Malwarebytes and McAfee won't run.

[mlamphier]

Symptoms are as follows:

(1) On some pages, Internet Explorer quickly refreshes to “This page can’t be displayed”, apparently because it cannot connect to https://fls.doubleclick.net, http://googleads.g.doubleclick.net, etc.

(2) Neither McAfee or Malwarebytes is running or appear as tray icons

(3) When I attempt to start either McAfee or Malwarebytes manually I get the message "This program is blocked by group policy. For more information, contact your system administrator."

I search the archives and found a similar problem that was responded to by Maurice Naggar.

http://forums.malwarebytes.org/index.php?showtopic=122559

Maurice suggested first running Rkill, which I did. I found what appear to be a number of issues. As Maurice said that the solution depended on the particular issues, I have not proceeded further. Please see Rkill report below. Any advice on how to solve would be appreciated.

Thanks,

Marc

*********************************************************

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Marc [Admin rights]

Mode : Scan -- Date : 04/16/2013 09:55:43

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 16 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : wneehh (regsvr32.exe /s "C:\ProgramData\wneehh.dat") [-] -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-1614919336-1411973032-2412637700-1001[...]\Run : wneehh (regsvr32.exe /s "C:\ProgramData\wneehh.dat") [-] -> FOUND

[TASK][sUSP PATH] Carbonite Upgrade Check : "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" /silent [x] -> FOUND

[TASK][sUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} : "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" /silent $(Arg0) [x] -> FOUND

[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 activate.adobe.com

127.0.0.1 practivate.adobe.com

127.0.0.1 ereg.adobe.com

127.0.0.1 activate.wip3.adobe.com

127.0.0.1 wip3.adobe.com

127.0.0.1 3dns-3.adobe.com

127.0.0.1 3dns-2.adobe.com

127.0.0.1 adobe-dns.adobe.com

127.0.0.1 adobe-dns-2.adobe.com

127.0.0.1 adobe-dns-3.adobe.com

127.0.0.1 ereg.wip3.adobe.com

127.0.0.1 activate-sea.adobe.com

127.0.0.1 wwis-dubc1-vip60.adobe.com

127.0.0.1 activate-sjc0.adobe.com

127.0.0.1 adobe.activate.com

127.0.0.1 adobeereg.com

127.0.0.1 www.adobeereg.com

127.0.0.1 wwis-dubc1-vip60.adobe.com

127.0.0.1 125.252.224.90

127.0.0.1 125.252.224.91

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD754JJ +++++

--- User ---

[MBR] 86c015542609df5c3cbb0256b4c18bc7

[bSP] b70017239a24bcc9c4980ea39ca71343 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 9342 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 19214336 | Size: 706021 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD1001FALS-00E8B0 +++++

--- User ---

[MBR] 57230bd3f8163fb2e03144a25d6cecc0

[bSP] a634db8eae3eef68e3013819e30954c4 : Windows XP MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_04162013_02d0955.txt >>

RKreport[1]_S_04162013_02d0955.txt

[Maurice Naggar]

I have moved your thread to the Malware Removal help forum. Please only follow my guidance.

[Maurice Naggar]

• Disable your anti-virus program, How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  
• Please disconnect any USB or external drives from the computer before you run this scan!
  
• Right-Click RogueKiller and select Run as Administrator.
  
• Wait until Prescan finishes.
  
• On the RogueKiller console, click the Registry tab.
  We only want to check-mark just these 10 items !!!
  Put a check next to all of these and uncheck the rest: (if found)
  [RUN][sUSP PATH] HKCU\[...]\Run : wneehh (regsvr32.exe /s "C:\ProgramData\wneehh.dat") [-] -> FOUND
  [RUN][sUSP PATH] HKUS\S-1-5-21-1614919336-1411973032-2412637700-1001[...]\Run : wneehh (regsvr32.exe /s "C:\ProgramData\wneehh.dat") [-] -> FOUND
  [HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
  [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
  [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
  [HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND
  [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
  [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
  [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
  [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
  
  
• Then click on Delete on the right hand column under Options.
  
• When done, logoff & Restart the system.
• The log will be found as RKreport
  Copy & Paste the contents into next reply.

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 / 8 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

IF prompted to update Avast definitions, answer NO.

On the following screen:

uncheck trace disk IO calls at the bottom left

Now, Click the "Scan" button to start scan.

Have patience as it scans.

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me)

Now click save log, save it to your desktop and Copy & Paste in your next reply.

Do NOT click any Fix button.

EXIT the tool.

[mlamphier]

Thanks, I ran these programs as you advised.

The Fix button was not enabled in asbMBR.

Below is the report for Rkill

******************************************

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Marc [Admin rights]

Mode : Remove -- Date : 04/16/2013 11:11:39

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 12 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : wneehh (regsvr32.exe /s "C:\ProgramData\wneehh.dat") [-] -> DELETED

[RUN][ROGUE ST] HKLM\[...]\Wow6432Node\RunOnce : 1 (C:\Users\Marc\Desktop\cham\mbam-chameleon-1.62.1.1000\mbam-chameleon.exe /r /p) -> NOT SELECTED

[TASK][sUSP PATH] Carbonite Upgrade Check : "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" /silent [x] -> NOT SELECTED

[TASK][sUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} : "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" /silent $(Arg0) [x] -> NOT SELECTED

[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)

[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)

[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED

[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 activate.adobe.com

127.0.0.1 practivate.adobe.com

127.0.0.1 ereg.adobe.com

127.0.0.1 activate.wip3.adobe.com

127.0.0.1 wip3.adobe.com

127.0.0.1 3dns-3.adobe.com

127.0.0.1 3dns-2.adobe.com

127.0.0.1 adobe-dns.adobe.com

127.0.0.1 adobe-dns-2.adobe.com

127.0.0.1 adobe-dns-3.adobe.com

127.0.0.1 ereg.wip3.adobe.com

127.0.0.1 activate-sea.adobe.com

127.0.0.1 wwis-dubc1-vip60.adobe.com

127.0.0.1 activate-sjc0.adobe.com

127.0.0.1 adobe.activate.com

127.0.0.1 adobeereg.com

127.0.0.1 www.adobeereg.com

127.0.0.1 wwis-dubc1-vip60.adobe.com

127.0.0.1 125.252.224.90

127.0.0.1 125.252.224.91

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD754JJ +++++

--- User ---

[MBR] 86c015542609df5c3cbb0256b4c18bc7

[bSP] b70017239a24bcc9c4980ea39ca71343 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 9342 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 19214336 | Size: 706021 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD1001FALS-00E8B0 +++++

--- User ---

[MBR] 57230bd3f8163fb2e03144a25d6cecc0

[bSP] a634db8eae3eef68e3013819e30954c4 : Windows XP MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[3]_D_04162013_02d1111.txt >>

RKreport[1]_S_04162013_02d0955.txt ; RKreport[2]_S_04162013_02d1105.txt ; RKreport[3]_D_04162013_02d1111.txt

[mlamphier]

Here is report from aswMBR

*******************************

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software

Run date: 2013-04-16 11:16:06

-----------------------------

11:16:06.912 OS Version: Windows x64 6.1.7601 Service Pack 1

11:16:06.912 Number of processors: 8 586 0x1A05

11:16:06.912 ComputerName: MARC-PC UserName: Marc

11:16:07.567 Initialize success

11:16:26.755 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

11:16:26.755 Disk 0 Vendor: SAMSUNG_ 1AJ1 Size: 715404MB BusType: 3

11:16:26.755 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2

11:16:26.755 Disk 1 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 3

11:16:26.833 Disk 0 MBR read successfully

11:16:26.849 Disk 0 MBR scan

11:16:26.849 Disk 0 Windows VISTA default MBR code

11:16:26.849 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63

11:16:26.849 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 9342 MB offset 81920

11:16:26.864 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 706021 MB offset 19214336

11:16:26.880 Disk 0 scanning C:\Windows\system32\drivers

11:16:32.730 Service scanning

11:16:46.194 Modules scanning

11:16:46.209 Scan finished successfully

11:17:00.327 Disk 0 MBR has been saved successfully to "C:\Users\Marc\Desktop\cham\MBR.dat"

11:17:00.327 The log file has been saved successfully to "C:\Users\Marc\Desktop\cham\aswMBR.txt"

[mlamphier]

Upon restarting my computer and running RKill again, I found that 2 of the registry items had re=appeared. I will try deleting again.

***************************************

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Marc [Admin rights]

Mode : Scan -- Date : 04/16/2013 11:35:01

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : wneehh (regsvr32.exe /s "C:\ProgramData\wneehh.dat") [-] -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-1614919336-1411973032-2412637700-1001[...]\Run : wneehh (regsvr32.exe /s "C:\ProgramData\wneehh.dat") [-] -> FOUND

[TASK][sUSP PATH] Carbonite Upgrade Check : "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" /silent [x] -> FOUND

[TASK][sUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} : "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" /silent $(Arg0) [x] -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 activate.adobe.com

127.0.0.1 practivate.adobe.com

127.0.0.1 ereg.adobe.com

127.0.0.1 activate.wip3.adobe.com

127.0.0.1 wip3.adobe.com

127.0.0.1 3dns-3.adobe.com

127.0.0.1 3dns-2.adobe.com

127.0.0.1 adobe-dns.adobe.com

127.0.0.1 adobe-dns-2.adobe.com

127.0.0.1 adobe-dns-3.adobe.com

127.0.0.1 ereg.wip3.adobe.com

127.0.0.1 activate-sea.adobe.com

127.0.0.1 wwis-dubc1-vip60.adobe.com

127.0.0.1 activate-sjc0.adobe.com

127.0.0.1 adobe.activate.com

127.0.0.1 adobeereg.com

127.0.0.1 www.adobeereg.com

127.0.0.1 wwis-dubc1-vip60.adobe.com

127.0.0.1 125.252.224.90

127.0.0.1 125.252.224.91

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD754JJ +++++

--- User ---

[MBR] 86c015542609df5c3cbb0256b4c18bc7

[bSP] b70017239a24bcc9c4980ea39ca71343 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 9342 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 19214336 | Size: 706021 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD1001FALS-00E8B0 +++++

--- User ---

[MBR] 57230bd3f8163fb2e03144a25d6cecc0

[bSP] a634db8eae3eef68e3013819e30954c4 : Windows XP MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[4]_S_04162013_02d1135.txt >>

RKreport[1]_S_04162013_02d0955.txt ; RKreport[2]_S_04162013_02d1105.txt ; RKreport[3]_D_04162013_02d1111.txt ; RKreport[4]_S_04162013_02d1135.txt

[mlamphier]

Yes, these 2 entries re-appear each time I re-start.

[mlamphier]

And Malwarebytes does not open due to "program blocked by group policy". This is after removing the suspicious registry entries

[Maurice Naggar]

Yes, these 2 entries re-appear each time I re-start.

Please, --- please --- do NOT keep re-running tools! Only do what I ask for 1 time.

It happens that what is now shown by Roguekiller is "normal". Let's focus on other stuff, please. Let's move on !

And Malwarebytes does not open due to "program blocked by group policy". This is after removing the suspicious registry entries

I need a screen capture if you can do that. and save it as a GIF file.

I ask that you follow my guidance, and NOT run stuff on your own.

Kindly continue with the following, and do as much as you can. If you hit a "glitch", move on to the next task & keep going.

Start NOTEPAD

Start NOTEPAD. Check and make sure "word wrap" is off.

From Notepad main menu bar, Select F (format) and make sure Word Wrap is NOT checked.

IF it -is- checkmarked, click that one time so that it is un-checked.

Please copy/paste the lines in bold below to Notepad:

@Echo on

pushd\windows\system32\drivers\etc

attrib -h -s -r hosts

echo 127.0.0.1 localhost>HOSTS

attrib +r +h +s hosts

popd

ipconfig /release

ipconfig /renew

ipconfig /flushdns

netsh winsock reset all

netsh int ip reset resetlog.log

shutdown -r -t 1

del %0

Save as flush.bat to your desktop.

Double-click flush.bat file to run it. Your computer will reboot.

Now, turn OFF your antivirus program.

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
  
• Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
  If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
• If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
  Skip and click on Continue
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  

Let me know the result {along with the reports} and then wait for my next reply.

[mlamphier]

Sorry, I didn't realize there were further steps.

Screenshot capture of the message I get when trying to run Malwarebytes or McAfee is here:

https://picasaweb.google.com/lh/photo/YFFZaggXns9KlJaGVnZMudMTjNZETYmyPJy0liipFm0?feat=directlink

Ran flush.bat with no problems. Upon re-boot, there were no anti-virus programs running to turn off.

Ran TDSSKiller and it reported no suspicious files. Log is pasted below.

thanks,

Marc

****************************************************************

12:56:00.0057 9264 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

12:56:00.0759 9264 ============================================================

12:56:00.0759 9264 Current date / time: 2013/04/16 12:56:00.0759

12:56:00.0759 9264 SystemInfo:

12:56:00.0759 9264

12:56:00.0759 9264 OS Version: 6.1.7601 ServicePack: 1.0

12:56:00.0759 9264 Product type: Workstation

12:56:00.0759 9264 ComputerName: MARC-PC

12:56:00.0759 9264 UserName: Marc

12:56:00.0759 9264 Windows directory: C:\Windows

12:56:00.0759 9264 System windows directory: C:\Windows

12:56:00.0759 9264 Running under WOW64

12:56:00.0759 9264 Processor architecture: Intel x64

12:56:00.0759 9264 Number of processors: 8

12:56:00.0759 9264 Page size: 0x1000

12:56:00.0759 9264 Boot type: Normal boot

12:56:00.0759 9264 ============================================================

12:56:01.0149 9264 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

12:56:01.0165 9264 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

12:56:01.0181 9264 ============================================================

12:56:01.0181 9264 \Device\Harddisk0\DR0:

12:56:01.0181 9264 MBR partitions:

12:56:01.0181 9264 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x123F000

12:56:01.0181 9264 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1253000, BlocksNum 0x562F2800

12:56:01.0181 9264 \Device\Harddisk1\DR1:

12:56:01.0181 9264 MBR partitions:

12:56:01.0181 9264 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982

12:56:01.0181 9264 ============================================================

12:56:01.0212 9264 C: <-> \Device\Harddisk0\DR0\Partition2

12:56:01.0227 9264 E: <-> \Device\Harddisk1\DR1\Partition1

12:56:01.0227 9264 ============================================================

12:56:01.0227 9264 Initialize success

12:56:01.0227 9264 ============================================================

12:56:07.0202 6264 ============================================================

12:56:07.0202 6264 Scan started

12:56:07.0202 6264 Mode: Manual;

12:56:07.0202 6264 ============================================================

12:56:07.0670 6264 ================ Scan system memory ========================

12:56:07.0670 6264 System memory - ok

12:56:07.0670 6264 ================ Scan services =============================

12:56:07.0842 6264 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

12:56:07.0842 6264 1394ohci - ok

12:56:07.0998 6264 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

12:56:07.0998 6264 ACDaemon - ok

12:56:08.0029 6264 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

12:56:08.0029 6264 ACPI - ok

12:56:08.0045 6264 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

12:56:08.0060 6264 AcpiPmi - ok

12:56:08.0138 6264 [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

12:56:08.0154 6264 Adobe LM Service - ok

12:56:08.0294 6264 [ 1474F121C3DF1232D3E7239C03691EE6 ] AdobeActiveFileMonitor9.0 C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe

12:56:08.0294 6264 AdobeActiveFileMonitor9.0 - ok

12:56:08.0372 6264 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

12:56:08.0372 6264 AdobeARMservice - ok

12:56:08.0466 6264 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

12:56:08.0466 6264 AdobeFlashPlayerUpdateSvc - ok

12:56:08.0528 6264 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

12:56:08.0622 6264 adp94xx - ok

12:56:08.0637 6264 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

12:56:08.0637 6264 adpahci - ok

12:56:08.0653 6264 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

12:56:08.0653 6264 adpu320 - ok

12:56:08.0684 6264 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

12:56:08.0684 6264 AeLookupSvc - ok

12:56:08.0747 6264 [ 0D0E5281784C2C526BA43C2ECD374288 ] Afc C:\Windows\syswow64\drivers\Afc.sys

12:56:08.0747 6264 Afc - ok

12:56:08.0809 6264 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

12:56:08.0809 6264 AFD - ok

12:56:08.0840 6264 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

12:56:08.0840 6264 agp440 - ok

12:56:08.0856 6264 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

12:56:08.0856 6264 ALG - ok

12:56:08.0871 6264 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

12:56:08.0871 6264 aliide - ok

12:56:08.0965 6264 ALSysIO - ok

12:56:09.0012 6264 [ 4C1E3649C89C7D542CD18ECC5210099D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

12:56:09.0012 6264 AMD External Events Utility - ok

12:56:09.0043 6264 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

12:56:09.0043 6264 amdide - ok

12:56:09.0059 6264 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

12:56:09.0059 6264 AmdK8 - ok

12:56:09.0573 6264 [ A3C0A15B39F979E8F3EABA901D72ECD7 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys

12:56:09.0620 6264 amdkmdag - ok

12:56:09.0698 6264 [ 20F3CD38B107C1BD747C0EA37D450165 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys

12:56:09.0698 6264 amdkmdap - ok

12:56:09.0714 6264 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

12:56:09.0729 6264 AmdPPM - ok

12:56:09.0776 6264 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

12:56:09.0792 6264 amdsata - ok

12:56:09.0823 6264 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

12:56:09.0839 6264 amdsbs - ok

12:56:09.0854 6264 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

12:56:09.0854 6264 amdxata - ok

12:56:09.0948 6264 [ 312E49A5FB32E543766F706A0A09C81D ] APCPBEAgent C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe

12:56:09.0948 6264 APCPBEAgent - ok

12:56:09.0979 6264 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

12:56:09.0979 6264 AppID - ok

12:56:10.0010 6264 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

12:56:10.0010 6264 AppIDSvc - ok

12:56:10.0041 6264 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

12:56:10.0041 6264 Appinfo - ok

12:56:10.0166 6264 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

12:56:10.0166 6264 Apple Mobile Device - ok

12:56:10.0182 6264 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

12:56:10.0182 6264 arc - ok

12:56:10.0275 6264 archlp - ok

12:56:10.0291 6264 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

12:56:10.0291 6264 arcsas - ok

12:56:10.0307 6264 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

12:56:10.0307 6264 AsyncMac - ok

12:56:10.0353 6264 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

12:56:10.0353 6264 atapi - ok

12:56:10.0369 6264 [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys

12:56:10.0369 6264 AtiHDAudioService - ok

12:56:10.0400 6264 [ 77C149E6D702737B2E372DEE166FAEF8 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys

12:56:10.0463 6264 AtiHdmiService - ok

12:56:10.0509 6264 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

12:56:10.0509 6264 AudioEndpointBuilder - ok

12:56:10.0525 6264 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

12:56:10.0525 6264 AudioSrv - ok

12:56:10.0572 6264 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

12:56:10.0603 6264 AxInstSV - ok

12:56:10.0650 6264 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

12:56:10.0650 6264 b06bdrv - ok

12:56:10.0681 6264 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

12:56:10.0681 6264 b57nd60a - ok

12:56:10.0728 6264 [ 7950A5463893475935967DACC387E3A1 ] BackupReader C:\Windows\system32\DRIVERS\BackupReader.sys

12:56:10.0728 6264 BackupReader - ok

12:56:10.0790 6264 [ 9E31B72452A927AD3647EE1AEF4395F2 ] bcbus C:\Windows\system32\DRIVERS\bcbus.sys

12:56:10.0790 6264 bcbus - ok

12:56:10.0837 6264 [ AFAF49532D39BE135B6D15D5C439D96C ] bcfnt C:\Windows\system32\drivers\bcfnt.sys

