I am INFECTED with PTCH64_SIREFEF.A In C:\Windows\system32\services.exe....Please Help!

NuclearGladiator · June 21, 2013

Greetings,

Our Trend Micro Maximum Security was somehow turned off while my wife was on the Internet and we picked up a number of Trojan viruses (listed below). Most of them were immediately found when I turned trend micro back on but there was one that was only detected and not removed. The virus that remained (PTCH64_SIREFEF.A,) was in the C:\Windows\system32\services.exe. Since then the computer has been running very, very sluggish and slow.

Is there any way you all can help? I downloaded Malwarebytes and ran a scan. It indicated 4 issues (please see text below) which were quarantined and fixed. I also downloaded DDS (please refer to the text below).

Please help me get this frustratingly slow computer back up to speed.

Thank you in advance for your assistance.

Viruses Detected/Removed by Trend Micro:

Date/Time,Threat,Source,Affected Files,Response,Detected By,From,To,Subject,Protocol

6/5/2013 5:47 PM,HEU_AEGISCS701,Threat,C:\Users\Jennie\AppData\Local\Temp\BatteryBarSetup-3.5.7.exe,Removed,Real Time Scan,

6/15/2013 9:25 PM,TROJ_SIREFEF.BS,Threat,C:\Windows\Installer\{867291bd-9007-f0e2-4aff-2f6bcc8aa67e}\U\80000032.@,Removed,Real Time Scan,

6/15/2013 9:25 PM,TROJ64_SIREFEF.ATD,Threat,C:\Windows\Installer\{867291bd-9007-f0e2-4aff-2f6bcc8aa67e}\U\80000064.@,Removed,Real Time Scan,

6/15/2013 9:27 PM,PTCH64_SIREFEF.A,Threat,C:\Windows\system32\services.exe,Detected,Real Time Scan,

6/15/2013 9:27 PM,TROJ64_SIREFEF.ATD,Threat,C:\Windows\Installer\{867291bd-9007-f0e2-4aff-2f6bcc8aa67e}\U\00000008.@,Removed,Real Time Scan,

6/15/2013 9:28 PM,TROJ64_SIREFEF.UV,Threat,C:\Windows\Installer\{867291bd-9007-f0e2-4aff-2f6bcc8aa67e}\U\00000004.@,Removed,Real Time Scan,

6/15/2013 9:44 PM,TROJ64_SIREFEF.ATD,Threat,C:\Windows\Installer\{867291bd-9007-f0e2-4aff-2f6bcc8aa67e}\U\80000064.@,Removed,Real Time Scan,

6/15/2013 9:45 PM,TROJ_SIREFEF.BS,Threat,C:\Windows\Installer\{867291bd-9007-f0e2-4aff-2f6bcc8aa67e}\U\80000032.@,Removed,Real Time Scan,

6/15/2013 9:48 PM,TROJ_SIREFEF.UT,Threat,C:\Windows\Installer\{867291bd-9007-f0e2-4aff-2f6bcc8aa67e}\U\000000cb.@,Removed,Real Time Scan,

6/15/2013 9:48 PM,TROJ64_SIREFEF.ATD,Threat,C:\Windows\Installer\{867291bd-9007-f0e2-4aff-2f6bcc8aa67e}\U\00000008.@,Removed,Real Time Scan,

6/15/2013 9:48 PM,TROJ_SIREFEF.AMQ,Threat,C:\Windows\Installer\{867291bd-9007-f0e2-4aff-2f6bcc8aa67e}\U\80000000.@,Removed,Real Time Scan,

6/15/2013 9:48 PM,TROJ64_SIREFEF.UV,Threat,C:\Windows\Installer\{867291bd-9007-f0e2-4aff-2f6bcc8aa67e}\U\00000004.@,Removed,Real Time Scan,

6/15/2013 9:48 PM,TROJ64_SIREFEF.ATD,Threat,C:\Windows\Installer\{867291bd-9007-f0e2-4aff-2f6bcc8aa67e}\U\80000064.@,Removed,Real Time Scan,

6/15/2013 9:48 PM,TROJ_SIREFEF.BS,Threat,C:\Windows\Installer\{867291bd-9007-f0e2-4aff-2f6bcc8aa67e}\U\80000032.@,Removed,Real Time Scan,

Malwarebytes Scan Log Text

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.06.20.10

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16618

Jennie :: JENNIE-LAPTOP [administrator]

6/20/2013 8:39:07 PM

mbam-log-2013-06-20 (20-39-07).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 222618

Time elapsed: 37 minute(s), 6 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 4

C:\$Recycle.Bin\S-1-5-21-3117099601-213443366-1289735000-1001\$R65C6BDD8 (Rootkit.0Access) -> Quarantined and deleted successfully.

C:\$Recycle.Bin\S-1-5-21-3117099601-213443366-1289735000-1001\$R8CC465D5 (Rootkit.0Access) -> Quarantined and deleted successfully.

C:\$Recycle.Bin\S-1-5-21-3117099601-213443366-1289735000-1001\$R8D9Z25.zip (Rootkit.0Access) -> Quarantined and deleted successfully.

C:\$Recycle.Bin\S-1-5-21-3117099601-213443366-1289735000-1001\$R94375201 (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)

DDS.txt Log:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 1.6.0_22

Run by Jennie at 21:34:01 on 2013-06-20

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1983.154 [GMT -4:00]

.

AV: Trend Micro Titanium Maximum Security *Enabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}

SP: Trend Micro Titanium Maximum Security *Enabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\rundll32.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe

C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe

C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe

C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\taskhost.exe

C:\Windows\SysWOW64\bgsvcgen.exe

C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Windows\SysWOW64\java.exe

C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

c:\Progra~2\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe

C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

C:\Windows\system32\svchost.exe -k regsvc

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\DRIVERS\xaudio64.exe

C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\System32\rundll32.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\WUDFHost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Trend Micro\Titanium\Plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\ICO.EXE

C:\Windows\System32\Pelmiced.exe

C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\Jennie\AppData\Local\Programs\Google\MusicManager\MusicManager.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files (x86)\CompanionLink\CompanionLink.exe

C:\Program Files (x86)\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe

C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

mStart Page = about:blank

uURLSearchHooks: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - <orphaned>

mURLSearchHooks: iWin Toolbar: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files (x86)\iWin\tbiWin.dll

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll

BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll

BHO: TSToolbarBHO: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll

BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL

BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1130\7.5.1130\TmBpIe32.dll

BHO: iWin Toolbar: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files (x86)\iWin\tbiWin.dll

BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: iWin Toolbar: {CE0C2586-DA36-452B-ACDB-320D9BCB19BF} - C:\Program Files (x86)\iWin\tbiWin.dll

TB: iWin Toolbar: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files (x86)\iWin\tbiWin.dll

TB: Trend Micro Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

uRun: [TrendSecure Remote File Lock] C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe /lock

uRun: [EPSON Stylus CX7800 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIAFA.EXE /FU "C:\Windows\TEMP\E_S980B.tmp" /EF "HKCU"

uRun: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Google Update] "C:\Users\Jennie\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [MusicManager] "C:\Users\Jennie\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"

uRun: [CompanionLink] "c:\program files (x86)\companionlink\companionlink.exe" -Icon

mRun: [LELA] "C:\Program Files (x86)\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized

mRun: [Adobe Version Cue CS2] "c:\Progra~2\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"

mRun: [Acrobat Assistant 7.0] "C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

