217-3813134236-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-21-124102960-2561643217-3813134236-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7GGHP_enUS444

IE - HKU\S-1-5-21-124102960-2561643217-3813134236-1001\..\SearchScopes\{A60AA476-D888-4E65-9902-39AAF6183141}: "URL" = http://search.yahoo....&p={searchTerms}

IE - HKU\S-1-5-21-124102960-2561643217-3813134236-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-124102960-2561643217-3813134236-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )

FF - HKLM\Software\MozillaPlugins\@sony.com/eBookLibrary: C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)

FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@View22/View22: C:\Program Files\View22\Version 3.10.50\NPView22.dll (View22 Technology)

FF - HKLM\Software\MozillaPlugins\@vizzed.com/VizzedRGR: C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll (Vizzed.com)

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\6\NP_wtapp.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\npEpicPlayDisplayHost: C:\Program Files (x86)\EpicPlay\npEpicHost.dll ( )

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Pam\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/03/08 17:43:56 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/06/25 08:55:08 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/15 22:28:42 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/02 15:27:37 | 000,000,000 | ---D | M]

[2011/12/15 14:11:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pam\AppData\Roaming\Mozilla\Extensions

[2012/07/06 15:26:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pam\AppData\Roaming\Mozilla\Firefox\Profiles\1mp38r17.default\extensions

[2012/06/19 18:43:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/06/15 22:28:41 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/06/15 22:28:38 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/06/15 22:28:38 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found

O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20120624210739.dll (McAfee, Inc.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\mcafee\msk\mskapbho.dll ()

O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120624210739.dll (McAfee, Inc.)

O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Hyperionics DB Toolbar\tbcore3.dll ()

O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (Hyperionics DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\Hyperionics DB Toolbar\tbcore3.dll ()

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKU\S-1-5-21-124102960-2561643217-3813134236-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

O4:64bit: - HKLM..\Run: [bTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)

O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found

O4:64bit: - HKLM..\Run: [intelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)

O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [QuickSet] c:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)

O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)

O4 - HKLM..\Run: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation)

O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-124102960-2561643217-3813134236-1000..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-124102960-2561643217-3813134236-1001..\Run: [Facebook Update] C:\Users\Pam\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - HKU\S-1-5-21-124102960-2561643217-3813134236-1001..\Run: [steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-21-124102960-2561643217-3813134236-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk = C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe (GameStop Corp.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-124102960-2561643217-3813134236-1001\..Trusted Domains: internet ([]about in Trusted sites)

O15 - HKU\S-1-5-21-124102960-2561643217-3813134236-1001\..Trusted Domains: mcafee.com ([]http in Trusted sites)

O15 - HKU\S-1-5-21-124102960-2561643217-3813134236-1001\..Trusted Domains: mcafee.com ([]https in Trusted sites)

O15 - HKU\S-1-5-21-124102960-2561643217-3813134236-1001\..Trusted Domains: vizzed.com ([www] * in Trusted sites)

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.2.1)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)

O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50CE0BC7-06DD-4B64-A13B-E060E16B44BF}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\cozi - No CLSID value found

O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)

O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)

O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)

O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKU\S-1-5-21-124102960-2561643217-3813134236-1001\...exe [@ = exefile] -- Reg Error: Key error. File not found

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/10 09:43:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

[2012/07/09 22:22:53 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{03682F14-2364-4CB8-8B30-F0684BA1F42A}

[2012/07/09 22:22:43 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{682DA611-85E6-4DB2-A966-137F4D21E439}

[2012/07/09 20:00:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy

[2012/07/09 19:29:19 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{37A5C252-73EC-4236-B7EC-BC6A8639C536}

[2012/07/09 08:17:47 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{870DC6A3-0A00-4A39-9F7C-EE3EE2F9C00A}

[2012/07/08 16:18:28 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{B20D96D1-EABB-4A9B-BF1F-5F2FB0826591}

[2012/07/08 16:18:18 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{7E485D29-F5EC-4EDD-B38D-062BC80A11C7}

[2012/07/07 11:38:33 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{EC056670-30F4-4947-BD2F-CF71DB07C99D}

[2012/07/07 11:38:11 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{36FCF028-5B13-4718-929D-6927371BA9D0}

[2012/07/06 11:05:54 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{587A5C4B-FFAB-46D5-A05F-6EA5DFB0EA79}

[2012/07/06 11:05:43 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{3B0DF71E-FCD7-4FF4-97DA-8FF869BF2C03}

[2012/07/05 22:51:55 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{46825A86-C17C-4D4B-B992-4F1850208F4D}

[2012/07/05 22:51:41 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{3CBE701A-64C0-4F76-B6EF-478F4F63C5CD}

[2012/07/05 08:12:48 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{81DDFDC5-E770-4C1F-AAEE-3E4E6837ACD6}

[2012/07/05 08:12:36 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{5CAFA464-564B-4422-86A4-F67DB50496C4}

[2012/07/04 19:18:17 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{18ECC76B-66A5-4A83-A931-259CBD2B75C5}

[2012/07/04 19:18:06 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{04361EC6-18FB-4A58-B805-EC1A8BD08B56}

[2012/07/04 10:36:23 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{3E84165F-618C-4DA3-8E7F-AC5D4524F9EB}

[2012/07/04 10:36:11 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{C0E350C1-1AAC-46CD-9027-63C24EED826F}

[2012/07/03 23:49:17 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva

[2012/07/03 23:47:50 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Roaming\Auslogics

[2012/07/03 23:10:11 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\www.shadowexplorer.com

[2012/07/03 23:05:41 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Roaming\www.shadowexplorer.com

[2012/07/03 22:59:23 | 000,000,000 | ---D | C] -- C:\Users\Pam\Desktop\Saves

[2012/07/03 17:00:34 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{583E36BC-6F7C-4BEC-8AF8-307FFFB1D419}

[2012/07/03 17:00:08 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{C0EA5220-A3D9-470A-9BD1-A6BFA552E00C}

[2012/07/02 15:26:21 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX

[2012/07/02 13:19:46 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{9C1584FD-C265-4A3F-BB8D-5814CB074CB3}

[2012/07/02 13:19:34 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{7C8585FE-71E3-4E58-AC34-63BB530B248E}

[2012/07/01 19:26:17 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%

[2012/07/01 18:59:59 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{58C8C36A-8443-46B9-91E5-1A70E25484D1}

[2012/07/01 18:59:48 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{149219EC-5152-45A0-A3B8-1A9F0B2BD165}

[2012/06/30 23:48:57 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{11779080-F05A-49BD-B3F6-77BE6250ED3B}

[2012/06/30 23:48:47 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{CFDD4971-FC5F-4548-9D47-812C3AEE7097}