12:56:10.0837 6264 bcfnt - ok

12:56:10.0946 6264 [ DF857F8F25EF52FD6111E8BF8DDBEF76 ] BCWipeSvc C:\Program Files (x86)\Jetico\BestCrypt\BCWipeSvc.exe

12:56:10.0946 6264 BCWipeSvc - ok

12:56:10.0977 6264 [ D9AA4CFE38D62FC18576D84D49C244F5 ] BC_3DES C:\Windows\system32\drivers\BC_3DES.sys

12:56:10.0977 6264 BC_3DES - ok

12:56:11.0009 6264 [ 34CA67729B9117385D4824940D719F9D ] BC_BF128 C:\Windows\system32\drivers\BC_BF128.sys

12:56:11.0009 6264 BC_BF128 - ok

12:56:11.0024 6264 [ D20B03DF1B41E265E7842E5C7DCC1A22 ] BC_BF448 C:\Windows\system32\drivers\BC_BF448.sys

12:56:11.0024 6264 BC_BF448 - ok

12:56:11.0055 6264 [ C0500F01DA2D5E0EE5E5DF79C1FC1262 ] BC_BFish C:\Windows\system32\drivers\BC_BFish.sys

12:56:11.0055 6264 BC_BFish - ok

12:56:11.0071 6264 [ 345B68AFD97999193BFF776899DD62FA ] BC_CAST C:\Windows\system32\drivers\BC_CAST.sys

12:56:11.0071 6264 BC_CAST - ok

12:56:11.0087 6264 [ EF266E37D139EB64C48FA8696B219FC6 ] BC_DES C:\Windows\system32\drivers\BC_DES.sys

12:56:11.0087 6264 BC_DES - ok

12:56:11.0102 6264 [ CE0A22BD3BE0CCFBD29BA26A6FD2DBAF ] BC_Gost C:\Windows\system32\drivers\BC_Gost.sys

12:56:11.0102 6264 BC_Gost - ok

12:56:11.0133 6264 [ 08B593871A2671E2B8F8116D1E0B9CBD ] BC_IDEA C:\Windows\system32\drivers\BC_IDEA.sys

12:56:11.0133 6264 BC_IDEA - ok

12:56:11.0165 6264 [ 560C504CA41DACB3FC22FAFB498B428E ] BC_RC6 C:\Windows\system32\drivers\BC_RC6.sys

12:56:11.0165 6264 BC_RC6 - ok

12:56:11.0180 6264 [ 4E7B9A24E477DB2B9D84D1C5761D7697 ] BC_RIJN C:\Windows\system32\drivers\BC_RIJN.sys

12:56:11.0180 6264 BC_RIJN - ok

12:56:11.0196 6264 [ 243E49F5028080BD25D94DF5BA28A942 ] BC_SERP C:\Windows\system32\drivers\BC_SERP.sys

12:56:11.0196 6264 BC_SERP - ok

12:56:11.0211 6264 [ BD0261532882FAE63C197AF48EFF5B90 ] BC_TFISH C:\Windows\system32\drivers\BC_TFISH.sys

12:56:11.0211 6264 BC_TFISH - ok

12:56:11.0243 6264 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

12:56:11.0243 6264 BDESVC - ok

12:56:11.0289 6264 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

12:56:11.0289 6264 Beep - ok

12:56:11.0367 6264 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

12:56:11.0383 6264 BFE - ok

12:56:11.0445 6264 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

12:56:11.0461 6264 BITS - ok

12:56:11.0477 6264 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

12:56:11.0477 6264 blbdrive - ok

12:56:11.0570 6264 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

12:56:11.0570 6264 Bonjour Service - ok

12:56:11.0601 6264 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

12:56:11.0601 6264 bowser - ok

12:56:11.0633 6264 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

12:56:11.0633 6264 BrFiltLo - ok

12:56:11.0648 6264 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

12:56:11.0648 6264 BrFiltUp - ok

12:56:11.0711 6264 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

12:56:11.0726 6264 Browser - ok

12:56:11.0804 6264 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

12:56:11.0835 6264 Brserid - ok

12:56:11.0851 6264 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

12:56:11.0867 6264 BrSerWdm - ok

12:56:11.0882 6264 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

12:56:11.0882 6264 BrUsbMdm - ok

12:56:11.0913 6264 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

12:56:11.0913 6264 BrUsbSer - ok

12:56:11.0913 6264 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

12:56:11.0913 6264 BTHMODEM - ok

12:56:11.0960 6264 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

12:56:11.0960 6264 bthserv - ok

12:56:12.0615 6264 [ 5B183E26AFE185DE1436479D217154B3 ] CarboniteService C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

12:56:12.0631 6264 CarboniteService - ok

12:56:12.0678 6264 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

12:56:12.0678 6264 cdfs - ok

12:56:12.0740 6264 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys

12:56:12.0740 6264 cdrom - ok

12:56:12.0803 6264 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

12:56:12.0803 6264 CertPropSvc - ok

12:56:12.0849 6264 [ D2B3252AD4EB499C935A56467997AA3C ] cfwids C:\Windows\system32\drivers\cfwids.sys

12:56:12.0849 6264 cfwids - ok

12:56:12.0865 6264 CinemaNow Service - ok

12:56:12.0881 6264 Cinemsup - ok

12:56:12.0927 6264 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

12:56:12.0927 6264 circlass - ok

12:56:12.0974 6264 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

12:56:12.0990 6264 CLFS - ok

12:56:13.0068 6264 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

12:56:13.0068 6264 clr_optimization_v2.0.50727_32 - ok

12:56:13.0317 6264 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

12:56:13.0333 6264 clr_optimization_v2.0.50727_64 - ok

12:56:13.0427 6264 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

12:56:13.0505 6264 clr_optimization_v4.0.30319_32 - ok

12:56:13.0707 6264 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

12:56:13.0707 6264 clr_optimization_v4.0.30319_64 - ok

12:56:13.0770 6264 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

12:56:13.0770 6264 CmBatt - ok

12:56:13.0801 6264 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

12:56:13.0801 6264 cmdide - ok

12:56:13.0863 6264 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys

12:56:13.0879 6264 CNG - ok

12:56:13.0926 6264 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

12:56:13.0926 6264 Compbatt - ok

12:56:13.0957 6264 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

12:56:13.0957 6264 CompositeBus - ok

12:56:13.0973 6264 COMSysApp - ok

12:56:14.0019 6264 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

12:56:14.0019 6264 crcdisk - ok

12:56:14.0066 6264 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

12:56:14.0066 6264 CryptSvc - ok

12:56:14.0113 6264 [ 76E02DB615A03801D698199A2BC4A06A ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys

12:56:14.0160 6264 dc3d - ok

12:56:14.0238 6264 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

12:56:14.0238 6264 DcomLaunch - ok

12:56:14.0300 6264 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

12:56:14.0316 6264 defragsvc - ok

12:56:14.0363 6264 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

12:56:14.0378 6264 DfsC - ok

12:56:14.0441 6264 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

12:56:14.0503 6264 Dhcp - ok

12:56:14.0519 6264 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

12:56:14.0519 6264 discache - ok

12:56:14.0565 6264 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

12:56:14.0581 6264 Disk - ok

12:56:14.0612 6264 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

12:56:14.0612 6264 Dnscache - ok

12:56:14.0706 6264 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe

12:56:14.0721 6264 DockLoginService - ok

12:56:14.0799 6264 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

12:56:14.0862 6264 dot3svc - ok

12:56:14.0924 6264 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

12:56:14.0940 6264 DPS - ok

12:56:15.0002 6264 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

12:56:15.0002 6264 drmkaud - ok

12:56:15.0080 6264 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

12:56:15.0080 6264 DXGKrnl - ok

12:56:15.0127 6264 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

12:56:15.0127 6264 EapHost - ok

12:56:15.0252 6264 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

12:56:15.0283 6264 ebdrv - ok

12:56:15.0314 6264 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

12:56:15.0314 6264 EFS - ok

12:56:15.0330 6264 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

12:56:15.0345 6264 elxstor - ok

12:56:15.0377 6264 [ 6106653B08F4F72EEAA7F099E7C408A4 ] epmntdrv C:\Windows\system32\epmntdrv.sys

12:56:15.0408 6264 epmntdrv - ok

12:56:15.0439 6264 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

12:56:15.0439 6264 ErrDev - ok

12:56:15.0517 6264 [ 991C04A31777ED77CB92A4F96F14C2E2 ] EuGdiDrv C:\Windows\system32\EuGdiDrv.sys

12:56:15.0517 6264 EuGdiDrv - ok

12:56:15.0579 6264 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

12:56:15.0579 6264 EventSystem - ok

12:56:15.0642 6264 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

12:56:15.0642 6264 exfat - ok

12:56:15.0673 6264 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

12:56:15.0673 6264 fastfat - ok

12:56:15.0751 6264 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

12:56:15.0767 6264 Fax - ok

12:56:15.0813 6264 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

12:56:15.0813 6264 fdc - ok

12:56:15.0829 6264 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

12:56:15.0829 6264 fdPHost - ok

12:56:15.0845 6264 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

12:56:15.0845 6264 FDResPub - ok

12:56:15.0907 6264 FileDisk - ok

12:56:15.0938 6264 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

12:56:15.0938 6264 FileInfo - ok

12:56:15.0954 6264 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

12:56:15.0954 6264 Filetrace - ok

12:56:15.0969 6264 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

12:56:15.0969 6264 flpydisk - ok

12:56:16.0001 6264 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

12:56:16.0001 6264 FltMgr - ok

12:56:16.0063 6264 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll

12:56:16.0063 6264 FontCache - ok

12:56:16.0141 6264 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

12:56:16.0141 6264 FontCache3.0.0.0 - ok

12:56:16.0172 6264 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

12:56:16.0188 6264 FsDepends - ok

12:56:16.0235 6264 [ AC31C297B69A7C2BA051AD781449021D ] fsh C:\Windows\system32\drivers\fsh.sys

12:56:16.0235 6264 fsh - ok

12:56:16.0266 6264 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

12:56:16.0266 6264 Fs_Rec - ok

12:56:16.0328 6264 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

12:56:16.0328 6264 fvevol - ok

12:56:16.0375 6264 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

12:56:16.0375 6264 gagp30kx - ok

12:56:16.0422 6264 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

12:56:16.0437 6264 GEARAspiWDM - ok

12:56:16.0562 6264 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe

12:56:16.0578 6264 GoToAssist - ok

12:56:16.0656 6264 [ 0B53F4306E17025E7685D18C3A77127E ] GoToMyPC C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe

12:56:16.0656 6264 GoToMyPC - ok

12:56:16.0687 6264 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

12:56:16.0703 6264 gpsvc - ok

12:56:16.0827 6264 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

12:56:16.0827 6264 gupdate - ok

12:56:16.0905 6264 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

12:56:16.0905 6264 gupdatem - ok

12:56:17.0015 6264 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

12:56:17.0046 6264 gusvc - ok

12:56:17.0061 6264 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

12:56:17.0061 6264 hcw85cir - ok

12:56:17.0108 6264 [ 06B60A20C7843DA78F28CD77A58548C9 ] hcwhdpvr C:\Windows\system32\DRIVERS\hcwhdpvr.sys

12:56:17.0108 6264 hcwhdpvr - ok

12:56:17.0171 6264 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

12:56:17.0171 6264 HDAudBus - ok

12:56:17.0202 6264 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

12:56:17.0217 6264 HidBatt - ok

12:56:17.0233 6264 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

12:56:17.0233 6264 HidBth - ok

12:56:17.0264 6264 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

12:56:17.0264 6264 HidIr - ok

12:56:17.0295 6264 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

12:56:17.0295 6264 hidserv - ok

12:56:17.0420 6264 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

12:56:17.0420 6264 HidUsb - ok

12:56:17.0592 6264 [ A894FB2CAE6A29F5D9C8EDA47B074623 ] HipShieldK C:\Windows\system32\drivers\HipShieldK.sys

12:56:17.0623 6264 HipShieldK - ok

12:56:17.0670 6264 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

12:56:17.0685 6264 hkmsvc - ok

12:56:17.0732 6264 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

12:56:17.0779 6264 HomeGroupListener - ok

12:56:17.0826 6264 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

12:56:17.0919 6264 HomeGroupProvider - ok

12:56:17.0982 6264 [ 33EF0070477433437D51D50FD46A66FD ] HPMSSConnectorSvc C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe

12:56:17.0982 6264 HPMSSConnectorSvc - ok

12:56:18.0060 6264 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

12:56:18.0060 6264 HpSAMD - ok

12:56:18.0138 6264 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

12:56:18.0138 6264 HTTP - ok

12:56:18.0185 6264 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

12:56:18.0185 6264 hwpolicy - ok

12:56:18.0247 6264 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

12:56:18.0263 6264 i8042prt - ok

12:56:18.0356 6264 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

12:56:18.0356 6264 IAANTMON - ok

12:56:18.0481 6264 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

12:56:18.0528 6264 iaStor - ok

12:56:18.0590 6264 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

12:56:18.0590 6264 iaStorV - ok

12:56:18.0809 6264 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

12:56:18.0824 6264 IDriverT - ok

12:56:19.0043 6264 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

12:56:19.0058 6264 idsvc - ok

12:56:19.0121 6264 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

12:56:19.0121 6264 iirsp - ok

12:56:19.0167 6264 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

12:56:19.0183 6264 IKEEXT - ok

12:56:19.0245 6264 [ 2A7CF87BE453241FE0BAA1C8651E7AA4 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

12:56:19.0261 6264 IntcAzAudAddService - ok

12:56:19.0292 6264 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

12:56:19.0292 6264 intelide - ok

12:56:19.0323 6264 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

12:56:19.0323 6264 intelppm - ok

12:56:19.0339 6264 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

12:56:19.0355 6264 IPBusEnum - ok

12:56:19.0417 6264 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

12:56:19.0417 6264 IpFilterDriver - ok

12:56:19.0511 6264 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

12:56:19.0542 6264 iphlpsvc - ok

12:56:19.0573 6264 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

12:56:19.0573 6264 IPMIDRV - ok

12:56:19.0604 6264 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

12:56:19.0604 6264 IPNAT - ok

12:56:19.0698 6264 [ 44886233135241F3990724082EB104EE ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

12:56:19.0713 6264 iPod Service - ok

12:56:19.0729 6264 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

12:56:19.0745 6264 IRENUM - ok

12:56:19.0776 6264 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

12:56:19.0776 6264 isapnp - ok

12:56:19.0791 6264 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

12:56:19.0791 6264 iScsiPrt - ok

12:56:19.0823 6264 [ 71235F7BAA7E5E79D38157DF7A0F806A ] JRAID C:\Windows\system32\DRIVERS\jraid.sys

12:56:19.0823 6264 JRAID - ok

12:56:19.0838 6264 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

12:56:19.0838 6264 kbdclass - ok

12:56:19.0885 6264 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

12:56:19.0885 6264 kbdhid - ok

12:56:19.0932 6264 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

12:56:19.0932 6264 KeyIso - ok

12:56:19.0963 6264 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

12:56:19.0963 6264 KSecDD - ok

12:56:20.0010 6264 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

12:56:20.0025 6264 KSecPkg - ok

12:56:20.0041 6264 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

12:56:20.0041 6264 ksthunk - ok

12:56:20.0057 6264 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

12:56:20.0072 6264 KtmRm - ok

12:56:20.0119 6264 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll

12:56:20.0166 6264 LanmanServer - ok

12:56:20.0197 6264 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

12:56:20.0197 6264 LanmanWorkstation - ok

12:56:20.0228 6264 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

12:56:20.0228 6264 lltdio - ok

12:56:20.0259 6264 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

12:56:20.0275 6264 lltdsvc - ok

12:56:20.0275 6264 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

12:56:20.0291 6264 lmhosts - ok

12:56:20.0322 6264 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

12:56:20.0322 6264 LSI_FC - ok

12:56:20.0337 6264 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

12:56:20.0337 6264 LSI_SAS - ok

12:56:20.0353 6264 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

12:56:20.0353 6264 LSI_SAS2 - ok

12:56:20.0369 6264 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

12:56:20.0369 6264 LSI_SCSI - ok

12:56:20.0384 6264 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

12:56:20.0384 6264 luafv - ok

12:56:20.0415 6264 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

12:56:20.0415 6264 MBAMProtector - ok

12:56:20.0478 6264 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

12:56:20.0493 6264 MBAMScheduler - ok

12:56:20.0525 6264 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

12:56:20.0540 6264 MBAMService - ok

12:56:20.0603 6264 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

12:56:20.0603 6264 McAfee SiteAdvisor Service - ok

12:56:20.0681 6264 [ F8B823414A22DBF3BEC10DCAA5F93CD8 ] McciCMService C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

12:56:20.0696 6264 McciCMService - ok

12:56:20.0852 6264 [ FD3AD5E1ECDAA94A89D6697F5C5465D6 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe

12:56:20.0868 6264 McComponentHostService - ok

12:56:20.0868 6264 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

12:56:20.0868 6264 McMPFSvc - ok

12:56:20.0868 6264 [ F928E5E72BBA15DD0CE9A26E0413D236 ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

12:56:20.0883 6264 mcmscsvc - ok

12:56:20.0899 6264 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

12:56:20.0899 6264 McNaiAnn - ok

12:56:20.0899 6264 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

12:56:20.0899 6264 McNASvc - ok

12:56:20.0961 6264 [ 1814532DB0404C5FB65AA3EB051B2BE5 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe

12:56:20.0961 6264 McODS - ok

12:56:20.0961 6264 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

12:56:20.0961 6264 McProxy - ok

12:56:21.0008 6264 [ 21F81090A00932C5E96700EDF2977582 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

12:56:21.0008 6264 McShield - ok

12:56:21.0039 6264 [ 7CC5AB58C1008F36FA564EBDC147AE96 ] MediaCollectorService C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe

12:56:21.0055 6264 MediaCollectorService - ok

12:56:21.0071 6264 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

12:56:21.0071 6264 megasas - ok

12:56:21.0086 6264 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

12:56:21.0086 6264 MegaSR - ok

12:56:21.0133 6264 [ B1720E97FABBDF7D30B36DAF19C3DEE8 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys

12:56:21.0133 6264 mfeapfk - ok

12:56:21.0149 6264 [ 113F1534B80D65DFDCA660F19967A3B7 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys

12:56:21.0149 6264 mfeavfk - ok

12:56:21.0149 6264 mfeavfk01 - ok

12:56:21.0195 6264 [ C4F521310E40327BBC8E8E71DA344F48 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

12:56:21.0195 6264 mfefire - ok

12:56:21.0211 6264 [ CECC9841D036EE008091825272D91331 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys

12:56:21.0211 6264 mfefirek - ok

12:56:21.0258 6264 [ EF0F85EDBDF6C0AB467E88E0CEE2B346 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys

12:56:21.0258 6264 mfehidk - ok

12:56:21.0273 6264 [ 6E3A46BF6CBB80450CC24F80FE03ED5A ] mferkdet C:\Windows\system32\drivers\mferkdet.sys

12:56:21.0289 6264 mferkdet - ok

12:56:21.0305 6264 [ 341BFCAA3A55C08E8C9ECB1654ACA905 ] mfevtp C:\Windows\system32\mfevtps.exe

12:56:21.0305 6264 mfevtp - ok

12:56:21.0320 6264 [ 2802D09F1B6ED502237539563F3C4992 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys

12:56:21.0320 6264 mfewfpk - ok

12:56:21.0351 6264 [ 1EDF2BAEAA25A5940E41C736F0F5DF06 ] mhk C:\Windows\system32\drivers\mhk.sys

12:56:21.0351 6264 mhk - ok

12:56:21.0367 6264 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

12:56:21.0367 6264 MMCSS - ok

12:56:21.0383 6264 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

12:56:21.0383 6264 Modem - ok

12:56:21.0414 6264 [ 15F7AB3A8C250327AC4C43CD75DDF7DB ] moh C:\Windows\system32\drivers\moh.sys

