Help Removing Trojan.Dropper.BCMiner

fyzhix · July 13, 2012

Hello,

I was hoping to receive some help removing the above mentioned malware which was recently found on my laptop. I've tried a number of malware removal tools and they have been unsuccessful (Malwarebytes, Prevx) along with a few guides online. I've booted into windows safe mode (and booted from a flashdrive made on a clean computer) and tried to remove the files manually in the command prompt but again, no success.

TDS detected some suspicious items but the option to cure was not available. I'll post each of the scan logs as a reply to this message.

Thank you

fyzhix · July 13, 2012

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.13.09

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Jon :: FYZHIX [administrator]

13/07/2012 2:19:50 PM

mbam-log-2012-07-13 (14-19-50).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 211615

Time elapsed: 3 minute(s), 41 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

(end)

fyzhix · July 13, 2012

OTL logfile created on: 7/13/2012 3:16:48 PM - Run 1

OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Jon\Downloads

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

7.99 Gb Total Physical Memory | 5.91 Gb Available Physical Memory | 73.99% Memory free

15.98 Gb Paging File | 13.63 Gb Available in Paging File | 85.32% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 451.07 Gb Total Space | 115.00 Gb Free Space | 25.49% Space Free | Partition Type: NTFS

Computer Name: FYZHIX | User Name: Jon | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --

PRC - [2012/07/13 15:15:59 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Jon\Downloads\OTL.exe

PRC - [2012/07/05 16:39:23 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe

PRC - [2012/06/23 21:50:22 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2012/04/04 01:53:56 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

PRC - [2012/03/28 21:54:08 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe

PRC - [2011/12/24 02:05:21 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe

PRC - [2010/04/01 05:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

PRC - [2010/02/11 12:56:00 | 000,415,040 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe

PRC - [2010/02/11 12:53:00 | 000,660,800 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe

PRC - [2009/12/29 17:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

PRC - [2009/10/15 04:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

PRC - [2009/06/24 17:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

PRC - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

PRC - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe

PRC - [2009/02/24 16:47:06 | 000,143,360 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe

========== Modules (No Company Name) ==========

MOD - [2012/07/05 16:39:20 | 020,313,384 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll

MOD - [2012/07/05 16:39:12 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll

MOD - [2012/07/05 16:39:12 | 000,895,312 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll

MOD - [2012/07/05 16:39:12 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll

MOD - [2012/07/05 16:39:12 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll

MOD - [2012/06/23 21:50:21 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2012/05/10 03:30:01 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll

MOD - [2012/05/10 03:29:57 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll

MOD - [2012/05/10 03:29:51 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll

MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2010/11/20 08:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL

MOD - [2010/11/20 08:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll

MOD - [2010/02/11 12:56:00 | 000,415,040 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe

MOD - [2010/02/11 12:53:00 | 000,234,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll

MOD - [2010/02/11 12:53:00 | 000,128,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll

MOD - [2010/02/11 12:53:00 | 000,121,152 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll

MOD - [2010/02/11 12:53:00 | 000,111,936 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll

MOD - [2010/02/11 12:53:00 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll

MOD - [2010/02/11 12:53:00 | 000,075,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll

MOD - [2010/02/11 12:52:00 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll

MOD - [2009/10/15 04:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

MOD - [2009/02/27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)

SRV:64bit: - [2012/04/10 23:07:31 | 006,746,280 | ---- | M] (Prevx) [Auto | Running] -- C:\Program Files\Prevx\prevx.exe -- (CSIScanner)

SRV:64bit: - [2012/04/04 13:51:56 | 000,032,400 | ---- | M] () [Auto | Running] -- C:\Program Files\UCT\HDR Express\HDRExpressService.exe -- (HDRExpressService)

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2011/11/09 23:11:32 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2010/01/20 16:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe -- (STacSV)

SRV:64bit: - [2009/11/02 13:48:18 | 000,126,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)

SRV:64bit: - [2009/09/21 16:24:40 | 001,420,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®

SRV:64bit: - [2009/09/21 16:03:06 | 000,315,664 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)

SRV:64bit: - [2009/09/21 16:00:44 | 000,831,760 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®

SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV:64bit: - [2009/03/02 14:42:00 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe -- (AESTFilters)

SRV:64bit: - [2007/02/12 04:43:00 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)

SRV - [2012/07/11 23:48:54 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/07/05 16:39:23 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/06/23 21:50:21 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/03/28 21:54:08 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)

SRV - [2010/10/08 15:51:29 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010/05/27 13:20:53 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)

SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2010/02/11 12:53:00 | 000,660,800 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)

SRV - [2010/01/20 16:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe -- (STacSV)

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/06/05 20:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)

SRV - [2009/03/02 14:42:00 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe -- (AESTFilters)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/10 23:07:32 | 000,065,736 | ---- | M] (Prevx) [File_System | System | Running] -- C:\Windows\SysNative\drivers\pxrts.sys -- (pxrts)

DRV:64bit: - [2012/04/10 23:07:32 | 000,036,384 | ---- | M] (Prevx) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pxscan.sys -- (pxscan)

DRV:64bit: - [2012/04/10 23:07:31 | 000,024,024 | ---- | M] (Prevx) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pxkbf.sys -- (pxkbf)

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/11/09 23:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2011/11/09 23:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011/11/09 22:12:44 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010/10/08 00:41:53 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)

DRV:64bit: - [2010/04/08 04:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2010/01/20 16:10:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2009/11/13 02:42:52 | 000,074,272 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdgx64.sys -- (O2MDGRDR)

DRV:64bit: - [2009/11/02 13:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)

DRV:64bit: - [2009/10/29 06:02:48 | 000,299,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2009/09/17 14:33:00 | 000,023,912 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Acceler.sys -- (Acceler)

DRV:64bit: - [2009/09/15 12:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)

DRV:64bit: - [2009/07/09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2009/06/15 14:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)

DRV - [2009/12/29 17:35:40 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/05/27 12:31:11] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl -- ({1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7})

DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0E937946-F307-4D87-B8EC-7264358E0E93}

IE:64bit: - HKLM\..\SearchScopes\{0E937946-F307-4D87-B8EC-7264358E0E93}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {F36BF7D4-67A4-4797-965A-DAA94CECC552}

IE - HKLM\..\SearchScopes\{F36BF7D4-67A4-4797-965A-DAA94CECC552}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {F36BF7D4-67A4-4797-965A-DAA94CECC552}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {F36BF7D4-67A4-4797-965A-DAA94CECC552}

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-13878151-3475214259-3496771340-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/23

IE - HKU\S-1-5-21-13878151-3475214259-3496771340-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-13878151-3475214259-3496771340-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-13878151-3475214259-3496771340-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-13878151-3475214259-3496771340-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://my.olg.ca/dana-na/auth/url_default/welcome.cgi

IE - HKU\S-1-5-21-13878151-3475214259-3496771340-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-13878151-3475214259-3496771340-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-13878151-3475214259-3496771340-1001\..\SearchScopes,DefaultScope = {06BBA5A7-DF97-455E-897A-DE1D33E6B3F2}

IE - HKU\S-1-5-21-13878151-3475214259-3496771340-1001\..\SearchScopes\{06BBA5A7-DF97-455E-897A-DE1D33E6B3F2}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKU\S-1-5-21-13878151-3475214259-3496771340-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear

IE - HKU\S-1-5-21-13878151-3475214259-3496771340-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-13878151-3475214259-3496771340-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Jon\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Jon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Jon\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jon\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jon\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/08/28 16:46:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/04/17 12:39:40 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/23 21:50:22 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/05 18:53:57 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/06/22 19:09:12 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/05/17 20:26:17 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/23 21:50:22 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/05 18:53:57 | 000,000,000 | ---D | M]

[2010/06/05 01:20:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon\AppData\Roaming\Mozilla\Extensions

[2010/06/05 01:07:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2012/07/05 16:54:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\gk0r17dz.default\extensions

[2012/01/09 20:59:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/04/17 12:39:40 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES (X86)\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN

[2012/07/05 16:54:31 | 000,743,290 | ---- | M] () (No name found) -- C:\USERS\JON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GK0R17DZ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2012/05/05 12:26:06 | 000,035,695 | ---- | M] () (No name found) -- C:\USERS\JON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GK0R17DZ.DEFAULT\EXTENSIONS\FACEBOOK@DISCONNECT.ME.XPI

[2012/06/23 21:50:22 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2010/06/05 01:26:04 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll

[2011/05/04 23:40:47 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2011/11/08 20:58:15 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://g.msn.com/USCON/23

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: http://g.msn.com/USCON/23

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jon\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Jon\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jon\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll

CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Jon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Jon\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Jon\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Jon\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: YouTube = C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Dark abstract theme = C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnneafiffajmgfkidbdfpfkehpodbhkd\1.2_0\

CHR - Extension: Downloads = C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfchnphgogjhineanplmfkofljiagjfb\1_0\

CHR - Extension: Gmail = C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [intelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)

O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()

O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-13878151-3475214259-3496771340-1001..\Run: [AdobeBridge] File not found

O4 - HKU\S-1-5-21-13878151-3475214259-3496771340-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKU\S-1-5-21-13878151-3475214259-3496771340-1001..\Run: [steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)

O4:64bit: - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)

O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found

O4 - Startup: C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1

O7 - HKU\S-1-5-21-13878151-3475214259-3496771340-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1

O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)

O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} https://my.olg.ca/,DanaInfo=OLGCTOR03.ent.ad.mre,ST=1+/dwa85W.cab (IBM Lotus iNotes 8.5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{592560D1-F2F9-4783-A21A-244096A5A365}: DhcpNameServer = 192.168.0.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O35 - HKU\S-1-5-21-13878151-3475214259-3496771340-1001..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "%1" %*

O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "%1" %*

O37 - HKU\S-1-5-21-13878151-3475214259-3496771340-1001\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/13 10:59:42 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

[2012/07/12 19:56:34 | 000,000,000 | ---D | C] -- C:\Users\Jon\Desktop\Untitled Export

[2012/07/12 19:02:32 | 000,000,000 | ---D | C] -- C:\Users\Jon\Documents\Adobe

[2012/07/12 18:51:30 | 000,000,000 | ---D | C] -- C:\Users\Jon\Desktop\Adobe

[2012/07/11 01:38:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DeepSkyStacker

[2012/07/11 01:38:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DeepSkyStacker

[2012/07/07 08:33:41 | 000,000,000 | ---D | C] -- C:\Users\Jon\Documents\Astronomy Tools

[2012/07/07 08:33:22 | 000,000,000 | ---D | C] -- C:\Users\Jon\Desktop\New Folder

[2012/07/07 07:45:43 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Stellarium

[2012/07/07 07:45:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellarium

[2012/07/07 07:45:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stellarium

[2012/07/05 18:55:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle

[2012/07/04 19:32:19 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%

[2012/06/20 19:10:38 | 000,000,000 | ---D | C] -- C:\Users\Jon\Documents\Pay stubs

[2012/06/19 22:09:05 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RegiStax 5

[2012/06/19 22:09:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegiStax 5_1

[2012/06/15 03:07:43 | 000,000,000 | ---D | C] -- C:\Users\Jon\Logitech

[2012/06/15 03:07:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Remote Control Software Common

[2012/06/15 03:07:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech

[2012/06/15 03:06:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech

[2012/06/15 03:06:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Remote Control USB Driver

[2012/06/14 14:16:21 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\Macromedia

[3 C:\Users\Jon\Documents\*.tmp files -> C:\Users\Jon\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/13 14:58:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-13878151-3475214259-3496771340-1001UA.job

[2012/07/13 14:49:03 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/07/13 14:49:03 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/07/13 14:47:08 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/07/13 14:44:23 | 000,717,324 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/07/13 14:44:23 | 000,621,742 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/07/13 14:44:23 | 000,108,792 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/07/13 14:37:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/07/13 14:37:00 | 2138,447,871 | -HS- | M] () -- C:\hiberfil.sys

[2012/07/13 14:35:06 | 000,249,623 | ---- | M] () -- C:\Users\Jon\Desktop\tumblr_m710oxajQl1qhhq9ro1_1280.jpg

[2012/07/13 14:17:48 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/07/12 19:44:03 | 000,110,673 | ---- | M] () -- C:\Users\Jon\Desktop\milky-way-EDIT.jpg

[2012/07/12 19:44:03 | 000,001,456 | ---- | M] () -- C:\Users\Jon\AppData\Local\Adobe Save for Web 12.0 Prefs

[2012/07/12 18:58:38 | 000,002,069 | ---- | M] () -- C:\Users\Public\Desktop\Lightroom 4.1 64-bit.lnk

[2012/07/12 17:59:21 | 000,002,389 | ---- | M] () -- C:\Users\Jon\Desktop\Google Chrome.lnk

[2012/07/12 17:58:01 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-13878151-3475214259-3496771340-1001Core.job

[2012/07/12 15:07:47 | 000,035,231 | ---- | M] () -- C:\Users\Jon\Desktop\enhanced-buzz-22028-1341865646-1.jpg

[2012/07/12 13:04:57 | 000,128,524 | ---- | M] () -- C:\Users\Jon\Desktop\_MG_2862.jpg

[2012/07/12 12:50:30 | 000,135,792 | ---- | M] () -- C:\Users\Jon\Desktop\_MG_2881.jpg

[2012/07/12 12:34:43 | 000,160,140 | ---- | M] () -- C:\Users\Jon\Desktop\_MG_2660.jpg

[2012/07/12 12:23:57 | 000,146,034 | ---- | M] () -- C:\Users\Jon\Desktop\_MG_2671.jpg

[2012/07/11 22:58:21 | 000,153,906 | ---- | M] () -- C:\Users\Jon\Desktop\_MG_2921.jpg

[2012/07/11 22:52:51 | 000,177,000 | ---- | M] () -- C:\Users\Jon\Desktop\_MG_2913.jpg

[2012/07/11 22:44:52 | 000,214,610 | ---- | M] () -- C:\Users\Jon\Desktop\_MG_2884.jpg

[2012/07/11 22:37:18 | 000,195,454 | ---- | M] () -- C:\Users\Jon\Desktop\_MG_2901.jpg

[2012/07/11 22:30:51 | 000,164,047 | ---- | M] () -- C:\Users\Jon\Desktop\_MG_2854.jpg

[2012/07/11 22:26:01 | 000,217,048 | ---- | M] () -- C:\Users\Jon\Desktop\_MG_2870.jpg

[2012/07/11 15:35:43 | 000,160,994 | ---- | M] () -- C:\Users\Jon\Desktop\_MG_2886.jpg

[2012/07/11 11:36:31 | 005,194,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/07/11 01:38:29 | 000,002,591 | ---- | M] () -- C:\Users\Public\Desktop\DeepSkyStacker.lnk

[2012/07/09 07:56:10 | 000,069,170 | ---- | M] () -- C:\Users\Jon\Documents\Deep Sky Stacker.pdf

[2012/07/09 07:43:56 | 000,845,758 | ---- | M] () -- C:\Users\Jon\Documents\DSS Le nebulose IC405 e IC 410 in Auriga.pdf

[2012/07/09 07:41:24 | 000,997,615 | ---- | M] () -- C:\Users\Jon\Documents\My Quick DeepSkyStacker Tutorial « Flintstone Stargazing.pdf

[2012/07/08 22:22:57 | 000,667,857 | ---- | M] () -- C:\Users\Jon\Desktop\hdr-2637-2639.jpg

[2012/07/08 22:07:16 | 000,209,128 | ---- | M] () -- C:\Users\Jon\Desktop\_MG_2649.jpg

[2012/07/08 14:07:11 | 001,192,175 | ---- | M] () -- C:\Users\Jon\Desktop\forest-1.jpg

[2012/07/07 07:45:31 | 000,001,929 | ---- | M] () -- C:\Users\Public\Desktop\Stellarium.lnk

[2012/07/07 05:22:58 | 000,053,696 | ---- | M] () -- C:\Users\Jon\Desktop\_MG_2614.jpg