StartupFolder: C:\Users\Jennie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CLEARP~1.LNK - C:\Program Files (x86)\ClearPlay\ClearPlay Easy Updates\ClearPlayEasyUpdates.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEA~1.LNK - C:\Windows\Installer\{AC76BA86-1033-F400-7760-1000003D0002}\SC_Acrobat.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

TCP: NameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{1B19A340-02F6-4190-9AF4-90D879836E65} : DHCPNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{1B19A340-02F6-4190-9AF4-90D879836E65}\2456C6B696E6F574F505C65737F5D494D4F4F5632333333344 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{1B19A340-02F6-4190-9AF4-90D879836E65}\4616679637C656F6D27657563747 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{1B19A340-02F6-4190-9AF4-90D879836E65}\E4544574541425 : DHCPNameServer = 192.168.1.1

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp3.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1130\7.5.1130\TmBpIe32.dll

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll

Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll

Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-mStart Page = about:blank

x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg.dll

x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL

x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1130\7.5.1130\TmBpIe64.dll

x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [Mouse Suite 98 Daemon] ICO.EXE

x64-Run: [WLM] "C:\Program Files\Trend Micro\Titanium\Plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe"

x64-Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL ""

x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll

x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll

x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL

x64-Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1130\7.5.1130\TmBpIe64.dll

x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg.dll

x64-Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - <orphaned>

x64-Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Jennie\AppData\Roaming\Mozilla\Firefox\Profiles\yq2i6bne.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll

FF - plugin: C:\Users\Jennie\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll

FF - plugin: C:\Users\Jennie\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll

FF - plugin: C:\Users\Jennie\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll

FF - plugin: C:\Users\Jennie\AppData\Roaming\Mozilla\Firefox\Profiles\yq2i6bne.default\extensions\support@ancestry.com\plugins\npImgCtl.dll

FF - plugin: C:\Users\Jennie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Jennie\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Users\Jennie\AppData\Roaming\Mozilla\plugins\npo1d.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

.

============= SERVICES / DRIVERS ===============

.

R3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824]

R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2007-6-20 292864]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]

.

=============== Created Last 30 ================

.

2013-06-20 21:56:15 -------- d-----w- C:\Users\Jennie\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2013-06-20 17:13:29 -------- d-----w- C:\Users\Jennie\AppData\Local\{21626840-3D50-4D00-B3D7-835ED47E0D45}

2013-06-19 16:59:00 -------- d-----w- C:\Users\Jennie\AppData\Local\{BC459C0B-5FAE-4F56-BBD8-E1F0A3D5A776}

2013-06-19 16:58:27 -------- d-----w- C:\Users\Jennie\AppData\Local\{021AA683-1495-42FA-B896-406E23B9BEFC}

2013-06-18 21:01:53 -------- d-----w- C:\Users\Jennie\AppData\Local\{E20230E7-BA31-4501-A4E5-8C48C7992A82}

2013-06-18 01:27:37 -------- d-----w- C:\Program Files (x86)\Common Files\Adobe Systems Shared

2013-06-17 22:55:17 -------- d-----w- C:\Creative Suite CS2

2013-06-17 19:05:41 16384 ----a-w- C:\Windows\SysWow64\FileOps.exe

2013-06-17 19:05:40 -------- d-----w- C:\Windows\SysWow64\Adobe

2013-06-16 02:25:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-06-16 02:25:07 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-06-16 02:25:06 279040 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll

2013-06-16 02:25:06 218112 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll

2013-06-14 21:38:03 -------- d-----w- C:\Users\Jennie\AppData\Local\{6FEA52B2-2632-4A2F-9247-EC1083699513}

2013-06-12 15:25:06 751104 ----a-w- C:\Windows\System32\win32spl.dll

2013-06-12 15:25:06 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll

2013-06-12 15:25:05 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-06-12 15:23:35 1887232 ----a-w- C:\Windows\System32\d3d11.dll

2013-06-12 15:23:34 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll

2013-06-09 02:34:18 -------- d-----w- C:\Program Files (x86)\Cricut-Craft Room

2013-06-09 00:22:39 -------- d-----w- C:\Program Files (x86)\CompanionLink

2013-06-08 19:06:00 812240 ----a-w- C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe

2013-06-08 19:01:23 -------- d-----w- C:\ProgramData\regid.1991-06.com.microsoft

2013-06-08 18:55:08 -------- d-----w- C:\Program Files\Microsoft Office 15

2013-06-05 21:50:15 234544 ----a-w- C:\Windows\RegBootClean64.exe

2013-05-30 01:11:34 262552 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll

.

==================== Find3M ====================

.

2013-06-11 21:07:33 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-06-11 21:07:33 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-06-11 21:07:15 17617288 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2013-05-17 01:25:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-05-17 00:59:03 2241024 ----a-w- C:\Windows\System32\wininet.dll

2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll

2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll

2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll

2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe

2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe

2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll

2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll

2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll

2013-04-23 12:42:26 829264 ----a-w- C:\Windows\System32\msvcr100.dll

2013-04-23 12:42:26 608080 ----a-w- C:\Windows\System32\msvcp100.dll

2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll

2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-04-04 18:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-03-25 16:11:05 1054720 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe

2013-03-25 16:11:02 185344 ----a-w- C:\Windows\SysWow64\elshyph.dll

2013-03-25 16:11:01 226304 ----a-w- C:\Windows\System32\elshyph.dll

2013-03-25 16:11:01 158720 ----a-w- C:\Windows\SysWow64\msls31.dll

.

============= FINISH: 21:42:00.92 ===============

Attach.text Log

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 12/29/2009 11:26:18 AM

System Uptime: 6/20/2013 9:21:29 PM (0 hours ago)

.

Motherboard: Quanta | | 30D1

Processor: AMD Turion 64 X2 Mobile Technology TL-58 | Socket S1 | 798/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 233 GiB total, 107.913 GiB free.

D: is FIXED (NTFS) - 141 GiB total, 140.537 GiB free.

E: is FIXED (NTFS) - 8 GiB total, 1.786 GiB free.

F: is CDROM ()

G: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

==== Installed Programs ======================

.

7-Zip 4.60 beta

AAC Decoder

Acrobat.com

Adobe Acrobat 3D

Adobe Acrobat 3D - English, Français, Deutsch

Adobe AIR

Adobe Bridge 1.0

Adobe Common File Installer

Adobe Creative Suite 2

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe GoLive CS2

Adobe GoLive CS2 English

Adobe Help Center 1.0

Adobe Illustrator CS2

Adobe InCopy CS2

Adobe InDesign CS2

Adobe Photoshop CS2

Adobe Reader X (10.1.7)

Adobe Stock Photos 1.0

Adobe SVG Viewer 3.0

Adobe Version Cue CS2

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AutoUpdate

AVANT-GARDE COLLECTION DVD

BatteryBar (remove only)