12:56:21.0414 6264 moh - ok

12:56:21.0445 6264 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

12:56:21.0445 6264 monitor - ok

12:56:21.0476 6264 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

12:56:21.0476 6264 mouclass - ok

12:56:21.0492 6264 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

12:56:21.0492 6264 mouhid - ok

12:56:21.0523 6264 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

12:56:21.0523 6264 mountmgr - ok

12:56:21.0570 6264 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

12:56:21.0570 6264 mpio - ok

12:56:21.0570 6264 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

12:56:21.0570 6264 mpsdrv - ok

12:56:21.0617 6264 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

12:56:21.0617 6264 MpsSvc - ok

12:56:21.0648 6264 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS

12:56:21.0663 6264 MREMP50 - ok

12:56:21.0710 6264 MREMP50a64 - ok

12:56:21.0726 6264 MREMPR5 - ok

12:56:21.0726 6264 MRENDIS5 - ok

12:56:21.0741 6264 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS

12:56:21.0741 6264 MRESP50 - ok

12:56:21.0741 6264 MRESP50a64 - ok

12:56:21.0773 6264 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

12:56:21.0773 6264 MRxDAV - ok

12:56:21.0819 6264 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

12:56:21.0819 6264 mrxsmb - ok

12:56:21.0913 6264 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

12:56:21.0913 6264 mrxsmb10 - ok

12:56:21.0944 6264 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

12:56:21.0944 6264 mrxsmb20 - ok

12:56:21.0991 6264 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

12:56:21.0991 6264 msahci - ok

12:56:22.0007 6264 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

12:56:22.0069 6264 msdsm - ok

12:56:22.0116 6264 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

12:56:22.0131 6264 MSDTC - ok

12:56:22.0163 6264 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

12:56:22.0163 6264 Msfs - ok

12:56:22.0178 6264 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

12:56:22.0178 6264 mshidkmdf - ok

12:56:22.0225 6264 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

12:56:22.0225 6264 msisadrv - ok

12:56:22.0287 6264 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

12:56:22.0319 6264 MSiSCSI - ok

12:56:22.0319 6264 msiserver - ok

12:56:22.0365 6264 [ F928E5E72BBA15DD0CE9A26E0413D236 ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

12:56:22.0365 6264 MSK80Service - ok

12:56:22.0381 6264 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

12:56:22.0381 6264 MSKSSRV - ok

12:56:22.0397 6264 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

12:56:22.0397 6264 MSPCLOCK - ok

12:56:22.0412 6264 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

12:56:22.0412 6264 MSPQM - ok

12:56:22.0490 6264 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

12:56:22.0506 6264 MsRPC - ok

12:56:22.0537 6264 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

12:56:22.0537 6264 mssmbios - ok

12:56:22.0553 6264 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

12:56:22.0553 6264 MSTEE - ok

12:56:22.0553 6264 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

12:56:22.0553 6264 MTConfig - ok

12:56:22.0568 6264 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

12:56:22.0568 6264 Mup - ok

12:56:22.0584 6264 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

12:56:22.0584 6264 napagent - ok

12:56:22.0615 6264 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

12:56:22.0615 6264 NativeWifiP - ok

12:56:22.0646 6264 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

12:56:22.0662 6264 NDIS - ok

12:56:22.0677 6264 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

12:56:22.0677 6264 NdisCap - ok

12:56:22.0693 6264 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

12:56:22.0693 6264 NdisTapi - ok

12:56:22.0740 6264 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

12:56:22.0787 6264 Ndisuio - ok

12:56:22.0818 6264 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

12:56:22.0818 6264 NdisWan - ok

12:56:22.0849 6264 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

12:56:22.0849 6264 NDProxy - ok

12:56:22.0896 6264 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

12:56:22.0896 6264 NetBIOS - ok

12:56:22.0911 6264 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

12:56:22.0958 6264 NetBT - ok

12:56:23.0005 6264 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

12:56:23.0005 6264 Netlogon - ok

12:56:23.0036 6264 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

12:56:23.0036 6264 Netman - ok

12:56:23.0052 6264 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

12:56:23.0052 6264 netprofm - ok

12:56:23.0083 6264 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

12:56:23.0083 6264 NetTcpPortSharing - ok

12:56:23.0099 6264 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

12:56:23.0099 6264 nfrd960 - ok

12:56:23.0145 6264 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll

12:56:23.0145 6264 NlaSvc - ok

12:56:23.0161 6264 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

12:56:23.0161 6264 Npfs - ok

12:56:23.0192 6264 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

12:56:23.0208 6264 nsi - ok

12:56:23.0208 6264 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

12:56:23.0208 6264 nsiproxy - ok

12:56:23.0255 6264 [ B8965FB53551B5455630A4B804D0791F ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

12:56:23.0286 6264 Ntfs - ok

12:56:23.0333 6264 [ 4C08A14D04E62963E96E0BB57BBC953B ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys

12:56:23.0348 6264 NuidFltr - ok

12:56:23.0364 6264 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

12:56:23.0364 6264 Null - ok

12:56:23.0395 6264 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

12:56:23.0395 6264 nvraid - ok

12:56:23.0442 6264 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

12:56:23.0442 6264 nvstor - ok

12:56:23.0489 6264 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

12:56:23.0489 6264 nv_agp - ok

12:56:23.0520 6264 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

12:56:23.0520 6264 ohci1394 - ok

12:56:23.0582 6264 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

12:56:23.0582 6264 ose - ok

12:56:24.0097 6264 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

12:56:24.0128 6264 osppsvc - ok

12:56:24.0206 6264 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

12:56:24.0206 6264 p2pimsvc - ok

12:56:24.0269 6264 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

12:56:24.0284 6264 p2psvc - ok

12:56:24.0300 6264 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

12:56:24.0300 6264 Parport - ok

12:56:24.0331 6264 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

12:56:24.0331 6264 partmgr - ok

12:56:24.0347 6264 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

12:56:24.0347 6264 PcaSvc - ok

12:56:24.0440 6264 [ 4B5F5774FF1C577B9515FDD2B5C535C5 ] PCDSRVC{1E208CE0-FB7451FF-06020200}_0 c:\program files\dell support center\pcdsrvc_x64.pkms

12:56:24.0440 6264 PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - ok

12:56:24.0456 6264 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

12:56:24.0456 6264 pci - ok

12:56:24.0471 6264 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

12:56:24.0471 6264 pciide - ok

12:56:24.0487 6264 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

12:56:24.0487 6264 pcmcia - ok

12:56:24.0503 6264 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

12:56:24.0503 6264 pcw - ok

12:56:24.0518 6264 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

12:56:24.0534 6264 PEAUTH - ok

12:56:25.0095 6264 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

12:56:25.0095 6264 PerfHost - ok

12:56:25.0283 6264 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

12:56:25.0298 6264 pla - ok

12:56:25.0345 6264 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

12:56:25.0376 6264 PlugPlay - ok

12:56:25.0392 6264 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

12:56:25.0392 6264 PNRPAutoReg - ok

12:56:25.0423 6264 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

12:56:25.0423 6264 PNRPsvc - ok

12:56:25.0454 6264 [ B8D8EC78B0F9ED8E220506181274F3D3 ] Point64 C:\Windows\system32\DRIVERS\point64.sys

12:56:25.0454 6264 Point64 - ok

12:56:25.0501 6264 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

12:56:25.0501 6264 PolicyAgent - ok

12:56:25.0532 6264 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

12:56:25.0532 6264 Power - ok

12:56:25.0579 6264 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

12:56:25.0610 6264 PptpMiniport - ok

12:56:25.0626 6264 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

12:56:25.0626 6264 Processor - ok

12:56:25.0657 6264 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

12:56:25.0673 6264 ProfSvc - ok

12:56:25.0688 6264 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

12:56:25.0688 6264 ProtectedStorage - ok

12:56:25.0735 6264 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

12:56:25.0735 6264 Psched - ok

12:56:25.0782 6264 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys

12:56:25.0782 6264 PxHlpa64 - ok

12:56:25.0829 6264 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

12:56:25.0844 6264 ql2300 - ok

12:56:25.0860 6264 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

12:56:25.0875 6264 ql40xx - ok

12:56:25.0907 6264 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

12:56:25.0922 6264 QWAVE - ok

12:56:25.0953 6264 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

12:56:25.0953 6264 QWAVEdrv - ok

12:56:25.0969 6264 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

12:56:25.0969 6264 RasAcd - ok

12:56:26.0000 6264 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

12:56:26.0000 6264 RasAgileVpn - ok

12:56:26.0016 6264 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

12:56:26.0031 6264 RasAuto - ok

12:56:26.0047 6264 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

12:56:26.0047 6264 Rasl2tp - ok

12:56:26.0125 6264 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

12:56:26.0172 6264 RasMan - ok

12:56:26.0203 6264 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

12:56:26.0203 6264 RasPppoe - ok

12:56:26.0250 6264 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

12:56:26.0250 6264 RasSstp - ok

12:56:26.0328 6264 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

12:56:26.0328 6264 rdbss - ok

12:56:26.0359 6264 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

12:56:26.0359 6264 rdpbus - ok

12:56:26.0375 6264 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

12:56:26.0375 6264 RDPCDD - ok

12:56:26.0421 6264 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

12:56:26.0421 6264 RDPENCDD - ok

12:56:26.0437 6264 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

12:56:26.0437 6264 RDPREFMP - ok

12:56:26.0499 6264 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys

12:56:26.0499 6264 RdpVideoMiniport - ok

12:56:26.0531 6264 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

12:56:26.0546 6264 RDPWD - ok

12:56:26.0577 6264 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

12:56:26.0577 6264 rdyboost - ok

12:56:26.0655 6264 [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] RealNetworks Downloader Resolver Service C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

12:56:26.0655 6264 RealNetworks Downloader Resolver Service - ok

12:56:26.0702 6264 [ 4D9AFDDDA0EFE97CDBFD3B5FA48B05F6 ] regi C:\Windows\system32\drivers\regi.sys

12:56:26.0702 6264 regi - ok

12:56:26.0718 6264 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

12:56:26.0749 6264 RemoteAccess - ok

12:56:26.0765 6264 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

12:56:26.0765 6264 RemoteRegistry - ok

12:56:26.0811 6264 [ 7B04C9843921AB1F695FB395422C5360 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys

12:56:26.0811 6264 RimUsb - ok

12:56:27.0077 6264 [ 05FC44D32A144925EAE45570029FD6E1 ] RoxMediaDB10 c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

12:56:27.0108 6264 RoxMediaDB10 - ok

12:56:27.0123 6264 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

12:56:27.0123 6264 RpcEptMapper - ok

12:56:27.0155 6264 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

12:56:27.0155 6264 RpcLocator - ok

12:56:27.0201 6264 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

12:56:27.0201 6264 RpcSs - ok

12:56:27.0233 6264 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

12:56:27.0233 6264 rspndr - ok

12:56:27.0248 6264 [ 2DB8116D52B19216812C4E6D5D837810 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys

12:56:27.0311 6264 RSUSBSTOR - ok

12:56:27.0342 6264 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

12:56:27.0342 6264 RTL8167 - ok

12:56:27.0342 6264 RxFilter - ok

12:56:27.0342 6264 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

12:56:27.0342 6264 SamSs - ok

12:56:27.0373 6264 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

12:56:27.0373 6264 sbp2port - ok

12:56:27.0404 6264 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

12:56:27.0420 6264 SCardSvr - ok

12:56:27.0435 6264 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

12:56:27.0451 6264 scfilter - ok

12:56:27.0498 6264 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

12:56:27.0513 6264 Schedule - ok

12:56:27.0545 6264 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

12:56:27.0545 6264 SCPolicySvc - ok

12:56:27.0576 6264 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

12:56:27.0591 6264 SDRSVC - ok

12:56:27.0591 6264 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

12:56:27.0591 6264 secdrv - ok

12:56:27.0638 6264 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

12:56:27.0669 6264 seclogon - ok

12:56:27.0685 6264 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

12:56:27.0685 6264 SENS - ok

12:56:27.0685 6264 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

12:56:27.0701 6264 SensrSvc - ok

12:56:27.0716 6264 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

12:56:27.0716 6264 Serenum - ok

12:56:27.0732 6264 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

12:56:27.0732 6264 Serial - ok

12:56:27.0794 6264 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

12:56:27.0825 6264 sermouse - ok

12:56:27.0857 6264 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

12:56:27.0903 6264 SessionEnv - ok

12:56:27.0935 6264 SessionLauncher - ok

12:56:27.0950 6264 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

12:56:27.0966 6264 sffdisk - ok

12:56:27.0966 6264 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

12:56:27.0981 6264 sffp_mmc - ok

12:56:27.0981 6264 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

12:56:27.0981 6264 sffp_sd - ok

12:56:28.0013 6264 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

12:56:28.0013 6264 sfloppy - ok

12:56:28.0231 6264 [ 74EC60E20516AAA573BE74F31175270F ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

12:56:28.0262 6264 SftService - ok

12:56:28.0309 6264 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

12:56:28.0325 6264 SharedAccess - ok

12:56:28.0387 6264 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

12:56:28.0403 6264 ShellHWDetection - ok

12:56:28.0434 6264 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

12:56:28.0434 6264 SiSRaid2 - ok

12:56:28.0481 6264 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

12:56:28.0481 6264 SiSRaid4 - ok

12:56:28.0496 6264 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

12:56:28.0496 6264 Smb - ok

12:56:28.0527 6264 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

12:56:28.0527 6264 SNMPTRAP - ok

12:56:28.0543 6264 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

12:56:28.0543 6264 spldr - ok

12:56:28.0637 6264 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

12:56:28.0652 6264 Spooler - ok

12:56:29.0089 6264 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

12:56:29.0136 6264 sppsvc - ok

12:56:29.0167 6264 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

12:56:29.0183 6264 sppuinotify - ok

12:56:29.0229 6264 sprtsvc_verizondm - ok

12:56:29.0339 6264 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

12:56:29.0339 6264 srv - ok

12:56:29.0448 6264 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

12:56:29.0448 6264 srv2 - ok

12:56:29.0526 6264 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

12:56:29.0526 6264 srvnet - ok

12:56:29.0573 6264 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

12:56:29.0573 6264 SSDPSRV - ok

12:56:29.0573 6264 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

12:56:29.0573 6264 SstpSvc - ok

12:56:29.0588 6264 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

12:56:29.0588 6264 stexstor - ok

12:56:29.0635 6264 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

12:56:29.0651 6264 stisvc - ok

12:56:29.0729 6264 [ FF5EB78AF7DFB68C2FB363537AAF753E ] stllssvr c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

12:56:29.0760 6264 stllssvr - ok

12:56:29.0791 6264 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

12:56:29.0791 6264 swenum - ok

12:56:29.0822 6264 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

12:56:29.0838 6264 swprv - ok

12:56:29.0900 6264 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

12:56:29.0916 6264 SysMain - ok

12:56:29.0963 6264 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

12:56:30.0009 6264 TabletInputService - ok

12:56:30.0041 6264 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

12:56:30.0041 6264 TapiSrv - ok

12:56:30.0087 6264 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

12:56:30.0087 6264 TBS - ok

12:56:30.0321 6264 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

12:56:30.0337 6264 Tcpip - ok

12:56:30.0384 6264 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

12:56:30.0384 6264 TCPIP6 - ok

12:56:30.0431 6264 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

12:56:30.0431 6264 tcpipreg - ok

12:56:30.0493 6264 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

12:56:30.0509 6264 TDPIPE - ok

12:56:30.0540 6264 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

12:56:30.0540 6264 TDTCP - ok

12:56:30.0571 6264 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

12:56:30.0571 6264 tdx - ok

12:56:30.0587 6264 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

12:56:30.0602 6264 TermDD - ok

12:56:30.0743 6264 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

12:56:30.0758 6264 TermService - ok

12:56:30.0758 6264 tgsrvc_verizondm - ok

12:56:30.0774 6264 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

12:56:30.0789 6264 Themes - ok

12:56:30.0821 6264 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

12:56:30.0821 6264 THREADORDER - ok

12:56:30.0836 6264 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

12:56:30.0852 6264 TrkWks - ok

12:56:30.0883 6264 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

12:56:30.0883 6264 TrustedInstaller - ok

12:56:30.0930 6264 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

12:56:30.0930 6264 tssecsrv - ok

12:56:30.0961 6264 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

12:56:30.0961 6264 TsUsbFlt - ok

12:56:31.0008 6264 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

12:56:31.0023 6264 tunnel - ok

12:56:31.0039 6264 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

12:56:31.0039 6264 uagp35 - ok

12:56:31.0070 6264 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

12:56:31.0086 6264 udfs - ok

12:56:31.0101 6264 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

12:56:31.0117 6264 UI0Detect - ok

12:56:31.0133 6264 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

12:56:31.0133 6264 uliagpkx - ok

12:56:31.0164 6264 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys

12:56:31.0164 6264 umbus - ok

12:56:31.0211 6264 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

12:56:31.0211 6264 UmPass - ok

12:56:31.0226 6264 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

12:56:31.0242 6264 upnphost - ok

12:56:31.0273 6264 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

12:56:31.0273 6264 USBAAPL64 - ok

12:56:31.0320 6264 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

12:56:31.0320 6264 usbaudio - ok

12:56:31.0351 6264 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

12:56:31.0351 6264 usbccgp - ok

12:56:31.0382 6264 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

12:56:31.0382 6264 usbcir - ok

12:56:31.0398 6264 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

12:56:31.0398 6264 usbehci - ok

12:56:31.0429 6264 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

12:56:31.0429 6264 usbhub - ok

12:56:31.0429 6264 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

12:56:31.0445 6264 usbohci - ok

12:56:31.0445 6264 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

12:56:31.0445 6264 usbprint - ok

12:56:31.0507 6264 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

12:56:31.0507 6264 usbscan - ok

12:56:31.0507 6264 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

12:56:31.0507 6264 USBSTOR - ok

12:56:31.0523 6264 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

12:56:31.0523 6264 usbuhci - ok

12:56:31.0554 6264 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

12:56:31.0554 6264 UxSms - ok

12:56:31.0569 6264 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

12:56:31.0585 6264 VaultSvc - ok

12:56:31.0585 6264 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

12:56:31.0585 6264 vdrvroot - ok

12:56:31.0632 6264 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

12:56:31.0647 6264 vds - ok

12:56:31.0663 6264 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

12:56:31.0663 6264 vga - ok

12:56:31.0679 6264 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

12:56:31.0679 6264 VgaSave - ok

12:56:31.0694 6264 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

12:56:31.0694 6264 vhdmp - ok

12:56:31.0725 6264 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

12:56:31.0725 6264 viaide - ok

12:56:31.0741 6264 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

12:56:31.0788 6264 volmgr - ok

12:56:31.0835 6264 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

12:56:31.0835 6264 volmgrx - ok

12:56:31.0850 6264 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

12:56:31.0850 6264 volsnap - ok

12:56:31.0928 6264 [ 34756733F0480D68E519E80E22E05D12 ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

12:56:31.0928 6264 vpnagent - ok

12:56:31.0991 6264 [ E526A69D932538AE8BC96B3F4A5A90B1 ] vpnva C:\Windows\system32\DRIVERS\vpnva64.sys