[2012/07/06 17:28:02 | 000,108,071 | ---- | M] () -- C:\Users\Jon\Desktop\_MG_2613.jpg

[2012/07/05 21:25:45 | 000,138,588 | ---- | M] () -- C:\Users\Jon\Documents\jen - flihjt.pdf

[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/06/22 22:32:28 | 000,076,234 | ---- | M] () -- C:\Users\Jon\Documents\Astronomy Receipt.pdf

[2012/06/22 12:46:30 | 001,311,928 | ---- | M] () -- C:\Users\Jon\Documents\Cindy.jpg

[2012/06/19 22:09:05 | 000,001,077 | ---- | M] () -- C:\Users\Jon\Desktop\RegiStax 5.1 .lnk

[2012/06/15 03:07:38 | 000,002,359 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Harmony Remote Software 7.lnk

[3 C:\Users\Jon\Documents\*.tmp files -> C:\Users\Jon\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/13 14:37:20 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U\00000008.@

[2012/07/13 14:37:19 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\L\00000004.@

[2012/07/13 14:36:52 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U\80000000.@

[2012/07/13 14:36:52 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U\00000004.@

[2012/07/13 14:33:14 | 000,249,623 | ---- | C] () -- C:\Users\Jon\Desktop\tumblr_m710oxajQl1qhhq9ro1_1280.jpg

[2012/07/12 19:44:02 | 000,110,673 | ---- | C] () -- C:\Users\Jon\Desktop\milky-way-EDIT.jpg

[2012/07/12 18:58:38 | 000,002,077 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 4.1 64-bit.lnk

[2012/07/12 18:58:38 | 000,002,069 | ---- | C] () -- C:\Users\Public\Desktop\Lightroom 4.1 64-bit.lnk

[2012/07/12 15:07:46 | 000,035,231 | ---- | C] () -- C:\Users\Jon\Desktop\enhanced-buzz-22028-1341865646-1.jpg

[2012/07/12 13:04:56 | 000,128,524 | ---- | C] () -- C:\Users\Jon\Desktop\_MG_2862.jpg

[2012/07/12 12:50:29 | 000,135,792 | ---- | C] () -- C:\Users\Jon\Desktop\_MG_2881.jpg

[2012/07/12 12:34:43 | 000,160,140 | ---- | C] () -- C:\Users\Jon\Desktop\_MG_2660.jpg

[2012/07/12 12:23:57 | 000,146,034 | ---- | C] () -- C:\Users\Jon\Desktop\_MG_2671.jpg

[2012/07/11 22:58:20 | 000,153,906 | ---- | C] () -- C:\Users\Jon\Desktop\_MG_2921.jpg

[2012/07/11 22:52:50 | 000,177,000 | ---- | C] () -- C:\Users\Jon\Desktop\_MG_2913.jpg

[2012/07/11 22:44:51 | 000,214,610 | ---- | C] () -- C:\Users\Jon\Desktop\_MG_2884.jpg

[2012/07/11 22:37:17 | 000,195,454 | ---- | C] () -- C:\Users\Jon\Desktop\_MG_2901.jpg

[2012/07/11 22:30:50 | 000,164,047 | ---- | C] () -- C:\Users\Jon\Desktop\_MG_2854.jpg

[2012/07/11 22:26:00 | 000,217,048 | ---- | C] () -- C:\Users\Jon\Desktop\_MG_2870.jpg

[2012/07/11 15:35:42 | 000,160,994 | ---- | C] () -- C:\Users\Jon\Desktop\_MG_2886.jpg

[2012/07/11 01:38:29 | 000,002,591 | ---- | C] () -- C:\Users\Public\Desktop\DeepSkyStacker.lnk

[2012/07/09 07:56:16 | 000,069,170 | ---- | C] () -- C:\Users\Jon\Documents\Deep Sky Stacker.pdf

[2012/07/09 07:44:29 | 000,845,758 | ---- | C] () -- C:\Users\Jon\Documents\DSS Le nebulose IC405 e IC 410 in Auriga.pdf

[2012/07/09 07:41:30 | 000,997,615 | ---- | C] () -- C:\Users\Jon\Documents\My Quick DeepSkyStacker Tutorial « Flintstone Stargazing.pdf

[2012/07/08 22:22:56 | 000,667,857 | ---- | C] () -- C:\Users\Jon\Desktop\hdr-2637-2639.jpg

[2012/07/08 22:07:16 | 000,209,128 | ---- | C] () -- C:\Users\Jon\Desktop\_MG_2649.jpg

[2012/07/08 14:07:10 | 001,192,175 | ---- | C] () -- C:\Users\Jon\Desktop\forest-1.jpg

[2012/07/07 07:45:31 | 000,001,929 | ---- | C] () -- C:\Users\Public\Desktop\Stellarium.lnk

[2012/07/07 05:22:57 | 000,053,696 | ---- | C] () -- C:\Users\Jon\Desktop\_MG_2614.jpg

[2012/07/06 17:28:02 | 000,108,071 | ---- | C] () -- C:\Users\Jon\Desktop\_MG_2613.jpg

[2012/07/05 21:25:58 | 000,138,588 | ---- | C] () -- C:\Users\Jon\Documents\jen - flihjt.pdf

[2012/07/04 19:25:51 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U\80000064.@

[2012/07/04 19:25:41 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U\000000cb.@

[2012/06/22 22:32:39 | 000,076,234 | ---- | C] () -- C:\Users\Jon\Documents\Astronomy Receipt.pdf

[2012/06/22 12:46:27 | 001,311,928 | ---- | C] () -- C:\Users\Jon\Documents\Cindy.jpg

[2012/06/19 22:09:05 | 000,001,077 | ---- | C] () -- C:\Users\Jon\Desktop\RegiStax 5.1 .lnk

[2012/06/15 03:07:38 | 000,002,359 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Harmony Remote Software 7.lnk

[2012/05/20 20:25:13 | 000,003,584 | ---- | C] () -- C:\Users\Jon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/01/11 09:19:17 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\@

[2012/01/11 09:19:17 | 000,002,048 | -HS- | C] () -- C:\Users\Jon\AppData\Local\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\@

[2011/11/09 23:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll

[2011/11/09 23:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll

[2011/11/09 22:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat

[2011/11/09 22:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

[2011/09/12 19:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2011/01/07 17:09:21 | 000,726,950 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010/11/17 01:18:13 | 000,000,032 | ---- | C] () -- C:\Users\Jon\AppData\Roaming\mintinlu

[2010/11/12 16:20:11 | 000,000,333 | ---- | C] () -- C:\Windows\Brpfx04a.ini

[2010/11/12 16:20:11 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini

[2010/11/12 16:19:48 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI

[2010/11/12 16:19:48 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7840W.DAT

[2010/11/12 16:18:27 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll

[2010/11/12 16:18:27 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini

[2010/11/12 16:18:26 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat

[2010/11/12 16:18:19 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL

[2010/11/12 16:18:12 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI

[2010/08/04 19:23:59 | 000,010,752 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll

[2010/06/19 20:31:29 | 000,001,456 | ---- | C] () -- C:\Users\Jon\AppData\Local\Adobe Save for Web 12.0 Prefs

[2010/06/05 23:11:55 | 000,007,605 | ---- | C] () -- C:\Users\Jon\AppData\Local\Resmon.ResmonCfg

========== LOP Check ==========

[2011/08/28 17:44:28 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\onOne Software

[2011/08/28 17:44:28 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\onOne Software

[2012/05/22 13:34:31 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\3D RealityMaps Viewer

[2012/05/22 13:51:04 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Alpen 3D Online

[2012/06/01 20:26:26 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\calibre

[2010/06/07 19:50:40 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Canon

[2011/10/12 17:53:27 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2011/02/25 23:54:41 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\com.inm.fusion.PixtorioViewer.744790F1545733D757EA034B675902690507C2E8.1

[2011/08/10 20:55:28 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Crayon Physics Deluxe

[2010/10/08 15:49:58 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\DAEMON Tools Lite

[2012/06/01 21:02:13 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\eBookConverter

[2010/06/19 20:32:34 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Facebook

[2010/08/03 12:53:55 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Foxit Software

[2010/08/04 19:21:47 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\GlobalSCAPE

[2012/06/01 21:09:41 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\libimobiledevice

[2012/06/01 20:14:06 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\log

[2010/06/17 23:08:49 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Mask Pro 4.0

[2012/07/12 19:35:46 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\onOne Software

[2012/03/13 09:10:12 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\PC-FAX TX

[2012/02/02 03:43:59 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Pdfsvg

[2010/07/06 23:24:10 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\PictureCode

[2012/07/07 07:45:45 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Stellarium

[2010/06/05 01:07:00 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Thunderbird

[2012/06/01 20:33:23 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\uTorrent

[2012/07/13 14:24:55 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 7/13/2012 3:16:48 PM - Run 1

OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Jon\Downloads

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

7.99 Gb Total Physical Memory | 5.91 Gb Available Physical Memory | 73.99% Memory free

15.98 Gb Paging File | 13.63 Gb Available in Paging File | 85.32% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 451.07 Gb Total Space | 115.00 Gb Free Space | 25.49% Space Free | Partition Type: NTFS

Computer Name: FYZHIX | User Name: Jon | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-13878151-3475214259-3496771340-1001\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0611B3CC-B5DB-4B93-ACE4-97B8F938E6B7}" = 64 Bit HP CIO Components Installer

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64

"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)

"{26A24AE4-039D-4CA4-87B4-2F86416018FF}" = Java 6 Update 18 (64-bit)

"{2D7ED2A0-9553-412B-939F-D6E0AEB2ABE1}" = ISO Recorder

"{35A50BE1-FDD7-4FC7-CCE5-03D2A63D4CF4}" = AMD Catalyst Install Manager

"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel® Turbo Boost Technology Monitor

"{3C32C938-3071-BEF0-1EA5-403A420031A0}" = ccc-utility64

"{3F372A41-8007-012F-F5AE-685F588FC897}" = AMD Media Foundation Decoders

"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64

"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64

"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64

"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64

"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client

"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support

"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64

"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel® PROSet/Wireless WiFi Software

"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{F20BB80C-4979-65A2-92A3-AA9A12C664AA}" = ATI AVIVO64 Codecs

"{F325B47E-7592-7556-52F6-3D3D3842A028}" = ccc-utility64

"{F7ADB493-B913-4D61-9A63-DA736C20C3F2}" = Adobe Photoshop Lightroom 4.1 64-bit

"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager

"CutePDF Writer Installation" = CutePDF Writer 2.8

"Microsoft Security Client" = Microsoft Security Essentials

"PCSI" = Prevx

"ProInst" = Intel PROSet Wireless

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center

"{05886DF5-4816-0808-67D3-CC7583FF2412}" = CCC Help Spanish

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0B41DC4A-DF1E-949F-5665-31483F2C72F4}" = Catalyst Control Center Graphics Previews Vista

"{0D961826-E722-B86D-7BA7-AA70A0B110C5}" = Catalyst Control Center Graphics Previews Common

"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime

"{0EA3F981-CC0C-E079-726E-CD0F7D23F2AA}" = Catalyst Control Center Localization All

"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{10CE3DC0-A77E-7661-13F4-25D30BC113B2}" = Catalyst Control Center Graphics Full New

"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

"{1204CCB8-9A7D-3375-C8E0-6A4FA16A4036}" = CCC Help Chinese Traditional

"{18435829-4E75-4CD1-9796-A62DBBAE2ED7}" = DeepSkyStacker

"{1C11FFE1-50D3-B755-A8A7-8363385B4CA3}" = CCC Help Danish

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{21B8371C-9EBA-2CB4-E0A2-9DF0C4A074EC}" = Catalyst Control Center Core Implementation

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2461E016-9FB4-B233-A74D-91D11A664342}" = CCC Help English

"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 29

"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java 7 Update 5

"{27A21358-02A7-B745-ABBE-25566FE9B397}" = Catalyst Control Center Graphics Full Existing

"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{32778D4F-E904-E33E-0C48-15E672604D09}" = Catalyst Control Center InstallProxy

"{3444DB77-6D7A-9553-2EE1-60D2A4D003D3}" = CCC Help German

"{34842CCC-AE14-61AE-C8FB-87FAD755B483}" = CCC Help Russian

"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help

"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{3D65CEB1-0709-43EB-D6CF-DB66D3FAB2D4}" = CCC Help Japanese

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR

"{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite MFC-7840W

"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials

"{49F1C7D8-B6D5-448C-C9D5-F6C2E3889B16}" = CCC Help Norwegian

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CA1E8E2-B2A9-40C1-8EC4-BBCB23BAAA19}_is1" = Crayon Physics Deluxe version 55

"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer

"{51002784-18FA-8FF9-9A1A-2468E7FCA096}" = Catalyst Control Center Graphics Previews Common

"{53104B7F-FE3A-B641-1E46-89870E1A63D8}" = CCC Help Chinese Standard

"{59679381-3F22-4A40-A7AD-890242D74DF4}" = Perfect Photo Suite 6.1

"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7

"{5E2E222D-D776-A325-362C-B95017148AB1}" = CCC Help Dutch

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup

"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX

"{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding

"{6A6CD707-5B29-5069-B571-2778668C952F}" = CCC Help Finnish

"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}" = Rosetta Stone V3

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide

"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7

"{816E3C02-DABF-1354-0B98-5E153F7DF79B}" = Skins

"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver

"{856DC9B3-F770-9F58-E939-EBEB66C880C1}" = CCC Help Portuguese

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{975C3A93-2491-3D44-A071-F6CBF153E46D}" = Google Talk Plugin

"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56904D-6C69-DA2A-F573-9F362C55CB6C}" = CCC Help Swedish

"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker

"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software

"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch

"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync

"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn

"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup

"{B51C759D-20FD-A4B0-83D1-C4F45E60EC8B}" = CCC Help English

"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger

"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86

"{B862DF65-94C8-6119-1096-2B230D7A6C0E}" = ccc-core-static

"{B9CB74A9-8C7C-16C1-D75A-199B4331CEC2}" = CCC Help French

"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser

"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story

"{C454E7DD-A09A-6D06-7FF9-59753475FC09}" = Catalyst Pro Control Center

"{CE23BD08-F6FD-3337-D8BC-5B55E69263A5}" = Catalyst Control Center InstallProxy

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D489B636-E9AB-C08A-ED7B-EA21B2D3D633}" = CCC Help Korean

"{D8D2B468-8342-411A-8760-BCC362C3408F}" = Adobe Creative Suite 5.5 Master Collection

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DA109884-7CDC-5F21-5F0B-742AA74F84E1}" = Catalyst Control Center Localization All

"{DDDBB2E2-D331-1DB1-7FC0-AB896FDCA8AE}" = Catalyst Control Center Graphics Light

"{E19490CD-5380-4F37-B0A7-624D635605DC}" = Catalyst Control Center - Branding

"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)

"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F18C2534-CE61-542B-3662-19935DB555BD}" = Pixtorio Viewer

"{FB2BED9C-50ED-F5C9-1475-B6C15D21C02A}" = CCC Help Italian

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2

"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings

"Advanced Audio FX Engine" = Advanced Audio FX Engine

"AlpenOnlineViewer_is1" = 3D RealityMaps Viewer 1.2.11.0

"Bejeweled 2 Deluxe" = Bejeweled 2 Deluxe

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story

"com.adobe.dmp.contentviewer" = Adobe Content Viewer

"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser

"com.inm.fusion.PixtorioViewer.744790F1545733D757EA034B675902690507C2E8.1" = Pixtorio Viewer

"Dell Webcam Central" = Dell Webcam Central

"DPP" = Canon Utilities Digital Photo Professional 3.8

"Foxit Reader" = Foxit Reader

"Free ISO Creator (by minidvdsoft)_is1" = Free ISO Creator version 2.8

"Frozen Synapse_is1" = Frozen Synapse

"GoToAssist" = GoToAssist 8.0.0.514

"HDR Express" = HDR Express

"Machinarium" = Machinarium

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300

"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)

"Mozilla Thunderbird 13.0.1 (x86 en-US)" = Mozilla Thunderbird 13.0.1 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"nLite_is1" = nLite 1.4.9.1

"Office14.SingleImage" = Microsoft Office Home and Student 2010

"Picasa 3" = Picasa 3

"PST Walker_is1" = PST Walker Evaluation 4.61

"QuickGamma_is1" = QuickGamma 3.0.0.1

"SendToKindle" = Amazon Send to Kindle

"Steam App 400" = Portal

"Steam App 620" = Portal 2

"Steam App 644" = Portal 2 Publishing Tool

"Steam App 72850" = The Elder Scrolls V: Skyrim

"Stellarium_is1" = Stellarium 0.11.3

"uTorrent" = µTorrent

"WildTangent dell Master Uninstall" = WildTangent Games

"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-13878151-3475214259-3496771340-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Amazon Kindle" = Amazon Kindle

"Facebook Plug-In" = Facebook Plug-In

"Google Chrome" = Google Chrome

"RegiStax 5.1" = RegiStax 5.1

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 7/9/2012 4:04:26 PM | Computer Name = fyzhix | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 998

Error - 7/9/2012 4:04:26 PM | Computer Name = fyzhix | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 998

Error - 7/9/2012 4:04:27 PM | Computer Name = fyzhix | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/9/2012 4:04:27 PM | Computer Name = fyzhix | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 1996

Error - 7/9/2012 4:04:27 PM | Computer Name = fyzhix | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 1996

Error - 7/9/2012 4:04:28 PM | Computer Name = fyzhix | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/9/2012 4:04:28 PM | Computer Name = fyzhix | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 2995

Error - 7/9/2012 4:04:28 PM | Computer Name = fyzhix | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 2995

Error - 7/9/2012 4:04:29 PM | Computer Name = fyzhix | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/9/2012 4:04:29 PM | Computer Name = fyzhix | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 3993

Error - 7/9/2012 4:04:29 PM | Computer Name = fyzhix | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 3993

[ System Events ]

Error - 7/13/2012 2:37:06 PM | Computer Name = fyzhix | Source = Service Control Manager | ID = 7023

Description = The Computer Browser service terminated with the following error:

%%1060

Error - 7/13/2012 2:37:07 PM | Computer Name = fyzhix | Source = Service Control Manager | ID = 7003

Description = The IKE and AuthIP IPsec Keying Modules service depends the following

service: BFE. This service might not be installed.