Capture NX 2

ClearPlay Easy Updates

CompanionLink

Conexant HD Audio

Coupon Printer for Windows

Cricut Craft Room®

Cricut DesignStudio

D3DX10

Defraggler

Disc two

DivX Codec

DivX Converter

DivX Player

DivX Plus DirectShow Filters

DivX Plus Media Foundation Components

DivX Plus Web Player

DivX Version Checker

EasyBCD 2.0

EPSON NX510 Series Printer Uninstall

EPSON Printer Software

EPSON Scan

EpsonNet Print

EpsonNet Setup

EXPRESS BOOSTER PACK 1

Facebook Plug-In

File Uploader

Google Chrome

Google Talk Plugin

Google Update Helper

H.264 Decoder

HDAUDIO Soft Data Fax Modem with SmartCP

HP Games

HP Quick Launch Buttons

Inkscape 0.48.2

Inner Quest

iTunes

iWin Toolbar

Java Auto Updater

Java 6 Update 22

Java 6 Update 3

Junk Mail filter update

Kobo

LeapFrog Connect

LeapFrog My Pals Plugin

Linksys EasyLink Advisor

Malwarebytes Anti-Malware version 1.75.0.1300

MDS DWNLDA - STAMP BRUSH SET - MEDALLION

MDS DWNLDA EAT CHOCOLATE STAMP BRUSH SET

MDS DWNLDA FOR YOU FLOWER STAMP BRUSH SET

MDS DWNLDA FREE LABEL THIS DESIGNER TEMPLATE

MDS DWNLDA MINI PROJECT BOXES

MDS DWNLDA SAIL AWAY STAMP BRUSH SET

MDS DWNLDA STAMPBRUSH SET FRIEND BY DEFINITION

MDS DWNLDA TEENY TINY WISHES STAMP BRUSH SET

MDS DWNLDA THE OPEN SEA STAMP BRUSH SET 2

MDS DWNLDA WORD PLAY STAMP BRUSH SET 2

MDS DWNLDF FRUIT AND FLOWERS DESIGNER CARD TEMPLATE

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB953297)

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office Live Add-in 1.5

Microsoft Office Professional Plus 2013 - en-us

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visio Professional 2013 - en-us

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Web Publishing Wizard 1.52

MKV Splitter

Move Media Player

Mozilla Firefox 21.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Music Manager

My Digital Studio 2.3

My HP Games

Nikon Message Center

Nikon Message Center 2

Nikon Transfer

NOOK for PC

NVIDIA Drivers

OCTOBER DECEMBER WHENEVER COLLECTION DVD

Office 15 Click-to-Run Extensibility Component

Office 15 Click-to-Run Licensing Component

Office 15 Click-to-Run Localization Component

Picture Control Utility

PictureProject In Touch Downloader 1.0

Pure Networks Platform

QLBCASL

Quicken 2009

Quicken Home Inventory Manager

Quicken WillMaker Plus 2009

QuickTime

Recuva

Rocketfish Nano Laptop Laser Mouse

Roxio Activation Module

Roxio Creator Audio

Roxio Creator Basic v9

Roxio Creator Copy

Roxio Creator Data

Roxio Creator EasyArchive

Roxio Creator Tools

Roxio Express Labeler 3

Roxio MyDVD Basic v9

SCAL Lib It Up 2.000

SCRABBLE PLUS

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Shutterfly Express Uploader

Skype™ 5.10

Speccy

Sprint music manager

Suite Specific

Sure Cuts A Lot 2.043

SWEET RETREAT COLLECTION DVD

Trend Micro Titanium

Trend Micro Titanium Maximum Security

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update Installer for WildTangent Games App

Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)

VC80CRTRedist - 8.0.50727.4053

VideoCam Suite

VideoCam Suite 1.0

ViewNX

WildTangent Games App (HP Games)

Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)

Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Mobile Device Center

Windows Mobile Device Center Driver Update

XviD v1.2.0 CVS

.

==== End Of File ===========================

D-FRED-BROWN · June 21, 2013

Hello NuclearGladiator and welcome to Malwarebytes!

I am D-FRED-BROWN and I will be helping you.

Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.

----------Step 1----------------

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.
If TDSSKiller does not run, try renaming it.
To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
Click the Start Scan button.
Do not use the computer during the scan
If the scan completes with nothing found, click Close to exit.
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
Copy and paste the contents of that file in your next reply.

----------Step 2----------------

Please download Malwarebytes Anti-Rootkit from HERE

Unzip the contents to a folder in a convenient location.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

----------Step 3----------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

----------Step 4----------------

Please download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 5----------------

In your next reply, please include the following:

TDSSKiller's logfile
MBAR mbar-log.txt and system-log.txt
ComboFix's report (C:\ComboFix.txt)
Security Check checkup.txt

After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"

-------> Your topic will be closed if you haven't replied within 3 days! <--------

(If I don't respond within 24 hours, please send me a PM)

-DFB

NuclearGladiator · June 21, 2013

D-FRED-BROWN,

Thank you so much for your help. I'm in the process of downloading and running your steps. I'll report back and post the info once I get it all done.

D-FRED-BROWN · June 21, 2013

No problem. Keep me posted.

NuclearGladiator · June 21, 2013

Sorry for the delay. The requested scans went into the early morning hours. Here is the info from the requested log files. Thanks for your help. Part 1

TDSSKiller's logfile

23:39:09.0178 5044 TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19

23:39:09.0885 5044 ============================================================

23:39:09.0885 5044 Current date / time: 2013/06/20 23:39:09.0885

23:39:09.0885 5044 SystemInfo:

23:39:09.0885 5044

23:39:09.0886 5044 OS Version: 6.1.7601 ServicePack: 1.0

23:39:09.0886 5044 Product type: Workstation

23:39:09.0886 5044 ComputerName: JENNIE-LAPTOP

23:39:09.0887 5044 UserName: Jennie

23:39:09.0887 5044 Windows directory: C:\Windows

23:39:09.0887 5044 System windows directory: C:\Windows

23:39:09.0887 5044 Running under WOW64

23:39:09.0887 5044 Processor architecture: Intel x64

23:39:09.0887 5044 Number of processors: 2

23:39:09.0887 5044 Page size: 0x1000

23:39:09.0887 5044 Boot type: Normal boot

23:39:09.0887 5044 ============================================================

23:39:14.0728 5044 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

23:39:16.0591 5044 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

23:39:16.0849 5044 ============================================================

23:39:16.0849 5044 \Device\Harddisk0\DR0:

23:39:16.0849 5044 MBR partitions:

23:39:16.0850 5044 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4800

23:39:16.0850 5044 \Device\Harddisk1\DR1:

23:39:16.0858 5044 MBR partitions:

23:39:16.0858 5044 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x119462B8

23:39:16.0858 5044 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x119462F7, BlocksNum 0x10D27CA

23:39:16.0858 5044 ============================================================

23:39:16.0898 5044 C: <-> \Device\Harddisk0\DR0\Partition1

23:39:16.0925 5044 D: <-> \Device\Harddisk1\DR1\Partition1

23:39:16.0984 5044 E: <-> \Device\Harddisk1\DR1\Partition2

23:39:16.0985 5044 ============================================================

23:39:16.0986 5044 Initialize success

23:39:16.0986 5044 ============================================================

23:39:40.0824 4524 ============================================================

23:39:40.0824 4524 Scan started

23:39:40.0824 4524 Mode: Manual;

23:39:40.0824 4524 ============================================================

23:39:44.0715 4524 ================ Scan system memory ========================

23:39:44.0715 4524 System memory - ok

23:39:44.0717 4524 ================ Scan services =============================

23:39:44.0963 4524 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

23:39:45.0126 4524 1394ohci - ok

23:39:45.0295 4524 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

23:39:46.0334 4524 ACDaemon - ok

23:39:46.0418 4524 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

23:39:46.0594 4524 ACPI - ok

23:39:46.0675 4524 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

23:39:46.0798 4524 AcpiPmi - ok

23:39:46.0885 4524 [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

23:39:47.0913 4524 Adobe LM Service - ok

23:39:48.0077 4524 [ 41D15EAD554396BF35B7C5246AD47A28 ] Adobe Version Cue CS2 c:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe

23:39:48.0297 4524 Adobe Version Cue CS2 - ok

23:39:48.0447 4524 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

23:39:48.0587 4524 AdobeARMservice - ok

23:39:48.0770 4524 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

23:39:48.0794 4524 AdobeFlashPlayerUpdateSvc - ok

23:39:48.0873 4524 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

23:39:49.0064 4524 adp94xx - ok

23:39:49.0101 4524 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

23:39:49.0248 4524 adpahci - ok

23:39:49.0299 4524 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

23:39:49.0448 4524 adpu320 - ok

23:39:49.0519 4524 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

23:39:49.0525 4524 AeLookupSvc - ok

23:39:49.0612 4524 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

23:39:49.0804 4524 AFD - ok

23:39:49.0865 4524 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

23:39:49.0999 4524 agp440 - ok

23:39:50.0069 4524 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

23:39:50.0188 4524 ALG - ok

23:39:50.0233 4524 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

23:39:50.0298 4524 aliide - ok

23:39:50.0335 4524 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

23:39:50.0435 4524 amdide - ok

23:39:50.0497 4524 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

23:39:50.0614 4524 AmdK8 - ok

23:39:50.0653 4524 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

23:39:50.0756 4524 AmdPPM - ok

23:39:50.0857 4524 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

23:39:50.0978 4524 amdsata - ok

23:39:51.0038 4524 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

23:39:51.0175 4524 amdsbs - ok

23:39:51.0218 4524 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

23:39:51.0317 4524 amdxata - ok

23:39:51.0534 4524 [ 1E7B61301E75B734BC2D60DB0E15183B ] Amsp C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

23:39:51.0717 4524 Amsp - ok

23:39:51.0779 4524 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys

23:39:51.0903 4524 androidusb - ok

23:39:51.0961 4524 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

23:39:52.0052 4524 AppID - ok

23:39:52.0095 4524 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

23:39:52.0189 4524 AppIDSvc - ok

23:39:52.0239 4524 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll

23:39:52.0355 4524 Appinfo - ok

23:39:52.0463 4524 [ 018857EAD9A077A56AEDFC0E5EF7A24A ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

23:39:52.0587 4524 Apple Mobile Device - ok

23:39:52.0654 4524 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

23:39:52.0765 4524 arc - ok

23:39:52.0809 4524 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

23:39:52.0930 4524 arcsas - ok

23:39:53.0009 4524 aspnet_state - ok

23:39:53.0062 4524 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

23:39:53.0167 4524 AsyncMac - ok

23:39:53.0215 4524 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

23:39:53.0218 4524 atapi - ok

23:39:53.0302 4524 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

23:39:53.0463 4524 AudioEndpointBuilder - ok

23:39:53.0532 4524 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

23:39:53.0548 4524 AudioSrv - ok

23:39:53.0655 4524 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

23:39:53.0763 4524 AxInstSV - ok

23:39:53.0831 4524 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

23:39:54.0004 4524 b06bdrv - ok

23:39:54.0071 4524 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

23:39:54.0223 4524 b57nd60a - ok

23:39:54.0392 4524 [ FB4FDA64F2E8552EAEB5986C3F34462C ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys

23:39:54.0697 4524 BCM43XX - ok

23:39:54.0751 4524 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

23:39:54.0837 4524 BDESVC - ok

23:39:54.0909 4524 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

23:39:54.0974 4524 Beep - ok

23:39:55.0073 4524 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

23:39:55.0226 4524 BFE - ok

23:39:55.0299 4524 [ ACC9C8C560C567FAD6F79C977AB2EA09 ] bgsvcgen C:\Windows\SysWOW64\bgsvcgen.exe

23:39:55.0487 4524 bgsvcgen - ok

23:39:55.0563 4524 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll

23:39:55.0742 4524 BITS - ok

23:39:55.0777 4524 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

23:39:55.0909 4524 blbdrive - ok

23:39:55.0966 4524 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

23:39:56.0096 4524 bowser - ok

23:39:56.0148 4524 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

23:39:56.0253 4524 BrFiltLo - ok

23:39:56.0294 4524 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

23:39:56.0371 4524 BrFiltUp - ok

23:39:56.0447 4524 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

23:39:56.0565 4524 BridgeMP - ok

23:39:56.0614 4524 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

23:39:56.0736 4524 Browser - ok

23:39:56.0793 4524 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

23:39:56.0955 4524 Brserid - ok

23:39:56.0993 4524 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

23:39:57.0113 4524 BrSerWdm - ok

23:39:57.0147 4524 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

23:39:57.0236 4524 BrUsbMdm - ok

23:39:57.0267 4524 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

23:39:57.0335 4524 BrUsbSer - ok

23:39:57.0414 4524 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys

23:39:57.0543 4524 BthEnum - ok

23:39:57.0592 4524 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

23:39:57.0688 4524 BTHMODEM - ok

23:39:57.0731 4524 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys

23:39:57.0844 4524 BthPan - ok

23:39:57.0902 4524 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys

23:39:58.0050 4524 BTHPORT - ok

23:39:58.0110 4524 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

23:39:58.0221 4524 bthserv - ok

23:39:58.0276 4524 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys

23:39:58.0412 4524 BTHUSB - ok

23:39:58.0478 4524 [ 2641A3FE3D7B0646308F33B67F3B5300 ] btusbflt C:\Windows\system32\drivers\btusbflt.sys

23:39:58.0601 4524 btusbflt - ok

23:39:58.0616 4524 catchme - ok

23:39:58.0691 4524 [ E387475E1E8947E82ABFE91556CF4E1E ] CAXHWAZL C:\Windows\system32\DRIVERS\CAXHWAZL.sys

23:39:58.0834 4524 CAXHWAZL - ok

23:39:58.0877 4524 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

23:39:58.0992 4524 cdfs - ok

23:39:59.0064 4524 [ 9EDD76D0800A022AE10B9243D0224E72 ] cdrbsdrv C:\Windows\system32\drivers\cdrbsdrv.sys

23:39:59.0180 4524 cdrbsdrv - ok

23:39:59.0251 4524 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys

23:39:59.0383 4524 cdrom - ok

23:39:59.0464 4524 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

23:39:59.0584 4524 CertPropSvc - ok

23:39:59.0643 4524 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

23:39:59.0742 4524 circlass - ok

23:39:59.0802 4524 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

23:39:59.0963 4524 CLFS - ok

23:40:00.0012 4524 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

23:40:00.0138 4524 clr_optimization_v2.0.50727_32 - ok

23:40:00.0209 4524 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

23:40:00.0349 4524 clr_optimization_v2.0.50727_64 - ok

23:40:00.0462 4524 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

23:40:00.0637 4524 clr_optimization_v4.0.30319_32 - ok

23:40:00.0695 4524 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

23:40:00.0819 4524 clr_optimization_v4.0.30319_64 - ok

23:40:00.0880 4524 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

23:40:00.0985 4524 CmBatt - ok

23:40:01.0039 4524 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

23:40:01.0106 4524 cmdide - ok

23:40:01.0178 4524 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys

23:40:01.0336 4524 CNG - ok

23:40:01.0414 4524 [ 5A220D86C6E0DD92EA0EA157ED3CA267 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys

23:40:01.0580 4524 CnxtHdAudService - ok

23:40:01.0695 4524 [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

23:40:01.0874 4524 Com4QLBEx - ok

23:40:01.0980 4524 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

23:40:02.0100 4524 Compbatt - ok

23:40:02.0172 4524 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

23:40:02.0272 4524 CompositeBus - ok

23:40:02.0308 4524 COMSysApp - ok

23:40:02.0437 4524 cpuz132 - ok

23:40:02.0481 4524 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

23:40:02.0574 4524 crcdisk - ok

23:40:02.0649 4524 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\Windows\system32\cryptsvc.dll