12:56:32.0037 6264 vpnva - ok

12:56:32.0069 6264 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

12:56:32.0084 6264 vsmraid - ok

12:56:32.0162 6264 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

12:56:32.0178 6264 VSS - ok

12:56:32.0193 6264 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

12:56:32.0209 6264 vwifibus - ok

12:56:32.0256 6264 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

12:56:32.0256 6264 W32Time - ok

12:56:32.0271 6264 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

12:56:32.0271 6264 WacomPen - ok

12:56:32.0303 6264 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

12:56:32.0318 6264 WANARP - ok

12:56:32.0318 6264 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

12:56:32.0318 6264 Wanarpv6 - ok

12:56:32.0412 6264 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

12:56:32.0427 6264 WatAdminSvc - ok

12:56:32.0490 6264 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

12:56:32.0505 6264 wbengine - ok

12:56:32.0505 6264 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

12:56:32.0521 6264 WbioSrvc - ok

12:56:32.0537 6264 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

12:56:32.0537 6264 wcncsvc - ok

12:56:32.0552 6264 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

12:56:32.0568 6264 WcsPlugInService - ok

12:56:32.0568 6264 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

12:56:32.0568 6264 Wd - ok

12:56:32.0615 6264 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys

12:56:32.0615 6264 WDC_SAM - ok

12:56:32.0661 6264 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

12:56:32.0677 6264 Wdf01000 - ok

12:56:32.0693 6264 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

12:56:32.0693 6264 WdiServiceHost - ok

12:56:32.0708 6264 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

12:56:32.0708 6264 WdiSystemHost - ok

12:56:32.0739 6264 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

12:56:32.0786 6264 WebClient - ok

12:56:32.0817 6264 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

12:56:32.0849 6264 Wecsvc - ok

12:56:32.0864 6264 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

12:56:32.0864 6264 wercplsupport - ok

12:56:32.0880 6264 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

12:56:32.0895 6264 WerSvc - ok

12:56:32.0895 6264 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

12:56:32.0895 6264 WfpLwf - ok

12:56:33.0145 6264 [ 1EF54B3220EBF3794439EB072B350F3E ] WHSConnector C:\Program Files\Windows Home Server\WHSConnector.exe

12:56:33.0145 6264 WHSConnector - ok

12:56:33.0207 6264 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys

12:56:33.0207 6264 WimFltr - ok

12:56:33.0223 6264 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

12:56:33.0223 6264 WIMMount - ok

12:56:33.0239 6264 WinDefend - ok

12:56:33.0239 6264 WinHttpAutoProxySvc - ok

12:56:33.0317 6264 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

12:56:33.0348 6264 Winmgmt - ok

12:56:33.0395 6264 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

12:56:33.0473 6264 WinRM - ok

12:56:33.0519 6264 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

12:56:33.0519 6264 WinUsb - ok

12:56:33.0597 6264 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

12:56:33.0597 6264 Wlansvc - ok

12:56:33.0972 6264 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

12:56:33.0987 6264 wlidsvc - ok

12:56:34.0034 6264 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

12:56:34.0034 6264 WmiAcpi - ok

12:56:34.0065 6264 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

12:56:34.0065 6264 wmiApSrv - ok

12:56:34.0081 6264 WMPNetworkSvc - ok

12:56:34.0128 6264 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

12:56:34.0128 6264 WPCSvc - ok

12:56:34.0175 6264 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

12:56:34.0221 6264 WPDBusEnum - ok

12:56:34.0221 6264 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

12:56:34.0221 6264 ws2ifsl - ok

12:56:34.0237 6264 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll

12:56:34.0237 6264 wscsvc - ok

12:56:34.0237 6264 WSearch - ok

12:56:34.0346 6264 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

12:56:34.0377 6264 wuauserv - ok

12:56:34.0409 6264 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

12:56:34.0409 6264 WudfPf - ok

12:56:34.0424 6264 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

12:56:34.0424 6264 WUDFRd - ok

12:56:34.0455 6264 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

12:56:34.0518 6264 wudfsvc - ok

12:56:34.0549 6264 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

12:56:34.0565 6264 WwanSvc - ok

12:56:34.0565 6264 ================ Scan global ===============================

12:56:34.0596 6264 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

12:56:34.0643 6264 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

12:56:34.0643 6264 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

12:56:34.0674 6264 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

12:56:34.0705 6264 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

12:56:34.0721 6264 [Global] - ok

12:56:34.0721 6264 ================ Scan MBR ==================================

12:56:34.0721 6264 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0

12:56:35.0969 6264 \Device\Harddisk0\DR0 - ok

12:56:35.0969 6264 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1

12:56:35.0969 6264 \Device\Harddisk1\DR1 - ok

12:56:35.0969 6264 ================ Scan VBR ==================================

12:56:35.0984 6264 [ B419A001D8C1D26E4D7CCAD8AFB84FFB ] \Device\Harddisk0\DR0\Partition1

12:56:35.0984 6264 \Device\Harddisk0\DR0\Partition1 - ok

12:56:36.0015 6264 [ 64A9EC43A012282C8A1C9D825A0E2260 ] \Device\Harddisk0\DR0\Partition2

12:56:36.0015 6264 \Device\Harddisk0\DR0\Partition2 - ok

12:56:36.0015 6264 [ 8CA1FE5498586972083BAEA8C5B335B2 ] \Device\Harddisk1\DR1\Partition1

12:56:36.0015 6264 \Device\Harddisk1\DR1\Partition1 - ok

12:56:36.0015 6264 ============================================================

12:56:36.0015 6264 Scan finished

12:56:36.0015 6264 ============================================================

12:56:36.0015 3152 Detected object count: 0

12:56:36.0015 3152 Actual detected object count: 0

[Maurice Naggar]

The Tdsskiller result is good. But this system has, at minimum, a Trojan.

Do not worry or try to run MBAM or your antivirus for now.

• Disable your anti-virus program, How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  
• Please disconnect any USB or external drives from the computer before you run this scan!
  
• Right-Click RogueKiller and select Run as Administrator.
  
• Wait until Prescan finishes.
  
• On the RogueKiller console, click the Registry tab.
  Put a check next to all of these and uncheck the rest: (if found)
  [RUN][sUSP PATH] HKCU\[...]\Run : wneehh (regsvr32.exe /s "C:\ProgramData\wneehh.dat") [-] -> FOUND
  [RUN][sUSP PATH] HKUS\S-1-5-21-1614919336-1411973032-2412637700-1001[...]\Run : wneehh (regsvr32.exe /s "C:\ProgramData\wneehh.dat") [-] -> FOUND
  
  
• Then click on Delete on the right hand column under Options.
  
• The log will be found as RKreport
  Copy & Paste the contents into next reply.

2

To show all files:

• Press Windows-key +R key on your keyboard to get RUN option.
  
• Type in

  explorer.exe

  and press Enter to start Windows Explorer.
  

• From the menu options, Select Tools, then Folder Options.
  
• Next click the View tab.
  
• Locate and uncheck Hide file extensions for known file types.
  
• Locate and uncheck Hide protected operating system files (Recommended).
  
• Locate and click Show hidden files and folders and drives.
  
• Click Apply > OK.

3

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

• Close all open windows on the Task Bar. Click the icon (for Vista, or Windows 7 or 8 Right click the icon and Run as Administrator) to start the program.
  
• In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  
• Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  
• It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  
• Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  
• Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: here

• Run Security Check
• Follow the onscreen instructions inside of the command window.
• A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Then copy/paste the following into your post (in order):

• the contents of OTL.txt;
  
• the contents of Extras.txt ; and
  
• the contents of checkup.txt

Be sure to do a Preview prior to pressing Add Reply because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

[mlamphier]

Here is first part of OTL.txt

OTL logfile created on: 4/16/2013 2:00:09 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marc\Desktop\cham

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16540)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 6.14 Gb Available Physical Memory | 76.87% Memory free

15.98 Gb Paging File | 13.06 Gb Available in Paging File | 81.74% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 689.47 Gb Total Space | 224.03 Gb Free Space | 32.49% Space Free | Partition Type: NTFS

Drive D: | 168.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Drive E: | 931.51 Gb Total Space | 120.41 Gb Free Space | 12.93% Space Free | Partition Type: NTFS

Computer Name: MARC-PC | User Name: Marc | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/16 13:58:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marc\Desktop\cham\OTL.exe

PRC - [2013/03/12 03:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\Marc\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2013/03/07 16:31:48 | 019,357,112 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe

PRC - [2013/02/19 05:58:21 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe

PRC - [2013/02/12 22:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

PRC - [2013/01/28 14:08:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

PRC - [2012/12/28 10:03:25 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\real\realplayer\Update\realsched.exe

PRC - [2012/12/18 10:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/12/17 18:14:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

PRC - [2012/12/17 17:48:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

PRC - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

PRC - [2012/11/29 11:32:16 | 002,086,984 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe

PRC - [2012/08/29 14:51:48 | 001,061,960 | R--- | M] (Carbonite, Inc.) -- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe

PRC - [2011/11/13 08:53:42 | 002,996,592 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2tray.exe

PRC - [2011/11/13 08:53:40 | 000,946,032 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe

PRC - [2011/11/13 08:53:36 | 002,120,048 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2pre.exe

PRC - [2011/11/13 08:53:28 | 001,687,408 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2comm.exe

PRC - [2011/09/06 13:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

PRC - [2011/08/18 11:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe

PRC - [2011/08/18 11:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe

PRC - [2011/08/01 13:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

PRC - [2011/05/20 02:05:38 | 001,271,096 | ---- | M] (Jetico, Inc.) -- C:\Program Files (x86)\Jetico\BestCrypt\BCWipeTM.exe

PRC - [2011/03/28 07:26:14 | 000,095,544 | ---- | M] (Jetico, Inc.) -- C:\Program Files (x86)\Jetico\BestCrypt\BCWipeSvc.exe

PRC - [2011/03/14 10:22:06 | 002,125,472 | ---- | M] (Audible, Inc.) -- C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe

PRC - [2011/02/17 01:24:44 | 000,200,704 | ---- | M] (Jetico, Inc.) -- C:\Program Files (x86)\Jetico\BestCrypt\BCResident.exe

PRC - [2011/02/11 11:41:29 | 000,603,896 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

PRC - [2011/01/13 12:00:24 | 000,117,344 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files (x86)\WinTV\Ir.exe

PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

PRC - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe

PRC - [2010/09/03 02:45:02 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe

PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

PRC - [2010/07/20 01:29:20 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe

PRC - [2010/07/20 01:29:16 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe

PRC - [2010/07/20 01:29:06 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe

PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

PRC - [2009/12/29 17:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

PRC - [2009/11/23 01:35:12 | 002,388,992 | ---- | M] (www.elegantpie.com) -- C:\Program Files (x86)\clickclock\clickclock.exe

PRC - [2009/11/13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

PRC - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe

PRC - [2009/06/04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2008/12/01 10:58:22 | 000,034,104 | ---- | M] (APC) -- C:\Program Files (x86)\APC\PowerChute Business Edition\agent\pbeagent.exe

PRC - [2004/12/17 03:00:00 | 000,110,592 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Common Files\Sonic Shared\CineTray.exe

========== Modules (No Company Name) ==========

MOD - [2013/04/16 12:53:08 | 000,128,512 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\_elementtree.pyd

MOD - [2013/04/16 12:53:07 | 001,022,416 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\windows._cacheinvalidation.pyd

MOD - [2013/04/16 12:53:07 | 000,805,888 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\wx._gdi_.pyd

MOD - [2013/04/16 12:53:07 | 000,735,232 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\wx._misc_.pyd

MOD - [2013/04/16 12:53:07 | 000,557,056 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\pysqlite2._sqlite.pyd

MOD - [2013/04/16 12:53:07 | 000,364,544 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\pythoncom27.dll

MOD - [2013/04/16 12:53:07 | 000,320,512 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\win32com.shell.shell.pyd

MOD - [2013/04/16 12:53:07 | 000,110,080 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\PyWinTypes27.dll

MOD - [2013/04/16 12:53:07 | 000,108,544 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\win32security.pyd

MOD - [2013/04/16 12:53:07 | 000,098,816 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\win32api.pyd

MOD - [2013/04/16 12:53:07 | 000,087,040 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\_ctypes.pyd

MOD - [2013/04/16 12:53:07 | 000,070,656 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\wx._html2.pyd

MOD - [2013/04/16 12:53:07 | 000,044,032 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\_socket.pyd

MOD - [2013/04/16 12:53:07 | 000,022,528 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\win32ts.pyd

MOD - [2013/04/16 12:53:07 | 000,017,408 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\win32profile.pyd

MOD - [2013/04/16 12:53:07 | 000,011,264 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\win32crypt.pyd

MOD - [2013/04/16 12:53:06 | 001,175,040 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\wx._core_.pyd

MOD - [2013/04/16 12:53:06 | 001,153,024 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\_ssl.pyd

MOD - [2013/04/16 12:53:06 | 001,062,400 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\wx._controls_.pyd

MOD - [2013/04/16 12:53:06 | 000,811,008 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\wx._windows_.pyd

MOD - [2013/04/16 12:53:06 | 000,711,680 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\_hashlib.pyd

MOD - [2013/04/16 12:53:06 | 000,686,080 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\unicodedata.pyd

MOD - [2013/04/16 12:53:06 | 000,127,488 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\pyexpat.pyd

MOD - [2013/04/16 12:53:06 | 000,122,368 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\wx._wizard.pyd

MOD - [2013/04/16 12:53:06 | 000,119,808 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\win32file.pyd

MOD - [2013/04/16 12:53:06 | 000,038,912 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\win32inet.pyd

MOD - [2013/04/16 12:53:06 | 000,035,840 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\win32process.pyd

MOD - [2013/04/16 12:53:06 | 000,025,600 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\win32pdh.pyd

MOD - [2013/04/16 12:53:06 | 000,018,432 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\win32event.pyd

MOD - [2013/04/16 12:53:06 | 000,010,240 | ---- | M] () -- C:\Users\Marc\AppData\Local\Temp\_MEI59962\select.pyd

MOD - [2013/02/14 04:28:52 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\64cf6c356be66bb17c4667d6d8aa467b\System.Web.Services.ni.dll

MOD - [2013/02/14 04:28:41 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll

MOD - [2013/02/12 22:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll

MOD - [2013/02/12 22:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

MOD - [2013/01/10 04:41:43 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll

MOD - [2013/01/10 04:40:58 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll

MOD - [2013/01/10 04:33:24 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll

MOD - [2013/01/10 04:33:04 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll

MOD - [2013/01/10 04:32:49 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll

MOD - [2013/01/10 04:32:47 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll

MOD - [2013/01/10 04:32:40 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll

MOD - [2013/01/10 04:32:37 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll

MOD - [2013/01/10 04:32:34 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll

MOD - [2013/01/10 04:32:34 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll

MOD - [2013/01/10 04:32:25 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll

MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/08/18 11:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe

MOD - [2011/01/31 03:19:17 | 000,070,968 | ---- | M] () -- C:\Program Files (x86)\Jetico\BestCrypt\dismount.dll

MOD - [2009/11/13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

MOD - [2009/11/13 17:15:00 | 000,275,696 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll

MOD - [2009/11/13 17:15:00 | 000,152,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll

MOD - [2009/11/13 17:15:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll

MOD - [2009/11/13 17:15:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll

MOD - [2009/11/13 17:15:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013/02/19 14:56:14 | 000,182,752 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)

SRV:64bit: - [2013/02/19 14:53:32 | 000,218,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)

SRV:64bit: - [2013/02/19 14:51:54 | 000,241,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)

SRV:64bit: - [2012/11/16 22:10:22 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)

SRV:64bit: - [2012/09/27 21:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2012/08/31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)

SRV:64bit: - [2012/08/31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)

SRV:64bit: - [2012/08/31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)

SRV:64bit: - [2012/08/31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)

SRV:64bit: - [2012/08/31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)

SRV:64bit: - [2012/08/31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)

SRV:64bit: - [2012/08/31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)

SRV:64bit: - [2012/08/29 14:43:58 | 006,742,088 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)

SRV:64bit: - [2011/01/10 14:19:58 | 000,489,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\WHSConnector.exe -- (WHSConnector)

SRV:64bit: - [2009/08/11 16:50:50 | 000,083,968 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe -- (MediaCollectorService)

SRV:64bit: - [2009/08/11 16:50:50 | 000,020,480 | ---- | M] (HP) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe -- (HPMSSConnectorSvc)

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)

SRV - [2013/03/12 17:12:50 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/12/18 10:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)

SRV - [2011/11/13 08:53:40 | 000,946,032 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC)

SRV - [2011/08/18 11:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)

SRV - [2011/03/28 07:26:14 | 000,095,544 | ---- | M] (Jetico, Inc.) [Auto | Running] -- C:\Program Files (x86)\Jetico\BestCrypt\BCWipeSvc.exe -- (BCWipeSvc)

SRV - [2011/02/11 11:41:29 | 000,603,896 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)

SRV - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)

SRV - [2010/09/03 02:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)

SRV - [2010/07/20 01:29:20 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm)

SRV - [2010/07/20 01:29:16 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm)

SRV - [2010/04/29 15:30:46 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2009/06/26 12:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe -- (RoxMediaDB10)

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)

SRV - [2008/12/01 10:58:22 | 000,034,104 | ---- | M] (APC) [Auto | Running] -- C:\Program Files (x86)\APC\PowerChute Business Edition\agent\pbeagent.exe -- (APCPBEAgent)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/02/19 14:59:06 | 000,070,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)

DRV:64bit: - [2013/02/19 14:56:26 | 000,340,216 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)

DRV:64bit: - [2013/02/19 14:55:14 | 000,106,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)

DRV:64bit: - [2013/02/19 14:54:32 | 000,771,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)

DRV:64bit: - [2013/02/19 14:53:42 | 000,515,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)

DRV:64bit: - [2013/02/19 14:53:02 | 000,309,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)

DRV:64bit: - [2013/02/19 14:52:44 | 000,179,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)

DRV:64bit: - [2012/12/21 14:53:58 | 000,017,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)

DRV:64bit: - [2012/12/21 14:53:58 | 000,009,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)

DRV:64bit: - [2012/12/14 17:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/09/27 22:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2012/09/27 21:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/08/17 17:26:48 | 000,025,584 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Running] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020200}_0)

DRV:64bit: - [2012/05/14 02:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2012/04/20 17:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)

DRV:64bit: - [2012/03/26 07:46:47 | 000,192,072 | ---- | M] (Hauppauge, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcwhdpvr.sys -- (hcwhdpvr)

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/05/13 06:02:51 | 000,058,432 | ---- | M] (Jetico, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fsh.sys -- (fsh)

DRV:64bit: - [2011/03/28 05:21:24 | 000,081,984 | ---- | M] (Jetico, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bcbus.sys -- (bcbus)

DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/11 11:27:37 | 000,022,752 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)

DRV:64bit: - [2011/01/24 09:38:21 | 000,187,456 | ---- | M] (Jetico, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\bcfnt.sys -- (bcfnt)

DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/08/12 00:07:46 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2010/07/21 17:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)

DRV:64bit: - [2010/07/21 17:59:28 | 000,023,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)

DRV:64bit: - [2010/07/17 00:02:40 | 000,013,376 | ---- | M] (Jetico, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\moh.sys -- (moh)

DRV:64bit: - [2010/07/17 00:02:18 | 000,017,472 | ---- | M] (Jetico, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mhk.sys -- (mhk)

DRV:64bit: - [2010/07/07 19:18:58 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)

DRV:64bit: - [2010/05/18 00:05:47 | 000,033,856 | ---- | M] (Jetico, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bc_des.sys -- (BC_DES)

DRV:64bit: - [2010/05/18 00:01:40 | 000,034,368 | ---- | M] (Jetico, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bc_3des.sys -- (BC_3DES)

DRV:64bit: - [2010/01/29 02:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2009/12/22 09:56:50 | 000,034,368 | ---- | M] (Jetico, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bc_tfish.sys -- (BC_TFISH)

DRV:64bit: - [2009/12/22 09:56:42 | 000,036,928 | ---- | M] (Michael Oestergaard Pedersen) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bc_serp.sys -- (BC_SERP)