[2012/06/30 11:22:40 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{1D54DA9A-E552-45BB-B18E-84D72FDB3D3C}

[2012/06/30 11:22:30 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{E0C9EA85-01A7-4930-B1E3-35D5BFCF01DA}

[2012/06/29 22:56:53 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{81D3E59A-3C91-4127-97A9-191B866B09BD}

[2012/06/29 22:56:40 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{EC3499D0-F933-48F0-99E0-5CE94729B22B}

[2012/06/29 19:59:16 | 000,000,000 | ---D | C] -- C:\Users\Pam\Data

[2012/06/29 16:24:40 | 000,121,416 | ---- | C] (MotioninJoy) -- C:\Windows\SysNative\drivers\MijXfilt.sys

[2012/06/29 16:24:39 | 000,000,000 | ---D | C] -- C:\Program Files\MotioninJoy

[2012/06/29 16:03:50 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Roaming\MotioninJoy

[2012/06/29 15:53:49 | 000,046,592 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\SysWow64\libusb0.dll

[2012/06/29 11:08:53 | 000,000,000 | ---D | C] -- C:\Users\Pam\meshes

[2012/06/29 11:08:50 | 000,000,000 | ---D | C] -- C:\Users\Pam\textures

[2012/06/28 23:40:51 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{E177AE3C-3199-4F72-860D-36263CEB4B9F}

[2012/06/28 23:40:41 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{CB8F0BD3-26CF-40EC-8AC8-000A43895965}

[2012/06/28 23:21:02 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\Skyrim

[2012/06/28 22:24:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Stardock

[2012/06/28 22:24:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bethesda Softworks

[2012/06/28 22:23:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Gibraltar

[2012/06/28 22:21:25 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Roaming\Stardock

[2012/06/28 22:21:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameStop App

[2012/06/28 22:21:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameStop

[2012/06/28 22:21:00 | 000,000,000 | ---D | C] -- C:\ProgramData\GameStop

[2012/06/28 22:20:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\{79B7B63C-5992-4F92-9E81-21B6907F23B6}

[2012/06/28 22:19:58 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\PackageAware

[2012/06/28 22:19:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Stardock

[2012/06/28 07:46:53 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{B1A09044-1BCF-46FE-BFAF-EA393AC72736}

[2012/06/28 07:46:43 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{3C09F7C9-8A84-4018-B6A5-40614B68C9E9}

[2012/06/27 16:33:11 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\Macromedia

[2012/06/27 00:22:51 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{B2E82BDA-D6A0-42C3-B8CC-FE1A3CCD52EC}

[2012/06/27 00:22:41 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{9868282F-D45F-47BA-B97B-6E6DD8B85701}

[2012/06/25 20:29:28 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{C1726BFA-10E7-4555-8A24-4D5240DA80B5}

[2012/06/25 20:29:18 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{DC41D326-B3B7-4D7F-ABBB-5EA5607D13DB}

[2012/06/25 08:21:10 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{D57FCAB4-F13C-4F85-BE6E-C685CDCFF6A3}

[2012/06/25 08:21:00 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{B38BB338-E60C-403C-A218-94338AB0CA34}

[2012/06/24 16:54:18 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{67ED4673-7BB4-4A56-A095-F3DC2DA3A406}

[2012/06/24 16:54:08 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{4ACB04C1-FB7E-4EB9-A49B-449AF3982260}

[2012/06/24 07:27:03 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{B4559E34-D665-48F3-8C6C-36A3426967B4}

[2012/06/24 07:26:42 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{76458418-4625-4DC2-AB47-131598D15219}

[2012/06/23 18:52:47 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{33794A99-9B5E-4BA6-8EA3-0AF6230526D8}

[2012/06/23 18:52:37 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{98B94460-9B40-41AE-85A9-97F1AF4ADE1B}

[2012/06/21 08:24:31 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{2A5828AE-CF9C-4D4F-818A-8D1BB6002B2F}

[2012/06/21 08:24:09 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{51D6FBEE-F025-4ACD-812D-65B7EE988D9D}

[2012/06/20 08:25:49 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{5F8F602B-3494-44D0-B260-A22F6F4224B7}

[2012/06/20 08:25:40 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{BC7FEB9C-D575-4A02-A122-0AEE5AB706F5}

[2012/06/19 10:44:17 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{276FA7F5-684D-45F4-B36B-EF155C504796}

[2012/06/19 10:44:07 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{0E937461-DD1D-4B45-B671-CE7790550F10}

[2012/06/18 20:45:46 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{951FFC82-7F6E-42CC-A347-3FF7BE709788}

[2012/06/18 20:45:36 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{A587648C-419A-43AC-890D-839C6D74A763}

[2012/06/17 22:05:45 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\Facebook

[2012/06/17 09:27:44 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{D66F18BF-F0F2-43FB-A571-C3B567971843}

[2012/06/16 14:22:32 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{2F339DB5-4C59-44F9-A239-569B635339DB}

[2012/06/15 20:17:10 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{E09F4DEC-2AAE-4E2C-9F8B-FA8746D0EDFB}

[2012/06/14 18:08:49 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{CE58111E-A1AF-4A7E-BDD8-5A05F1E18A46}

[2012/06/14 18:08:38 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{ED57CF24-831A-4501-AF3E-5FA08F64A771}

[2012/06/13 23:50:46 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{C392F518-296B-467C-96E5-CA3238626B56}

[2012/06/13 23:50:36 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{536B4E82-4E8C-479F-8781-50B8DD4D05E6}

[2012/06/12 18:24:31 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{01D6CF96-D835-4E6C-9F56-112A19E74598}

[2012/06/12 18:24:21 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{5EE2C7F2-4340-4222-8229-A62E82B3FB3A}

[2012/06/11 20:32:07 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{19CE4286-7989-4C9B-B966-7A2776ADBD4B}

[2012/06/11 20:31:56 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{5DD91BEE-C6A2-47C0-B5A1-9375CD6DF996}

[2012/06/10 23:42:34 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{14243C91-D0EB-436F-9D1C-C9F84F27E8CD}

[2012/06/10 23:42:24 | 000,000,000 | ---D | C] -- C:\Users\Pam\AppData\Local\{10183091-5A35-450E-9D1A-19FCC1605D5D}

[1 C:\Users\Pam\Documents\*.tmp files -> C:\Users\Pam\Documents\*.tmp -> ]

[1 C:\Users\Pam\Desktop\*.tmp files -> C:\Users\Pam\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/10 09:47:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/07/10 09:46:11 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/07/10 09:46:11 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/07/10 09:42:09 | 000,001,083 | ---- | M] () -- C:\Users\Pam\Desktop\OTL - Shortcut.lnk