23:40:02.0773 4524 CryptSvc - ok

23:40:02.0854 4524 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

23:40:02.0881 4524 DcomLaunch - ok

23:40:02.0986 4524 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

23:40:03.0117 4524 defragsvc - ok

23:40:03.0176 4524 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

23:40:03.0289 4524 DfsC - ok

23:40:03.0355 4524 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

23:40:03.0505 4524 Dhcp - ok

23:40:03.0567 4524 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

23:40:03.0668 4524 discache - ok

23:40:03.0735 4524 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

23:40:03.0835 4524 Disk - ok

23:40:03.0885 4524 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

23:40:04.0022 4524 Dnscache - ok

23:40:04.0096 4524 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

23:40:04.0240 4524 dot3svc - ok

23:40:04.0304 4524 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

23:40:04.0437 4524 DPS - ok

23:40:04.0487 4524 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

23:40:04.0578 4524 drmkaud - ok

23:40:04.0688 4524 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

23:40:04.0859 4524 DXGKrnl - ok

23:40:04.0954 4524 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

23:40:05.0063 4524 EapHost - ok

23:40:05.0236 4524 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

23:40:05.0532 4524 ebdrv - ok

23:40:05.0585 4524 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

23:40:05.0702 4524 EFS - ok

23:40:05.0806 4524 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

23:40:05.0967 4524 ehRecvr - ok

23:40:06.0070 4524 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

23:40:06.0185 4524 ehSched - ok

23:40:06.0277 4524 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

23:40:06.0451 4524 elxstor - ok

23:40:06.0575 4524 [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe

23:40:07.0460 4524 EpsonBidirectionalService - ok

23:40:07.0613 4524 [ 1E345F2A2D95DA3190596E691CDE9342 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE

23:40:07.0736 4524 EPSON_PM_RPCV4_01 - ok

23:40:07.0790 4524 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

23:40:07.0868 4524 ErrDev - ok

23:40:07.0971 4524 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

23:40:08.0119 4524 EventSystem - ok

23:40:08.0171 4524 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

23:40:08.0311 4524 exfat - ok

23:40:08.0356 4524 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

23:40:08.0510 4524 fastfat - ok

23:40:08.0591 4524 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

23:40:08.0775 4524 Fax - ok

23:40:08.0822 4524 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

23:40:08.0934 4524 fdc - ok

23:40:08.0981 4524 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

23:40:09.0044 4524 fdPHost - ok

23:40:09.0074 4524 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

23:40:09.0150 4524 FDResPub - ok

23:40:09.0182 4524 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

23:40:09.0293 4524 FileInfo - ok

23:40:09.0343 4524 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

23:40:09.0460 4524 Filetrace - ok

23:40:09.0504 4524 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

23:40:09.0611 4524 flpydisk - ok

23:40:09.0684 4524 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

23:40:09.0834 4524 FltMgr - ok

23:40:09.0918 4524 [ 6CD6BB45BD3E0EEF6CE496BF52854FF1 ] FlyUsb C:\Windows\system32\DRIVERS\FlyUsb.sys

23:40:10.0020 4524 FlyUsb - ok

23:40:10.0112 4524 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll

23:40:10.0273 4524 FontCache - ok

23:40:10.0344 4524 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

23:40:10.0468 4524 FontCache3.0.0.0 - ok

23:40:10.0516 4524 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

23:40:10.0617 4524 FsDepends - ok

23:40:10.0684 4524 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys

23:40:10.0784 4524 fssfltr - ok

23:40:10.0950 4524 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

23:40:11.0341 4524 fsssvc - ok

23:40:11.0431 4524 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

23:40:11.0522 4524 Fs_Rec - ok

23:40:11.0591 4524 [ ED07200CFF78FACFB66EBB0B89F503A4 ] FTDIBUS C:\Windows\system32\drivers\ftdibus.sys

23:40:11.0677 4524 FTDIBUS - ok

23:40:11.0729 4524 [ 9980E7584484A009E77E9BFA14C0C18A ] FTSER2K C:\Windows\system32\drivers\ftser2k.sys

23:40:11.0843 4524 FTSER2K - ok

23:40:11.0905 4524 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

23:40:12.0058 4524 fvevol - ok

23:40:12.0117 4524 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

23:40:12.0211 4524 gagp30kx - ok

23:40:12.0320 4524 [ D154305DE6090E6E84E525F84BB08A06 ] GameConsoleService C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe

23:40:12.0568 4524 GameConsoleService - ok

23:40:12.0692 4524 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

23:40:12.0832 4524 GamesAppService - ok

23:40:12.0904 4524 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

23:40:12.0999 4524 GEARAspiWDM - ok

23:40:13.0074 4524 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

23:40:13.0207 4524 gpsvc - ok

23:40:13.0344 4524 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1ca8903cefa7c70 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

23:40:13.0350 4524 gupdate1ca8903cefa7c70 - ok

23:40:13.0400 4524 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

23:40:13.0407 4524 gupdatem - ok

23:40:13.0472 4524 [ 93C3C66D38B0BC08A04F0B28055BC9AC ] HBtnKey C:\Windows\system32\DRIVERS\cpqbttn.sys

23:40:13.0608 4524 HBtnKey - ok

23:40:13.0643 4524 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

23:40:13.0751 4524 hcw85cir - ok

23:40:13.0805 4524 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

23:40:13.0984 4524 HdAudAddService - ok

23:40:14.0034 4524 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

23:40:14.0166 4524 HDAudBus - ok

23:40:14.0220 4524 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

23:40:14.0307 4524 HidBatt - ok

23:40:14.0339 4524 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

23:40:14.0454 4524 HidBth - ok

23:40:14.0494 4524 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

23:40:14.0595 4524 HidIr - ok

23:40:14.0660 4524 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll

23:40:14.0755 4524 hidserv - ok

23:40:14.0823 4524 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys

23:40:14.0923 4524 HidUsb - ok

23:40:14.0981 4524 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

23:40:15.0097 4524 hkmsvc - ok

23:40:15.0152 4524 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

23:40:15.0313 4524 HomeGroupListener - ok

23:40:15.0374 4524 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

23:40:15.0511 4524 HomeGroupProvider - ok

23:40:15.0577 4524 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys

23:40:15.0644 4524 HpqKbFiltr - ok

23:40:15.0758 4524 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

23:40:15.0954 4524 hpqwmiex - ok

23:40:16.0007 4524 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

23:40:16.0094 4524 HpSAMD - ok

23:40:16.0203 4524 [ 1E260B33F6555146A0B826F047238C00 ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys

23:40:16.0424 4524 HSF_DPV - ok

23:40:16.0553 4524 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

23:40:16.0704 4524 HTTP - ok

23:40:16.0766 4524 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

23:40:16.0848 4524 hwpolicy - ok

23:40:16.0905 4524 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

23:40:17.0021 4524 i8042prt - ok

23:40:17.0100 4524 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

23:40:17.0261 4524 iaStorV - ok

23:40:17.0381 4524 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

23:40:18.0115 4524 IDriverT - ok

23:40:18.0214 4524 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

23:40:18.0383 4524 idsvc - ok

23:40:18.0435 4524 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

23:40:18.0517 4524 iirsp - ok

23:40:18.0611 4524 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

23:40:18.0774 4524 IKEEXT - ok

23:40:18.0856 4524 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

23:40:18.0938 4524 intelide - ok

23:40:18.0983 4524 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

23:40:19.0101 4524 intelppm - ok

23:40:19.0163 4524 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

23:40:19.0249 4524 IPBusEnum - ok

23:40:19.0304 4524 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

23:40:19.0413 4524 IpFilterDriver - ok

23:40:19.0473 4524 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

23:40:19.0601 4524 iphlpsvc - ok

23:40:19.0661 4524 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

23:40:19.0779 4524 IPMIDRV - ok

23:40:19.0822 4524 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

23:40:19.0925 4524 IPNAT - ok

23:40:20.0051 4524 [ 9B812A3484D89EB934982D67FB7D9313 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