DRV:64bit: - [2009/12/22 09:56:33 | 000,051,264 | ---- | M] (Jetico, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bc_rijn.sys -- (BC_RIJN)

DRV:64bit: - [2009/12/22 09:56:24 | 000,030,272 | ---- | M] (Michael Oestergaard Pedersen) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bc_rc6.sys -- (BC_RC6)

DRV:64bit: - [2009/12/22 09:56:16 | 000,027,712 | ---- | M] (Iarsn) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bc_idea.sys -- (BC_IDEA)

DRV:64bit: - [2009/12/22 09:56:08 | 000,025,664 | ---- | M] (Jetico, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bc_gost.sys -- (BC_Gost)

DRV:64bit: - [2009/12/22 09:55:44 | 000,037,440 | ---- | M] (Jetico, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bc_cast.sys -- (BC_CAST)

DRV:64bit: - [2009/12/22 09:55:36 | 000,030,272 | ---- | M] (Jetico, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bc_bfish.sys -- (BC_BFish)

DRV:64bit: - [2009/12/22 09:55:27 | 000,030,784 | ---- | M] (Jetico, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bc_bf448.sys -- (BC_BF448)

DRV:64bit: - [2009/12/22 09:55:19 | 000,030,784 | ---- | M] (Jetico, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bc_bf128.sys -- (BC_BF128)

DRV:64bit: - [2009/10/07 15:11:30 | 000,053,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BackupReader.sys -- (BackupReader)

DRV:64bit: - [2009/07/24 22:58:56 | 000,100,776 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/06/04 22:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/06/04 20:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2009/05/23 02:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)

DRV:64bit: - [2007/05/14 17:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)

DRV:64bit: - [2007/04/17 12:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)

DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)

DRV - [2012/12/21 14:54:00 | 000,014,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)

DRV - [2012/12/21 14:53:58 | 000,009,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)

DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)

DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)

DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2009/06/26 11:27:28 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter)

DRV - [2004/05/29 09:15:12 | 000,009,728 | ---- | M] (iolo technologies, LLC (based on original work by Bo Brantén)) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\filedisk.sys -- (FileDisk)

DRV - [2003/12/19 03:00:00 | 000,006,656 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\cinemsup.sys -- (Cinemsup)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B61413CE-3964-4670-91AB-8C5B90E726F2}

IE:64bit: - HKLM\..\SearchScopes\{B61413CE-3964-4670-91AB-8C5B90E726F2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {1B612CFC-E1B3-4BDC-BEF6-38C67BE69819}

IE - HKLM\..\SearchScopes\{1B612CFC-E1B3-4BDC-BEF6-38C67BE69819}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKCU\..\SearchScopes,DefaultScope = {0D166A7C-8114-4544-BC02-9B3C3BF20F71}

IE - HKCU\..\SearchScopes\{0D166A7C-8114-4544-BC02-9B3C3BF20F71}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-search.com/?q={searchTerms}&affID=119293&babsrc=SP_ss&mntrId=840a8925000000000000a4badbf9c3c9

IE - HKCU\..\SearchScopes\{6D1B1F47-35AA-4806-A9A3-5F820D74B71A}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()

FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)

FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)

FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/10/27 09:43:20 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/12/28 10:04:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012/12/28 10:04:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/03/08 08:13:18 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/03/06 09:40:41 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013/02/25 02:23:47 | 000,000,000 | ---D | M]

[2013/02/20 00:09:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR - homepage: http://www.delta-search.com/?affID=119293&babsrc=HP_ss&mntrId=840a8925000000000000a4badbf9c3c9

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll

CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 7 U11 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll

CHR - plugin: RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll

CHR - plugin: RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll

CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll

CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll

CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll

CHR - Extension: SiteAdvisor = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\

CHR - Extension: RealDownloader = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\

CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\

O1 HOSTS File: ([2013/02/23 13:44:16 | 000,001,788 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 activate.adobe.com

O1 - Hosts: 127.0.0.1 practivate.adobe.com

O1 - Hosts: 127.0.0.1 ereg.adobe.com

O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com

O1 - Hosts: 127.0.0.1 wip3.adobe.com

O1 - Hosts: 127.0.0.1 3dns-3.adobe.com

O1 - Hosts: 127.0.0.1 3dns-2.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com

O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com

O1 - Hosts: 127.0.0.1 activate-sea.adobe.com

O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com

O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com

O1 - Hosts: 127.0.0.1 adobe.activate.com

O1 - Hosts: 127.0.0.1 adobeereg.com

O1 - Hosts: 127.0.0.1 www.adobeereg.com

O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com

O1 - Hosts: 127.0.0.1 125.252.224.90

O1 - Hosts: 127.0.0.1 125.252.224.91

O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com

O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found

O2:64bit: - BHO: (BrowserHelper Class) - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)

O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found

O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O3:64bit: - HKLM\..\Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [bCWipeTM Startup] C:\Program Files (x86)\Jetico\BestCrypt\BCWipeTM.exe (Jetico, Inc.)

O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)

O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()

O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found

O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [EaseUS EPM tray] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe (CHENGDU YIWO Tech Development Co., Ltd)

O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun File not found

O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\real\realplayer\update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe" File not found

O4 - HKLM..\Run: [VERIZONDM] C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKCU..\Run: [AdobeBridge] File not found

O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)

O4 - HKCU..\Run: [ClickClock] C:\Program Files (x86)\clickclock\clickclock.exe (www.elegantpie.com)

O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)

[mlamphier]

2nd part

O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)

O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found

O4 - HKCU..\Run: [Organize MP3 Music] "C:\Program Files (x86)\Organize MP3 Music\OrganizeMp3Music.exe" /minimized File not found

O4 - HKCU..\Run: [wneehh] C:\ProgramData\wneehh.dat ()

O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)

O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\ContentMerger10.exe (Sonic Solutions)

O4 - Startup: C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Marc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: No More Cookies - {334C4A3A-7B0F-4C55-B73F-63B37865E8FA} - C:\Program Files (x86)\No More Cookies\No More Cookies.exe (Pronto Internet Solutions Corporation)

O9 - Extra 'Tools' menuitem : No More Cookies - {334C4A3A-7B0F-4C55-B73F-63B37865E8FA} - C:\Program Files (x86)\No More Cookies\No More Cookies.exe (Pronto Internet Solutions Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15:64bit: - ..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKCU\..Trusted Domains: cinemanow.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: cinemanow.com ([]https in Trusted sites)

O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://biz.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab (DjVuCtl Class)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} https://erivpn.eisai.com/+CSCOL+/relayp.cab (Cisco Systems WebVPN Relay Loader)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/66.28/uploader2.cab (UploadListView Class)

O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://erivpn.eisai.com/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} http://andvmail01.eri.us.eisai.local/dwa8W.cab (Domino Web Access 8 Control)

O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)

O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.17.2)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9F7DBA4-E2D0-4A08-BD00-F9A16AC2071D}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)

O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/16 10:50:57 | 000,000,000 | ---D | C] -- C:\Users\Marc\Desktop\cham

[2013/04/16 09:53:51 | 000,000,000 | ---D | C] -- C:\Users\Marc\Desktop\RK_Quarantine

[2013/04/16 09:50:33 | 000,000,000 | ---D | C] -- C:\Users\Marc\Desktop\rkill

[2013/04/16 09:49:18 | 001,752,992 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Marc\Desktop\rkill.com

[2013/04/15 21:47:13 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\GraphPad Software

[2013/04/15 21:47:13 | 000,000,000 | ---D | C] -- C:\ProgramData\GraphPad Software

[2013/04/15 21:47:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GraphPad Software

[2013/04/15 21:47:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GraphPad

[2013/04/15 20:02:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

[2013/04/11 03:01:18 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2013/04/11 03:01:18 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2013/04/11 03:01:18 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2013/04/11 03:01:17 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2013/04/11 03:01:17 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll

[2013/04/11 03:01:17 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2013/04/11 03:01:17 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe

[2013/04/11 03:01:17 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe

[2013/04/11 03:01:17 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2013/04/11 03:01:17 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2013/04/11 03:01:17 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2013/04/11 03:01:17 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2013/04/11 03:01:15 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2013/04/11 03:01:15 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2013/04/11 03:01:15 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013/04/10 03:06:07 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2013/04/10 03:06:06 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2013/04/10 03:06:06 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2013/04/10 03:06:05 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe

[2013/04/10 03:06:05 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll

[2013/04/10 03:06:05 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll

[2013/04/06 00:34:34 | 000,000,000 | ---D | C] -- C:\Users\Marc\Documents\ArcSoft

[2013/04/05 23:58:06 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\{051E0407-42A1-44D9-80C5-A6375E5D45C8}

[2013/04/02 20:49:36 | 000,000,000 | ---D | C] -- C:\Users\Marc\Documents\Adobe Scripts

[2013/04/01 22:21:54 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe

[2013/04/01 20:57:04 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

[2013/04/01 19:16:03 | 000,036,921 | ---- | C] (Hauppauge Computer Works) -- C:\Windows\SysWow64\hcwutl32_priv.dll

[2013/04/01 19:01:34 | 000,022,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.041

[2013/04/01 19:01:34 | 000,022,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.03B

[2013/04/01 19:01:33 | 001,409,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.040

[2013/04/01 19:01:33 | 001,409,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.03A

[2013/04/01 19:01:33 | 000,147,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.03E

[2013/04/01 19:01:33 | 000,147,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.038

[2013/04/01 19:01:33 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.03F

[2013/04/01 19:01:33 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.039

[2013/04/01 19:01:30 | 000,598,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.03C

[2013/04/01 19:01:30 | 000,598,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.036

[2013/04/01 19:01:30 | 000,164,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.03D

[2013/04/01 19:01:30 | 000,164,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.037

[2013/04/01 19:00:34 | 001,409,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.034

[2013/04/01 19:00:34 | 000,147,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.032

[2013/04/01 19:00:34 | 000,022,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.035

[2013/04/01 19:00:34 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.033

[2013/04/01 19:00:30 | 000,598,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.030

[2013/04/01 19:00:30 | 000,164,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.031

[2013/04/01 18:50:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft TotalMedia Extreme 2

[2013/04/01 18:49:50 | 000,245,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unicows.dll

[2013/04/01 18:49:49 | 001,645,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll

[2013/04/01 18:49:49 | 000,393,216 | ---- | C] (Sample Corporation) -- C:\Windows\SysWow64\MSLUP60.dll

[2013/04/01 18:49:49 | 000,256,768 | ---- | C] (Sample Corporation) -- C:\Windows\SysWow64\MSLURT.dll

[2013/04/01 18:48:21 | 000,244,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsFlxGrd.ocx

[2013/04/01 18:48:19 | 001,409,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.02E

[2013/04/01 18:48:19 | 000,147,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.02C

[2013/04/01 18:48:19 | 000,022,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.02F

[2013/04/01 18:48:19 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.02D

[2013/04/01 18:48:16 | 000,164,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.02B

[2013/04/01 18:48:15 | 000,598,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.02A

[2013/04/01 18:46:46 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\autorun

[2013/04/01 18:33:36 | 001,409,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.028

[2013/04/01 18:33:36 | 001,409,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.022

[2013/04/01 18:33:36 | 001,409,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.01C

[2013/04/01 18:33:36 | 000,022,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.029

[2013/04/01 18:33:36 | 000,022,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.023

[2013/04/01 18:33:36 | 000,022,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.01D

[2013/04/01 18:33:36 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.025

[2013/04/01 18:33:36 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.020

[2013/04/01 18:33:36 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.01B

[2013/04/01 18:33:35 | 000,147,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.027

[2013/04/01 18:33:35 | 000,147,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.021

[2013/04/01 18:33:35 | 000,147,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.01A

[2013/04/01 18:33:33 | 000,598,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.024

[2013/04/01 18:33:33 | 000,598,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.01F

[2013/04/01 18:33:33 | 000,598,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.018

[2013/04/01 18:33:33 | 000,164,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.026

[2013/04/01 18:33:33 | 000,164,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.01E

[2013/04/01 18:33:33 | 000,164,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.019

[2013/04/01 18:33:15 | 001,409,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.016

[2013/04/01 18:33:15 | 000,147,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.014

[2013/04/01 18:33:15 | 000,022,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.017

[2013/04/01 18:33:15 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.015

[2013/04/01 18:33:12 | 000,598,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.012

[2013/04/01 18:33:12 | 000,164,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.013

[2013/04/01 18:31:51 | 000,330,568 | ---- | C] (Hauppauge, Inc.) -- C:\Windows\SysWow64\hcwhdpvr.ax

[2013/04/01 18:31:50 | 000,192,072 | ---- | C] (Hauppauge, Inc.) -- C:\Windows\SysNative\drivers\hcwhdpvr.sys

[2013/04/01 17:45:18 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\{832E998A-E71A-4B80-8242-91D73ABE72B6}

[2013/04/01 13:08:25 | 000,000,000 | ---D | C] -- C:\Users\Marc\Desktop\cabe

[2013/03/29 03:03:11 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2013/03/29 03:03:11 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2013/03/29 03:03:11 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat

[2013/03/29 03:03:11 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat

[2013/03/29 03:03:11 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe

[2013/03/29 03:03:11 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll

[2013/03/29 03:03:11 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll

[2013/03/29 03:03:11 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll

[2013/03/29 03:03:11 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll

[2013/03/29 03:03:11 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2013/03/29 03:03:11 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll

[2013/03/29 03:03:11 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec

[2013/03/29 03:03:11 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2013/03/29 03:03:11 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll

[2013/03/29 03:03:11 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2013/03/29 03:03:11 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2013/03/29 03:03:11 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll

[2013/03/29 03:03:11 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll

[2013/03/29 03:03:11 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll

[2013/03/29 03:03:11 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll

[2013/03/29 03:03:11 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2013/03/29 03:03:11 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe

[2013/03/29 03:03:11 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll

[2013/03/29 03:03:11 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe

[2013/03/29 03:03:11 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll

[2013/03/29 03:03:11 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe

[2013/03/29 03:03:11 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe

[2013/03/29 03:03:11 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2013/03/29 03:03:11 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll

[2013/03/29 03:03:11 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll

[2013/03/29 03:03:11 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll

[2013/03/29 03:03:11 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2013/03/29 03:03:11 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll

[2013/03/29 03:03:11 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll

[2013/03/29 03:03:11 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2013/03/29 03:03:11 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe

[2013/03/29 03:03:11 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll

[2013/03/29 03:03:11 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll

[2013/03/29 03:03:11 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2013/03/29 03:03:11 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx

[2013/03/29 03:03:11 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe

[2013/03/29 03:03:11 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll

[2013/03/29 03:03:11 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll

[2013/03/29 03:03:11 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx

[2013/03/29 03:03:11 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll

[2013/03/29 03:03:11 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll

[2013/03/29 03:03:11 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll

[2013/03/29 03:03:11 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll

[2013/03/29 03:03:11 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll

[2013/03/29 03:03:11 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll

[2013/03/29 03:03:11 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe

[2013/03/29 03:03:11 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe

[2013/03/29 03:03:11 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2013/03/29 03:02:28 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll

[2013/03/29 03:02:28 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll

[2013/03/29 03:02:28 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll

[2013/03/29 03:02:28 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll

[2013/03/29 03:02:28 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll

[2013/03/29 03:02:28 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll

[2013/03/29 03:02:28 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll

[2013/03/29 03:02:28 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll

[2013/03/29 03:02:28 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

[2013/03/29 03:02:28 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll

[2013/03/29 03:02:28 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

[2013/03/29 03:02:28 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll

[2013/03/29 03:02:28 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

[2013/03/29 03:02:28 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll

[2013/03/29 03:02:28 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

[2013/03/29 03:02:28 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll

[2013/03/29 03:02:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

[2013/03/29 03:02:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll

[2013/03/29 03:02:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

[2013/03/29 03:02:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll

[2013/03/29 03:02:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

[2013/03/29 03:02:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll

[2013/03/29 03:02:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

[2013/03/29 03:02:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll

[2013/03/29 03:02:28 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

[2013/03/29 03:02:28 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll

[2013/03/29 03:02:27 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll

[2013/03/29 03:02:27 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll

[2013/03/29 03:02:27 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll

[2013/03/29 03:02:27 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll

[2013/03/29 03:02:27 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll

[2013/03/29 03:02:27 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll

[2013/03/29 03:02:27 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll

[2013/03/29 03:02:27 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll

[2013/03/29 03:02:27 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll

[2013/03/29 03:02:27 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll

[2013/03/29 03:02:27 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll

[2013/03/29 03:02:27 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll

[2013/03/29 03:02:27 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll

[2013/03/29 03:02:27 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll

[2013/03/29 03:02:27 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll

[2013/03/28 21:50:40 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2013/03/28 21:50:02 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\PDAppFlex

[2013/03/28 21:28:15 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM

[2013/03/28 21:27:28 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe

[2013/03/28 21:25:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2013/03/28 20:36:03 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2013/03/28 20:36:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant

[2013/03/23 04:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

[2013/03/23 00:44:22 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\{5744CCBF-78CB-4528-8F3B-EC9E41E21320}

[2013/03/20 16:30:25 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys

[2013/03/20 00:01:33 | 000,000,000 | ---D | C] -- C:\Users\Marc\Desktop\bath

[2010/02/14 16:35:58 | 004,411,392 | ---- | C] (Gabest) -- C:\Program Files (x86)\mplayerc.exe

========== Files - Modified Within 30 Days ==========

[2013/04/16 14:03:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/04/16 13:12:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/04/16 12:59:58 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/04/16 12:59:58 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/04/16 12:59:43 | 000,730,596 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/04/16 12:59:43 | 000,627,104 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/04/16 12:59:43 | 000,107,420 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/04/16 12:53:22 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/04/16 12:52:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/04/16 12:52:26 | 2140,393,471 | -HS- | M] () -- C:\hiberfil.sys

[2013/04/16 12:40:04 | 000,002,228 | -H-- | M] () -- C:\Users\Marc\Documents\Default.rdp

[2013/04/16 09:52:19 | 000,816,128 | ---- | M] () -- C:\Users\Marc\Desktop\RogueKiller.exe

[2013/04/16 09:49:18 | 001,752,992 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Marc\Desktop\rkill.com

[2013/04/16 00:39:39 | 000,197,632 | ---- | M] () -- C:\ProgramData\wneehh.dat

[2013/04/15 21:47:13 | 000,001,321 | ---- | M] () -- C:\Users\Public\Desktop\GraphPad Prism 6 Viewer.lnk

[2013/04/15 20:02:16 | 000,001,830 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk

[2013/04/14 00:45:20 | 000,000,702 | ---- | M] () -- C:\Windows\NewsRover.INI

[2013/04/13 21:04:53 | 017,008,320 | ---- | M] () -- C:\Users\Marc\Desktop\IMG_0636.MOV

[2013/04/12 11:09:54 | 000,036,363 | ---- | M] () -- C:\Windows\CSTBox.INI

[2013/04/11 03:22:37 | 005,080,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/04/06 22:19:49 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2013/04/01 20:57:00 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll

[2013/04/01 20:57:00 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll

[2013/04/01 20:57:00 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe

[2013/04/01 20:57:00 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe

[2013/04/01 20:57:00 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe

[2013/04/01 20:57:00 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

[2013/04/01 19:16:06 | 000,037,515 | ---- | M] () -- C:\Windows\Irremote.ini

[2013/04/01 19:16:06 | 000,001,006 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk

[2013/04/01 19:06:37 | 000,002,712 | ---- | M] () -- C:\Windows\HCWPNP.INI

[2013/04/01 19:01:42 | 000,000,699 | ---- | M] () -- C:\Users\Marc\Desktop\WinTV Scheduler.lnk