Error - 7/13/2012 2:37:07 PM | Computer Name = fyzhix | Source = Service Control Manager | ID = 7003

Description = The IPsec Policy Agent service depends the following service: BFE.

This service might not be installed.

Error - 7/13/2012 2:37:07 PM | Computer Name = fyzhix | Source = Service Control Manager | ID = 7023

Description = The Function Discovery Resource Publication service terminated with

the following error: %%-2147024891

Error - 7/13/2012 2:37:12 PM | Computer Name = fyzhix | Source = VDS Basic Provider | ID = 33554433

Description =

Error - 7/13/2012 2:38:08 PM | Computer Name = fyzhix | Source = DCOM | ID = 10016

Description =

Error - 7/13/2012 2:40:17 PM | Computer Name = fyzhix | Source = Service Control Manager | ID = 7023

Description = The Function Discovery Resource Publication service terminated with

the following error: %%-2147024891

Error - 7/13/2012 2:40:17 PM | Computer Name = fyzhix | Source = Service Control Manager | ID = 7001

Description = The HomeGroup Provider service depends on the Function Discovery Resource

Publication service which failed to start because of the following error: %%-2147024891

Error - 7/13/2012 2:43:12 PM | Computer Name = fyzhix | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the ShellHWDetection service.

Error - 7/13/2012 2:45:17 PM | Computer Name = fyzhix | Source = Service Control Manager | ID = 7022

Description = The Windows Update service hung on starting.

< End of report >

fyzhix · July 13, 2012

15:34:43.0596 4896 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35

15:34:43.0953 4896 ============================================================

15:34:43.0953 4896 Current date / time: 2012/07/13 15:34:43.0953

15:34:43.0954 4896 SystemInfo:

15:34:43.0954 4896

15:34:43.0954 4896 OS Version: 6.1.7601 ServicePack: 1.0

15:34:43.0954 4896 Product type: Workstation

15:34:43.0954 4896 ComputerName: FYZHIX

15:34:43.0954 4896 UserName: Jon

15:34:43.0954 4896 Windows directory: C:\Windows

15:34:43.0954 4896 System windows directory: C:\Windows

15:34:43.0954 4896 Running under WOW64

15:34:43.0954 4896 Processor architecture: Intel x64

15:34:43.0954 4896 Number of processors: 8

15:34:43.0954 4896 Page size: 0x1000

15:34:43.0954 4896 Boot type: Normal boot

15:34:43.0954 4896 ============================================================

15:34:45.0260 4896 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

15:34:45.0270 4896 ============================================================

15:34:45.0270 4896 \Device\Harddisk0\DR0:

15:34:45.0271 4896 MBR partitions:

15:34:45.0271 4896 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000

15:34:45.0271 4896 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x38625830

15:34:45.0271 4896 ============================================================

15:34:45.0289 4896 C: <-> \Device\Harddisk0\DR0\Partition1

15:34:45.0289 4896 ============================================================

15:34:45.0289 4896 Initialize success

15:34:45.0289 4896 ============================================================

15:34:51.0144 2852 ============================================================

15:34:51.0144 2852 Scan started

15:34:51.0144 2852 Mode: Manual; SigCheck; TDLFS;

15:34:51.0144 2852 ============================================================

15:34:52.0385 2852 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

15:34:52.0434 2852 1394ohci - ok

15:34:52.0489 2852 Acceler (c49c56b35bfc6cda8d1fdcad2885568f) C:\Windows\system32\DRIVERS\Acceler.sys

15:34:52.0502 2852 Acceler - ok

15:34:52.0542 2852 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

15:34:52.0555 2852 ACPI - ok

15:34:52.0565 2852 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

15:34:52.0579 2852 AcpiPmi - ok

15:34:52.0751 2852 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

15:34:52.0764 2852 AdobeFlashPlayerUpdateSvc - ok

15:34:52.0841 2852 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

15:34:52.0858 2852 adp94xx - ok

15:34:52.0909 2852 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

15:34:52.0922 2852 adpahci - ok

15:34:52.0941 2852 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

15:34:52.0953 2852 adpu320 - ok

15:34:53.0009 2852 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

15:34:53.0044 2852 AeLookupSvc - ok

15:34:53.0227 2852 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe

15:34:53.0238 2852 AESTFilters - ok

15:34:53.0325 2852 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

15:34:53.0343 2852 AFD - ok

15:34:53.0404 2852 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

15:34:53.0418 2852 agp440 - ok

15:34:53.0434 2852 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

15:34:53.0447 2852 ALG - ok

15:34:53.0468 2852 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

15:34:53.0478 2852 aliide - ok

15:34:53.0549 2852 AMD External Events Utility (5ec60409bd50953bd4f892b18840039e) C:\Windows\system32\atiesrxx.exe

15:34:53.0564 2852 AMD External Events Utility - ok

15:34:53.0578 2852 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

15:34:53.0588 2852 amdide - ok

15:34:53.0645 2852 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

15:34:53.0660 2852 AmdK8 - ok

15:34:54.0252 2852 amdkmdag (322e5c178990f116f00e3d923f4e6b1c) C:\Windows\system32\DRIVERS\atikmdag.sys

15:34:54.0347 2852 amdkmdag - ok

15:34:54.0554 2852 amdkmdap (961a81a84fdd700e361e8294528a37ba) C:\Windows\system32\DRIVERS\atikmpag.sys

15:34:54.0569 2852 amdkmdap - ok

15:34:54.0626 2852 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

15:34:54.0640 2852 AmdPPM - ok

15:34:54.0691 2852 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

15:34:54.0708 2852 amdsata - ok

15:34:54.0750 2852 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

15:34:54.0768 2852 amdsbs - ok

15:34:54.0815 2852 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

15:34:54.0829 2852 amdxata - ok

15:34:54.0929 2852 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

15:34:54.0964 2852 AppID - ok

15:34:55.0017 2852 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

15:34:55.0052 2852 AppIDSvc - ok

15:34:55.0097 2852 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

15:34:55.0130 2852 Appinfo - ok

15:34:55.0324 2852 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

15:34:55.0338 2852 Apple Mobile Device - ok

15:34:55.0405 2852 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll

15:34:55.0420 2852 AppMgmt - ok

15:34:55.0478 2852 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

15:34:55.0488 2852 arc - ok

15:34:55.0509 2852 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

15:34:55.0520 2852 arcsas - ok

15:34:55.0555 2852 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

15:34:55.0583 2852 AsyncMac - ok

15:34:55.0638 2852 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

15:34:55.0653 2852 atapi - ok

15:34:55.0692 2852 AtiHdmiService (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys

15:34:55.0704 2852 AtiHdmiService - ok

15:34:56.0291 2852 atikmdag (322e5c178990f116f00e3d923f4e6b1c) C:\Windows\system32\DRIVERS\atikmdag.sys

15:34:56.0387 2852 atikmdag - ok

15:34:56.0600 2852 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

15:34:56.0633 2852 AudioEndpointBuilder - ok

15:34:56.0638 2852 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

15:34:56.0672 2852 AudioSrv - ok

15:34:56.0736 2852 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

15:34:56.0752 2852 AxInstSV - ok

15:34:56.0845 2852 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

15:34:56.0862 2852 b06bdrv - ok

15:34:56.0905 2852 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

15:34:56.0919 2852 b57nd60a - ok

15:34:56.0991 2852 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

15:34:57.0005 2852 BDESVC - ok

15:34:57.0012 2852 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

15:34:57.0041 2852 Beep - ok

15:34:57.0096 2852 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

15:34:57.0130 2852 BITS - ok

15:34:57.0173 2852 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

15:34:57.0185 2852 blbdrive - ok

15:34:57.0451 2852 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

15:34:57.0463 2852 Bonjour Service - ok

15:34:57.0522 2852 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

15:34:57.0535 2852 bowser - ok

15:34:57.0591 2852 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

15:34:57.0609 2852 BrFiltLo - ok

15:34:57.0617 2852 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

15:34:57.0630 2852 BrFiltUp - ok

15:34:57.0690 2852 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

15:34:57.0724 2852 Browser - ok

15:34:57.0759 2852 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

15:34:57.0775 2852 Brserid - ok

15:34:57.0785 2852 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

15:34:57.0798 2852 BrSerWdm - ok

15:34:57.0816 2852 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

15:34:57.0830 2852 BrUsbMdm - ok

15:34:57.0844 2852 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

15:34:57.0856 2852 BrUsbSer - ok

15:34:57.0876 2852 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

15:34:57.0889 2852 BTHMODEM - ok

15:34:57.0944 2852 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

15:34:57.0979 2852 bthserv - ok

15:34:58.0011 2852 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

15:34:58.0040 2852 cdfs - ok

15:34:58.0103 2852 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

15:34:58.0115 2852 cdrom - ok

15:34:58.0173 2852 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

15:34:58.0201 2852 CertPropSvc - ok

15:34:58.0255 2852 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

15:34:58.0270 2852 circlass - ok

15:34:58.0359 2852 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

15:34:58.0375 2852 CLFS - ok

15:34:58.0486 2852 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

15:34:58.0501 2852 clr_optimization_v2.0.50727_32 - ok

15:34:58.0603 2852 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

15:34:58.0619 2852 clr_optimization_v2.0.50727_64 - ok

15:34:58.0633 2852 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

15:34:58.0645 2852 CmBatt - ok

15:34:58.0692 2852 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

15:34:58.0708 2852 cmdide - ok

15:34:58.0787 2852 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys

15:34:58.0812 2852 CNG - ok

15:34:58.0880 2852 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

15:34:58.0895 2852 Compbatt - ok

15:34:58.0952 2852 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

15:34:58.0971 2852 CompositeBus - ok

15:34:58.0985 2852 COMSysApp - ok

15:34:58.0999 2852 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

15:34:59.0009 2852 crcdisk - ok

15:34:59.0075 2852 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

15:34:59.0088 2852 CryptSvc - ok

15:34:59.0165 2852 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

15:34:59.0185 2852 CSC - ok

15:34:59.0234 2852 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll

15:34:59.0251 2852 CscService - ok

15:34:59.0676 2852 CSIScanner (5131d2469b6b19dc20b446ebe43ebb79) C:\Program Files\Prevx\prevx.exe

15:34:59.0765 2852 CSIScanner - ok

15:34:59.0984 2852 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys

15:34:59.0995 2852 CtClsFlt - ok

15:35:00.0076 2852 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

15:35:00.0108 2852 DcomLaunch - ok

15:35:00.0170 2852 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

15:35:00.0200 2852 defragsvc - ok

15:35:00.0265 2852 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

15:35:00.0295 2852 DfsC - ok

15:35:00.0331 2852 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

15:35:00.0362 2852 Dhcp - ok

15:35:00.0413 2852 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

15:35:00.0441 2852 discache - ok

15:35:00.0513 2852 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

15:35:00.0529 2852 Disk - ok

15:35:00.0583 2852 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

15:35:00.0602 2852 Dnscache - ok

15:35:00.0689 2852 DockLoginService - ok

15:35:00.0753 2852 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

15:35:00.0783 2852 dot3svc - ok

15:35:00.0839 2852 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

15:35:00.0874 2852 DPS - ok

15:35:00.0906 2852 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

15:35:00.0919 2852 drmkaud - ok

15:35:01.0029 2852 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

15:35:01.0051 2852 DXGKrnl - ok

15:35:01.0107 2852 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

15:35:01.0143 2852 EapHost - ok

15:35:01.0367 2852 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

15:35:01.0405 2852 ebdrv - ok

15:35:01.0591 2852 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

15:35:01.0610 2852 EFS - ok

15:35:01.0743 2852 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

15:35:01.0766 2852 ehRecvr - ok

15:35:01.0823 2852 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

15:35:01.0838 2852 ehSched - ok

15:35:01.0976 2852 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

15:35:01.0991 2852 elxstor - ok

15:35:02.0045 2852 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

15:35:02.0060 2852 ErrDev - ok

15:35:02.0141 2852 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

15:35:02.0175 2852 EventSystem - ok

15:35:02.0358 2852 EvtEng (51643ee2712d9212e1e53ca7e8d8eb4a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

15:35:02.0381 2852 EvtEng - ok

15:35:02.0602 2852 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

15:35:02.0632 2852 exfat - ok

15:35:02.0659 2852 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

15:35:02.0689 2852 fastfat - ok

15:35:02.0806 2852 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

15:35:02.0827 2852 Fax - ok

15:35:02.0841 2852 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

15:35:02.0853 2852 fdc - ok

15:35:02.0899 2852 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

15:35:02.0932 2852 fdPHost - ok

15:35:02.0944 2852 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

15:35:02.0974 2852 FDResPub - ok

15:35:02.0994 2852 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

15:35:03.0004 2852 FileInfo - ok

15:35:03.0011 2852 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

15:35:03.0038 2852 Filetrace - ok

15:35:03.0177 2852 FLEXnet Licensing Service (d778107d7c2a19d7e7a884a9f0d79581) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

15:35:03.0187 2852 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning

15:35:03.0187 2852 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)