[2012/07/10 09:41:23 | 000,001,152 | ---- | M] () -- C:\Users\Pam\Desktop\tdsskiller - Shortcut.lnk

[2012/07/10 09:39:20 | 000,001,202 | ---- | M] () -- C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk

[2012/07/10 09:37:59 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/07/10 09:37:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/07/10 09:37:35 | 469,372,927 | -HS- | M] () -- C:\hiberfil.sys

[2012/07/10 09:18:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/07/10 08:52:05 | 000,780,046 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/07/10 08:52:05 | 000,660,982 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/07/10 08:52:05 | 000,121,620 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/07/10 08:49:24 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-124102960-2561643217-3813134236-1001UA.job

[2012/07/09 22:10:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-124102960-2561643217-3813134236-1001Core.job

[2012/07/09 18:24:02 | 000,026,752 | ---- | M] () -- C:\Windows\SysNative\drivers\dualshock3_x64.sys

[2012/07/09 16:41:44 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job

[2012/07/06 14:56:20 | 008,774,187 | ---- | M] () -- C:\Users\Pam\Desktop\buildcraft-client-A-core-3.1.5.zip

[2012/07/05 10:21:29 | 000,121,416 | ---- | M] (MotioninJoy) -- C:\Windows\SysNative\drivers\MijXfilt.sys

[2012/07/05 07:59:50 | 539,810,488 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012/07/04 18:05:00 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\vtscheduletask.job

[2012/06/29 16:31:20 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf

[2012/06/29 16:31:20 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_MijXfilt_01009.Wdf

[2012/06/28 22:21:03 | 000,001,055 | ---- | M] () -- C:\Users\Public\Desktop\GameStop App.lnk

[2012/06/19 10:23:54 | 000,000,226 | ---- | M] () -- C:\Users\Pam\Desktop\Junior High Catholic Parish Religious Education Programs Communication Center.url

[2012/06/14 03:32:08 | 000,462,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[1 C:\Users\Pam\Documents\*.tmp files -> C:\Users\Pam\Documents\*.tmp -> ]

[1 C:\Users\Pam\Desktop\*.tmp files -> C:\Users\Pam\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

File not found -- C:\Users\Pam\AppData\Local\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U\80000000.@

[2012/07/10 09:42:09 | 000,001,083 | ---- | C] () -- C:\Users\Pam\Desktop\OTL - Shortcut.lnk

[2012/07/10 09:41:23 | 000,001,152 | ---- | C] () -- C:\Users\Pam\Desktop\tdsskiller - Shortcut.lnk

[2012/07/10 09:39:00 | 000,022,016 | ---- | C] () -- C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U\800000cb.@

[2012/07/08 22:46:51 | 001,398,248 | ---- | C] () -- C:\Users\Pam\femalehands_1.dds

[2012/07/08 22:46:49 | 011,184,952 | ---- | C] () -- C:\Users\Pam\femalebody_1.dds

[2012/07/02 03:28:16 | 000,001,696 | ---- | C] () -- C:\Users\Pam\AppData\Local\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U\00000001.@

[2012/07/01 18:57:05 | 000,001,696 | ---- | C] () -- C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U\00000001.@

[2012/06/29 16:31:20 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf

[2012/06/29 16:31:20 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_MijXfilt_01009.Wdf

[2012/06/29 15:53:48 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys

[2012/06/28 22:21:26 | 000,001,202 | ---- | C] () -- C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk

[2012/06/28 22:21:03 | 000,001,055 | ---- | C] () -- C:\Users\Public\Desktop\GameStop App.lnk

[2012/06/19 10:23:54 | 000,000,226 | ---- | C] () -- C:\Users\Pam\Desktop\Junior High Catholic Parish Religious Education Programs Communication Center.url

[2012/06/17 22:05:53 | 000,000,920 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-124102960-2561643217-3813134236-1001UA.job

[2012/06/17 22:05:53 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-124102960-2561643217-3813134236-1001Core.job

[2012/01/11 01:42:36 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\@

[2012/01/11 01:42:36 | 000,002,048 | -HS- | C] () -- C:\Users\Pam\AppData\Local\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\@

[2012/01/10 20:04:55 | 000,012,316 | -HS- | C] () -- C:\Users\Pam\AppData\Local\252m62a825251yr2ei246nx

[2012/01/10 20:04:55 | 000,012,316 | -HS- | C] () -- C:\ProgramData\252m62a825251yr2ei246nx

[2012/01/07 18:29:25 | 000,008,742 | -HS- | C] () -- C:\Users\Pam\AppData\Local\05gtx42eiy5375ccrrj16tamri4ll38vkh1q13r1p53sgq

[2012/01/07 18:29:25 | 000,008,742 | -HS- | C] () -- C:\ProgramData\05gtx42eiy5375ccrrj16tamri4ll38vkh1q13r1p53sgq

[2012/01/06 19:44:36 | 000,012,870 | -HS- | C] () -- C:\Users\Pam\AppData\Local\vay3y2g8qcaa

[2012/01/06 19:44:36 | 000,012,870 | -HS- | C] () -- C:\ProgramData\vay3y2g8qcaa

[2011/12/26 19:33:13 | 000,000,128 | ---- | C] () -- C:\Windows\Sierra.ini

[2011/11/10 23:05:22 | 000,003,584 | ---- | C] () -- C:\Users\Pam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/11/05 16:04:15 | 000,103,784 | ---- | C] () -- C:\Users\Pam\GoToAssistDownloadHelper.exe

[2011/10/15 20:12:20 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2011/10/15 20:12:19 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2011/10/15 20:10:43 | 000,452,096 | ---- | C] () -- C:\Windows\SysWow64\GSService.exe

[2011/08/02 09:10:32 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin

[2011/08/02 09:10:29 | 000,214,760 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin

[2011/08/02 09:10:27 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

[2011/08/02 09:10:27 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

[2011/08/02 09:10:25 | 013,355,008 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

[2011/08/02 07:44:47 | 000,017,776 | ---- | C] () -- C:\Windows\EvtMessage.dll

[2011/02/10 12:10:51 | 000,774,436 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010/07/15 20:45:44 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll

========== LOP Check ==========

[2012/05/13 23:07:58 | 000,000,000 | ---D | M] -- C:\Users\Pam\AppData\Roaming\.minecraft

[2012/07/03 23:47:50 | 000,000,000 | ---D | M] -- C:\Users\Pam\AppData\Roaming\Auslogics

[2012/01/05 22:47:00 | 000,000,000 | ---D | M] -- C:\Users\Pam\AppData\Roaming\Awem

[2012/03/27 09:52:19 | 000,000,000 | -H-D | M] -- C:\Users\Pam\AppData\Roaming\Fingertapps