[2013/04/01 19:01:42 | 000,000,167 | ---- | M] () -- C:\Users\Marc\Desktop\Program Guide.url

[2013/04/01 18:50:44 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\TotalMedia Extreme 2.lnk

[2013/03/29 03:03:11 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2013/03/29 03:03:11 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2013/03/29 03:03:11 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat

[2013/03/29 03:03:11 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat

[2013/03/29 03:03:11 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe

[2013/03/29 03:03:11 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll

[2013/03/29 03:03:11 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll

[2013/03/29 03:03:11 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll

[2013/03/29 03:03:11 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll

[2013/03/29 03:03:11 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2013/03/29 03:03:11 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll

[2013/03/29 03:03:11 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec

[2013/03/29 03:03:11 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2013/03/29 03:03:11 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll

[2013/03/29 03:03:11 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2013/03/29 03:03:11 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2013/03/29 03:03:11 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll

[2013/03/29 03:03:11 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll

[2013/03/29 03:03:11 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll

[2013/03/29 03:03:11 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll

[2013/03/29 03:03:11 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2013/03/29 03:03:11 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe

[2013/03/29 03:03:11 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll

[2013/03/29 03:03:11 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe

[2013/03/29 03:03:11 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll

[2013/03/29 03:03:11 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe

[2013/03/29 03:03:11 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe

[2013/03/29 03:03:11 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2013/03/29 03:03:11 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll

[2013/03/29 03:03:11 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll

[2013/03/29 03:03:11 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll

[2013/03/29 03:03:11 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2013/03/29 03:03:11 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll

[2013/03/29 03:03:11 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll

[2013/03/29 03:03:11 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2013/03/29 03:03:11 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe

[2013/03/29 03:03:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll

[2013/03/29 03:03:11 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll

[2013/03/29 03:03:11 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2013/03/29 03:03:11 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx

[2013/03/29 03:03:11 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe

[2013/03/29 03:03:11 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll

[2013/03/29 03:03:11 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll

[2013/03/29 03:03:11 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx

[2013/03/29 03:03:11 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll

[2013/03/29 03:03:11 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll

[2013/03/29 03:03:11 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll

[2013/03/29 03:03:11 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll

[2013/03/29 03:03:11 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll

[2013/03/29 03:03:11 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf

[2013/03/29 03:03:11 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf

[2013/03/29 03:03:11 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll

[2013/03/29 03:03:11 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe

[2013/03/29 03:03:11 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe

[2013/03/29 03:03:11 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2013/03/29 03:02:28 | 003,928,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll

[2013/03/29 03:02:28 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll

[2013/03/29 03:02:28 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll

[2013/03/29 03:02:28 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll

[2013/03/29 03:02:28 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll

[2013/03/29 03:02:28 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll

[2013/03/29 03:02:28 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll

[2013/03/29 03:02:28 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll

[2013/03/29 03:02:28 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll

[2013/03/29 03:02:28 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

[2013/03/29 03:02:28 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll

[2013/03/29 03:02:28 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

[2013/03/29 03:02:28 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll

[2013/03/29 03:02:28 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

[2013/03/29 03:02:28 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll

[2013/03/29 03:02:28 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

[2013/03/29 03:02:28 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll

[2013/03/29 03:02:28 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

[2013/03/29 03:02:28 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll

[2013/03/29 03:02:28 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

[2013/03/29 03:02:28 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll

[2013/03/29 03:02:28 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

[2013/03/29 03:02:28 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll

[2013/03/29 03:02:28 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

[2013/03/29 03:02:28 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll

[2013/03/29 03:02:28 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

[2013/03/29 03:02:28 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll

[2013/03/29 03:02:27 | 002,565,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll

[2013/03/29 03:02:27 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll

[2013/03/29 03:02:27 | 001,643,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll

[2013/03/29 03:02:27 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll

[2013/03/29 03:02:27 | 001,424,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll

[2013/03/29 03:02:27 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll

[2013/03/29 03:02:27 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll

[2013/03/29 03:02:27 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll

[2013/03/29 03:02:27 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll

[2013/03/29 03:02:27 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll

[2013/03/29 03:02:27 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll

[2013/03/29 03:02:27 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll

[2013/03/29 03:02:27 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll

[2013/03/29 03:02:27 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll

[2013/03/28 21:49:32 | 000,001,524 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk

[2013/03/28 20:36:01 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk

[2013/03/27 18:59:51 | 000,001,051 | ---- | M] () -- C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2013/03/27 18:59:42 | 000,001,017 | ---- | M] () -- C:\Users\Marc\Desktop\Dropbox.lnk

[2013/03/23 04:04:48 | 000,002,214 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2013/03/19 16:45:11 | 001,155,072 | ---- | M] () -- C:\Users\Marc\Documents\Database1.accdb

[2013/03/19 16:45:06 | 000,344,064 | ---- | M] () -- C:\Users\Marc\Documents\Database2.accdb

[2013/03/19 02:04:06 | 005,550,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2013/03/19 01:46:56 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll

[2013/03/19 01:04:13 | 003,968,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2013/03/19 01:04:10 | 003,913,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2013/03/19 00:47:50 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll

[2013/03/18 23:06:33 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe

========== Files Created - No Company Name ==========

[2013/04/16 09:52:17 | 000,816,128 | ---- | C] () -- C:\Users\Marc\Desktop\RogueKiller.exe

[2013/04/16 00:39:39 | 000,197,632 | ---- | C] () -- C:\ProgramData\wneehh.dat

[2013/04/15 21:47:13 | 000,001,321 | ---- | C] () -- C:\Users\Public\Desktop\GraphPad Prism 6 Viewer.lnk

[2013/04/13 21:14:24 | 017,008,320 | ---- | C] () -- C:\Users\Marc\Desktop\IMG_0636.MOV

[2013/04/01 19:15:01 | 000,001,006 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk

[2013/04/01 18:50:44 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\TotalMedia Extreme 2.lnk

[2013/04/01 18:48:24 | 000,000,699 | ---- | C] () -- C:\Users\Marc\Desktop\WinTV Scheduler.lnk

[2013/04/01 18:48:24 | 000,000,167 | ---- | C] () -- C:\Users\Marc\Desktop\Program Guide.url

[2013/04/01 18:34:28 | 000,037,515 | ---- | C] () -- C:\Windows\Irremote.ini

[2013/03/29 03:03:11 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf

[2013/03/29 03:03:11 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf

[2013/03/28 21:49:32 | 000,001,536 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk

[2013/03/28 21:49:31 | 000,001,524 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk

[2013/03/28 21:28:18 | 000,001,520 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS6 (64 Bit).lnk

[2013/03/28 21:27:51 | 000,001,039 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk

[2013/03/28 21:27:08 | 000,001,359 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk

[2013/03/28 21:27:04 | 000,001,525 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk

[2013/03/28 21:26:46 | 000,000,999 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk

[2013/03/28 20:36:01 | 000,001,045 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk

[2013/03/28 20:36:01 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk

[2013/03/23 04:04:48 | 000,002,214 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2013/03/19 16:44:52 | 000,344,064 | ---- | C] () -- C:\Users\Marc\Documents\Database2.accdb

[2013/03/18 21:59:51 | 001,155,072 | ---- | C] () -- C:\Users\Marc\Documents\Database1.accdb

[2013/02/18 00:08:20 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll

[2013/02/18 00:08:19 | 002,468,520 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe

[2013/02/18 00:08:19 | 000,087,112 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe

[2013/02/18 00:08:19 | 000,009,160 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys

[2013/02/18 00:08:18 | 000,014,920 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys

[2012/12/09 12:13:31 | 000,000,543 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\All CPU MeterV3_Settings.ini

[2012/10/29 13:58:36 | 000,000,076 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\mbam.context.scan

[2012/09/27 21:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat

[2012/09/27 21:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

[2012/05/02 15:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll

[2012/04/01 21:30:17 | 000,214,492 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2012/01/28 22:44:47 | 000,036,363 | ---- | C] () -- C:\Windows\CSTBox.INI

[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2011/05/13 08:47:37 | 000,743,538 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010/05/21 08:26:47 | 000,007,607 | -H-- | C] () -- C:\Users\Marc\AppData\Local\resmon.resmoncfg

[2010/05/09 11:38:23 | 000,015,360 | -H-- | C] () -- C:\Users\Marc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/05/07 01:01:40 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

[2010/05/07 01:01:40 | 000,000,088 | RHS- | C] () -- C:\ProgramData\F03DAFFE0F.sys

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/12/17 00:39:52 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Amazon

[2013/04/06 00:29:18 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\avidemux

[2013/02/20 00:09:28 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Babylon

[2012/04/25 23:30:31 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\BitTorrent

[2010/05/17 13:35:55 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Canon

[2011/04/21 00:08:39 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2010/06/20 06:31:03 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\CoffeeCup Software

[2013/03/28 20:36:03 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2013/04/16 12:53:46 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Dropbox

[2011/05/09 22:16:10 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\GARMIN

[2013/02/20 00:09:30 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\GoforFiles

[2013/04/15 21:47:13 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\GraphPad Software

[2012/11/24 23:35:32 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\GroundSchool FAA

[2010/08/07 16:50:07 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\ISIS Drivers

[2012/12/10 20:53:02 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Leadertech

[2010/12/26 00:10:34 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\LockHunter

[2012/12/16 09:03:30 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Mael

[2011/12/31 12:26:01 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Organize MP3 Music

[2012/12/10 23:47:05 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\PandoraRecovery

[2011/05/25 13:02:39 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\PCDr

[2013/03/28 21:50:02 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\PDAppFlex

[2013/03/28 21:50:40 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2011/03/06 20:50:41 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\TeamViewer

[2012/10/17 09:25:20 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\webex

[2013/02/23 13:37:32 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Windows Home Server

[2012/05/02 01:32:29 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\WindSolutions

========== Purity Check ==========

========== Files - Unicode (All) ==========

[2012/11/19 23:43:47 | 000,025,088 | ---- | M] ()(C:\Users\Marc\Documents\??.doc) -- C:\Users\Marc\Documents\谷口.doc

[2012/11/18 23:53:21 | 000,025,088 | ---- | C] ()(C:\Users\Marc\Documents\??.doc) -- C:\Users\Marc\Documents\谷口.doc

< End of report >

[mlamphier]

Extras.txt

OTL Extras logfile created on: 4/16/2013 2:00:09 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marc\Desktop\cham

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16540)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 6.14 Gb Available Physical Memory | 76.87% Memory free

15.98 Gb Paging File | 13.06 Gb Available in Paging File | 81.74% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 689.47 Gb Total Space | 224.03 Gb Free Space | 32.49% Space Free | Partition Type: NTFS

Drive D: | 168.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Drive E: | 931.51 Gb Total Space | 120.41 Gb Free Space | 12.93% Space Free | Partition Type: NTFS

Computer Name: MARC-PC | User Name: Marc | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"UACDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Users\Marc\AppData\Local\Temp\vbc.exe" = C:\Users\Marc\AppData\Local\Temp\vbc.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)

"C:\Users\Marc\AppData\Roaming\local.exe" = C:\Users\Marc\AppData\Roaming\local.exe:*:Enabled:Windows Messanger

"C:\Users\Marc\AppData\Local\Temp\vbc.exe" = C:\Users\Marc\AppData\Local\Temp\vbc.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)

"C:\Users\Marc\AppData\Roaming\local.exe" = C:\Users\Marc\AppData\Roaming\local.exe:*:Enabled:Windows Messanger

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0537975F-8ED7-4FE2-94D7-C088C97B5CB3}" = rport=445 | protocol=6 | dir=out | app=system |

"{141A70DB-433D-4825-B0CD-2B5F91F98C6C}" = rport=10243 | protocol=6 | dir=out | app=system |

"{418502A7-55E0-4E01-AAC4-597FB747E420}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{46AA7CC0-3BDE-40B4-B28A-D12E51D9C0A2}" = lport=139 | protocol=6 | dir=in | app=system |

"{46D9B379-1D8F-4500-B11F-AEE8D1F3D458}" = rport=137 | protocol=17 | dir=out | app=system |

"{4DEF56DC-B281-4D1A-BC08-E6A8EFE8D19F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{5904DBF6-7ACD-4614-818E-A049DB060516}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

"{597AD6B3-CE6E-4ACF-B59B-F374C6B38AB8}" = lport=445 | protocol=6 | dir=in | app=system |

"{77A4E670-3F1B-4C24-8526-D75359AC18EA}" = lport=10243 | protocol=6 | dir=in | app=system |

"{8ACAABD1-9338-4858-9757-88A2308D346B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{8C03210F-4DF0-4998-9B6F-4237CF4758ED}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{975D5262-A12E-4172-A239-AB530493B46D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{A097BA5F-1CDF-4141-874B-626D19C1D9EB}" = rport=138 | protocol=17 | dir=out | app=system |

"{A642A404-9A08-4D6F-954D-B4E344BA08BF}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |

"{BAFE1FAC-87CD-4541-9F11-CA1C36A69069}" = lport=137 | protocol=17 | dir=in | app=system |

"{C0C1B45D-A459-4AF8-879A-F07A4A4A756C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{D0285203-DED2-4970-A666-182D932B53DD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{D5A22B48-A50B-4F36-83C2-FD8BB04D34FE}" = lport=138 | protocol=17 | dir=in | app=system |

"{D5D8C048-F51A-44E6-9E31-D3380752493A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{E6FF877A-59E3-4407-B74B-35E09C462840}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{EF815E7D-3A16-43C6-B32F-8C028903FFEB}" = rport=139 | protocol=6 | dir=out | app=system |

"{F0394A70-BAB1-4CD6-8767-5405729A8652}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{F0E80B29-52DA-4FFC-82A4-D66D8AAC7446}" = lport=2869 | protocol=6 | dir=in | app=system |

"{F1B8501B-99B1-4AE2-854D-8D6508F7679B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{F56E5AD2-7E2D-446C-845F-048C575EF687}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{FC57D0AC-2E07-48E8-9441-61DA81C9127D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{FDF2B19E-5257-473F-B794-E345A2B6058A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0B13FE62-C97F-4B2B-AB2A-60DEC919E5DF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{11DEC4F6-9759-4EA1-B248-9B7EC21765BC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{120A1CE9-15BD-48CA-8763-6D32DBBC86A9}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{12D06AA2-3995-40A8-974B-561122F72A3A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{14344D43-5718-4122-A04D-840ACCA6F0F3}" = protocol=6 | dir=in | app=c:\users\marc\appdata\roaming\dropbox\bin\dropbox.exe |

"{15F4E49E-BA7F-4F52-8002-795A4583CB5B}" = protocol=6 | dir=in | app=c:\program files (x86)\apc\powerchute business edition\agent\pbeagent.exe |

"{17C3B067-7864-4411-83DE-64888C8210C5}" = protocol=6 | dir=in | app=c:\program files\hewlett-packard\hp mediasmart server\mediacollectorclient.exe |

"{2196EBFF-4C13-49C3-8E2A-E6D49350E329}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |

"{223C586E-3EAE-4751-A2E7-987104F03267}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |

"{2A45584E-F396-47B2-94D0-BA5B6C96C9DF}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |

"{2C0A32F8-B738-413C-BBE5-1E3746BCE57D}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |

"{2C2AD91A-52BC-4549-B64C-F20BADB686CC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{2C9B4CC2-A711-493D-9245-35ADEECB97F9}" = protocol=17 | dir=in | app=c:\program files\hewlett-packard\hp mediasmart server\mediacollectorclient.exe |

"{36623989-1C1F-49A3-A041-164164797887}" = protocol=17 | dir=in | app=c:\program files (x86)\apc\powerchute business edition\agent\pbeagent.exe |

"{36FD3A02-7D5C-4AE1-9E8B-C6A1E3C88BA3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{39D2021E-E711-49D5-8E3F-252F40E91EE6}" = protocol=17 | dir=in | app=c:\program files\hewlett-packard\hp mediasmart server\mediacollectorclient.exe |

"{3D3E79C8-61C6-4835-A12A-91150D6E053B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{4048EE52-9298-4171-94A2-AE0D892D54B0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{45DBB190-6BF6-45FA-A7EB-AB2B279648E7}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |

"{532D9963-3BE9-4FD2-8235-7C3ED41321D2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{55C981D8-2697-49B3-B39E-6D404EFAC105}" = protocol=6 | dir=in | app=c:\program files\hewlett-packard\hp mediasmart server\mediacollectorclient.exe |

"{5B6E6A07-5471-4F8B-A046-2C01ED9E745A}" = protocol=6 | dir=out | app=system |

"{610FBD04-2269-45F7-9BD9-3575D24AC6FF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{6FC9D31D-D489-431F-9889-C4ACCD3A90B1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{71614BB9-55C1-4A5D-A4FA-E07CE7788AD9}" = protocol=17 | dir=in | app=c:\users\marc\appdata\roaming\dropbox\bin\dropbox.exe |

"{7197A738-7433-4C39-BA22-399BCCBA102B}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{8426A419-6D37-4EF2-9E41-426ACBF20057}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{90D2FAED-AA8E-46C8-A843-BEF89FD7E07E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{942A76BC-CA35-421C-86BF-49F6879392F8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{94A42C33-8A80-4AE9-9FB3-AD932F883576}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{98887D00-68DE-4ABA-8EEF-6DA9A2FE0556}" = protocol=17 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |

"{98F64C46-3F32-4BFC-AFE0-378CE02FE811}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{9B1D22F0-70A7-4379-B97F-865D58A25BDF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{9E1ED1B5-3B43-4EB9-83DB-576EB4A9FC3D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe |

"{9EBAE162-EF3B-4352-91C5-1435FB4C3D51}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{9F5B2877-DEC9-48CF-B219-6D6CA41F2728}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{A639E9DD-6D62-43DB-A123-4D5F6E903D2C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{A91DEBA5-3C29-4FCE-9490-FEBDA621591F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe |

"{AA532CD8-DD89-479D-8F7C-C88AF889A51C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{AC2619DD-BE34-4773-B618-C683456CD17E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{AC8F1DC8-60CB-479E-9B7F-D6104A9DC685}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{AF77025A-D98C-421B-9EAC-B369D4AF03A5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{B7789B55-4C20-4E0B-BA87-BB3B024E6CA7}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{BCAED262-1A0C-40CD-82DB-882720B4DEFE}" = protocol=17 | dir=in | app=c:\program files\windows home server\discovery.exe |

"{BE87F6E6-D6A9-401E-A714-A4DFD5A5F460}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |

"{D63C772E-EE24-41C0-9D65-64FBF7071C4D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{DA7FEA80-6780-424B-9182-7329AD9F60F9}" = protocol=6 | dir=in | app=c:\program files\windows home server\discovery.exe |

"{E1EA7801-8324-481D-90D1-FC1AC507F0C6}" = protocol=6 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |

"{E1EC3952-5FB6-4E5F-B2CC-8ACD9B2444B5}" = protocol=6 | dir=in | app=d:\whsrecovery.exe |

"{E5AE3DE6-7AF2-4F7A-8042-AB3D4996638A}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |

"{E5FD0896-0F20-4B02-9D14-28165A4580D4}" = protocol=17 | dir=in | app=c:\users\marc\appdata\local\temp\pxe\hp-tftpd32.exe |

"{F39FE3AA-355F-462C-A46A-AD2BB47ED19B}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |

"{FDFE35D5-A5C1-45F3-8B07-C755DCF79D46}" = protocol=6 | dir=in | app=c:\users\marc\appdata\local\temp\pxe\hp-tftpd32.exe |