15:35:03.0233 2852 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

15:35:03.0247 2852 flpydisk - ok

15:35:03.0308 2852 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

15:35:03.0324 2852 FltMgr - ok

15:35:03.0424 2852 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

15:35:03.0444 2852 FontCache - ok

15:35:03.0628 2852 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

15:35:03.0637 2852 FontCache3.0.0.0 - ok

15:35:03.0701 2852 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

15:35:03.0712 2852 FsDepends - ok

15:35:03.0761 2852 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

15:35:03.0778 2852 Fs_Rec - ok

15:35:03.0854 2852 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

15:35:03.0869 2852 fvevol - ok

15:35:03.0931 2852 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

15:35:03.0942 2852 gagp30kx - ok

15:35:04.0077 2852 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe

15:35:04.0087 2852 GameConsoleService - ok

15:35:04.0181 2852 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

15:35:04.0188 2852 GEARAspiWDM - ok

15:35:04.0199 2852 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe

15:35:04.0206 2852 GoToAssist - ok

15:35:04.0295 2852 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

15:35:04.0333 2852 gpsvc - ok

15:35:04.0407 2852 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

15:35:04.0419 2852 gusvc - ok

15:35:04.0470 2852 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

15:35:04.0482 2852 hcw85cir - ok

15:35:04.0556 2852 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

15:35:04.0572 2852 HDAudBus - ok

15:35:04.0731 2852 HDRExpressService (7a481913ac1219d13a8b2d6a66901f72) C:\Program Files\UCT\HDR Express\HDRExpressService.exe

15:35:04.0740 2852 HDRExpressService - ok

15:35:04.0754 2852 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

15:35:04.0766 2852 HidBatt - ok

15:35:04.0778 2852 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

15:35:04.0792 2852 HidBth - ok

15:35:04.0809 2852 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

15:35:04.0823 2852 HidIr - ok

15:35:04.0873 2852 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

15:35:04.0904 2852 hidserv - ok

15:35:04.0929 2852 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

15:35:04.0941 2852 HidUsb - ok

15:35:04.0991 2852 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

15:35:05.0022 2852 hkmsvc - ok

15:35:05.0082 2852 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

15:35:05.0097 2852 HomeGroupListener - ok

15:35:05.0160 2852 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

15:35:05.0173 2852 HomeGroupProvider - ok

15:35:05.0242 2852 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

15:35:05.0256 2852 HpSAMD - ok

15:35:05.0344 2852 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

15:35:05.0382 2852 HTTP - ok

15:35:05.0432 2852 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

15:35:05.0443 2852 hwpolicy - ok

15:35:05.0512 2852 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

15:35:05.0527 2852 i8042prt - ok

15:35:05.0596 2852 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

15:35:05.0609 2852 iaStorV - ok

15:35:05.0805 2852 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

15:35:05.0822 2852 idsvc - ok

15:35:05.0872 2852 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

15:35:05.0885 2852 iirsp - ok

15:35:05.0999 2852 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

15:35:06.0034 2852 IKEEXT - ok

15:35:06.0053 2852 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

15:35:06.0063 2852 intelide - ok

15:35:06.0088 2852 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

15:35:06.0099 2852 intelppm - ok

15:35:06.0148 2852 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

15:35:06.0177 2852 IPBusEnum - ok

15:35:06.0242 2852 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

15:35:06.0275 2852 IpFilterDriver - ok

15:35:06.0328 2852 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

15:35:06.0347 2852 IPMIDRV - ok

15:35:06.0365 2852 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

15:35:06.0395 2852 IPNAT - ok

15:35:06.0546 2852 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe

15:35:06.0567 2852 iPod Service - ok

15:35:06.0624 2852 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

15:35:06.0640 2852 IRENUM - ok

15:35:06.0667 2852 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

15:35:06.0677 2852 isapnp - ok

15:35:06.0702 2852 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

15:35:06.0715 2852 iScsiPrt - ok

15:35:06.0742 2852 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

15:35:06.0752 2852 kbdclass - ok

15:35:06.0774 2852 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

15:35:06.0786 2852 kbdhid - ok

15:35:06.0833 2852 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

15:35:06.0846 2852 KeyIso - ok

15:35:06.0893 2852 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys

15:35:06.0907 2852 KSecDD - ok

15:35:06.0971 2852 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys

15:35:06.0982 2852 KSecPkg - ok

15:35:06.0989 2852 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

15:35:07.0018 2852 ksthunk - ok

15:35:07.0094 2852 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

15:35:07.0126 2852 KtmRm - ok

15:35:07.0189 2852 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

15:35:07.0223 2852 LanmanServer - ok

15:35:07.0285 2852 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

15:35:07.0317 2852 LanmanWorkstation - ok

15:35:07.0350 2852 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

15:35:07.0380 2852 lltdio - ok

15:35:07.0408 2852 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

15:35:07.0439 2852 lltdsvc - ok

15:35:07.0463 2852 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

15:35:07.0493 2852 lmhosts - ok

15:35:07.0555 2852 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

15:35:07.0568 2852 LSI_FC - ok

15:35:07.0577 2852 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

15:35:07.0588 2852 LSI_SAS - ok

15:35:07.0603 2852 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

15:35:07.0613 2852 LSI_SAS2 - ok

15:35:07.0619 2852 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

15:35:07.0632 2852 LSI_SCSI - ok

15:35:07.0654 2852 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

15:35:07.0684 2852 luafv - ok

15:35:07.0740 2852 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

15:35:07.0758 2852 Mcx2Svc - ok

15:35:07.0777 2852 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

15:35:07.0787 2852 megasas - ok

15:35:07.0811 2852 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

15:35:07.0823 2852 MegaSR - ok

15:35:07.0883 2852 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

15:35:07.0916 2852 MMCSS - ok

15:35:07.0920 2852 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

15:35:07.0949 2852 Modem - ok

15:35:07.0967 2852 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

15:35:07.0980 2852 monitor - ok

15:35:08.0030 2852 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

15:35:08.0044 2852 mouclass - ok

15:35:08.0071 2852 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

15:35:08.0083 2852 mouhid - ok

15:35:08.0150 2852 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

15:35:08.0165 2852 mountmgr - ok

15:35:08.0340 2852 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

15:35:08.0349 2852 MozillaMaintenance - ok

15:35:08.0437 2852 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys

15:35:08.0453 2852 MpFilter - ok

15:35:08.0508 2852 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

15:35:08.0524 2852 mpio - ok

15:35:08.0578 2852 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

15:35:08.0614 2852 mpsdrv - ok

15:35:08.0668 2852 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

15:35:08.0684 2852 MRxDAV - ok

15:35:08.0738 2852 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

15:35:08.0750 2852 mrxsmb - ok

15:35:08.0816 2852 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

15:35:08.0831 2852 mrxsmb10 - ok

15:35:08.0841 2852 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

15:35:08.0853 2852 mrxsmb20 - ok

15:35:08.0905 2852 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

15:35:08.0915 2852 msahci - ok

15:35:08.0941 2852 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

15:35:08.0958 2852 msdsm - ok

15:35:09.0017 2852 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

15:35:09.0035 2852 MSDTC - ok

15:35:09.0052 2852 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

15:35:09.0081 2852 Msfs - ok

15:35:09.0103 2852 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

15:35:09.0132 2852 mshidkmdf - ok

15:35:09.0140 2852 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

15:35:09.0150 2852 msisadrv - ok

15:35:09.0206 2852 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

15:35:09.0238 2852 MSiSCSI - ok

15:35:09.0240 2852 msiserver - ok

15:35:09.0309 2852 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

15:35:09.0346 2852 MSKSSRV - ok

15:35:09.0361 2852 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

15:35:09.0389 2852 MSPCLOCK - ok

15:35:09.0403 2852 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

15:35:09.0435 2852 MSPQM - ok

15:35:09.0503 2852 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

15:35:09.0520 2852 MsRPC - ok

15:35:09.0573 2852 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

15:35:09.0589 2852 mssmbios - ok

15:35:09.0596 2852 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

15:35:09.0626 2852 MSTEE - ok

15:35:09.0644 2852 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

15:35:09.0662 2852 MTConfig - ok

15:35:09.0674 2852 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

15:35:09.0685 2852 Mup - ok

15:35:09.0798 2852 MyWiFiDHCPDNS (d285d0539016be299a55ff997b44da33) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

15:35:09.0814 2852 MyWiFiDHCPDNS - ok

15:35:09.0897 2852 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

15:35:09.0930 2852 napagent - ok

15:35:10.0029 2852 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

15:35:10.0048 2852 NativeWifiP - ok

15:35:10.0123 2852 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

15:35:10.0144 2852 NDIS - ok

15:35:10.0161 2852 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

15:35:10.0189 2852 NdisCap - ok

15:35:10.0212 2852 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

15:35:10.0245 2852 NdisTapi - ok

15:35:10.0301 2852 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

15:35:10.0332 2852 Ndisuio - ok

15:35:10.0383 2852 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

15:35:10.0416 2852 NdisWan - ok

15:35:10.0467 2852 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

15:35:10.0503 2852 NDProxy - ok

15:35:10.0572 2852 Net Driver HPZ12 (dc6530a291d4bdf6df399f1f128e7f8f) C:\Windows\system32\HPZinw12.dll

15:35:10.0578 2852 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

15:35:10.0578 2852 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

15:35:10.0636 2852 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

15:35:10.0671 2852 NetBIOS - ok

15:35:10.0733 2852 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

15:35:10.0765 2852 NetBT - ok

15:35:10.0825 2852 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

15:35:10.0843 2852 Netlogon - ok

15:35:10.0916 2852 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

15:35:10.0949 2852 Netman - ok

15:35:10.0983 2852 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

15:35:11.0015 2852 netprofm - ok

15:35:11.0202 2852 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

15:35:11.0212 2852 NetTcpPortSharing - ok

15:35:11.0570 2852 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys

15:35:11.0634 2852 NETw5s64 - ok

15:35:11.0891 2852 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

15:35:11.0904 2852 nfrd960 - ok

15:35:11.0968 2852 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

15:35:11.0982 2852 NisDrv - ok

15:35:12.0140 2852 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe

15:35:12.0153 2852 NisSrv - ok

15:35:12.0243 2852 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

15:35:12.0278 2852 NlaSvc - ok

15:35:12.0374 2852 nlsX86cc (b1ef4686961986dffb7fe8f18e6fcb5b) C:\Windows\SysWOW64\nlssrv32.exe

15:35:12.0382 2852 nlsX86cc - ok

15:35:12.0481 2852 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

15:35:12.0516 2852 Npfs - ok

15:35:12.0563 2852 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

15:35:12.0593 2852 nsi - ok

15:35:12.0603 2852 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

15:35:12.0632 2852 nsiproxy - ok

15:35:12.0769 2852 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

15:35:12.0796 2852 Ntfs - ok

15:35:12.0910 2852 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

15:35:12.0939 2852 Null - ok

15:35:13.0004 2852 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

15:35:13.0022 2852 nvraid - ok

15:35:13.0041 2852 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

15:35:13.0052 2852 nvstor - ok

15:35:13.0117 2852 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

15:35:13.0132 2852 nv_agp - ok

15:35:13.0205 2852 O2FLASH (d955d5de998db2476bf0892be3a96c26) C:\Windows\system32\DRIVERS\o2flash.exe

15:35:13.0219 2852 O2FLASH - ok

15:35:13.0239 2852 O2MDGRDR (8c2953537ca19dfaa67d612407e0f33e) C:\Windows\system32\DRIVERS\o2mdgx64.sys

15:35:13.0248 2852 O2MDGRDR - ok

15:35:13.0269 2852 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

15:35:13.0280 2852 ohci1394 - ok

15:35:13.0388 2852 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

15:35:13.0401 2852 ose - ok

15:35:13.0766 2852 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

15:35:13.0830 2852 osppsvc - ok

15:35:14.0022 2852 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

15:35:14.0036 2852 p2pimsvc - ok

15:35:14.0067 2852 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

15:35:14.0081 2852 p2psvc - ok

15:35:14.0185 2852 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

15:35:14.0197 2852 Parport - ok

15:35:14.0251 2852 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

15:35:14.0268 2852 partmgr - ok

15:35:14.0282 2852 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

15:35:14.0298 2852 PcaSvc - ok

15:35:14.0360 2852 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

15:35:14.0376 2852 pci - ok

15:35:14.0385 2852 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

15:35:14.0395 2852 pciide - ok

15:35:14.0422 2852 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

15:35:14.0437 2852 pcmcia - ok

15:35:14.0455 2852 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

15:35:14.0464 2852 pcw - ok

15:35:14.0507 2852 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

15:35:14.0545 2852 PEAUTH - ok

15:35:14.0663 2852 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll

15:35:14.0685 2852 PeerDistSvc - ok

15:35:14.0857 2852 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

15:35:14.0873 2852 PerfHost - ok

15:35:15.0109 2852 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

15:35:15.0147 2852 pla - ok

15:35:15.0220 2852 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

15:35:15.0235 2852 PlugPlay - ok

15:35:15.0314 2852 Pml Driver HPZ12 (71f62c51dfdfbc04c83c5c64b2b8058e) C:\Windows\system32\HPZipm12.dll

15:35:15.0321 2852 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

15:35:15.0321 2852 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

15:35:15.0379 2852 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

15:35:15.0395 2852 PNRPAutoReg - ok

15:35:15.0421 2852 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

15:35:15.0440 2852 PNRPsvc - ok

15:35:15.0466 2852 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

15:35:15.0496 2852 PolicyAgent - ok

15:35:15.0570 2852 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

15:35:15.0601 2852 Power - ok

15:35:15.0716 2852 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

15:35:15.0746 2852 PptpMiniport - ok

15:35:15.0797 2852 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

15:35:15.0814 2852 Processor - ok

15:35:15.0869 2852 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

15:35:15.0906 2852 ProfSvc - ok

15:35:15.0958 2852 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

15:35:15.0969 2852 ProtectedStorage - ok

15:35:16.0022 2852 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

15:35:16.0056 2852 Psched - ok

15:35:16.0108 2852 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys

15:35:16.0122 2852 PxHlpa64 - ok

15:35:16.0156 2852 pxkbf (ba5f7c107eace67973b4b798832a74c7) C:\Windows\system32\drivers\pxkbf.sys

15:35:16.0165 2852 pxkbf - ok

15:35:16.0198 2852 pxrts (007e57428802f587d0d6737ae7a9d989) C:\Windows\system32\drivers\pxrts.sys

15:35:16.0207 2852 pxrts - ok

15:35:16.0266 2852 pxscan (66d4d00c8908888a68b749d91f1e6789) C:\Windows\system32\drivers\pxscan.sys

15:35:16.0278 2852 pxscan - ok

15:35:16.0418 2852 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

15:35:16.0444 2852 ql2300 - ok

15:35:16.0599 2852 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

15:35:16.0610 2852 ql40xx - ok

15:35:16.0676 2852 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

15:35:16.0695 2852 QWAVE - ok

15:35:16.0711 2852 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

15:35:16.0726 2852 QWAVEdrv - ok

15:35:16.0745 2852 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

15:35:16.0774 2852 RasAcd - ok

15:35:16.0839 2852 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

15:35:16.0869 2852 RasAgileVpn - ok

15:35:16.0892 2852 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

15:35:16.0923 2852 RasAuto - ok

15:35:16.0983 2852 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

15:35:17.0016 2852 Rasl2tp - ok

15:35:17.0082 2852 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

15:35:17.0116 2852 RasMan - ok

15:35:17.0171 2852 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

15:35:17.0201 2852 RasPppoe - ok

15:35:17.0217 2852 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

15:35:17.0246 2852 RasSstp - ok

15:35:17.0309 2852 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

15:35:17.0345 2852 rdbss - ok

15:35:17.0358 2852 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

15:35:17.0371 2852 rdpbus - ok

15:35:17.0383 2852 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

15:35:17.0410 2852 RDPCDD - ok

15:35:17.0466 2852 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

15:35:17.0481 2852 RDPDR - ok

15:35:17.0502 2852 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

15:35:17.0531 2852 RDPENCDD - ok

15:35:17.0538 2852 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

15:35:17.0568 2852 RDPREFMP - ok

15:35:17.0627 2852 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

15:35:17.0644 2852 RDPWD - ok

15:35:17.0718 2852 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

15:35:17.0730 2852 rdyboost - ok

15:35:17.0874 2852 RegSrvc (3b71b5b91e7dca93585d5a86c897adc4) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