[2012/01/24 22:07:09 | 000,000,000 | ---D | M] -- C:\Users\Pam\AppData\Roaming\iWing

[2012/02/02 19:48:12 | 000,000,000 | ---D | M] -- C:\Users\Pam\AppData\Roaming\JCreator

[2012/01/20 23:00:45 | 000,000,000 | ---D | M] -- C:\Users\Pam\AppData\Roaming\Jewel Match 3

[2012/06/29 16:03:50 | 000,000,000 | ---D | M] -- C:\Users\Pam\AppData\Roaming\MotioninJoy

[2011/11/05 18:00:46 | 000,000,000 | -H-D | M] -- C:\Users\Pam\AppData\Roaming\Oberon Media

[2011/08/11 13:30:36 | 000,000,000 | -H-D | M] -- C:\Users\Pam\AppData\Roaming\PCDr

[2012/01/04 21:24:13 | 000,000,000 | ---D | M] -- C:\Users\Pam\AppData\Roaming\ShamanGS

[2011/12/15 14:11:01 | 000,000,000 | ---D | M] -- C:\Users\Pam\AppData\Roaming\SoftGrid Client

[2012/06/28 22:21:25 | 000,000,000 | ---D | M] -- C:\Users\Pam\AppData\Roaming\Stardock

[2011/08/09 23:48:41 | 000,000,000 | -H-D | M] -- C:\Users\Pam\AppData\Roaming\TP

[2012/05/10 23:06:58 | 000,000,000 | ---D | M] -- C:\Users\Pam\AppData\Roaming\WildTangent

[2011/08/10 20:45:44 | 000,000,000 | -H-D | M] -- C:\Users\Pam\AppData\Roaming\Windows Live Writer

[2012/07/03 23:05:41 | 000,000,000 | ---D | M] -- C:\Users\Pam\AppData\Roaming\www.shadowexplorer.com

[2012/07/09 22:10:00 | 000,000,898 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-124102960-2561643217-3813134236-1001Core.job

[2012/07/10 08:49:24 | 000,000,920 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-124102960-2561643217-3813134236-1001UA.job

[2012/05/31 21:27:19 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job

[2012/07/01 09:13:29 | 000,025,120 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2012/07/09 16:41:44 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

[2012/07/04 18:05:00 | 000,000,410 | ---- | M] () -- C:\Windows\Tasks\vtscheduletask.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 861 bytes -> C:\Users\Pam\Desktop\University of Delaware_ My Blue Hen Home.eml:OECustomProperty

@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:486CFA26

@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:E9EB8C3A

< End of report >

Share this post


Link to post
Share on other sites

Extra-

OTL Extras logfile created on: 7/10/2012 9:42:40 AM - Run 1

OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Pam\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.92 Gb Total Physical Memory | 3.81 Gb Available Physical Memory | 64.47% Memory free

11.83 Gb Paging File | 9.43 Gb Available in Paging File | 79.72% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 446.13 Gb Total Space | 359.93 Gb Free Space | 80.68% Space Free | Partition Type: NTFS

Drive D: | 183.72 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: PAM-PC | User Name: Pam | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-124102960-2561643217-3813134236-1001\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center

"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector

"{1111706F-666A-4037-7777-202648764D10}" = JavaFX 2.0.2 (64-bit)

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{2222706F-666A-4037-7777-202648764D10}" = JavaFX 2.0.2 SDK (64-bit)

"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java™ 6 Update 24 (64-bit)

"{26A24AE4-039D-4CA4-87B4-2F86417002FF}" = Java™ 7 Update 2 (64-bit)

"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display

"{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Intel® PROSet/Wireless WiFi Software

"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy Gamepad tool 0.7.1001

"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes

"{5A80B0BA-79AF-4B11-B851-CCB9F7977AC0}" = Intel® PROSet/Wireless Software for Bluetooth® Technology

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup

"{64A3A4F4-B792-11D6-A78A-00B0D0170020}" = Java™ SE Development Kit 7 Update 2 (64-bit)

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 268.30

"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 268.30

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.30

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel® Turbo Boost Technology Monitor 2.0

"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support

"{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Dell Support Center" = Dell Support Center

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"ProInst" = Intel PROSet Wireless

"Recuva" = Recuva

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{03703CBB-563D-45CE-8B35-CB04CAB258BE}" = Intel® WiDi

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup

"{149C2374-E707-4B53-A487-A2DA2064E03D}" = Vz In Home Agent

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1959CCD2-1227-4de4-97E7-04F29D526762}_is1" = AnyMedia Player 1.7.9

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0

"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App

"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4D3DA153-548D-4D7F-B62B-653D845169D3}" = Reader for PC

"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter

"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{797511D8-6C88-4605-B278-552756A3D4C3}" = Microsoft Store Download Manager

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159

"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide

"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online

"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{821DABD6-26F2-49E5-AE55-40A589ADBE6D}" = Pharaoh and Cleopatra

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113748870}" = El Dorado Quest

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{859963C1-E908-49E8-9FA3-9E833D717563}" = IHA_MessageCenter

"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8EA2A0FF-3C93-46FA-9DBA-109A8C5B00BE}" = Vizzed Retro Game Room

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHERR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PUBLISHERR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PUBLISHERR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_PUBLISHERR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_PUBLISHERR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_PUBLISHERR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_PUBLISHERR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_PUBLISHERR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_PUBLISHERR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007

"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}" = Dell MusicStage

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars

"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175

"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AA31EA7B-7917-4000-949B-38E91F848A25}" = Internet Explorer

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI

"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime

"{B5EB9775-4295-425E-9EBA-25968E80D0FC}" = IKEA HomePlanner Office

"{B70E5793-F912-4C62-AFE2-C4F0B078FD31}" = Reader Library by Sony

"{C16A92EF-017B-4839-9C75-FBADB5A1FA27}" = TrustedID

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CF67ED0C-F85D-4791-AED3-3FE882EDB45D}" = Dell Marketplace Webslice IE8

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}" = Cozi

"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = GameStop App

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter

"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari

"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FE182796-F6BA-486A-8590-89B7E8D1D60F}" = Dell Stage

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Advanced Audio FX Engine" = Advanced Audio FX Engine

"Dell Webcam Central" = Dell Webcam Central

"EpicPlay" = EpicPlay

"GameStop App" = GameStop App

"Hyperionics DB Toolbar" = Hyperionics DB Toolbar

"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage

"JCreator LE_is1" = JCreator LE 5.00

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.7.0

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"McAfee Virtual Technician" = McAfee Virtual Technician

"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)

"MSC" = McAfee SecurityCenter

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"Office14.Click2Run" = Microsoft Office Click-to-Run 2010