"{FEA503AF-8061-4459-ADBC-1443142581E3}" = protocol=17 | dir=in | app=d:\whsrecovery.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector

"{02AD9D20-03D2-4DE0-8793-E8253026AD86}" = EMCGadgets64

"{0407893F-352C-B182-E04A-A8C3333DA29B}" = AMD Drag and Drop Transcoding

"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.7

"{0DCAB5DD-CC69-271A-CF03-F2BD6B60BD8A}" = AMD Media Foundation Decoders

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

"{21E49794-7C13-4E84-8659-55BD378267D5}" = Windows Home Server Connector

"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java 6 Update 17 (64-bit)

"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support

"{46DA7FD9-8BC1-7BA8-98D1-27F46647871B}" = AMD Catalyst Install Manager

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{504184A2-1B0E-5D93-603A-517E93E7EDB3}" = AMD Accelerated Video Transcoding

"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{5FE78439-7CAA-45FE-A808-2D7A0FC98643}" = iTunes

"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup

"{62B883AB-AC37-9127-56D0-2C3FC0AFC724}" = ccc-utility64

"{64A3A4F4-B792-11D6-A78A-00B0D0170090}" = Java SE Development Kit 7 Update 9 (64-bit)

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{735A3951-E139-4E4A-AFAE-BA25E9FF5E6A}" = PDFill FREE PDF Tools

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{982B2A0F-7679-41D6-A584-C8E735F4A8CD}" = Windows Home Server Toolkit 1.1

"{98C8DF59-BE5F-4EC2-9B12-FD2A54928EDB}" = Microsoft IntelliType Pro 8.0

"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock

"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud

"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst

"{E4C9F9EF-787C-43EE-9337-D0667498B3BF}" = HP MediaSmart Server 3.0 (x64)

"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"EPSON Printer and Utilities" = EPSON Printer Software

"LockHunter_is1" = LockHunter version 1.0 beta 3, 64 bit edition

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"News Rover" = News Rover -- Usenet newsreader

"PC-Doctor for Windows" = Dell Support Center

"Recuva" = Recuva

"VLC media player" = VLC media player 2.0.5

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9

"{03CDDD00-BD57-4326-9480-4C74449AF597}" = PhotoStitch

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data

"{097E59B5-CCAB-46B6-6A0B-EDF2CA595C84}" = CCC Help French

"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService

"{0ABBF310-94E4-4AE8-A6BD-10345A3F6439}" = Google Drive

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup

"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online

"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{25FAEDD1-3733-86F7-55F5-D7AEAF2D93B0}" = CCC Help Danish

"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java 6 Update 37

"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17

"{2746B4DE-A2EE-4B33-A7CE-B33BAD5EF6FE}" = Vz In Home Agent

"{280DF415-F2C2-122F-CC52-AA7EAECF3E14}" = CCC Help Czech

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{31B2D73B-4311-4D95-A131-32FB2194D1CB}" = Microsoft UI Engine

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{39C4C6DE-641B-483F-B875-2AEDF0FB85CA}_is1" = Rampant Logic Postscript Viewer 1.1

"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer

"{450AF1B6-E5F9-4211-AE86-FC25CEC3AB89}" = clickclock

"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support

"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth

"{46D936B9-DE22-983C-341C-968C3E122CF8}" = CCC Help Dutch

"{47416F0B-6589-591E-C6F8-4235D2230B14}" = Catalyst Control Center InstallProxy

"{480C0D1B-C42A-FD87-F404-A54D9B1C619C}" = CCC Help Hungarian

"{481AB4A0-BB71-F2D9-E155-89F0D773FE9E}" = Catalyst Control Center Localization All

"{4869414E-7AEA-4C8E-BE1C-8D40977FD517}" = Adobe Illustrator CS6

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{53447D64-FD9C-B3B9-25B3-47292EE10EBF}" = CCC Help Japanese

"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy CD and DVD Burning

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{58F4D4FD-1814-4068-B316-C28FC776C6DD}" = GoToMyPC

"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack

"{5E21B617-F52E-BB10-92F9-C8AB2C799A8A}" = Adobe Download Assistant

"{612B5D2E-8084-4102-91DE-24281E4EFB2C}" = Roxio Easy CD and DVD Burning

"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer

"{6262B40D-FAA5-5CCF-6DE3-9FAFB6C7DC89}" = Catalyst Control Center Graphics Previews Common

"{63E2EC92-0B96-46A0-B7E9-715D3ECA2546}" = GNS 480 Simulator

"{64997420-9AFE-289E-1B7A-E2C59937D973}" = CCC Help Portuguese

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{68658FCB-01BB-4980-A7C3-6ADB1E4E0C66}" = Browntech Image Plugin 2.02

"{6BBC8D43-AA08-8FCD-EDA6-EED2342A4FF0}" = CCC Help Turkish

"{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager

"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{72E5E3F5-5BE3-BA64-49A6-4FA26EF69721}" = Catalyst Control Center InstallProxy

"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio

"{749FCBB7-D313-CCCA-E2CF-7850A019311F}" = CCC Help Finnish

"{74CC9A1B-4A3D-AEEC-3ED6-71F7B42A5EFE}" = CCC Help Chinese Traditional

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{779D8CA1-03DD-4AD4-B21F-3E20BFE7BEDE}" = SketchUp 8

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide

"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{86D6FFF0-6772-11E1-5F90-00B69E4E6952}" = GraphPad Prism 6 Viewer

"{8BBCF476-7566-9129-F7C0-619087484138}" = CCC Help Norwegian

"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8FF50F43-7BB0-4BF4-C67F-F9BF254AC278}" = CCC Help Spanish

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010

"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010

"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X

"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9DD96558-0E0C-8563-E00D-C970155C5503}" = CCC Help German

"{9F185C48-595B-401A-A1D6-AAB324890DC4}" = GiPo@MoveOnBoot 1.9.5

"{A58E067E-2C66-B40A-AF7A-4A82307E671C}" = CCC Help Thai

"{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AA43D433-3DE8-F2CA-1728-4BA962D9FAE4}" = CCC Help Chinese Standard

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)

"{AC76BA86-7AD7-5760-0000-A00000000003}" = Japanese Fonts Support For Adobe Reader X

"{AD17B1DD-9342-F787-92EC-E93441042A23}" = CCC Help English

"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime

"{AF1D271B-B122-1707-6707-9E29A96082D2}" = CCC Help Polish

"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager

"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader

"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy

"{BCE9F441-9027-4911-82E0-5FB28057897D}" = APC PowerChute Business Edition Agent

"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6

"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9

"{CCD35D5A-7B97-46E0-AB2E-21C59BA253B6}" = Verizon Download Manager

"{CDD450A5-9F2E-1D61-5FEB-DDD30E985D23}" = CCC Help Korean

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D4576E0D-2295-4B8E-B663-B68086B00EE5}" = Sonic CinePlayer DVD Pack

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer

"{E4382E64-1EB5-09D2-5D29-FEBB46A6F340}" = CCC Help Italian

"{E6BF9670-C9E9-461A-9B14-B5ADAC3176CF}" = Cisco AnyConnect VPN Client

"{E7A1B94F-A981-49B2-868F-DFEA471AB17D}" = ArcSoft TotalMedia Extreme

"{E9E8E4CC-8274-3831-7103-10B2AD73588C}" = CCC Help Russian

"{EC8282AB-48DD-91D2-7387-01CD6E100A5D}" = Adobe Photoshop.com Inspiration Browser

"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module

"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core

"{EF0DD8B7-471C-463B-A298-6066C2FABAF5}" = File Viewer Utility 1.2

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F26A0379-5852-CA4C-0BF6-662AC274A3D8}" = CCC Help Swedish

"{F8C87E78-B318-C156-F8B0-427F6D3FC443}" = CCC Help Greek

"{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR

"{FF527B68-2D1D-B15B-0FFC-8BF8487AD194}" = ccc-core-static

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9

"Amazon Kindle" = Amazon Kindle

"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15

"AudibleDownloadManager" = Audible Download Manager

"BestCrypt" = BestCrypt 8.0

"BitTorrent" = BitTorrent

"Carbonite Backup" = Carbonite

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager

"clickclock" = clickclock

"CoffeeCup HTML Editor" = CoffeeCup HTML Editor

"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant

"Dell Dock" = Dell Dock

"DivX Setup" = DivX Setup

"DjVu" = LizardTech DjVu Control (autoinstall)

"DVD Shrink_is1" = DVD Shrink 3.2

"EaseUS Data Recovery Wizard 5.6.5_is1" = EaseUS Data Recovery Wizard 5.6.5

"EaseUS Partition Master Home Edition_is1" = EaseUS Partition Master 9.2.1 Home Edition

"eMule" = eMule

"Google Chrome" = Google Chrome

"GoToAssist" = GoToAssist 8.0.0.514

"GroundSchool - Instrument Rating (IFR)_is1" = GroundSchool - Instrument Rating (IFR)

"Hauppauge HDPVR Scheduler" = Hauppauge HDPVR Scheduler

"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote

"Hauppauge WinTV IR Blaster" = Hauppauge WinTV IR Blaster

"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler

"HxD Hex Editor_is1" = HxD Hex Editor version 1.7.7.0

"InstallShield_{03CDDD00-BD57-4326-9480-4C74449AF597}" = Canon Utilities PhotoStitch 3.1

"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X

"InstallShield_{EF0DD8B7-471C-463B-A298-6066C2FABAF5}" = Canon Utilities File Viewer Utility 1.2

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100

"McAfee Security Scan" = McAfee Security Scan Plus

"MSC" = McAfee SecurityCenter

"No More Cookies" = No More Cookies 1.1

"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010

"PandoraRecovery" = PandoraRecovery (Remove Only)

"Photo Pos Pro" = Photo Pos Pro

"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser

"Picasa 3" = Picasa 3

"RealPlayer 16.0" = RealPlayer

"Search and Recover 3_is1" = iolo technologies' Search and Recover 3

"WinAce Archiver" = WinAce Archiver

"WinLiveSuite" = Windows Live Essentials

"WordZap" = MICA WordZap 7.14.1

"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"9204f5692a8faf3b" = Dell System Detect

"CopyTrans Suite" = CopyTrans Suite Remove Only

"Dropbox" = Dropbox

"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 4/16/2013 11:27:35 AM | Computer Name = Marc-PC | Source = MSSConnectorService | ID = 0

Description = Root element is missing.

Error - 4/16/2013 11:27:35 AM | Computer Name = Marc-PC | Source = MSSConnectorService | ID = 0

Description = Root element is missing.

Error - 4/16/2013 11:27:35 AM | Computer Name = Marc-PC | Source = MSSConnectorService | ID = 0

Description = Root element is missing.

Error - 4/16/2013 11:27:35 AM | Computer Name = Marc-PC | Source = MSSConnectorService | ID = 0

Description = Root element is missing.

Error - 4/16/2013 11:27:35 AM | Computer Name = Marc-PC | Source = MSSConnectorService | ID = 0

Description = Root element is missing.

Error - 4/16/2013 11:27:35 AM | Computer Name = Marc-PC | Source = MSSConnectorService | ID = 0

Description = Root element is missing.

Error - 4/16/2013 11:27:35 AM | Computer Name = Marc-PC | Source = MSSConnectorService | ID = 0

Description = Root element is missing.

Error - 4/16/2013 11:27:35 AM | Computer Name = Marc-PC | Source = MSSConnectorService | ID = 0

Description = Root element is missing.

Error - 4/16/2013 11:27:35 AM | Computer Name = Marc-PC | Source = MSSConnectorService | ID = 0

Description = Root element is missing.

Error - 4/16/2013 11:27:35 AM | Computer Name = Marc-PC | Source = MSSConnectorService | ID = 0

Description = Root element is missing.

[ Cisco AnyConnect VPN Client Events ]

Error - 4/16/2013 12:51:16 PM | Computer Name = Marc-PC | Source = vpnagent | ID = 67108866

Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp

Line:

2484 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647

(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 4/16/2013 12:51:16 PM | Computer Name = Marc-PC | Source = vpnagent | ID = 67108866

Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:

2188 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647

(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 4/16/2013 12:51:16 PM | Computer Name = Marc-PC | Source = vpnagent | ID = 67108866

Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp

Line:

2484 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647

(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 4/16/2013 12:51:16 PM | Computer Name = Marc-PC | Source = vpnagent | ID = 67108866

Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:

2188 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647

(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 4/16/2013 12:51:16 PM | Computer Name = Marc-PC | Source = vpnagent | ID = 67108866

Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp

Line:

7578 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33095647

(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 4/16/2013 12:51:16 PM | Computer Name = Marc-PC | Source = vpnagent | ID = 67108866

Description = Function: CMainThread::genericNoticeHandler File: .\MainThread.cpp Line:

5613 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -33095647

(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 4/16/2013 12:51:16 PM | Computer Name = Marc-PC | Source = vpnagent | ID = 67108866

Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 5353

Invoked

Function: CMainThread::genericNoticeHandler Return Code: -33095647 (0xFE070021) Description:

ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 4/16/2013 12:51:16 PM | Computer Name = Marc-PC | Source = vpnagent | ID = 67108866

Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 5315

Invoked

Function: CMainThread::processNotice Return Code: -33095647 (0xFE070021) Description:

ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 4/16/2013 12:51:16 PM | Computer Name = Marc-PC | Source = vpnagent | ID = 67108866

Description = Function: CMainThread::internalCallbackHandler File: .\MainThread.cpp

Line:

5077 Invoked Function: CMainThread::noticeHandler Return Code: -33095647 (0xFE070021)

Description:

ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 4/16/2013 12:51:16 PM | Computer Name = Marc-PC | Source = vpnagent | ID = 67108866

Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line:

5003 Invoked Function: internalCallbackHandler Return Code: -33095647 (0xFE070021)

Description:

ROUTETABLE_ERROR_GETBESTROUTE_FAILED

[ Dell Events ]

Error - 8/20/2011 1:00:12 AM | Computer Name = Marc-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 8/20/2011 1:00:13 AM | Computer Name = Marc-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 8/25/2011 12:27:26 AM | Computer Name = Marc-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 8/25/2011 12:27:26 AM | Computer Name = Marc-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 9/1/2011 7:36:38 AM | Computer Name = Marc-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 9/1/2011 7:36:38 AM | Computer Name = Marc-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 9/8/2011 9:43:35 PM | Computer Name = Marc-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 9/8/2011 9:43:35 PM | Computer Name = Marc-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 9/13/2011 10:58:14 PM | Computer Name = Marc-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 9/13/2011 10:58:14 PM | Computer Name = Marc-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

[ System Events ]

Error - 4/16/2013 12:19:57 PM | Computer Name = Marc-PC | Source = DCOM | ID = 10000

Description =

Error - 4/16/2013 12:51:27 PM | Computer Name = Marc-PC | Source = DCOM | ID = 10010

Description =

Error - 4/16/2013 12:52:25 PM | Computer Name = Marc-PC | Source = Application Popup | ID = 1060

Description = \SystemRoot\SysWow64\Drivers\FileDisk.SYS has been blocked from loading

due to incompatibility with this system. Please contact your software vendor for

a compatible version of the driver.

Error - 4/16/2013 12:52:25 PM | Computer Name = Marc-PC | Source = Application Popup | ID = 1060

Description = \SystemRoot\SysWow64\Drivers\Cinemsup.SYS has been blocked from loading

due to incompatibility with this system. Please contact your software vendor for

a compatible version of the driver.

Error - 4/16/2013 12:52:38 PM | Computer Name = Marc-PC | Source = Service Control Manager | ID = 7000

Description = The CinemaNow Service service failed to start due to the following

error: %%2

Error - 4/16/2013 12:52:40 PM | Computer Name = Marc-PC | Source = Service Control Manager | ID = 7000

Description = The SessionLauncher service failed to start due to the following error:

%%2

Error - 4/16/2013 12:52:50 PM | Computer Name = Marc-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

archlp Cinemsup FileDisk RxFilter

Error - 4/16/2013 12:53:40 PM | Computer Name = Marc-PC | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the SftService service.

Error - 4/16/2013 12:57:19 PM | Computer Name = Marc-PC | Source = DCOM | ID = 10001

Description =

Error - 4/16/2013 1:00:21 PM | Computer Name = Marc-PC | Source = DCOM | ID = 10000

Description =

< End of report >

[mlamphier]

checkup.txt

Results of screen317's Security Check version 0.99.62

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Windows Firewall Disabled!

McAfee Anti-Virus and Anti-Spyware

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.70.0.1100

Java 6 Update 37

Java 7 Update 17

Adobe Flash Player 10 Flash Player out of Date!

Google Chrome 26.0.1410.43

Google Chrome 26.0.1410.64

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

[Maurice Naggar]

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member Mlamphier only. If you are a casual viewer, do NOT try this on your system!

If you are not Mlamphier and have a similar problem, do NOT post here; start your own topic

• Temporarily disable your antivirus program and close any programs that you started.
  How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  
• Download the attached file MlamOTL.txt and SAVE to your DESKTOP
  
• Start NOTEPAD
  Start NOTEPAD. Check and make sure "word wrap" is off.
  From Notepad main menu bar, Select F (format) and make sure Word Wrap is NOT checked.
  IF it -is- checkmarked, click that one time so that it is un-checked.
  
• Open the MlamOTL.txt that you saved
  
• Copy ALL the lines to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
• Please double-click OTL.exe to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  
• Right click in the window (under the aqua-blue bar) and choose Paste.
  
• Close any browser(s) windows that may be open.
  
• Using your mouse, click on the red-lettered button .
  
• Once you see a message box "Fix complete! Click OK to open the fix log."
  Click the OK button
  
• The log will open in Notepad (your default text editor).
  
• Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes.

In this case, after the reboot,

do an Attach of this OTL log --- navigate to the C:\_OTL\MovedFiles folder, and Attach the newest .log file present back here in your next post.

Edited April 16, 2013 by Maurice Naggar

[mlamphier]

OTL program ran and asked for a re-boot, which I did.

The log file found in C:_OTL/MovedFiles folder is shown below:

**********************************************

========== OTL ==========

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\wneehh deleted successfully.

C:\ProgramData\wneehh.dat moved successfully.

========== FILES ==========

C:\Users\Marc\AppData\Local\Temp\_MEI59962\_elementtree.pyd moved successfully.

C:\Users\Marc\AppData\Local\Temp\_MEI59962\windows._cacheinvalidation.pyd moved successfully.

C:\Users\Marc\AppData\Local\Temp\_MEI59962\wx._gdi_.pyd moved successfully.

C:\Users\Marc\AppData\Local\Temp\_MEI59962\wx._misc_.pyd moved successfully.

C:\Users\Marc\AppData\Local\Temp\_MEI59962\pysqlite2._sqlite.pyd moved successfully.

C:\Users\Marc\AppData\Local\Temp\_MEI59962\pythoncom27.dll moved successfully.

C:\Users\Marc\AppData\Local\Temp\_MEI59962\win32com.shell.shell.pyd moved successfully.

C:\Users\Marc\AppData\Local\Temp\_MEI59962\PyWinTypes27.dll moved successfully.

C:\Users\Marc\AppData\Local\Temp\_MEI59962\win32security.pyd moved successfully.

C:\Users\Marc\AppData\Local\Temp\_MEI59962\win32api.pyd moved successfully.

C:\Users\Marc\AppData\Local\Temp\_MEI59962\_ctypes.pyd moved successfully.

C:\Users\Marc\AppData\Local\Temp\_MEI59962\wx._html2.pyd moved successfully.

C:\Users\Marc\AppData\Local\Temp\_MEI59962\_socket.pyd moved successfully.

C:\Users\Marc\AppData\Local\Temp\_MEI59962\win32ts.pyd moved successfully.

C:\Users\Marc\AppData\Local\Temp\_MEI59962\win32profile.pyd moved successfully.

C:\Users\Marc\AppData\Local\Temp\_MEI59962\win32crypt.pyd moved successfully.