15:35:17.0893 2852 RegSrvc - ok

15:35:17.0958 2852 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

15:35:17.0992 2852 RemoteAccess - ok

15:35:18.0053 2852 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

15:35:18.0087 2852 RemoteRegistry - ok

15:35:18.0101 2852 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

15:35:18.0132 2852 RpcEptMapper - ok

15:35:18.0139 2852 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

15:35:18.0153 2852 RpcLocator - ok

15:35:18.0230 2852 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

15:35:18.0268 2852 RpcSs - ok

15:35:18.0368 2852 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

15:35:18.0400 2852 rspndr - ok

15:35:18.0490 2852 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys

15:35:18.0506 2852 RTL8167 - ok

15:35:18.0553 2852 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

15:35:18.0565 2852 s3cap - ok

15:35:18.0618 2852 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

15:35:18.0634 2852 SamSs - ok

15:35:18.0689 2852 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

15:35:18.0707 2852 sbp2port - ok

15:35:18.0734 2852 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

15:35:18.0765 2852 SCardSvr - ok

15:35:18.0812 2852 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

15:35:18.0844 2852 scfilter - ok

15:35:18.0959 2852 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

15:35:18.0994 2852 Schedule - ok

15:35:19.0052 2852 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

15:35:19.0085 2852 SCPolicySvc - ok

15:35:19.0104 2852 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys

15:35:19.0119 2852 sdbus - ok

15:35:19.0174 2852 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

15:35:19.0191 2852 SDRSVC - ok

15:35:19.0249 2852 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

15:35:19.0282 2852 secdrv - ok

15:35:19.0328 2852 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

15:35:19.0359 2852 seclogon - ok

15:35:19.0428 2852 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

15:35:19.0457 2852 SENS - ok

15:35:19.0466 2852 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

15:35:19.0478 2852 SensrSvc - ok

15:35:19.0494 2852 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

15:35:19.0505 2852 Serenum - ok

15:35:19.0550 2852 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

15:35:19.0562 2852 Serial - ok

15:35:19.0620 2852 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

15:35:19.0637 2852 sermouse - ok

15:35:19.0692 2852 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

15:35:19.0722 2852 SessionEnv - ok

15:35:19.0768 2852 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

15:35:19.0786 2852 sffdisk - ok

15:35:19.0801 2852 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

15:35:19.0812 2852 sffp_mmc - ok

15:35:19.0824 2852 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\DRIVERS\sffp_sd.sys

15:35:19.0838 2852 sffp_sd - ok

15:35:19.0892 2852 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

15:35:19.0909 2852 sfloppy - ok

15:35:20.0034 2852 SftService (beb504962e36d6f368ebfc702a659e09) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

15:35:20.0048 2852 SftService - ok

15:35:20.0128 2852 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

15:35:20.0161 2852 ShellHWDetection - ok

15:35:20.0189 2852 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

15:35:20.0199 2852 SiSRaid2 - ok

15:35:20.0213 2852 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

15:35:20.0223 2852 SiSRaid4 - ok

15:35:20.0252 2852 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

15:35:20.0281 2852 Smb - ok

15:35:20.0342 2852 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

15:35:20.0360 2852 SNMPTRAP - ok

15:35:20.0365 2852 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

15:35:20.0375 2852 spldr - ok

15:35:20.0454 2852 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

15:35:20.0490 2852 Spooler - ok

15:35:20.0719 2852 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

15:35:20.0775 2852 sppsvc - ok

15:35:20.0918 2852 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

15:35:20.0949 2852 sppuinotify - ok

15:35:21.0063 2852 sprtsvc_DellSupportCenter (d630b6f2e8379b6f10dc16e82a426552) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

15:35:21.0078 2852 sprtsvc_DellSupportCenter - ok

15:35:21.0197 2852 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys

15:35:21.0197 2852 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb

15:35:21.0199 2852 sptd ( LockedFile.Multi.Generic ) - warning

15:35:21.0199 2852 sptd - detected LockedFile.Multi.Generic (1)

15:35:21.0270 2852 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

15:35:21.0284 2852 srv - ok

15:35:21.0312 2852 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

15:35:21.0326 2852 srv2 - ok

15:35:21.0347 2852 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

15:35:21.0360 2852 srvnet - ok

15:35:21.0426 2852 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

15:35:21.0457 2852 SSDPSRV - ok

15:35:21.0467 2852 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

15:35:21.0499 2852 SstpSvc - ok

15:35:21.0689 2852 STacSV (da7702025dfd169b909c4da3126762cc) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe

15:35:21.0701 2852 STacSV - ok

15:35:21.0782 2852 Steam Client Service - ok

15:35:21.0816 2852 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

15:35:21.0830 2852 stexstor - ok

15:35:21.0875 2852 STHDA (caf5a9708671b14b9670260735b22c4e) C:\Windows\system32\DRIVERS\stwrt64.sys

15:35:21.0888 2852 STHDA - ok

15:35:21.0950 2852 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys

15:35:21.0963 2852 StillCam - ok

15:35:22.0058 2852 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

15:35:22.0082 2852 stisvc - ok

15:35:22.0141 2852 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys

15:35:22.0157 2852 storflt - ok

15:35:22.0211 2852 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll

15:35:22.0224 2852 StorSvc - ok

15:35:22.0239 2852 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

15:35:22.0250 2852 storvsc - ok

15:35:22.0267 2852 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

15:35:22.0277 2852 swenum - ok

15:35:22.0365 2852 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

15:35:22.0377 2852 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning

15:35:22.0377 2852 SwitchBoard - detected UnsignedFile.Multi.Generic (1)

15:35:22.0455 2852 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

15:35:22.0491 2852 swprv - ok

15:35:22.0501 2852 sxuptp - ok

15:35:22.0572 2852 SynTP (29ad5ff846e8939c10112f34cb2e334a) C:\Windows\system32\DRIVERS\SynTP.sys

15:35:22.0582 2852 SynTP - ok

15:35:22.0729 2852 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

15:35:22.0758 2852 SysMain - ok

15:35:22.0942 2852 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

15:35:22.0959 2852 TabletInputService - ok

15:35:22.0982 2852 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

15:35:23.0013 2852 TapiSrv - ok

15:35:23.0028 2852 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

15:35:23.0059 2852 TBS - ok

15:35:23.0232 2852 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

15:35:23.0264 2852 Tcpip - ok

15:35:23.0397 2852 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

15:35:23.0427 2852 TCPIP6 - ok

15:35:23.0511 2852 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

15:35:23.0543 2852 tcpipreg - ok

15:35:23.0588 2852 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

15:35:23.0601 2852 TDPIPE - ok

15:35:23.0657 2852 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

15:35:23.0673 2852 TDTCP - ok

15:35:23.0732 2852 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

15:35:23.0766 2852 tdx - ok

15:35:23.0823 2852 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

15:35:23.0839 2852 TermDD - ok

15:35:23.0926 2852 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

15:35:23.0960 2852 TermService - ok

15:35:24.0012 2852 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

15:35:24.0028 2852 Themes - ok

15:35:24.0085 2852 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

15:35:24.0119 2852 THREADORDER - ok

15:35:24.0135 2852 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

15:35:24.0166 2852 TrkWks - ok

15:35:24.0273 2852 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

15:35:24.0307 2852 TrustedInstaller - ok

15:35:24.0365 2852 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

15:35:24.0392 2852 tssecsrv - ok

15:35:24.0446 2852 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

15:35:24.0458 2852 TsUsbFlt - ok

15:35:24.0531 2852 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

15:35:24.0563 2852 tunnel - ok

15:35:24.0591 2852 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys

15:35:24.0599 2852 TurboB - ok

15:35:24.0682 2852 TurboBoost (b206be1174d5964d49a56bb6c4e0524a) C:\Program Files\Intel\TurboBoost\TurboBoost.exe

15:35:24.0694 2852 TurboBoost - ok

15:35:24.0739 2852 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

15:35:24.0754 2852 uagp35 - ok

15:35:24.0823 2852 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

15:35:24.0854 2852 udfs - ok

15:35:24.0907 2852 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

15:35:24.0923 2852 UI0Detect - ok

15:35:24.0978 2852 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

15:35:24.0994 2852 uliagpkx - ok

15:35:25.0012 2852 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

15:35:25.0023 2852 umbus - ok

15:35:25.0040 2852 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

15:35:25.0052 2852 UmPass - ok

15:35:25.0112 2852 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll

15:35:25.0130 2852 UmRdpService - ok

15:35:25.0155 2852 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

15:35:25.0187 2852 upnphost - ok

15:35:25.0246 2852 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys

15:35:25.0262 2852 USBAAPL64 - ok

15:35:25.0321 2852 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

15:35:25.0339 2852 usbccgp - ok

15:35:25.0361 2852 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

15:35:25.0376 2852 usbcir - ok

15:35:25.0395 2852 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

15:35:25.0406 2852 usbehci - ok

15:35:25.0433 2852 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

15:35:25.0446 2852 usbhub - ok

15:35:25.0465 2852 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

15:35:25.0476 2852 usbohci - ok

15:35:25.0538 2852 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

15:35:25.0554 2852 usbprint - ok

15:35:25.0606 2852 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

15:35:25.0626 2852 usbscan - ok

15:35:25.0642 2852 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

15:35:25.0654 2852 USBSTOR - ok

15:35:25.0671 2852 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

15:35:25.0682 2852 usbuhci - ok

15:35:25.0764 2852 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

15:35:25.0781 2852 usbvideo - ok

15:35:25.0834 2852 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

15:35:25.0868 2852 UxSms - ok

15:35:25.0918 2852 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

15:35:25.0930 2852 VaultSvc - ok

15:35:25.0993 2852 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

15:35:26.0009 2852 vdrvroot - ok

15:35:26.0090 2852 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

15:35:26.0127 2852 vds - ok

15:35:26.0186 2852 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

15:35:26.0199 2852 vga - ok

15:35:26.0218 2852 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

15:35:26.0247 2852 VgaSave - ok

15:35:26.0272 2852 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

15:35:26.0283 2852 vhdmp - ok

15:35:26.0300 2852 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

15:35:26.0310 2852 viaide - ok

15:35:26.0333 2852 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys

15:35:26.0344 2852 vmbus - ok

15:35:26.0358 2852 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

15:35:26.0370 2852 VMBusHID - ok

15:35:26.0386 2852 vmci - ok

15:35:26.0389 2852 VMnetAdapter - ok

15:35:26.0410 2852 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

15:35:26.0421 2852 volmgr - ok

15:35:26.0483 2852 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

15:35:26.0497 2852 volmgrx - ok

15:35:26.0564 2852 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

15:35:26.0577 2852 volsnap - ok

15:35:26.0608 2852 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

15:35:26.0627 2852 vsmraid - ok

15:35:26.0764 2852 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

15:35:26.0805 2852 VSS - ok

15:35:27.0037 2852 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

15:35:27.0053 2852 vwifibus - ok

15:35:27.0071 2852 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

15:35:27.0085 2852 vwififlt - ok

15:35:27.0100 2852 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

15:35:27.0115 2852 vwifimp - ok

15:35:27.0188 2852 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

15:35:27.0220 2852 W32Time - ok

15:35:27.0234 2852 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

15:35:27.0246 2852 WacomPen - ok

15:35:27.0296 2852 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

15:35:27.0324 2852 WANARP - ok

15:35:27.0331 2852 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

15:35:27.0359 2852 Wanarpv6 - ok

15:35:27.0451 2852 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

15:35:27.0475 2852 WatAdminSvc - ok

15:35:27.0616 2852 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

15:35:27.0640 2852 wbengine - ok

15:35:27.0840 2852 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

15:35:27.0857 2852 WbioSrvc - ok

15:35:27.0929 2852 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

15:35:27.0949 2852 wcncsvc - ok

15:35:27.0965 2852 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

15:35:27.0978 2852 WcsPlugInService - ok

15:35:28.0045 2852 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

15:35:28.0057 2852 Wd - ok

15:35:28.0107 2852 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

15:35:28.0125 2852 Wdf01000 - ok

15:35:28.0143 2852 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

15:35:28.0160 2852 WdiServiceHost - ok

15:35:28.0163 2852 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

15:35:28.0179 2852 WdiSystemHost - ok

15:35:28.0242 2852 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

15:35:28.0262 2852 WebClient - ok

15:35:28.0284 2852 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

15:35:28.0315 2852 Wecsvc - ok

15:35:28.0331 2852 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

15:35:28.0361 2852 wercplsupport - ok

15:35:28.0380 2852 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

15:35:28.0411 2852 WerSvc - ok

15:35:28.0463 2852 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

15:35:28.0502 2852 WfpLwf - ok

15:35:28.0544 2852 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys

15:35:28.0561 2852 WimFltr - ok

15:35:28.0573 2852 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

15:35:28.0583 2852 WIMMount - ok

15:35:28.0586 2852 WinHttpAutoProxySvc - ok

15:35:28.0704 2852 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

15:35:28.0739 2852 Winmgmt - ok

15:35:28.0936 2852 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

15:35:28.0981 2852 WinRM - ok

15:35:29.0198 2852 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

15:35:29.0211 2852 WinUsb - ok

15:35:29.0316 2852 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

15:35:29.0343 2852 Wlansvc - ok

15:35:29.0365 2852 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

15:35:29.0375 2852 WmiAcpi - ok

15:35:29.0487 2852 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

15:35:29.0502 2852 wmiApSrv - ok

15:35:29.0605 2852 WMPNetworkSvc - ok

15:35:29.0619 2852 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

15:35:29.0635 2852 WPCSvc - ok

15:35:29.0692 2852 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

15:35:29.0709 2852 WPDBusEnum - ok

15:35:29.0757 2852 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

15:35:29.0794 2852 ws2ifsl - ok

15:35:29.0827 2852 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys

15:35:29.0848 2852 WSDPrintDevice - ok

15:35:29.0851 2852 WSearch - ok

15:35:30.0037 2852 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

15:35:30.0073 2852 wuauserv - ok

15:35:30.0317 2852 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

15:35:30.0345 2852 WudfPf - ok

15:35:30.0384 2852 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

15:35:30.0414 2852 WUDFRd - ok

15:35:30.0471 2852 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

15:35:30.0503 2852 wudfsvc - ok

15:35:30.0567 2852 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

15:35:30.0586 2852 WwanSvc - ok

15:35:30.0682 2852 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl

15:35:30.0695 2852 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} - ok

15:35:30.0713 2852 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

15:35:31.0028 2852 \Device\Harddisk0\DR0 - ok

15:35:31.0032 2852 Boot (0x1200) (47a2b6601a482770db82e6c7c1fb0314) \Device\Harddisk0\DR0\Partition0

15:35:31.0034 2852 \Device\Harddisk0\DR0\Partition0 - ok

15:35:31.0062 2852 Boot (0x1200) (55d86f776e8bcfec33b424e6fe457015) \Device\Harddisk0\DR0\Partition1

15:35:31.0063 2852 \Device\Harddisk0\DR0\Partition1 - ok

15:35:31.0064 2852 ============================================================

15:35:31.0064 2852 Scan finished

15:35:31.0064 2852 ============================================================

15:35:31.0071 2344 Detected object count: 5

15:35:31.0071 2344 Actual detected object count: 5

15:35:41.0377 2344 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

15:35:41.0377 2344 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:35:41.0377 2344 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

15:35:41.0378 2344 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:35:41.0378 2344 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

15:35:41.0379 2344 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:35:41.0380 2344 sptd ( LockedFile.Multi.Generic ) - skipped by user

15:35:41.0380 2344 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

15:35:41.0381 2344 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user

15:35:41.0381 2344 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:35:46.0709 3540 Deinitialize success

MrCharlie · July 13, 2012

Welcome to the forum. Please don't run scans unless instructed to.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!!!!!!!)

Post back the report.

MrC

fyzhix · July 13, 2012

Thanks for the quick reply. I apologise for the unsolicited scans / log files.