23:40:20.0227 4524 iPod Service - ok

23:40:20.0281 4524 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

23:40:20.0381 4524 IRENUM - ok

23:40:20.0436 4524 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

23:40:20.0539 4524 isapnp - ok

23:40:20.0602 4524 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

23:40:20.0747 4524 iScsiPrt - ok

23:40:20.0804 4524 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

23:40:20.0918 4524 kbdclass - ok

23:40:20.0970 4524 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

23:40:21.0067 4524 kbdhid - ok

23:40:21.0107 4524 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

23:40:21.0113 4524 KeyIso - ok

23:40:21.0187 4524 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

23:40:21.0289 4524 KSecDD - ok

23:40:21.0343 4524 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

23:40:21.0442 4524 KSecPkg - ok

23:40:21.0512 4524 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

23:40:21.0619 4524 ksthunk - ok

23:40:21.0690 4524 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

23:40:21.0822 4524 KtmRm - ok

23:40:21.0900 4524 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll

23:40:22.0035 4524 LanmanServer - ok

23:40:22.0089 4524 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

23:40:22.0198 4524 LanmanWorkstation - ok

23:40:22.0645 4524 [ 32F1B95C60042F3D95FC8AB43559B3B1 ] LeapFrog Connect Device Service C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

23:40:23.0667 4524 LeapFrog Connect Device Service - ok

23:40:23.0780 4524 [ ACEC35F181075B20A5EF4A71958B13DF ] libusb0 C:\Windows\system32\drivers\libusb0.sys

23:40:23.0879 4524 libusb0 - ok

23:40:23.0943 4524 [ 06DC2FDC6282F0D68910417B1150C848 ] LinksysUpdater C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe

23:40:24.0151 4524 LinksysUpdater - ok

23:40:24.0221 4524 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

23:40:24.0326 4524 lltdio - ok

23:40:24.0382 4524 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

23:40:24.0515 4524 lltdsvc - ok

23:40:24.0550 4524 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

23:40:24.0638 4524 lmhosts - ok

23:40:24.0699 4524 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

23:40:24.0824 4524 LSI_FC - ok

23:40:24.0895 4524 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

23:40:25.0019 4524 LSI_SAS - ok

23:40:25.0070 4524 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

23:40:25.0156 4524 LSI_SAS2 - ok

23:40:25.0199 4524 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

23:40:25.0290 4524 LSI_SCSI - ok

23:40:25.0359 4524 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

23:40:25.0471 4524 luafv - ok

23:40:25.0534 4524 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

23:40:25.0625 4524 MBAMProtector - ok

23:40:25.0732 4524 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

23:40:26.0040 4524 MBAMScheduler - ok

23:40:26.0103 4524 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

23:40:26.0277 4524 MBAMService - ok

23:40:26.0325 4524 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

23:40:26.0430 4524 Mcx2Svc - ok

23:40:26.0534 4524 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

23:40:26.0724 4524 MDM - ok

23:40:26.0757 4524 [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys

23:40:26.0873 4524 mdmxsdk - ok

23:40:26.0922 4524 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

23:40:27.0017 4524 megasas - ok

23:40:27.0067 4524 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

23:40:27.0192 4524 MegaSR - ok

23:40:27.0262 4524 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

23:40:27.0269 4524 MMCSS - ok

23:40:27.0315 4524 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

23:40:27.0420 4524 Modem - ok

23:40:27.0459 4524 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

23:40:27.0535 4524 monitor - ok

23:40:27.0593 4524 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys

23:40:27.0698 4524 mouclass - ok

23:40:27.0744 4524 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

23:40:27.0865 4524 mouhid - ok

23:40:27.0922 4524 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

23:40:28.0030 4524 mountmgr - ok

23:40:28.0133 4524 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

23:40:28.0265 4524 MozillaMaintenance - ok

23:40:28.0332 4524 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

23:40:28.0465 4524 mpio - ok

23:40:28.0510 4524 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

23:40:28.0641 4524 mpsdrv - ok

23:40:28.0723 4524 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

23:40:28.0857 4524 MpsSvc - ok

23:40:28.0916 4524 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

23:40:29.0060 4524 MRxDAV - ok

23:40:29.0120 4524 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

23:40:29.0250 4524 mrxsmb - ok

23:40:29.0315 4524 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

23:40:29.0456 4524 mrxsmb10 - ok

23:40:29.0496 4524 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

23:40:29.0610 4524 mrxsmb20 - ok

23:40:29.0655 4524 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

23:40:29.0730 4524 msahci - ok

23:40:29.0788 4524 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

23:40:29.0892 4524 msdsm - ok

23:40:29.0936 4524 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

23:40:30.0073 4524 MSDTC - ok

23:40:30.0153 4524 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

23:40:30.0238 4524 Msfs - ok

23:40:30.0287 4524 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

23:40:30.0343 4524 mshidkmdf - ok

23:40:30.0384 4524 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

23:40:30.0448 4524 msisadrv - ok

23:40:30.0505 4524 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

23:40:30.0622 4524 MSiSCSI - ok

23:40:30.0646 4524 msiserver - ok

23:40:30.0711 4524 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

23:40:30.0789 4524 MSKSSRV - ok

23:40:30.0848 4524 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

23:40:30.0897 4524 MSPCLOCK - ok

23:40:30.0924 4524 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

23:40:30.0985 4524 MSPQM - ok

23:40:31.0044 4524 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

23:40:31.0161 4524 MsRPC - ok

23:40:31.0235 4524 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

23:40:31.0330 4524 mssmbios - ok

23:40:31.0353 4524 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

23:40:31.0419 4524 MSTEE - ok

23:40:31.0454 4524 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

23:40:31.0533 4524 MTConfig - ok

23:40:31.0597 4524 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

23:40:31.0650 4524 Mup - ok

23:40:31.0703 4524 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

23:40:31.0791 4524 napagent - ok

23:40:31.0836 4524 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

23:40:31.0923 4524 NativeWifiP - ok

23:40:32.0002 4524 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

23:40:32.0158 4524 NDIS - ok

23:40:32.0202 4524 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

23:40:32.0309 4524 NdisCap - ok

23:40:32.0360 4524 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

23:40:32.0442 4524 NdisTapi - ok

23:40:32.0511 4524 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

23:40:32.0613 4524 Ndisuio - ok

23:40:32.0668 4524 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

23:40:32.0812 4524 NdisWan - ok

23:40:32.0902 4524 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

23:40:32.0987 4524 NDProxy - ok

23:40:33.0054 4524 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

23:40:33.0168 4524 NetBIOS - ok

23:40:33.0229 4524 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

23:40:33.0370 4524 NetBT - ok

23:40:33.0416 4524 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

23:40:33.0422 4524 Netlogon - ok

23:40:33.0480 4524 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

23:40:33.0620 4524 Netman - ok

23:40:33.0679 4524 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

23:40:33.0830 4524 netprofm - ok

23:40:33.0868 4524 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

23:40:33.0992 4524 NetTcpPortSharing - ok

23:40:34.0044 4524 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

23:40:34.0146 4524 nfrd960 - ok

23:40:34.0208 4524 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll

23:40:34.0351 4524 NlaSvc - ok

23:40:34.0438 4524 [ 82C5A813E8EA7E94DC1AFA24CD803B80 ] nmservice C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