"Office14.SingleImage" = Microsoft Office Home and Student 2010

"PUBLISHERR" = Microsoft Office Publisher 2007

"Steam App 202480" = Creation Kit

"Steam App 33460" = From Dust

"Steam App 72850" = The Elder Scrolls V: Skyrim

"Steam App 8930" = Sid Meier's Civilization V

"View22" = View22

"WildTangent hp Master Uninstall" = HP Games

"WinLiveSuite" = Windows Live Essentials

"WinPcapInst" = WinPcap 4.1.2

"WinRAR archiver" = WinRAR 4.11 (32-bit)

"WTA-146d189c-b475-4e2f-a62f-6ba5c13f1000" = Cradle Of Egypt Collector's Edition

"WTA-3e4e228b-5694-4463-a428-1589f46217be" = Jewel Quest Mysteries: The Seventh Gate Collector's Edition

"WTA-56625737-b381-4e62-b90a-5b8a2c1bf0d1" = Jewel Match 3

"WTA-c99d72a3-b518-4c86-8c15-ef98901034ac" = Robin's Island Adventure

"WTA-cfc44530-d1ee-4d70-a407-b7783873cc86" = 4 Elements II

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-124102960-2561643217-3813134236-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 6/29/2012 12:05:23 PM | Computer Name = Pam-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 4430

Error - 6/29/2012 12:05:23 PM | Computer Name = Pam-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 4430

Error - 6/29/2012 12:05:24 PM | Computer Name = Pam-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/29/2012 12:05:24 PM | Computer Name = Pam-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 5444

Error - 6/29/2012 12:05:24 PM | Computer Name = Pam-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 5444

Error - 6/29/2012 12:05:25 PM | Computer Name = Pam-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/29/2012 12:05:25 PM | Computer Name = Pam-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 6536

Error - 6/29/2012 12:05:25 PM | Computer Name = Pam-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 6536

Error - 6/29/2012 4:20:25 PM | Computer Name = Pam-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\Program Files (x86)\Cozi

Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component

version required by the application conflicts with another component version already

active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component

2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 6/29/2012 4:21:11 PM | Computer Name = Pam-PC | Source = WinMgmt | ID = 10

Description =

[ Media Center Events ]

Error - 8/13/2011 1:36:05 AM | Computer Name = Pam-PC | Source = MCUpdate | ID = 0

Description = 1:36:00 AM - Error connecting to the internet. 1:36:00 AM - Unable

to contact server..

Error - 8/13/2011 2:39:31 AM | Computer Name = Pam-PC | Source = MCUpdate | ID = 0

Description = 2:39:30 AM - Error connecting to the internet. 2:39:30 AM - Unable

to contact server..

Error - 8/14/2011 1:10:45 AM | Computer Name = Pam-PC | Source = MCUpdate | ID = 0

Description = 1:10:39 AM - Error connecting to the internet. 1:10:39 AM - Unable

to contact server..

Error - 8/14/2011 2:16:43 AM | Computer Name = Pam-PC | Source = MCUpdate | ID = 0

Description = 2:16:37 AM - Failed to retrieve SportsSchedule (Error: The operation

has timed out)

Error - 8/14/2011 3:19:19 AM | Computer Name = Pam-PC | Source = MCUpdate | ID = 0

Description = 3:19:14 AM - Failed to retrieve SportsSchedule (Error: The operation

has timed out)

Error - 8/14/2011 4:24:03 AM | Computer Name = Pam-PC | Source = MCUpdate | ID = 0

Description = 4:23:59 AM - Failed to retrieve SportsSchedule (Error: The operation

has timed out)

[ System Events ]

Error - 2/5/2012 5:04:33 PM | Computer Name = Pam-PC | Source = VDS Basic Provider | ID = 33554433

Description =

Error - 2/5/2012 5:57:43 PM | Computer Name = Pam-PC | Source = iaStor | ID = 262153

Description = The device, \Device\Ide\iaStor0, did not respond within the timeout

period.

Error - 2/6/2012 9:38:44 PM | Computer Name = Pam-PC | Source = iaStor | ID = 262153

Description = The device, \Device\Ide\iaStor0, did not respond within the timeout

period.

Error - 2/7/2012 8:20:41 PM | Computer Name = Pam-PC | Source = iaStor | ID = 262153

Description = The device, \Device\Ide\iaStor0, did not respond within the timeout

period.

Error - 2/8/2012 6:49:27 PM | Computer Name = Pam-PC | Source = iaStor | ID = 262153

Description = The device, \Device\Ide\iaStor0, did not respond within the timeout

period.

Error - 2/9/2012 7:02:30 PM | Computer Name = Pam-PC | Source = iaStor | ID = 262153

Description = The device, \Device\Ide\iaStor0, did not respond within the timeout

period.

Error - 2/10/2012 4:46:28 PM | Computer Name = Pam-PC | Source = Service Control Manager | ID = 7003

Description = The McAfee Personal Firewall Service service depends the following

service: MpsSvc. This service might not be installed.

Error - 2/10/2012 4:46:28 PM | Computer Name = Pam-PC | Source = Service Control Manager | ID = 7003

Description = The McAfee Personal Firewall Service service depends the following

service: MpsSvc. This service might not be installed.

Error - 2/10/2012 7:45:24 PM | Computer Name = Pam-PC | Source = Service Control Manager | ID = 7003

Description = The McAfee Personal Firewall Service service depends the following

service: MpsSvc. This service might not be installed.

Error - 2/10/2012 7:45:24 PM | Computer Name = Pam-PC | Source = Service Control Manager | ID = 7003

Description = The McAfee Personal Firewall Service service depends the following

service: MpsSvc. This service might not be installed.

< End of report >

Share this post


Link to post
Share on other sites

Step 1

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    File not found -- C:\Users\Pam\AppData\Local\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U\80000000.@
    [2012/07/10 09:39:00 | 000,022,016 | ---- | C] () -- C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U\800000cb.@
    [2012/07/02 03:28:16 | 000,001,696 | ---- | C] () -- C:\Users\Pam\AppData\Local\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U\00000001.@
    [2012/07/01 18:57:05 | 000,001,696 | ---- | C] () -- C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U\00000001.@
    [2012/01/11 01:42:36 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\@
    [2012/01/11 01:42:36 | 000,002,048 | -HS- | C] () -- C:\Users\Pam\AppData\Local\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\@
    [2012/01/10 20:04:55 | 000,012,316 | -HS- | C] () -- C:\Users\Pam\AppData\Local\252m62a825251yr2ei246nx
    [2012/01/10 20:04:55 | 000,012,316 | -HS- | C] () -- C:\ProgramData\252m62a825251yr2ei246nx
    [2012/01/07 18:29:25 | 000,008,742 | -HS- | C] () -- C:\Users\Pam\AppData\Local\05gtx42eiy5375ccrrj16tamri4ll38vkh1q13r1p53sgq
    [2012/01/07 18:29:25 | 000,008,742 | -HS- | C] () -- C:\ProgramData\05gtx42eiy5375ccrrj16tamri4ll38vkh1q13r1p53sgq
    [2012/01/06 19:44:36 | 000,012,870 | -HS- | C] () -- C:\Users\Pam\AppData\Local\vay3y2g8qcaa
    [2012/01/06 19:44:36 | 000,012,870 | -HS- | C] () -- C:\ProgramData\vay3y2g8qcaa