Here's the rogue killer report:

RogueKiller V7.6.3 [07/08/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Jon [Admin rights]

Mode: Scan -- Date: 07/13/2012 16:44:32

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 8 ¤¤¤

[ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Jon\AppData\Local\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\n.) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : c:\windows\installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\windows\installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\windows\installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\L --> FOUND

[ZeroAccess][FILE] @ : c:\users\jon\appdata\local\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\users\jon\appdata\local\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\users\jon\appdata\local\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\L --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS725050A9A364 ATA Device +++++

--- User ---

[MBR] c79f2bd0be0c416046337c7b4be5e0f7

[bSP] 86e0863e50002712c3a8f7a1fcd1f6b6 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 461899 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

MrCharlie · July 13, 2012

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.
BACKDOOR WARNING
------------------------------
One or more of the identified infections is known to use a backdoor.
This allows hackers to remotely control your computer, steal critical system information and download and execute files.
I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
http://www.dslreports.com/faq/10451
When Should I Format, How Should I Reinstall
http://www.dslreports.com/faq/10063
I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.
Please let me know you have read this and agree to it.
Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

----------------------------------------

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

- Startup Repair
  System Restore
  Windows Complete PC Restore
  Windows Memory Diagnostic Tool
  Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

fyzhix · July 13, 2012

I read the disclaimer and agree.

Here's the log:

Scan result of Farbar Recovery Scan Tool Version: 11-07-2012

Ran by SYSTEM at 13-07-2012 17:36:31

Running from F:\

Windows 7 Professional (X64) OS Language: English(US)

The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1882920 2009-10-29] (Synaptics Incorporated)

HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-20] (IDT, Inc.)

HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)

HKLM\...\Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1926928 2009-09-21] (Intel® Corporation)

HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-30] (Adobe Systems Incorporated)

HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)

HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-11-09] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-12-29] (CyberLink Corp.)

HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)

HKLM-x32\...\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-10-15] ()

HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.)

HKLM-x32\...\Run: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [1159168 2009-05-26] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [] [x]

HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2012-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [815512 2012-04-04] (Adobe Systems Inc.)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)

HKU\Jon\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3872080 2010-04-16] (Microsoft Corporation)

HKU\Jon\...\Run: [Google Update] "C:\Users\Jon\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-06-04] (Google Inc.)

HKU\Jon\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [357696 2010-04-01] (DT Soft Ltd)

HKU\Jon\...\Run: [AdobeBridge] [x]

HKU\Jon\...\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2011-12-24] (Valve Corporation)

HKLM\...\RunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe" [161736 2010-02-11] ()

HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165184 2010-02-11] (Softthinks)

Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)

Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)

Startup: C:\Users\Jon\Start Menu\Programs\Startup\Dell Dock.lnk

ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)

==================== Services (Whitelisted) ======

2 CSIScanner; "C:\Program Files\Prevx\prevx.exe" /service [6746280 2012-04-10] (Prevx)

2 HDRExpressService; C:\Program Files\UCT\HDR Express\HDRExpressService.exe [32400 2012-04-04] ()

3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [315664 2009-09-21] ()

3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)

2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2012-03-28] (Nalpeiron Ltd.)

2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe [244736 2010-01-20] (IDT, Inc.)

2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [x]

========================== Drivers (Whitelisted) =============

3 pxkbf; C:\Windows\System32\Drivers\pxkbf.sys [24024 2012-04-10] (Prevx)

1 pxrts; C:\Windows\System32\Drivers\pxrts.sys [65736 2012-04-10] (Prevx)

0 pxscan; C:\Windows\System32\Drivers\pxscan.sys [36384 2012-04-10] (Prevx)

0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-10-07] (Duplex Secure Ltd.)

2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13784 2009-11-02] ()

2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}; \??\C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [146928 2009-12-29] (CyberLink Corp.)

3 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [x]

0 vmci; C:\Windows\System32\DRIVERS\vmci.sys [x]

3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-07-13 15:44 - 2012-07-13 15:44 - 00002604 ____A C:\Users\Jon\Desktop\RKreport[1].txt

2012-07-13 15:44 - 2012-07-13 15:44 - 00000000 ____D C:\Users\Jon\Desktop\RK_Quarantine

2012-07-13 15:44 - 2012-07-13 15:44 - 00000000 ____D C:\Users\Jon\.jenny

2012-07-13 15:43 - 2012-07-13 15:43 - 01558528 ____A C:\Users\Jon\Downloads\RogueKiller.exe

2012-07-13 14:30 - 2012-07-13 14:30 - 00055028 ____A C:\Users\Jon\Desktop\Extras.Txt

2012-07-13 14:26 - 2012-07-13 14:26 - 00119472 ____A C:\Users\Jon\Desktop\OTL.Txt

2012-07-13 14:26 - 2012-07-13 14:26 - 00055028 ____A C:\Users\Jon\Downloads\Extras.Txt

2012-07-13 14:25 - 2012-07-13 14:25 - 00119472 ____A C:\Users\Jon\Downloads\OTL.Txt

2012-07-13 14:15 - 2012-07-13 14:15 - 00596480 ____A (OldTimer Tools) C:\Users\Jon\Downloads\OTL.exe

2012-07-13 14:13 - 2012-07-13 14:13 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Jon\Downloads\tdsskiller.exe

2012-07-12 18:56 - 2012-07-12 18:56 - 00000000 ____D C:\Users\Jon\Desktop\Untitled Export

2012-07-12 18:02 - 2012-07-12 18:02 - 00000000 ____D C:\Users\Jon\My Documents\Adobe

2012-07-12 18:02 - 2012-07-12 18:02 - 00000000 ____D C:\Users\Jon\Documents\Adobe

2012-07-12 18:00 - 2012-07-13 11:42 - 00002928 ____A C:\Users\Jon\My Documents\PerfectEffectsConduit.log

2012-07-12 18:00 - 2012-07-13 11:42 - 00002928 ____A C:\Users\Jon\Documents\PerfectEffectsConduit.log

2012-07-12 18:00 - 2012-07-13 11:42 - 00002348 ____A C:\Users\Jon\My Documents\PerfectPortraitConduit.log

2012-07-12 18:00 - 2012-07-13 11:42 - 00002348 ____A C:\Users\Jon\Documents\PerfectPortraitConduit.log

2012-07-12 18:00 - 2012-07-13 11:42 - 00002332 ____A C:\Users\Jon\My Documents\PerfectLayersConduit.log

2012-07-12 18:00 - 2012-07-13 11:42 - 00002332 ____A C:\Users\Jon\Documents\PerfectLayersConduit.log

2012-07-12 18:00 - 2012-07-13 11:42 - 00001120 ____A C:\Users\Jon\My Documents\PhotoFrameConduit.log

2012-07-12 18:00 - 2012-07-13 11:42 - 00001120 ____A C:\Users\Jon\Documents\PhotoFrameConduit.log

2012-07-12 18:00 - 2012-07-13 11:42 - 00001112 ____A C:\Users\Jon\My Documents\GenuineFractalsConduit.log

2012-07-12 18:00 - 2012-07-13 11:42 - 00001112 ____A C:\Users\Jon\Documents\GenuineFractalsConduit.log

2012-07-12 18:00 - 2012-07-13 11:42 - 00001108 ____A C:\Users\Jon\My Documents\PhotoTuneConduit.log

2012-07-12 18:00 - 2012-07-13 11:42 - 00001108 ____A C:\Users\Jon\Documents\PhotoTuneConduit.log

2012-07-12 18:00 - 2012-07-13 11:42 - 00001088 ____A C:\Users\Jon\My Documents\PhotoToolsConduit.log

2012-07-12 18:00 - 2012-07-13 11:42 - 00001088 ____A C:\Users\Jon\My Documents\FocalPointConduit.log

2012-07-12 18:00 - 2012-07-13 11:42 - 00001088 ____A C:\Users\Jon\Documents\PhotoToolsConduit.log

2012-07-12 18:00 - 2012-07-13 11:42 - 00001088 ____A C:\Users\Jon\Documents\FocalPointConduit.log

2012-07-12 17:58 - 2012-07-12 17:58 - 00002069 ____A C:\Users\Public\Desktop\Lightroom 4.1 64-bit.lnk

2012-07-12 17:58 - 2012-07-12 17:58 - 00002069 ____A C:\Users\All Users\Desktop\Lightroom 4.1 64-bit.lnk

2012-07-12 17:51 - 2012-07-12 17:51 - 00000000 ____D C:\Users\Jon\Desktop\Adobe

2012-07-12 17:44 - 2012-07-12 17:51 - 765299656 ____A (Adobe Systems Incorporated) C:\Users\Jon\Downloads\Lightroom_4_LS11.exe

2012-07-12 14:30 - 2012-07-12 14:30 - 00112797 ____A C:\Users\Jon\Downloads\GradientXTerminatorWin.zip

2012-07-12 14:30 - 2012-07-12 14:30 - 00000000 ____D C:\Users\Jon\Downloads\GradientXTerminatorWin

2012-07-11 01:55 - 2012-06-11 22:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-07-11 01:50 - 2012-06-02 07:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-07-11 01:50 - 2012-06-02 07:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-07-11 01:50 - 2012-06-02 07:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-07-11 01:50 - 2012-06-02 07:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-07-11 01:50 - 2012-06-02 07:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-07-11 01:50 - 2012-06-02 07:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-07-11 01:50 - 2012-06-02 07:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-07-11 01:50 - 2012-06-02 07:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-07-11 01:50 - 2012-06-02 07:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-07-11 01:50 - 2012-06-02 07:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-07-11 01:50 - 2012-06-02 06:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-07-11 01:50 - 2012-06-02 06:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-07-11 01:50 - 2012-06-02 06:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-07-11 01:50 - 2012-06-02 06:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-07-11 01:50 - 2012-06-02 04:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-07-11 01:50 - 2012-06-02 03:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-07-11 01:50 - 2012-06-02 03:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-07-11 01:50 - 2012-06-02 03:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-07-11 01:50 - 2012-06-02 03:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-07-11 01:50 - 2012-06-02 03:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-07-11 01:50 - 2012-06-02 03:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-07-11 01:50 - 2012-06-02 03:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-07-11 01:50 - 2012-06-02 03:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-07-11 01:50 - 2012-06-02 03:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-07-11 01:50 - 2012-06-02 03:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-07-11 01:50 - 2012-06-02 03:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-07-11 01:50 - 2012-06-02 03:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-07-11 01:50 - 2012-06-02 03:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-07-11 00:38 - 2012-07-11 00:38 - 00002591 ____A C:\Users\Public\Desktop\DeepSkyStacker.lnk

2012-07-11 00:38 - 2012-07-11 00:38 - 00002591 ____A C:\Users\All Users\Desktop\DeepSkyStacker.lnk

2012-07-11 00:38 - 2012-07-11 00:38 - 00000000 ____D C:\Program Files (x86)\DeepSkyStacker

2012-07-11 00:37 - 2012-07-11 00:37 - 00000000 ____D C:\Users\Jon\Downloads\DeepSkyStacker

2012-07-10 18:47 - 2012-06-09 00:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-07-10 18:47 - 2012-06-08 23:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-07-10 18:47 - 2012-06-06 01:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-07-10 18:47 - 2012-06-06 01:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-07-10 18:47 - 2012-06-06 00:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-07-10 18:47 - 2012-06-06 00:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-07-10 18:47 - 2012-06-02 00:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-07-10 18:47 - 2012-06-02 00:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-07-10 18:47 - 2012-06-02 00:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-07-10 18:47 - 2012-06-02 00:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-07-10 18:47 - 2012-06-02 00:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-07-10 18:47 - 2012-06-01 23:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-07-10 18:47 - 2012-06-01 23:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-07-10 18:47 - 2012-06-01 23:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-07-10 18:47 - 2012-06-01 23:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2012-07-10 18:47 - 2010-06-25 22:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll

2012-07-10 18:47 - 2010-06-25 22:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2012-07-10 18:46 - 2012-04-24 00:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll

2012-07-10 18:46 - 2012-04-24 00:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll

2012-07-10 18:46 - 2012-04-24 00:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll

2012-07-10 18:46 - 2012-04-23 23:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2012-07-10 18:46 - 2012-04-23 23:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2012-07-10 18:46 - 2012-04-23 23:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2012-07-10 18:44 - 2012-06-06 01:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-07-10 18:44 - 2012-06-06 00:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

2012-07-09 07:13 - 2012-07-09 07:14 - 05120402 ____A C:\Users\Jon\Downloads\FL_30_Win.exe

2012-07-07 07:33 - 2012-07-07 07:33 - 00000000 ____D C:\Users\Jon\My Documents\Astronomy Tools

2012-07-07 07:33 - 2012-07-07 07:33 - 00000000 ____D C:\Users\Jon\Documents\Astronomy Tools

2012-07-07 07:33 - 2012-07-07 07:33 - 00000000 ____D C:\Users\Jon\Desktop\New Folder

2012-07-07 06:45 - 2012-07-07 06:45 - 00001929 ____A C:\Users\Public\Desktop\Stellarium.lnk

2012-07-07 06:45 - 2012-07-07 06:45 - 00001929 ____A C:\Users\All Users\Desktop\Stellarium.lnk

2012-07-07 06:45 - 2012-07-07 06:45 - 00000000 ____D C:\Users\Jon\Application Data\Stellarium

2012-07-07 06:45 - 2012-07-07 06:45 - 00000000 ____D C:\Users\Jon\AppData\Roaming\Stellarium

2012-07-07 06:45 - 2012-07-07 06:45 - 00000000 ____D C:\Program Files (x86)\Stellarium

2012-07-07 06:42 - 2012-07-07 06:45 - 59408090 ____A ( ) C:\Users\Jon\Downloads\stellarium-0.11.3-win32.exe

2012-07-05 17:55 - 2012-07-05 17:55 - 00000000 ____D C:\Program Files (x86)\Oracle

2012-07-05 17:53 - 2012-05-04 18:29 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2012-07-05 17:52 - 2012-05-15 18:06 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2012-07-05 17:52 - 2012-05-15 18:06 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2012-07-05 17:49 - 2012-07-05 17:52 - 00002954 ____A C:\Windows\SysWOW64\jupdate-1.7.0_05-b05.log

2012-07-04 18:32 - 2012-07-04 18:32 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%

2012-06-25 21:19 - 2012-06-25 21:19 - 00008883 ____A C:\Users\Jon\My Documents\blood pressure.xlsx

2012-06-25 21:19 - 2012-06-25 21:19 - 00008883 ____A C:\Users\Jon\Documents\blood pressure.xlsx

2012-06-25 05:31 - 2012-06-02 17:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-25 05:31 - 2012-06-02 17:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-25 05:31 - 2012-06-02 17:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-25 05:31 - 2012-06-02 17:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-25 05:31 - 2012-06-02 17:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-25 05:31 - 2012-06-02 17:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-25 05:31 - 2012-06-02 17:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-25 05:30 - 2012-06-02 14:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-25 05:30 - 2012-06-02 14:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-06-23 17:55 - 2012-06-23 18:17 - 1086629167 ____A C:\Users\Jon\Downloads\2012-06-Marketplace-Bundle.zip

2012-06-22 21:33 - 2012-06-22 21:33 - 00024136 ____A C:\Users\Jon\My Documents\ReadMe-Astronomy.txt

2012-06-22 21:33 - 2012-06-22 21:33 - 00024136 ____A C:\Users\Jon\Documents\ReadMe-Astronomy.txt

2012-06-22 21:32 - 2012-06-22 21:32 - 00047636 ____A C:\Users\Jon\Downloads\Astronomy_Tools_v1_6.zip

2012-06-20 18:10 - 2012-07-04 16:19 - 00000000 ____D C:\Users\Jon\My Documents\Pay stubs

2012-06-20 18:10 - 2012-07-04 16:19 - 00000000 ____D C:\Users\Jon\Documents\Pay stubs

2012-06-19 21:16 - 2012-06-19 21:17 - 10754751 ____A C:\Users\Jon\Downloads\DeepSkyStacker.zip

2012-06-19 21:09 - 2012-06-19 21:09 - 00001077 ____A C:\Users\Jon\Desktop\RegiStax 5.1 .lnk

2012-06-19 21:09 - 2012-06-19 21:09 - 00000000 ____D C:\Program Files (x86)\RegiStax 5_1

2012-06-19 21:08 - 2012-06-19 21:08 - 01847685 ____A () C:\Users\Jon\Downloads\setupregistax5_1.exe