23:40:34.0626 4524 nmservice - ok

23:40:34.0676 4524 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

23:40:34.0765 4524 Npfs - ok

23:40:34.0816 4524 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

23:40:34.0888 4524 nsi - ok

23:40:34.0948 4524 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

23:40:35.0014 4524 nsiproxy - ok

23:40:35.0095 4524 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

23:40:35.0226 4524 Ntfs - ok

23:40:35.0249 4524 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

23:40:35.0273 4524 Null - ok

23:40:35.0344 4524 [ 1AC8BE0BBCE42C7C0DD46B854803C911 ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx64.sys

23:40:35.0525 4524 NVENETFD - ok

23:40:35.0981 4524 [ A526909CB3EC9D24FED51350822C2563 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

23:40:36.0689 4524 nvlddmkm - ok

23:40:36.0796 4524 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

23:40:36.0919 4524 nvraid - ok

23:40:37.0009 4524 [ 76B304C8156779D4D39530118ACF1D1A ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys

23:40:37.0081 4524 nvsmu - ok

23:40:37.0145 4524 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

23:40:37.0280 4524 nvstor - ok

23:40:37.0349 4524 [ 86A0DC30728960F68EB6325C8D6CEFC4 ] nvsvc C:\Windows\system32\nvvsvc.exe

23:40:37.0480 4524 nvsvc - ok

23:40:37.0547 4524 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

23:40:37.0647 4524 nv_agp - ok

23:40:37.0970 4524 [ CF7B55AEF7AA9CF053C8B33D8055C367 ] OfficeSvc C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe

23:40:38.0035 4524 OfficeSvc - ok

23:40:38.0096 4524 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

23:40:38.0215 4524 ohci1394 - ok

23:40:38.0379 4524 [ 11E0B35479C895888BA3D7F619DCFFF3 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

23:40:38.0554 4524 ose64 - ok

23:40:38.0884 4524 [ FE9C0029E1AF26350D9985D00520E5C8 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

23:40:39.0367 4524 osppsvc - ok

23:40:39.0506 4524 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

23:40:39.0652 4524 p2pimsvc - ok

23:40:39.0725 4524 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

23:40:39.0868 4524 p2psvc - ok

23:40:39.0913 4524 [ ACEC35F181075B20A5EF4A71958B13DF ] P2saltapn C:\Windows\system32\drivers\libusb0.sys

23:40:39.0919 4524 P2saltapn - ok

23:40:39.0976 4524 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

23:40:40.0101 4524 Parport - ok

23:40:40.0147 4524 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

23:40:40.0259 4524 partmgr - ok

23:40:40.0309 4524 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

23:40:40.0411 4524 PcaSvc - ok

23:40:40.0445 4524 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

23:40:40.0582 4524 pci - ok

23:40:40.0628 4524 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

23:40:40.0701 4524 pciide - ok

23:40:40.0754 4524 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

23:40:40.0877 4524 pcmcia - ok

23:40:40.0921 4524 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

23:40:41.0025 4524 pcw - ok

23:40:41.0086 4524 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

23:40:41.0256 4524 PEAUTH - ok

23:40:41.0322 4524 [ 41A3811447963584F8D9318010C1F5BC ] pelmouse C:\Windows\system32\DRIVERS\pelmouse.sys

23:40:41.0408 4524 pelmouse - ok

23:40:41.0442 4524 [ 53069899F5C628BA70467C2DDFB25575 ] pelusblf C:\Windows\system32\DRIVERS\pelusblf.sys

23:40:41.0559 4524 pelusblf - ok

23:40:41.0691 4524 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

23:40:41.0796 4524 PerfHost - ok

23:40:41.0923 4524 pfc - ok

23:40:42.0046 4524 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

23:40:42.0211 4524 pla - ok

23:40:42.0287 4524 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

23:40:42.0437 4524 PlugPlay - ok

23:40:42.0497 4524 [ 328B99E25901D314FDFB31F18A7E302E ] pnarp C:\Windows\system32\DRIVERS\pnarp.sys

23:40:42.0586 4524 pnarp - ok

23:40:42.0649 4524 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

23:40:42.0721 4524 PNRPAutoReg - ok

23:40:42.0764 4524 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

23:40:42.0777 4524 PNRPsvc - ok

23:40:42.0860 4524 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

23:40:42.0985 4524 PolicyAgent - ok

23:40:43.0050 4524 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

23:40:43.0163 4524 Power - ok

23:40:43.0238 4524 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

23:40:43.0360 4524 PptpMiniport - ok

23:40:43.0405 4524 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

23:40:43.0489 4524 Processor - ok

23:40:43.0559 4524 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

23:40:43.0711 4524 ProfSvc - ok

23:40:43.0745 4524 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

23:40:43.0752 4524 ProtectedStorage - ok

23:40:43.0818 4524 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

23:40:43.0958 4524 Psched - ok

23:40:44.0017 4524 [ E33AE01D03EBE68CD6A934BF52702BFD ] purendis C:\Windows\system32\DRIVERS\purendis.sys

23:40:44.0106 4524 purendis - ok

23:40:44.0194 4524 [ A6BF0A9B5A30D743623CA0D3BE35DF05 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys

23:40:44.0285 4524 PxHlpa64 - ok

23:40:44.0367 4524 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

23:40:44.0581 4524 ql2300 - ok

23:40:44.0641 4524 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

23:40:44.0740 4524 ql40xx - ok

23:40:44.0893 4524 [ BA396D1C71934E22679D3F4DAC17E7AB ] QPCapSvc C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

23:40:45.0989 4524 QPCapSvc - ok

23:40:46.0022 4524 [ 4B455E8C41CAD3219CCF53024DCAD604 ] QPSched C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe

23:40:47.0012 4524 QPSched - ok

23:40:47.0071 4524 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

23:40:47.0200 4524 QWAVE - ok

23:40:47.0252 4524 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

23:40:47.0342 4524 QWAVEdrv - ok

23:40:47.0451 4524 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll

23:40:47.0584 4524 RapiMgr - ok

23:40:47.0635 4524 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

23:40:47.0730 4524 RasAcd - ok

23:40:47.0778 4524 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

23:40:47.0889 4524 RasAgileVpn - ok

23:40:47.0945 4524 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

23:40:48.0050 4524 RasAuto - ok

23:40:48.0110 4524 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

23:40:48.0214 4524 Rasl2tp - ok

23:40:48.0291 4524 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

23:40:48.0440 4524 RasMan - ok

23:40:48.0496 4524 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

23:40:48.0612 4524 RasPppoe - ok

23:40:48.0661 4524 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

23:40:48.0761 4524 RasSstp - ok

23:40:48.0827 4524 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

23:40:48.0998 4524 rdbss - ok

23:40:49.0047 4524 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

23:40:49.0130 4524 rdpbus - ok

23:40:49.0159 4524 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

23:40:49.0211 4524 RDPCDD - ok

23:40:49.0280 4524 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

23:40:49.0369 4524 RDPENCDD - ok

23:40:49.0431 4524 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

23:40:49.0504 4524 RDPREFMP - ok

23:40:49.0606 4524 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys

23:40:49.0710 4524 RdpVideoMiniport - ok

23:40:49.0768 4524 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

23:40:49.0886 4524 RDPWD - ok

23:40:49.0943 4524 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

23:40:50.0067 4524 rdyboost - ok

23:40:50.0118 4524 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

23:40:50.0226 4524 RemoteAccess - ok

23:40:50.0290 4524 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

23:40:50.0393 4524 RemoteRegistry - ok

23:40:50.0453 4524 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys

23:40:50.0590 4524 RFCOMM - ok

23:40:50.0655 4524 [ E31960692CBB3A8BCDF300BC1D889E1F ] rimmptsk C:\Windows\system32\DRIVERS\rimmpx64.sys