    :files
    C:\Users\Pam\AppData\Local\{792f4199-0b73-e2f4-7b46-706eb422a6b8}
    C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}
    ipconfig /flushdns /c

    :Commands
    [emptytemp]
    [clearallrestorepoints]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • OTL Fix log
  • Malwarebytes' Anti-Malware log

Share this post


Link to post
Share on other sites

All processes killed

Error: Unable to interpret <:OTLFile not found -- C:\Users\Pam\AppData\Local\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U\80000000.@[2012/07/10 09:39:00 | 000,022,016 | ---- | C] () -- C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U\800000cb.@[2012/07/02 03:28:16 | 000,001,696 | ---- | C] () -- C:\Users\Pam\AppData\Local\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U\00000001.@[2012/07/01 18:57:05 | 000,001,696 | ---- | C] () -- C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U\00000001.@[2012/01/11 01:42:36 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\@[2012/01/11 01:42:36 | 000,002,048 | -HS- | C] () -- C:\Users\Pam\AppData\Local\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\@[2012/01/10 20:04:55 | 000,012,316 | -HS- | C] () -- C:\Users\Pam\AppData\Local\252m62a825251yr2ei246nx[2012/01/10 20:04:55 | 000,012,316 | -HS- | C] () -- C:\ProgramData\252m62a825251yr2ei246nx[2012/01/07 18:29:25 | 000,008,742 | -HS- | C] () -- C:\Users\Pam\AppData\Local\05gtx42eiy5375ccrrj16tamri4ll38vkh1> in the current context!

Error: Unable to interpret <q13r1p53sgq[2012/01/07 18:29:25 | 000,008,742 | -HS- | C] () -- C:\ProgramData\05gtx42eiy5375ccrrj16tamri4ll38vkh1q13r1p53sgq[2012/01/06 19:44:36 | 000,012,870 | -HS- | C] () -- C:\Users\Pam\AppData\Local\vay3y2g8qcaa[2012/01/06 19:44:36 | 000,012,870 | -HS- | C] () -- C:\ProgramData\vay3y2g8qcaa:filesC:\Users\Pam\AppData\Local\{792f4199-0b73-e2f4-7b46-706eb422a6b8}C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}ipconfig /flushdns /c:Commands[emptytemp][clearallrestorepoints> in the current context!

OTL by OldTimer - Version 3.2.53.1 log created on 07102012_101924

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Malwarebytes Anti-Malware (PRO) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.07.10.09

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Pam :: PAM-PC [administrator]

Protection: Enabled

7/10/2012 10:24:00 AM

mbam-log-2012-07-10 (10-24-00).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 231276

Time elapsed: 4 minute(s), 36 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)

Share this post


Link to post
Share on other sites

Your script was not activated, because every entrie should be on a new line. Try again please.

Share this post


Link to post
Share on other sites

All processes killed

========== OTL ==========

File C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U\800000cb.@ not found.

C:\Users\Pam\AppData\Local\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U\00000001.@ moved successfully.

C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U\00000001.@ moved successfully.

C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\@ moved successfully.

C:\Users\Pam\AppData\Local\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\@ moved successfully.

C:\Users\Pam\AppData\Local\252m62a825251yr2ei246nx moved successfully.

C:\ProgramData\252m62a825251yr2ei246nx moved successfully.

C:\Users\Pam\AppData\Local\05gtx42eiy5375ccrrj16tamri4ll38vkh1q13r1p53sgq moved successfully.

C:\ProgramData\05gtx42eiy5375ccrrj16tamri4ll38vkh1q13r1p53sgq moved successfully.

C:\Users\Pam\AppData\Local\vay3y2g8qcaa moved successfully.

C:\ProgramData\vay3y2g8qcaa moved successfully.

========== FILES ==========

C:\Users\Pam\AppData\Local\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U folder moved successfully.

C:\Users\Pam\AppData\Local\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\L folder moved successfully.

C:\Users\Pam\AppData\Local\{792f4199-0b73-e2f4-7b46-706eb422a6b8} folder moved successfully.

C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U folder moved successfully.

C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\L folder moved successfully.

Folder move failed. C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8} scheduled to be moved on reboot.

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Pam\Downloads\cmd.bat deleted successfully.

C:\Users\Pam\Downloads\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Pam

->Temp folder emptied: 11638952 bytes

->Temporary Internet Files folder emptied: 334279946 bytes

->Java cache emptied: 5982684 bytes

->FireFox cache emptied: 188857031 bytes

->Apple Safari cache emptied: 1034240 bytes

->Flash cache emptied: 7230 bytes

User: Public

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 251553444 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 110611527 bytes

RecycleBin emptied: 1207195 bytes

Total Files Cleaned = 863.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.53.1 log created on 07102012_110706

Files\Folders moved on Reboot...

C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U folder moved successfully.

C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8} folder moved successfully.

C:\Users\Pam\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\Pam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\P5599YAE\EFpQQyG9GqCrobXxL-KRMWzklk6MJbhg7BmBP42CjCQ[1].eot moved successfully.

C:\Users\Pam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AN7MNA5V\fastbutton[2].htm moved successfully.

C:\Users\Pam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5I3EXK62\index[1].htm moved successfully.

C:\Users\Pam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5I3EXK62\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully.

C:\Users\Pam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.

C:\Users\Pam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

File C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8} not found!

File C:\Users\Pam\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

File C:\Users\Pam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\P5599YAE\EFpQQyG9GqCrobXxL-KRMWzklk6MJbhg7BmBP42CjCQ[1].eot not found!

File C:\Users\Pam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AN7MNA5V\fastbutton[2].htm not found!

File C:\Users\Pam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5I3EXK62\index[1].htm not found!

File C:\Users\Pam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5I3EXK62\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot not found!

File C:\Users\Pam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!

File C:\Users\Pam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT not found!

Registry entries deleted on Reboot...