2012-06-19 12:38 - 2012-06-19 12:40 - 16561880 ____A (UCT) C:\Users\Jon\Downloads\HDRExpressSetup_x64.exe

2012-06-15 02:07 - 2012-06-15 02:08 - 00000000 ____D C:\Users\Jon\Logitech

2012-06-15 02:07 - 2012-06-15 02:07 - 00002359 ____A C:\Users\Public\Desktop\Logitech Harmony Remote Software 7.lnk

2012-06-15 02:07 - 2012-06-15 02:07 - 00002359 ____A C:\Users\All Users\Desktop\Logitech Harmony Remote Software 7.lnk

2012-06-15 02:06 - 2012-06-15 02:06 - 00000000 ____D C:\Program Files (x86)\Logitech

2012-06-15 02:02 - 2012-06-15 02:05 - 48357912 ____A (Logitech Inc.) C:\Users\Jon\Downloads\LogitechHarmonyRemote7.7.0-WIN-x86.exe

2012-06-14 13:16 - 2012-06-14 13:16 - 00000000 ____D C:\Users\Jon\Local Settings\Macromedia

2012-06-14 13:16 - 2012-06-14 13:16 - 00000000 ____D C:\Users\Jon\Local Settings\Application Data\Macromedia

2012-06-14 13:16 - 2012-06-14 13:16 - 00000000 ____D C:\Users\Jon\AppData\Local\Macromedia

2012-06-13 15:52 - 2012-04-26 00:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll

2012-06-13 15:52 - 2012-04-26 00:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll

2012-06-13 15:52 - 2012-04-26 00:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe

2012-06-13 15:51 - 2012-05-04 06:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2012-06-13 15:51 - 2012-05-04 05:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2012-06-13 15:51 - 2012-05-04 05:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2012-06-13 15:51 - 2012-04-27 22:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys

============ 3 Months Modified Files ========================

2012-07-13 16:31 - 2009-07-14 00:10 - 01925595 ____A C:\Windows\WindowsUpdate.log

2012-07-13 16:28 - 2009-07-14 00:13 - 00717324 ____A C:\Windows\System32\PerfStringBackup.INI

2012-07-13 16:25 - 2009-07-13 23:51 - 00056974 ____A C:\Windows\setupact.log

2012-07-13 15:58 - 2010-06-04 23:50 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-13878151-3475214259-3496771340-1001UA.job

2012-07-13 15:47 - 2012-04-09 15:55 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-07-13 15:44 - 2012-07-13 15:44 - 00002604 ____A C:\Users\Jon\Desktop\RKreport[1].txt

2012-07-13 15:43 - 2012-07-13 15:43 - 01558528 ____A C:\Users\Jon\Downloads\RogueKiller.exe

2012-07-13 15:32 - 2011-08-21 15:58 - 01684992 __ASH C:\Users\Jon\My Documents\Thumbs.db

2012-07-13 15:32 - 2011-08-21 15:58 - 01684992 __ASH C:\Users\Jon\Documents\Thumbs.db

2012-07-13 15:28 - 2010-06-19 19:31 - 00001456 ____A C:\Users\Jon\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs

2012-07-13 15:28 - 2010-06-19 19:31 - 00001456 ____A C:\Users\Jon\Local Settings\Adobe Save for Web 12.0 Prefs

2012-07-13 15:28 - 2010-06-19 19:31 - 00001456 ____A C:\Users\Jon\AppData\Local\Adobe Save for Web 12.0 Prefs

2012-07-13 14:30 - 2012-07-13 14:30 - 00055028 ____A C:\Users\Jon\Desktop\Extras.Txt

2012-07-13 14:26 - 2012-07-13 14:26 - 00119472 ____A C:\Users\Jon\Desktop\OTL.Txt

2012-07-13 14:26 - 2012-07-13 14:26 - 00055028 ____A C:\Users\Jon\Downloads\Extras.Txt

2012-07-13 14:25 - 2012-07-13 14:25 - 00119472 ____A C:\Users\Jon\Downloads\OTL.Txt

2012-07-13 14:15 - 2012-07-13 14:15 - 00596480 ____A (OldTimer Tools) C:\Users\Jon\Downloads\OTL.exe

2012-07-13 14:13 - 2012-07-13 14:13 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Jon\Downloads\tdsskiller.exe

2012-07-13 13:49 - 2009-07-13 23:45 - 00014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-07-13 13:49 - 2009-07-13 23:45 - 00014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-07-13 13:37 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-07-13 13:36 - 2010-05-27 14:05 - 00537496 ____A C:\Windows\PFRO.log

2012-07-13 13:24 - 2009-07-14 00:08 - 00032628 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-07-13 13:17 - 2012-04-10 18:44 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-07-13 13:17 - 2012-04-10 18:44 - 00001111 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk

2012-07-13 11:42 - 2012-07-12 18:00 - 00002928 ____A C:\Users\Jon\My Documents\PerfectEffectsConduit.log

2012-07-13 11:42 - 2012-07-12 18:00 - 00002928 ____A C:\Users\Jon\Documents\PerfectEffectsConduit.log

2012-07-13 11:42 - 2012-07-12 18:00 - 00002348 ____A C:\Users\Jon\My Documents\PerfectPortraitConduit.log

2012-07-13 11:42 - 2012-07-12 18:00 - 00002348 ____A C:\Users\Jon\Documents\PerfectPortraitConduit.log

2012-07-13 11:42 - 2012-07-12 18:00 - 00002332 ____A C:\Users\Jon\My Documents\PerfectLayersConduit.log

2012-07-13 11:42 - 2012-07-12 18:00 - 00002332 ____A C:\Users\Jon\Documents\PerfectLayersConduit.log

2012-07-13 11:42 - 2012-07-12 18:00 - 00001120 ____A C:\Users\Jon\My Documents\PhotoFrameConduit.log

2012-07-13 11:42 - 2012-07-12 18:00 - 00001120 ____A C:\Users\Jon\Documents\PhotoFrameConduit.log

2012-07-13 11:42 - 2012-07-12 18:00 - 00001112 ____A C:\Users\Jon\My Documents\GenuineFractalsConduit.log

2012-07-13 11:42 - 2012-07-12 18:00 - 00001112 ____A C:\Users\Jon\Documents\GenuineFractalsConduit.log

2012-07-13 11:42 - 2012-07-12 18:00 - 00001108 ____A C:\Users\Jon\My Documents\PhotoTuneConduit.log

2012-07-13 11:42 - 2012-07-12 18:00 - 00001108 ____A C:\Users\Jon\Documents\PhotoTuneConduit.log

2012-07-13 11:42 - 2012-07-12 18:00 - 00001088 ____A C:\Users\Jon\My Documents\PhotoToolsConduit.log

2012-07-13 11:42 - 2012-07-12 18:00 - 00001088 ____A C:\Users\Jon\My Documents\FocalPointConduit.log

2012-07-13 11:42 - 2012-07-12 18:00 - 00001088 ____A C:\Users\Jon\Documents\PhotoToolsConduit.log

2012-07-13 11:42 - 2012-07-12 18:00 - 00001088 ____A C:\Users\Jon\Documents\FocalPointConduit.log

2012-07-12 17:58 - 2012-07-12 17:58 - 00002069 ____A C:\Users\Public\Desktop\Lightroom 4.1 64-bit.lnk

2012-07-12 17:58 - 2012-07-12 17:58 - 00002069 ____A C:\Users\All Users\Desktop\Lightroom 4.1 64-bit.lnk

2012-07-12 17:51 - 2012-07-12 17:44 - 765299656 ____A (Adobe Systems Incorporated) C:\Users\Jon\Downloads\Lightroom_4_LS11.exe

2012-07-12 16:59 - 2010-06-04 23:51 - 00002389 ____A C:\Users\Jon\Desktop\Google Chrome.lnk

2012-07-12 16:58 - 2010-06-04 23:50 - 00000848 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-13878151-3475214259-3496771340-1001Core.job

2012-07-12 14:30 - 2012-07-12 14:30 - 00112797 ____A C:\Users\Jon\Downloads\GradientXTerminatorWin.zip

2012-07-11 22:48 - 2012-04-09 15:55 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-07-11 22:48 - 2011-05-22 18:01 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-07-11 10:36 - 2009-07-13 23:45 - 05194928 ____A C:\Windows\System32\FNTCACHE.DAT

2012-07-11 01:52 - 2010-06-04 23:31 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-07-11 00:38 - 2012-07-11 00:38 - 00002591 ____A C:\Users\Public\Desktop\DeepSkyStacker.lnk

2012-07-11 00:38 - 2012-07-11 00:38 - 00002591 ____A C:\Users\All Users\Desktop\DeepSkyStacker.lnk

2012-07-09 07:14 - 2012-07-09 07:13 - 05120402 ____A C:\Users\Jon\Downloads\FL_30_Win.exe

2012-07-07 06:45 - 2012-07-07 06:45 - 00001929 ____A C:\Users\Public\Desktop\Stellarium.lnk

2012-07-07 06:45 - 2012-07-07 06:45 - 00001929 ____A C:\Users\All Users\Desktop\Stellarium.lnk

2012-07-07 06:45 - 2012-07-07 06:42 - 59408090 ____A ( ) C:\Users\Jon\Downloads\stellarium-0.11.3-win32.exe

2012-07-05 17:52 - 2012-07-05 17:49 - 00002954 ____A C:\Windows\SysWOW64\jupdate-1.7.0_05-b05.log

2012-07-03 12:46 - 2010-09-08 22:21 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-06-25 21:19 - 2012-06-25 21:19 - 00008883 ____A C:\Users\Jon\My Documents\blood pressure.xlsx

2012-06-25 21:19 - 2012-06-25 21:19 - 00008883 ____A C:\Users\Jon\Documents\blood pressure.xlsx

2012-06-23 18:17 - 2012-06-23 17:55 - 1086629167 ____A C:\Users\Jon\Downloads\2012-06-Marketplace-Bundle.zip

2012-06-22 21:33 - 2012-06-22 21:33 - 00024136 ____A C:\Users\Jon\My Documents\ReadMe-Astronomy.txt

2012-06-22 21:33 - 2012-06-22 21:33 - 00024136 ____A C:\Users\Jon\Documents\ReadMe-Astronomy.txt

2012-06-22 21:32 - 2012-06-22 21:32 - 00047636 ____A C:\Users\Jon\Downloads\Astronomy_Tools_v1_6.zip

2012-06-19 21:17 - 2012-06-19 21:16 - 10754751 ____A C:\Users\Jon\Downloads\DeepSkyStacker.zip

2012-06-19 21:09 - 2012-06-19 21:09 - 00001077 ____A C:\Users\Jon\Desktop\RegiStax 5.1 .lnk

2012-06-19 21:08 - 2012-06-19 21:08 - 01847685 ____A () C:\Users\Jon\Downloads\setupregistax5_1.exe

2012-06-19 12:40 - 2012-06-19 12:38 - 16561880 ____A (UCT) C:\Users\Jon\Downloads\HDRExpressSetup_x64.exe

2012-06-15 02:07 - 2012-06-15 02:07 - 00002359 ____A C:\Users\Public\Desktop\Logitech Harmony Remote Software 7.lnk

2012-06-15 02:07 - 2012-06-15 02:07 - 00002359 ____A C:\Users\All Users\Desktop\Logitech Harmony Remote Software 7.lnk

2012-06-15 02:06 - 2010-05-27 12:16 - 00020626 ____A C:\Windows\DPINST.LOG

2012-06-15 02:05 - 2012-06-15 02:02 - 48357912 ____A (Logitech Inc.) C:\Users\Jon\Downloads\LogitechHarmonyRemote7.7.0-WIN-x86.exe

2012-06-15 02:03 - 2010-07-23 21:59 - 00038912 ____A C:\Users\Jon\My Documents\workout.xls

2012-06-15 02:03 - 2010-07-23 21:59 - 00038912 ____A C:\Users\Jon\Documents\workout.xls

2012-06-12 16:30 - 2010-11-12 15:19 - 00000426 ____A C:\Windows\BRWMARK.INI

2012-06-11 22:08 - 2012-07-11 01:55 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-06-09 00:43 - 2012-07-10 18:47 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-06-08 23:41 - 2012-07-10 18:47 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-06-06 01:06 - 2012-07-10 18:47 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-06-06 01:06 - 2012-07-10 18:47 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-06-06 01:02 - 2012-07-10 18:44 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-06-06 00:05 - 2012-07-10 18:47 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-06-06 00:05 - 2012-07-10 18:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-06-06 00:03 - 2012-07-10 18:44 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

2012-06-02 17:19 - 2012-06-25 05:31 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-02 17:19 - 2012-06-25 05:31 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-02 17:19 - 2012-06-25 05:31 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-02 17:19 - 2012-06-25 05:31 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-02 17:19 - 2012-06-25 05:31 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-02 17:15 - 2012-06-25 05:31 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-02 17:15 - 2012-06-25 05:31 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-02 14:19 - 2012-06-25 05:30 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-02 14:15 - 2012-06-25 05:30 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-06-02 07:49 - 2012-07-11 01:50 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-06-02 07:17 - 2012-07-11 01:50 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-06-02 07:12 - 2012-07-11 01:50 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-06-02 07:05 - 2012-07-11 01:50 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-06-02 07:05 - 2012-07-11 01:50 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-06-02 07:04 - 2012-07-11 01:50 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-06-02 07:04 - 2012-07-11 01:50 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-06-02 07:03 - 2012-07-11 01:50 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-06-02 07:01 - 2012-07-11 01:50 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-06-02 07:00 - 2012-07-11 01:50 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-06-02 06:59 - 2012-07-11 01:50 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-06-02 06:57 - 2012-07-11 01:50 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-06-02 06:57 - 2012-07-11 01:50 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-06-02 06:54 - 2012-07-11 01:50 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-06-02 04:07 - 2012-07-11 01:50 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-06-02 03:43 - 2012-07-11 01:50 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-06-02 03:33 - 2012-07-11 01:50 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-06-02 03:26 - 2012-07-11 01:50 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-06-02 03:25 - 2012-07-11 01:50 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-06-02 03:25 - 2012-07-11 01:50 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-06-02 03:23 - 2012-07-11 01:50 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-06-02 03:21 - 2012-07-11 01:50 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-06-02 03:20 - 2012-07-11 01:50 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-06-02 03:19 - 2012-07-11 01:50 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-06-02 03:19 - 2012-07-11 01:50 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-06-02 03:17 - 2012-07-11 01:50 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-06-02 03:16 - 2012-07-11 01:50 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-06-02 03:14 - 2012-07-11 01:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-06-02 00:50 - 2012-07-10 18:47 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-06-02 00:48 - 2012-07-10 18:47 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-06-02 00:48 - 2012-07-10 18:47 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-06-02 00:45 - 2012-07-10 18:47 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-06-02 00:44 - 2012-07-10 18:47 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-06-01 23:40 - 2012-07-10 18:47 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-06-01 23:40 - 2012-07-10 18:47 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-06-01 23:39 - 2012-07-10 18:47 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-06-01 23:34 - 2012-07-10 18:47 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2012-06-01 20:08 - 2012-06-01 19:32 - 00001959 ____A C:\Users\Jon\Application Data\Requiem.log

2012-06-01 20:08 - 2012-06-01 19:32 - 00001959 ____A C:\Users\Jon\AppData\Roaming\Requiem.log

2012-06-01 20:05 - 2012-06-01 20:05 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk

2012-06-01 20:05 - 2012-06-01 20:05 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk

2012-06-01 20:01 - 2012-06-01 20:00 - 76761968 ____A (Apple Inc.) C:\Users\Jon\Downloads\iTunes64Setup(2).exe

2012-06-01 20:00 - 2012-06-01 19:59 - 07405262 ____A C:\Users\Jon\Downloads\pdfdrm.zip

2012-06-01 19:57 - 2012-06-01 19:57 - 00101680 ____A (Amazon.com, Inc.) C:\Windows\System32\stkMonitor.dll