C:\Users\Marc\AppData\Local\Temp\_MEI59962\wx._core_.pyd moved successfully.

C:\Users\Marc\AppData\Local\Temp\_MEI59962\_ssl.pyd moved successfully.

C:\Users\Marc\AppData\Local\Temp\_MEI59962\wx._controls_.pyd moved successfully.

C:\Users\Marc\AppData\Local\Temp\_MEI59962\wx._windows_.pyd moved successfully.

C:\Users\Marc\AppData\Local\Temp\_MEI59962\_hashlib.pyd moved successfully.

C:\Users\Marc\AppData\Local\Temp\_MEI59962\unicodedata.pyd moved successfully.

C:\Users\Marc\AppData\Local\Temp\_MEI59962\pyexpat.pyd moved successfully.

C:\Users\Marc\AppData\Local\Temp\_MEI59962\wx._wizard.pyd moved successfully.

C:\Users\Marc\AppData\Local\Temp\_MEI59962\win32file.pyd moved successfully.

C:\Users\Marc\AppData\Local\Temp\_MEI59962\win32inet.pyd moved successfully.

C:\Users\Marc\AppData\Local\Temp\_MEI59962\win32process.pyd moved successfully.

C:\Users\Marc\AppData\Local\Temp\_MEI59962\win32pdh.pyd moved successfully.

C:\Users\Marc\AppData\Local\Temp\_MEI59962\win32event.pyd moved successfully.

C:\Users\Marc\AppData\Local\Temp\_MEI59962\select.pyd moved successfully.

File\Folder C:\ProgramData\wneehh.dat not found.

C:\Windows\SysWow64\temp.041 moved successfully.

C:\Windows\SysWow64\temp.03B moved successfully.

C:\Windows\SysWow64\temp.040 moved successfully.

C:\Windows\SysWow64\temp.03A moved successfully.

C:\Windows\SysWow64\temp.03E moved successfully.

C:\Windows\SysWow64\temp.038 moved successfully.

C:\Windows\SysWow64\temp.03F moved successfully.

C:\Windows\SysWow64\temp.039 moved successfully.

C:\Windows\SysWow64\temp.03C moved successfully.

C:\Windows\SysWow64\temp.036 moved successfully.

C:\Windows\SysWow64\temp.03D moved successfully.

C:\Windows\SysWow64\temp.037 moved successfully.

C:\Windows\SysWow64\temp.034 moved successfully.

C:\Windows\SysWow64\temp.032 moved successfully.

C:\Windows\SysWow64\temp.035 moved successfully.

C:\Windows\SysWow64\temp.033 moved successfully.

C:\Windows\SysWow64\temp.030 moved successfully.

C:\Windows\SysWow64\temp.031 moved successfully.

C:\Windows\SysWow64\temp.02E moved successfully.

C:\Windows\SysWow64\temp.02C moved successfully.

C:\Windows\SysWow64\temp.02F moved successfully.

C:\Windows\SysWow64\temp.02D moved successfully.

C:\Windows\SysWow64\temp.02B moved successfully.

C:\Windows\SysWow64\temp.02A moved successfully.

C:\Users\Marc\AppData\Local\autorun\Autorun folder moved successfully.

C:\Users\Marc\AppData\Local\autorun folder moved successfully.

C:\Windows\SysWow64\temp.028 moved successfully.

C:\Windows\SysWow64\temp.022 moved successfully.

C:\Windows\SysWow64\temp.01C moved successfully.

C:\Windows\SysWow64\temp.029 moved successfully.

C:\Windows\SysWow64\temp.023 moved successfully.

C:\Windows\SysWow64\temp.01D moved successfully.

C:\Windows\SysWow64\temp.025 moved successfully.

C:\Windows\SysWow64\temp.020 moved successfully.

C:\Windows\SysWow64\temp.01B moved successfully.

C:\Windows\SysWow64\temp.027 moved successfully.

C:\Windows\SysWow64\temp.021 moved successfully.

C:\Windows\SysWow64\temp.01A moved successfully.

C:\Windows\SysWow64\temp.024 moved successfully.

C:\Windows\SysWow64\temp.01F moved successfully.

C:\Windows\SysWow64\temp.018 moved successfully.

C:\Windows\SysWow64\temp.026 moved successfully.

C:\Windows\SysWow64\temp.01E moved successfully.

C:\Windows\SysWow64\temp.019 moved successfully.

C:\Windows\SysWow64\temp.016 moved successfully.

C:\Windows\SysWow64\temp.014 moved successfully.

C:\Windows\SysWow64\temp.017 moved successfully.

C:\Windows\SysWow64\temp.015 moved successfully.

C:\Windows\SysWow64\temp.012 moved successfully.

C:\Windows\SysWow64\temp.013 moved successfully.

C:\Users\Marc\AppData\Roaming\Babylon folder moved successfully.

C:\Users\Marc\AppData\Roaming\BitTorrent folder moved successfully.

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: Default

->Flash cache emptied: 56475 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: Marc

->Flash cache emptied: 1124292 bytes

User: Public

Total Flash Files Cleaned = 1.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Marc

->Java cache emptied: 30128233 bytes

User: Public

Total Java Files Cleaned = 29.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 04162013_154815

[Maurice Naggar]

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member Mlamphier only. If you are a casual viewer, do NOT try this on your system!

If you are not Mlamphier and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what I guide you to do.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop and select "Run as Administrator".

• A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
  When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.
  

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh

Reply & Copy & Paste contents of the C:\Combofix.txt log

Re-enable your antivirus program, if you can. If not, just let me know.

[mlamphier]

This one is tough. Combo fix indicates that McAfee is running, yet the McAfee tray icon is not available, and I cannot access it or Malwarebytes. Task Manager indicates that indeed McAfee and Malwarebytes are running in the background, and I can stop or disable many of the services, but not all. After disabling as many as I can, Combofix still indicates McAfee is running. If I try to remove the programs completely via control panel I get a message saying I do not have sufficient access, even though I am administrator.

MArc

[Maurice Naggar]

No, stop trying to uninstall Mcafee.

If you can, proceed forward with running Combofix.

This attempt to remove programs, is an example of when you needed to Stop, and to relay the facts to me, so I can guide you.

[mlamphier]

Ran Combofix OK. Rebooted computer. Could not restart anti-viral programs (still get "program blocked by group policy" message").

Combofix.txt log is pasted below

**************************************

ComboFix 13-04-15.01 - Marc 04/16/2013 18:36:54.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.6193 [GMT -4:00]

Running from: c:\users\Marc\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Resident AV is active

.

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\F03DAFFE0F.sys

c:\programdata\PCDr\6032\AddOnDownloaded\07287f2e-4f82-4848-8132-7055ef322318.dll

c:\programdata\PCDr\6032\AddOnDownloaded\330761e0-2594-472d-8455-796592cf88dc.dll

c:\programdata\PCDr\6032\AddOnDownloaded\3d9332d1-0b48-40cc-9189-068cf64600b6.dll

c:\programdata\PCDr\6032\AddOnDownloaded\75609d46-7fbb-40a8-a578-eec234c38e9a.dll

c:\programdata\PCDr\6032\AddOnDownloaded\827ed839-f1a1-460d-82db-7790aaf0bceb.dll

c:\programdata\PCDr\6032\AddOnDownloaded\c870b857-9ba2-408a-b058-928ff7135168.dll

c:\programdata\PCDr\6032\AddOnDownloaded\ca39d363-7f7b-442f-9d1a-7cf8e06b7b08.dll

c:\programdata\wneehh.dat

.

.

((((((((((((((((((((((((( Files Created from 2013-03-16 to 2013-04-16 )))))))))))))))))))))))))))))))

.

.

2013-04-16 22:47 . 2013-04-16 22:47 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-04-16 19:48 . 2013-04-16 19:48 -------- d-----w- C:\_OTL

2013-04-16 01:47 . 2013-04-16 01:47 -------- d-----w- c:\users\Marc\AppData\Roaming\GraphPad Software

2013-04-16 01:47 . 2013-04-16 01:47 -------- d-----w- c:\programdata\GraphPad Software

2013-04-16 01:47 . 2013-04-16 01:47 -------- d-----w- c:\program files (x86)\GraphPad

2013-04-10 07:06 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys

2013-04-10 07:06 . 2013-03-02 06:04 1655656 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-10 07:06 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys

2013-04-10 07:06 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-04-10 07:06 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-04-10 07:06 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-04-10 07:06 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll

2013-04-10 07:06 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

2013-04-10 07:06 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe

2013-04-02 00:57 . 2013-04-02 00:57 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-04-01 23:16 . 2006-10-10 20:47 36921 ------w- c:\windows\SysWow64\hcwutl32_priv.dll

2013-04-01 22:49 . 2005-07-16 06:35 245408 ----a-w- c:\windows\SysWow64\unicows.dll

2013-04-01 22:49 . 2007-04-19 13:39 256768 ----a-w- c:\windows\SysWow64\MSLURT.dll

2013-04-01 22:49 . 2006-01-24 14:20 1645320 ----a-w- c:\windows\SysWow64\gdiplus.dll

2013-04-01 22:49 . 2005-05-28 10:58 393216 ----a-w- c:\windows\SysWow64\MSLUP60.dll

2013-04-01 22:48 . 2006-05-08 12:54 244232 ----a-w- c:\windows\SysWow64\MsFlxGrd.ocx

2013-04-01 22:31 . 2012-03-26 11:46 330568 ----a-w- c:\windows\SysWow64\hcwhdpvr.ax

2013-04-01 22:31 . 2012-03-26 11:46 192072 ----a-w- c:\windows\system32\drivers\hcwhdpvr.sys

2013-03-29 07:02 . 2013-03-29 07:02 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-03-29 01:50 . 2013-03-29 01:50 -------- d-----w- c:\users\Marc\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

2013-03-29 01:50 . 2013-03-29 01:50 -------- d-----w- c:\users\Marc\AppData\Roaming\PDAppFlex

2013-03-29 01:28 . 2013-03-29 01:28 -------- d-----w- c:\programdata\ALM

2013-03-29 01:27 . 2013-03-29 01:27 -------- d-----w- c:\program files\Adobe

2013-03-29 01:25 . 2013-03-29 01:28 -------- d-----w- c:\program files\Common Files\Adobe

2013-03-29 00:36 . 2013-03-29 00:36 -------- d-----w- c:\users\Marc\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

2013-03-29 00:36 . 2013-03-29 00:36 -------- d-----w- c:\program files (x86)\Adobe Download Assistant

2013-03-20 20:30 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-04-11 07:02 . 2010-09-13 12:28 72702784 ----a-w- c:\windows\system32\MRT.exe

2013-04-02 00:57 . 2012-08-01 00:46 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2013-04-02 00:57 . 2010-05-06 00:32 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-03-12 21:12 . 2012-04-05 23:09 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-03-12 21:12 . 2011-06-18 15:53 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-19 18:59 . 2013-02-25 06:23 70112 ----a-w- c:\windows\system32\drivers\cfwids.sys

2013-02-19 18:56 . 2012-07-17 19:52 340216 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2013-02-19 18:56 . 2013-02-25 06:18 182752 ----a-w- c:\windows\system32\mfevtps.exe

2013-02-19 18:55 . 2013-02-25 06:23 10728 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2013-02-19 18:55 . 2013-02-25 06:23 106552 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2013-02-19 18:54 . 2012-07-17 19:50 771536 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2013-02-19 18:53 . 2013-02-25 06:23 515968 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2013-02-19 18:53 . 2013-02-25 06:23 309840 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2013-02-19 18:52 . 2012-07-17 19:48 179280 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2013-02-12 05:45 . 2013-03-13 07:50 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45 . 2013-03-13 07:50 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45 . 2013-03-13 07:50 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45 . 2013-03-13 07:50 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48 . 2013-03-13 07:50 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-02-12 04:48 . 2013-03-13 07:50 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-02-08 00:28 . 2013-02-22 09:11 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F24C8625-440F-4246-B0AE-37F8292C4510}\mpengine.dll

2013-01-17 06:28 . 2010-09-06 02:20 273840 ------w- c:\windows\system32\MpSigStub.exe

2010-05-07 06:55 . 2010-02-14 20:35 4411392 ----a-w- c:\program files (x86)\mplayerc.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]

@="{95A27763-F62A-4114-9072-E81D87DE3B68}"

[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]

2012-08-29 18:51 1014344 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]

@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]

2012-08-29 18:51 1014344 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]

@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"

[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]

2012-08-29 18:51 1014344 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ClickClock"="c:\program files (x86)\clickclock\clickclock.exe" [2009-11-23 2388992]

"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-12-17 59872]

"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-03-07 19357112]

"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-12-17 59872]

"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-21 719672]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]

"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]

"BCWipeTM Startup"="c:\program files (x86)\Jetico\BestCrypt\BCWipeTM.exe" [2011-05-20 1271096]

"VERIZONDM"="c:\program files (x86)\VERIZONDM\bin\sprtcmd.exe" [2010-07-20 206120]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]

"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-08-29 1061960]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"TkBellExe"="c:\program files (x86)\real\realplayer\update\realsched.exe" [2012-12-28 295072]

"EaseUS EPM tray"="c:\program files (x86)\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe" [2012-11-29 2086984]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-18 152392]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-01-14 1534504]

"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-01-30 450560]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]

"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]

"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-11-14 559616]

.

c:\users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Marc\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe [2011-3-14 2125472]

AutoStart IR.lnk - c:\program files (x86)\WinTV\Ir.exe [2013-4-1 117344]

BestCrypt Auto Open.lnk - c:\program files (x86)\Jetico\BestCrypt\BestCrypt.exe [2011-2-21 1564472]

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536]

Sonic CinePlayer Quick Launch.lnk - c:\program files (x86)\Common Files\Sonic Shared\CineTray.exe [2004-12-17 110592]

Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2013-2-24 666992]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R1 archlp;archlp;SysWOW64\drivers\archlp.sys [x]

R2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]

R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]

R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2010-07-07 51600]

R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2012-12-21 17480]

R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2012-12-21 9800]

R3 hcwhdpvr;Hauppauge HD PVR Capture Service;c:\windows\system32\DRIVERS\hcwhdpvr.sys [2012-03-26 192072]

R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]

R3 MediaCollectorService;MediaCollectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe [2009-08-11 83968]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2013-02-19 106552]

R3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-08-17 25584]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-07-21 45456]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-05 216064]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-13 1255736]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]

R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]

R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]

R4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-09-03 227232]

S0 bcfnt;bcfnt; [x]

S0 fsh;fsh; [x]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-02-19 340216]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-08-12 55856]

S1 BC_3DES;BC_3DES; [x]

S1 BC_BF128;BC_BF128; [x]

S1 BC_BF448;BC_BF448; [x]

S1 BC_BFish;BC_BFish; [x]

S1 BC_CAST;BC_CAST; [x]

S1 BC_DES;BC_DES; [x]

S1 BC_Gost;BC_Gost; [x]

S1 BC_IDEA;BC_IDEA; [x]

S1 BC_RC6;BC_RC6; [x]

S1 BC_RIJN;BC_RIJN; [x]

S1 BC_SERP;BC_SERP; [x]

S1 BC_TFISH;BC_TFISH; [x]

S1 bcbus;BestCrypt bus driver;c:\windows\system32\DRIVERS\bcbus.sys [2011-03-28 81984]

S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]

S2 APCPBEAgent;APC PBE Agent;c:\progra~2\APC\POWERC~1\agent\pbeagent.exe [2008-12-01 34104]

S2 BCWipeSvc;BCWipe service;c:\program files (x86)\Jetico\BestCrypt\BCWipeSvc.exe [2011-03-28 95544]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe [2009-08-11 20480]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2013-02-19 218760]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-02-19 182752]

S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-30 38608]

S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]

S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe [2010-07-20 206120]

S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe [2010-07-20 185640]

S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-02-11 603896]

S2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [2011-01-10 489840]

S3 ALSysIO;ALSysIO;c:\users\Marc\AppData\Local\Temp\ALSysIO64.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]

S3 BackupReader;BackupReader;c:\windows\system32\DRIVERS\BackupReader.sys [2009-10-07 53096]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-02-19 70112]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-02-19 515968]

S3 mhk;mhk; [x]

S3 moh;moh; [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]

S4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - ALSYSIO

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-04-10 11:03 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-04-16 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 21:12]

.

2013-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-07 01:53]

.

2013-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-07 01:53]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]

@="{95A27763-F62A-4114-9072-E81D87DE3B68}"

[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]

2012-08-29 18:43 1284168 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]

@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]

2012-08-29 18:43 1284168 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]

@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"

[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]

2012-08-29 18:43 1284168 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2013-03-07 20:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-03-07 20:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2013-03-07 20:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2013-03-07 20:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-03 8158240]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-03-21 472992]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 2306448]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: {{334C4A3A-7B0F-4C55-B73F-63B37865E8FA} - c:\program files (x86)\No More Cookies\No More Cookies.exe

Trusted Zone: cinemanow.com

Trusted Zone: dell.com

TCP: DhcpNameServer = 192.168.1.1

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-Organize MP3 Music - c:\program files (x86)\Organize MP3 Music\OrganizeMp3Music.exe

Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

Wow6432Node-HKCU-Run-wneehh - c:\programdata\wneehh.dat

Wow6432Node-HKLM-Run-StartCCC - c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe

Wow6432Node-HKLM-Run-UnlockerAssistant - c:\program files (x86)\Unlocker\UnlockerAssistant.exe

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

Toolbar-Locked - (no file)

AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Marc\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020200}_0]

"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-04-16 18:51:06

ComboFix-quarantined-files.txt 2013-04-16 22:51

.

Pre-Run: 241,624,354,816 bytes free

Post-Run: 248,166,658,048 bytes free

.

- - End Of File - - AF3AAE00762373AE4ED9BA8F56F16D48

[Maurice Naggar]

This is not getting better. It seems that trojans keep on propagating. And I can see several new ones showing from the Combofix log.

You need to start contemplating a wipe/erase & a rebuild from scratch of Windows + all your apps.

What is on this system that you cannot afford to lose?

Do you have a recent system image backup?

Do you have the Windows DVD from when you first bought this system?

Had you made a Windows 7 rescue disc before this ?

For now, let's get a report from outside of the Windows environment. Please read closely all of the following before jumping into it.

You need a new or guaranteed-clean USB flash-thumb drive. Download a tool. save it to USB.

Then plan and execute a boot into a Command prompt.

Ideally, do the download and Save on a clean computer .....which I do hope you have at your house.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
  
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  
• Use the arrow keys to select the Repair your computer menu item.
  
• Select English as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account an click Next.

OR If you have the Windows o.s. DVD, then To enter System Recovery Options, by using Windows installation disc:

• Insert the installation disc.
  
• Restart your computer.
  
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  
• Click Repair your computer.
  
• Select English as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• • 
    
  • Startup Repair
    
  • System Restore
    
  • Windows Complete PC Restore
    
  • Windows Memory Diagnostic Tool
    
  • Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

[mlamphier]

I was thinking the same thing myself. Let me sleep on this. I can do a system re-install and I have almost everything of importance backed up.

thanks, Marc

[Maurice Naggar]

Do let me know of your decision.

A wipe and clean install -is- the safest in the long term, and, is the only way to be sure your system is 100% safe.

That necessarily means following a precise sequence of steps.

[mlamphier]

OK, I am ready to do a re-install of the system. I have a Dell PC, which means the Windows 7 operating system was installed by Dell, I do not have the original Windows 7 disc. However, I have 2 systems restore discs and 1 PC repair disc, which I made several years ago when the computer was new.

If a Windows 7 system install disc is required, Dell will provide a "Re-installation disc" by mail.

I was able to download the Fabar Recovery Scan Tool on a clean (new) USB flash drive.

Thanks for your help,

Marc