Malwarebytes Anti-Malware (PRO) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.07.10.09

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Pam :: PAM-PC [administrator]

Protection: Enabled

7/10/2012 11:17:45 AM

mbam-log-2012-07-10 (11-17-45).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 230556

Time elapsed: 3 minute(s), 38 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

Good! :)

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Share this post


Link to post
Share on other sites

I am using a 2nd computer, but on the infected computer combo fix has been going for a really long time on setting up system restore point

Share this post


Link to post
Share on other sites

ComboFix 12-07-10.01 - Pam 07/10/2012 13:57:48.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6058.4230 [GMT -4:00]

Running from: c:\users\Pam\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Resident AV is active

.

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Hyperionics DB Toolbar\tbHElper.dll

c:\programdata\Roaming

c:\users\Pam\AppData\Local\Minibar

c:\users\Pam\AppData\Local\Minibar\chrome\background.html

c:\users\Pam\AppData\Local\Minibar\chrome\cached_http_request.js

c:\users\Pam\AppData\Local\Minibar\chrome\extension_info.json

c:\users\Pam\AppData\Local\Minibar\chrome\icons\icon128.png

c:\users\Pam\AppData\Local\Minibar\chrome\icons\icon19.png

c:\users\Pam\AppData\Local\Minibar\chrome\icons\icon32.png

c:\users\Pam\AppData\Local\Minibar\chrome\icons\icon48.png

c:\users\Pam\AppData\Local\Minibar\chrome\includes\content.js

c:\users\Pam\AppData\Local\Minibar\chrome\includes\content_kango.js

c:\users\Pam\AppData\Local\Minibar\chrome\includes\content_messaging.js

c:\users\Pam\AppData\Local\Minibar\chrome\includes\content_userscript.js

c:\users\Pam\AppData\Local\Minibar\chrome\kango-ui\button.js

c:\users\Pam\AppData\Local\Minibar\chrome\kango-ui\ui.js

c:\users\Pam\AppData\Local\Minibar\chrome\kango\browser.js

c:\users\Pam\AppData\Local\Minibar\chrome\kango\console.js

c:\users\Pam\AppData\Local\Minibar\chrome\kango\event_listener.js

c:\users\Pam\AppData\Local\Minibar\chrome\kango\initialize.js

c:\users\Pam\AppData\Local\Minibar\chrome\kango\io.js

c:\users\Pam\AppData\Local\Minibar\chrome\kango\jsonstorage.js

c:\users\Pam\AppData\Local\Minibar\chrome\kango\kango.js

c:\users\Pam\AppData\Local\Minibar\chrome\kango\lang.js

c:\users\Pam\AppData\Local\Minibar\chrome\kango\messaging.js

c:\users\Pam\AppData\Local\Minibar\chrome\kango\userscript_engine.js

c:\users\Pam\AppData\Local\Minibar\chrome\kango\xhr.js

c:\users\Pam\AppData\Local\Minibar\chrome\main.js

c:\users\Pam\AppData\Local\Minibar\chrome\manifest.json

c:\users\Pam\AppData\Local\Minibar\chrome\minibar\actions.js

c:\users\Pam\AppData\Local\Minibar\chrome\minibar\cachedxhr.js

c:\users\Pam\AppData\Local\Minibar\chrome\minibar\config.js

c:\users\Pam\AppData\Local\Minibar\chrome\minibar\macros.js

c:\users\Pam\AppData\Local\Minibar\chrome\minibar\minibar.js

c:\users\Pam\AppData\Local\Minibar\chrome\popup.html

c:\users\Pam\AppData\Local\Minibar\chrome\popup.js

c:\users\Pam\AppData\Local\Minibar\chrome\tab.html

c:\users\Pam\AppData\Local\Minibar\chrome\tab.js

c:\users\Pam\AppData\Local\Minibar\chrome_installer.js

c:\users\Pam\AppData\Local\Minibar\common.js

c:\users\Pam\AppData\Local\Minibar\install.json

c:\users\Pam\AppData\Local\Minibar\minibar.crx

c:\users\Pam\AppData\Local\Minibar\sqlite3.exe

c:\users\Pam\AppData\Local\Minibar\Uninstall.exe

c:\users\Pam\AppData\Roaming\Microsoft\Windows\Recent\Product Compare.url

c:\users\Pam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix

c:\users\Pam\Documents\~WRL0130.tmp

c:\users\Pam\GoToAssistDownloadHelper.exe

c:\windows\SysWow64\Packet.dll

c:\windows\SysWow64\pthreadVC.dll

c:\windows\SysWow64\wpcap.dll

.

Infected copy of c:\windows\system32\Services.exe was found and disinfected

Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

-------\Service_npf

.

.

((((((((((((((((((((((((( Files Created from 2012-06-10 to 2012-07-10 )))))))))))))))))))))))))))))))

.

.

2012-07-10 14:19 . 2012-07-10 14:19 -------- d-----w- C:\_OTL

2012-07-10 00:00 . 2011-12-07 23:42 328712 ----a-w- c:\windows\system32\MijFrc.dll

2012-07-04 03:49 . 2012-07-04 03:49 -------- d-----w- c:\program files\Recuva

2012-07-04 03:47 . 2012-07-04 03:47 -------- d-----w- c:\users\Pam\AppData\Roaming\Auslogics

2012-07-04 03:10 . 2012-07-04 03:10 -------- d-----w- c:\users\Pam\AppData\Local\www.shadowexplorer.com

2012-07-04 03:05 . 2012-07-04 03:05 -------- d-----w- c:\users\Pam\AppData\Roaming\www.shadowexplorer.com

2012-07-02 19:26 . 2012-07-02 19:33 -------- d-----w- c:\programdata\DivX

2012-07-01 23:26 . 2012-07-01 23:26 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-06-29 23:59 . 2011-12-31 16:33 -------- d-----w- c:\users\Pam\Data

2012-06-29 20:24 . 2012-07-05 14:21 121416 ----a-w- c:\windows\system32\drivers\MijXfilt.sys

2012-06-29 20:24 . 2010-08-19 23:24 74960 ----a-w- c:\windows\system32\drivers\xusb21.sys

2012-06-29 20:24 . 2012-07-10 00:00 -------- d-----w- c:\program files\MotioninJoy

2012-06-29 20:03 . 2012-06-29 20:03 -------- d-----w- c:\users\Pam\AppData\Roaming\MotioninJoy

2012-06-29 19:53 . 2005-03-10 00:50 46592 ----a-w- c:\windows\SysWow64\libusb0.dll

2012-06-29 19:53 . 2005-03-10 00:50 33792 ----a-w- c:\windows\SysWow64\drivers\libusb0.sys