2012-06-01 19:50 - 2012-06-01 19:48 - 71279472 ____A (Apple Inc.) C:\Users\Jon\Downloads\iTunes64Setup(1).exe

2012-06-01 19:32 - 2012-06-01 19:32 - 11394763 ____A C:\Users\Jon\Downloads\iSmoothBlog-requiem-3.3.5-win.zip

2012-06-01 19:21 - 2012-06-01 19:20 - 47520208 ____A C:\Users\Jon\Downloads\calibre-0.8.54.msi

2012-06-01 19:01 - 2012-06-01 18:59 - 34817706 ____A ( ) C:\Users\Jon\Downloads\iphonetransfer.exe

2012-05-24 21:58 - 2012-05-22 21:01 - 00000026 ____A C:\Users\Jon\My Documents\auradata.txt

2012-05-24 21:58 - 2012-05-22 21:01 - 00000026 ____A C:\Users\Jon\Documents\auradata.txt

2012-05-22 12:30 - 2012-05-22 12:29 - 15109264 ____A (3D RealityMaps GmbH. ) C:\Users\Jon\Downloads\Setup_MountEverestOnlineViewer.exe

2012-05-20 19:25 - 2012-05-20 19:25 - 00003584 ____A C:\Users\Jon\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2012-05-20 19:25 - 2012-05-20 19:25 - 00003584 ____A C:\Users\Jon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2012-05-20 19:25 - 2012-05-20 19:25 - 00003584 ____A C:\Users\Jon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2012-05-17 19:26 - 2012-05-17 19:26 - 00001847 ____A C:\Users\Public\Desktop\QuickTime Player.lnk

2012-05-17 19:26 - 2012-05-17 19:26 - 00001847 ____A C:\Users\All Users\Desktop\QuickTime Player.lnk

2012-05-17 11:38 - 2012-05-03 15:05 - 00011973 ____A C:\Users\Jon\My Documents\Rob - Working Hour Ledger.xlsx

2012-05-17 11:38 - 2012-05-03 15:05 - 00011973 ____A C:\Users\Jon\Documents\Rob - Working Hour Ledger.xlsx

2012-05-16 12:30 - 2012-05-16 12:30 - 03406018 ____A C:\Users\Jon\Downloads\545966_10151715433235704_559880703_24167381_704922201_n.psd

2012-05-16 12:29 - 2012-05-16 12:29 - 00892360 ____A (Oracle Corporation) C:\Users\Jon\Downloads\jxpiinstall.exe

2012-05-15 18:06 - 2012-07-05 17:52 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2012-05-15 18:06 - 2012-07-05 17:52 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2012-05-04 18:29 - 2012-07-05 17:53 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2012-05-04 18:29 - 2012-05-16 12:31 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll

2012-05-04 18:29 - 2010-06-05 09:42 - 00687504 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll

2012-05-04 06:06 - 2012-06-13 15:51 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2012-05-04 05:03 - 2012-06-13 15:51 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2012-05-04 05:03 - 2012-06-13 15:51 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2012-05-01 17:52 - 2012-05-01 17:52 - 01284232 ____A (Coupons.com Incorporated) C:\Users\Jon\Downloads\couponprinter.exe

2012-05-01 02:01 - 2011-01-07 16:10 - 00001945 ____A C:\Windows\epplauncher.mif

2012-05-01 02:01 - 2011-01-07 16:09 - 00726950 ____A C:\Windows\SysWOW64\PerfStringBackup.INI

2012-04-27 22:55 - 2012-06-13 15:51 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys

2012-04-26 00:41 - 2012-06-13 15:52 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll

2012-04-26 00:41 - 2012-06-13 15:52 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll

2012-04-26 00:34 - 2012-06-13 15:52 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe

2012-04-24 00:37 - 2012-07-10 18:46 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll

2012-04-24 00:37 - 2012-07-10 18:46 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll

2012-04-24 00:37 - 2012-07-10 18:46 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll

2012-04-23 23:36 - 2012-07-10 18:46 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2012-04-23 23:36 - 2012-07-10 18:46 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2012-04-23 23:36 - 2012-07-10 18:46 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2012-04-19 21:24 - 2012-04-19 21:24 - 00001045 ____A C:\Users\Jon\Desktop\Machinarium.lnk

2012-04-19 20:44 - 2012-04-19 20:18 - 579317344 ____A C:\Users\Jon\Downloads\Botanicula_1804.exe

2012-04-19 20:33 - 2012-04-19 20:10 - 363218549 ____A C:\Users\Jon\Downloads\Machinarium_full_en.exe

2012-04-19 20:28 - 2012-04-19 20:11 - 1631325414 ____A C:\Users\Jon\Downloads\Kooky.zip

2012-04-19 20:19 - 2012-04-19 20:18 - 20709564 ____A C:\Users\Jon\Downloads\Install_Samorost2.exe

2012-04-19 20:03 - 2012-04-19 20:03 - 07967867 ____A (Adobe Systems, Inc.) C:\Users\Jon\Downloads\windosill-windows-1.0.8-1334813813.exe

2012-04-18 19:56 - 2012-04-18 19:56 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx

2012-04-18 19:56 - 2012-04-18 19:56 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts

2012-04-17 11:39 - 2011-08-28 16:01 - 00002028 ____A C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk

2012-04-17 11:39 - 2011-08-28 16:01 - 00002028 ____A C:\Users\All Users\Desktop\Adobe Acrobat X Pro.lnk

ZeroAccess:

C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}

C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\@

C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\L

C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U

C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\L\00000004.@

C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\L\1afb2d56

C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\L\201d3dde

C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U\00000004.@

C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U\00000008.@

C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U\000000cb.@

C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U\80000000.@

C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U\80000064.@

ZeroAccess:

C:\Users\Jon\AppData\Local\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}

C:\Users\Jon\AppData\Local\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\@

C:\Users\Jon\AppData\Local\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\L

C:\Users\Jon\AppData\Local\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U

ZeroAccess:

C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:

C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 9%

Total physical RAM: 8180.51 MB

Available physical RAM: 7371.46 MB

Total Pagefile: 8178.66 MB

Available Pagefile: 7366.35 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:114.92 GB) NTFS

3 Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:7.92 GB) NTFS ==>[system with boot components (obtained from reading drive)]

4 Drive f: () (Removable) (Total:0.47 GB) (Free:0.47 GB) FAT

5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 465 GB 0 B

Disk 1 Online 478 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 OEM 39 MB 31 KB

Partition 2 Primary 14 GB 40 MB

Partition 3 Primary 451 GB 14 GB

==================================================================================

Disk: 0

Partition 1

Type : DE

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 FAT Partition 39 MB Healthy Hidden

==================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 E RECOVERY NTFS Partition 14 GB Healthy

==================================================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C OS NTFS Partition 451 GB Healthy

==================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 477 MB 32 KB

==================================================================================

Disk: 1

Partition 1

Type : 06

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 F FAT Removable 477 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-07 23:54

======================= End Of Log ==========================

MrCharlie · July 13, 2012

services.exe is infected and has to be replaced:

C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.

In Vista or Windows 7: Boot to System Recovery Options and run FRST.

Type the following in the edit box after "Search:".

services.exe

It then should look like:

Search: services.exe

Click Search button and post the log (Search.txt) it makes to your reply.

MrC

fyzhix · July 13, 2012

Here's search.txt:

Farbar Recovery Scan Tool Version: 11-07-2012

Ran by SYSTEM at 2012-07-13 18:15:08

Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe

[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

MrCharlie · July 13, 2012

OK, here you go......

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt


C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}
C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\@
C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\L
C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U
C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\L\00000004.@
C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\L\1afb2d56
C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\L\201d3dde
C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U\00000004.@
C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U\00000008.@
C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U\000000cb.@
C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U\80000000.@
C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U\80000064.@
C:\Users\Jon\AppData\Local\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}
C:\Users\Jon\AppData\Local\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\@
C:\Users\Jon\AppData\Local\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\L
C:\Users\Jon\AppData\Local\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

MrC

fyzhix · July 13, 2012

Here is fixlog.txt :

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 11-07-2012

Ran by SYSTEM at 2012-07-13 18:51:37 Run:1

Running from F:\

==============================================

C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb} moved successfully.

C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\@ not found.

C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\L not found.

C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U not found.

C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\L\00000004.@ not found.

C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\L\1afb2d56 not found.

C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\L\201d3dde not found.

C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U\00000004.@ not found.

C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U\00000008.@ not found.

C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U\000000cb.@ not found.

C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U\80000000.@ not found.

C:\Windows\Installer\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U\80000064.@ not found.

C:\Users\Jon\AppData\Local\{e606ccdd-5c40-8e0d-5bae-d4e785712afb} moved successfully.

C:\Users\Jon\AppData\Local\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\@ not found.

C:\Users\Jon\AppData\Local\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\L not found.

C:\Users\Jon\AppData\Local\{e606ccdd-5c40-8e0d-5bae-d4e785712afb}\U not found.

C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.

C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

C:\Windows\System32\services.exe moved successfully.

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

Thanks for all of your help so far! Greatly appreciated.

MrCharlie · July 13, 2012

Great......That worked perfectly!!

Next...........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

fyzhix · July 13, 2012

Here's ComboFix.txt:

ComboFix 12-07-13.03 - Jon 13/07/2012 19:10:47.1.8 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.8181.6213 [GMT -4:00]

Running from: c:\users\Jon\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Jon\Documents\~WRL0003.tmp

c:\users\Jon\Documents\~WRL0233.tmp

c:\users\Jon\Documents\~WRL3545.tmp

.

Infected copy of c:\windows\SysWow64\kernel32.dll was found and disinfected

Restored copy from - c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_fc7f5397ba9be6d3\kernel32.dll

.

((((((((((((((((((((((((( Files Created from 2012-06-13 to 2012-07-13 )))))))))))))))))))))))))))))))

.

2012-07-13 23:21 . 2012-07-13 23:21 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-13 22:36 . 2012-07-13 22:36 -------- d-----w- C:\FRST

2012-07-13 20:44 . 2012-07-13 20:44 -------- d-----w- c:\users\Jon\.jenny

2012-07-11 06:55 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-11 05:38 . 2012-07-11 05:38 -------- d-----w- c:\program files (x86)\DeepSkyStacker

2012-07-10 23:46 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll

2012-07-10 23:46 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-07-10 23:46 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-07-10 23:46 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-07-10 23:46 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-07-10 23:46 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-07-07 11:45 . 2012-07-07 11:45 -------- d-----w- c:\users\Jon\AppData\Roaming\Stellarium

2012-07-07 11:45 . 2012-07-07 11:45 -------- d-----w- c:\program files (x86)\Stellarium

2012-07-05 22:55 . 2012-07-05 22:55 -------- d-----w- c:\program files (x86)\Oracle

2012-07-04 23:32 . 2012-07-04 23:32 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-07-04 04:29 . 2012-02-10 14:21 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6416C25-A024-45AA-9B44-12E1C603B8EE}\gapaengine.dll

2012-07-04 04:29 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6A6CAAFD-F45B-4F7B-BC03-6F77D703EAB3}\mpengine.dll

2012-07-03 04:22 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-06-25 10:31 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-25 10:31 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-25 10:31 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-25 10:31 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-25 10:31 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-25 10:31 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-25 10:31 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-25 10:30 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-25 10:30 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-20 02:09 . 2012-06-20 02:09 -------- d-----w- c:\program files (x86)\RegiStax 5_1

2012-06-15 07:07 . 2012-06-15 07:08 -------- d-----w- c:\users\Jon\Logitech

2012-06-15 07:07 . 2012-06-15 07:07 -------- d-----w- c:\program files (x86)\Common Files\Remote Control Software Common

2012-06-15 07:06 . 2012-06-15 07:06 -------- d-----w- c:\program files (x86)\Logitech

2012-06-15 07:06 . 2012-06-15 07:06 -------- d-----w- c:\program files (x86)\Common Files\Remote Control USB Driver

2012-06-15 07:05 . 2006-02-07 19:44 65024 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe

2012-06-15 07:05 . 2006-02-07 19:45 757760 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll

2012-06-15 07:05 . 2006-02-07 19:40 204800 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll

2012-06-15 07:05 . 2006-02-07 19:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll

2012-06-15 07:05 . 2006-02-07 19:40 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll

2012-06-15 07:05 . 2005-11-14 03:19 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe

2012-06-15 07:05 . 2012-06-15 07:05 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll

2012-06-15 07:05 . 2012-06-15 07:05 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll

2012-06-14 18:16 . 2012-06-14 18:16 -------- d-----w- c:\users\Jon\AppData\Local\Macromedia

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-12 03:48 . 2012-04-09 20:55 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-12 03:48 . 2011-05-22 23:01 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-03 17:46 . 2010-09-09 03:21 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-02 00:57 . 2012-06-02 00:57 101680 ----a-w- c:\windows\system32\stkMonitor.dll

2012-05-04 23:29 . 2012-05-16 17:31 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-05-04 23:29 . 2010-06-05 14:42 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-05-04 11:06 . 2012-06-13 20:51 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 10:03 . 2012-06-13 20:51 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03 . 2012-06-13 20:51 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-04-28 03:55 . 2012-06-13 20:51 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-26 05:41 . 2012-06-13 20:52 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-04-26 05:41 . 2012-06-13 20:52 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-04-26 05:34 . 2012-06-13 20:52 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-12-24 1242448]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-10 343168]

"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]

"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]

"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2010-02-11 165184]

.

c:\users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]

R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-24 113120]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-09-21 315664]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-05 1255736]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

S0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [2012-04-11 36384]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-08 834544]

S1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2012-04-11 65736]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/05/27 12:31];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-12-29 21:35 146928]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-02 89600]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-10 204288]

S2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2012-04-11 6746280]

S2 HDRExpressService;HDRExpressService;c:\program files\UCT\HDR Express\HDRExpressService.exe [2012-04-04 32400]

S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe [2012-03-29 66560]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-02-11 660800]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]

S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [2009-09-17 23912]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-11-10 10567680]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-11-10 325632]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]

S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [2009-11-13 74272]

S3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2012-04-11 24024]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-13 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 03:48]

.

2012-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-13878151-3475214259-3496771340-1001Core.job

- c:\users\Jon\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-05 04:50]

.

2012-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-13878151-3475214259-3496771340-1001UA.job

- c:\users\Jon\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-05 04:50]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-20 487424]

"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-21 1926928]

"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = https://my.olg.ca/dana-na/auth/url_default/welcome.cgi

uDefault_Search_URL = hxxp://www.google.com/ie

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.0.1

DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://my.olg.ca/,DanaInfo=OLGCTOR03.ent.ad.mre,ST=1+/dwa85W.cab

FF - ProfilePath - c:\users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\gk0r17dz.default\

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

SafeBoot-mcmscsvc

SafeBoot-MCODS

SafeBoot-MsMpSvc

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-{C73A3942-84C8-4597-9F9B-EE227DCBA758} - c:\programdata\{D19C2D22-6043-47E7-B400-83A351841204}\delldock.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]

"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dd,31,4e,36,ea,f6,14,41,aa,dd,9f,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dd,31,4e,36,ea,f6,14,41,aa,dd,9f,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\system32\DRIVERS\o2flash.exe

c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe

c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe

.

**************************************************************************

.

Completion time: 2012-07-13 19:28:56 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-13 23:28

.

Pre-Run: 123,919,413,248 bytes free

Post-Run: 124,083,171,328 bytes free

.

- - End Of File - - 62A16DCE39662319E71BB647906A67B1

MrCharlie · July 13, 2012

Looks Good....

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

fyzhix · July 14, 2012

Here's the report:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.13.11

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Jon :: FYZHIX [administrator]

13/07/2012 8:07:48 PM

mbam-log-2012-07-13 (20-07-48).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 212973

Time elapsed: 5 minute(s), 4 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

The system appears to be running great now - PrevX didn't pick anything up on boot either.

MrCharlie · July 14, 2012

Great

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Maurice Naggar · July 14, 2012

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Help Removing Trojan.Dropper.BCMiner

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information