2012-06-29 15:08 . 2012-02-04 19:27 -------- d-----w- c:\users\Pam\meshes

2012-06-29 15:08 . 2012-02-04 19:27 -------- d-----w- c:\users\Pam\textures

2012-06-29 03:21 . 2012-06-29 03:21 -------- d-----w- c:\users\Pam\AppData\Local\Skyrim

2012-06-29 02:24 . 2012-06-29 02:24 -------- d-----w- c:\program files (x86)\Common Files\Stardock

2012-06-29 02:24 . 2012-06-29 02:24 -------- d-----w- c:\program files (x86)\Bethesda Softworks

2012-06-29 02:23 . 2012-06-29 02:23 -------- d-----w- c:\programdata\Gibraltar

2012-06-29 02:21 . 2012-06-29 02:21 -------- d-----w- c:\users\Pam\AppData\Roaming\Stardock

2012-06-29 02:21 . 2012-06-29 02:21 -------- d-----w- c:\program files (x86)\GameStop App

2012-06-29 02:21 . 2012-06-29 02:21 -------- d-----w- c:\programdata\GameStop

2012-06-29 02:20 . 2012-06-29 02:21 -------- dc-h--w- c:\programdata\{79B7B63C-5992-4F92-9E81-21B6907F23B6}

2012-06-29 02:19 . 2012-06-29 02:19 -------- d-----w- c:\users\Pam\AppData\Local\PackageAware

2012-06-29 02:19 . 2012-06-29 02:19 -------- d-----w- c:\programdata\Stardock

2012-06-27 20:33 . 2012-06-27 20:33 -------- d-----w- c:\users\Pam\AppData\Local\Macromedia

2012-06-25 01:07 . 2012-05-25 21:09 29312 ----a-w- c:\program files (x86)\Mozilla Firefox\ScriptFF.dll

2012-06-21 12:33 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-21 12:33 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-21 12:33 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-21 12:33 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-21 12:33 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-21 12:33 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-21 12:33 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-21 12:32 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-21 12:32 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-18 02:05 . 2012-06-18 02:06 -------- d-----w- c:\users\Pam\AppData\Local\Facebook

2012-06-14 07:00 . 2012-05-18 02:06 2311680 ----a-w- c:\windows\system32\jscript9.dll

2012-06-13 20:06 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-13 20:06 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-13 20:06 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-09 22:24 . 2010-02-16 01:01 26752 ----a-w- c:\windows\system32\drivers\dualshock3_x64.sys

2012-07-01 22:57 . 2012-04-24 23:52 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-01 22:57 . 2011-08-30 00:30 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-20 21:28 . 2012-05-20 21:28 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-09-01 1242448]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-18 39408]

"Facebook Update"="c:\users\Pam\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-06-18 137536]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]

"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]

"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]

"Reader Library Launcher"="c:\program files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-07-13 906648]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"Reader Application Helper"="c:\program files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe" [2011-11-23 892928]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]

"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]

.

c:\users\Pam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

GameStop Now.lnk - c:\program files (x86)\GameStop App\Now\GameStopNow.exe [2012-6-14 2039536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 dualshock3;SIXAXIS/DUALSHOCK3 DX (USB) Beta;c:\windows\system32\DRIVERS\dualshock3_x64.sys [2012-07-09 26752]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-18 136176]

R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-01 257224]

R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2010-12-14 1298496]

R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2010-12-14 58128]

R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2010-12-14 274432]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]

R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 GSService;GSService;c:\windows\SysWOW64\GSService.exe [2011-10-04 452096]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-18 136176]

R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2010-12-14 59904]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]

R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-04-26 34200]

R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [x]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2011-10-06 25072]

R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 USBTINSP;TI-Nspire Handheld or TI Network Bridge Device Driver;c:\windows\system32\DRIVERS\tinspusb.sys [2010-03-29 142848]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-12 1255736]

R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

R4 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2010-08-30 220528]

R4 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]

R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-04-22 25960]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]

S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-12-14 901184]

S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2010-12-14 974912]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-12-12 290832]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]

S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-22 2009704]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-22 378472]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]

S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-04-26 25496]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]

S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-07-05 121416]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-12-22 8505856]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-11-30 412264]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 22:57]

.

2012-07-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-124102960-2561643217-3813134236-1001Core.job

- c:\users\Pam\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-18 02:05]

.

2012-07-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-124102960-2561643217-3813134236-1001UA.job

- c:\users\Pam\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-18 02:05]

.

2012-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-18 18:29]

.

2012-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-18 18:29]

.

2012-06-01 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:32]

.

2012-07-10 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:32]

.

2012-07-04 c:\windows\Tasks\vtscheduletask.job

- c:\program files (x86)\McAfee\Supportability\MVT\MvtApp.exe [2011-12-15 19:25]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]

"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-04-22 312936]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391512]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 415064]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]

"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2010-12-14 10222080]

"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-03-11 4500640]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]

"combofix"="c:\combofix\CF2174.3XE" [2010-11-21 345088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

Trusted Zone: internet

Trusted Zone: mcafee.com

Trusted Zone: vizzed.com\www

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Pam\AppData\Roaming\Mozilla\Firefox\Profiles\1mp38r17.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

AddRemove-EpicPlay - c:\program files (x86)\EpicPlay\epicRemoval.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]

"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2012-07-10 15:21:01 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-10 19:21

.

Pre-Run: 386,976,686,080 bytes free

Post-Run: 384,877,711,360 bytes free

.

- - End Of File - - C52E8EEC5BC6C9683DAF4AE9DAF10DF0

Share this post


Link to post
Share on other sites

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Share this post


Link to post
Share on other sites

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named)

Click the cog in the upper right

AVPfront.gif

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

avpsettings.gif

Allow AVP to delete all infections found

Once it has finished select report tab (last tab)

Select Detected threads report from the left and press Save button

Save it to your desktop and post it in your next reply.

Share this post


Link to post
Share on other sites

If you read my warning about backdoor and articles thereof, should know that your system is seriously compromised and now after you took the risk to clean, it is necessary to make multiple checks to make sure the maximum (as far as possible) that there is no active malware. If there is any problem, please let me know.

Share this post


Link to post
Share on other sites

Status: Deleted (events: 1)

7/11/2012 3:37:11 PM Deleted unknown threat UDS:DangerousObject.Multi.Generic C:\_OTL\MovedFiles\07102012_110706\C_Users\Pam\AppData\Local\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U\00000001.@ High

Status: Quarantined (events: 1)

7/11/2012 3:36:12 PM Quarantined unknown threat UDS:DangerousObject.Multi.Generic C:\_OTL\MovedFiles\07102012_110706\C_Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U\00000001.@ High

Share this post


Link to post
Share on other sites

Same...no mroe random audio files, but now skyrim has slowed down....but no signs of virus so Thank you very much.

Share this post


Link to post
Share on other sites

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.