23:40:50.0764 4524 rimmptsk - ok

23:40:50.0808 4524 [ 82356915157AB59064A24993AE5BE8AA ] rimsptsk C:\Windows\system32\DRIVERS\rimspx64.sys

23:40:50.0897 4524 rimsptsk - ok

23:40:50.0969 4524 [ C01A92A546854A3E34103B642F0F94A1 ] rismxdp C:\Windows\system32\DRIVERS\rixdpx64.sys

23:40:51.0091 4524 rismxdp - ok

23:40:51.0294 4524 [ 08FB7D968805001C7ADCBB14B0651FA2 ] RoxMediaDB9 C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

23:40:51.0532 4524 RoxMediaDB9 - ok

23:40:51.0595 4524 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

23:40:51.0692 4524 RpcEptMapper - ok

23:40:51.0747 4524 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

23:40:51.0828 4524 RpcLocator - ok

23:40:51.0900 4524 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

23:40:51.0917 4524 RpcSs - ok

23:40:51.0985 4524 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

23:40:52.0079 4524 rspndr - ok

23:40:52.0119 4524 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

23:40:52.0124 4524 SamSs - ok

23:40:52.0179 4524 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

23:40:52.0282 4524 sbp2port - ok

23:40:52.0327 4524 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

23:40:52.0434 4524 SCardSvr - ok

23:40:52.0496 4524 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

23:40:52.0591 4524 scfilter - ok

23:40:52.0677 4524 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

23:40:52.0859 4524 Schedule - ok

23:40:52.0936 4524 [ EFEA7D041AF4CF3C0DEDCA445FCBE4C7 ] scnuhst20 C:\Windows\system32\DRIVERS\scnuhst20.sys

23:40:53.0001 4524 scnuhst20 - ok

23:40:53.0054 4524 [ 9FA744F6B1E492514F55C60D010E2AF2 ] SCNUHUB20 C:\Windows\system32\DRIVERS\scnuhub20.sys

23:40:53.0156 4524 SCNUHUB20 - ok

23:40:53.0212 4524 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

23:40:53.0217 4524 SCPolicySvc - ok

23:40:53.0296 4524 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys

23:40:53.0388 4524 sdbus - ok

23:40:53.0457 4524 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

23:40:53.0582 4524 SDRSVC - ok

23:40:53.0708 4524 [ 16A252022535B680046F6E34E136D378 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

23:40:53.0895 4524 SeaPort - ok

23:40:53.0968 4524 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

23:40:54.0071 4524 secdrv - ok

23:40:54.0132 4524 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

23:40:54.0217 4524 seclogon - ok

23:40:54.0269 4524 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll

23:40:54.0373 4524 SENS - ok

23:40:54.0430 4524 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

23:40:54.0536 4524 SensrSvc - ok

23:40:54.0580 4524 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

23:40:54.0666 4524 Serenum - ok

23:40:54.0732 4524 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

23:40:54.0833 4524 Serial - ok

23:40:54.0878 4524 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

23:40:54.0972 4524 sermouse - ok

23:40:55.0070 4524 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

23:40:55.0159 4524 SessionEnv - ok

23:40:55.0225 4524 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys

23:40:55.0292 4524 sffdisk - ok

23:40:55.0323 4524 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

23:40:55.0420 4524 sffp_mmc - ok

23:40:55.0456 4524 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys

23:40:55.0524 4524 sffp_sd - ok

23:40:55.0577 4524 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

23:40:55.0670 4524 sfloppy - ok

23:40:55.0748 4524 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

23:40:55.0891 4524 SharedAccess - ok

23:40:55.0958 4524 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

23:40:56.0092 4524 ShellHWDetection - ok

23:40:56.0143 4524 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

23:40:56.0259 4524 SiSRaid2 - ok

23:40:56.0300 4524 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

23:40:56.0386 4524 SiSRaid4 - ok

23:40:56.0501 4524 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

23:40:57.0559 4524 SkypeUpdate - ok

23:40:57.0593 4524 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

23:40:57.0701 4524 Smb - ok

23:40:57.0792 4524 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

23:40:57.0862 4524 SNMPTRAP - ok

23:40:57.0892 4524 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

23:40:57.0981 4524 spldr - ok

23:40:58.0058 4524 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

23:40:58.0220 4524 Spooler - ok

23:40:58.0405 4524 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

23:40:58.0839 4524 sppsvc - ok

23:40:58.0920 4524 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

23:40:59.0003 4524 sppuinotify - ok

23:40:59.0100 4524 [ A6CFF1AF7664627A296B6A0A96CF876E ] sptd C:\Windows\System32\Drivers\sptd.sys

23:41:00.0183 4524 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: A6CFF1AF7664627A296B6A0A96CF876E

23:41:00.0200 4524 sptd ( LockedFile.Multi.Generic ) - warning

23:41:00.0200 4524 sptd - detected LockedFile.Multi.Generic (1)

23:41:00.0260 4524 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

23:41:00.0392 4524 srv - ok

23:41:00.0459 4524 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

23:41:00.0622 4524 srv2 - ok

23:41:00.0672 4524 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS

23:41:00.0798 4524 SrvHsfHDA - ok

23:41:00.0894 4524 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS

23:41:01.0092 4524 SrvHsfV92 - ok

23:41:01.0170 4524 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

23:41:01.0341 4524 SrvHsfWinac - ok

23:41:01.0411 4524 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

23:41:01.0535 4524 srvnet - ok

23:41:01.0631 4524 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys

23:41:01.0727 4524 ssadbus - ok

23:41:01.0788 4524 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys

23:41:01.0856 4524 ssadmdfl - ok

23:41:01.0912 4524 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys

23:41:02.0022 4524 ssadmdm - ok

23:41:02.0085 4524 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

23:41:02.0192 4524 SSDPSRV - ok

23:41:02.0232 4524 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

23:41:02.0360 4524 SstpSvc - ok

23:41:02.0403 4524 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

23:41:02.0474 4524 stexstor - ok

23:41:02.0546 4524 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

23:41:02.0687 4524 stisvc - ok

23:41:02.0770 4524 [ A9A23C8AF361F7A93FD632E91A8C346F ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

23:41:02.0895 4524 stllssvr - ok

23:41:02.0943 4524 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

23:41:03.0004 4524 swenum - ok

23:41:03.0076 4524 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

23:41:03.0230 4524 swprv - ok

23:41:03.0319 4524 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys

23:41:03.0441 4524 SynTP - ok

23:41:03.0565 4524 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

23:41:03.0766 4524 SysMain - ok

23:41:03.0828 4524 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

23:41:03.0952 4524 TabletInputService - ok

23:41:04.0020 4524 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

23:41:04.0130 4524 TapiSrv - ok

23:41:04.0176 4524 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

23:41:04.0260 4524 TBS - ok

23:41:04.0387 4524 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\Windows\system32\drivers\tcpip.sys

23:41:04.0606 4524 Tcpip - ok

23:41:04.0720 4524 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

23:41:04.0759 4524 TCPIP6 - ok

23:41:04.0825 4524 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

23:41:04.0936 4524 tcpipreg - ok

23:41:05.0005 4524 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

23:41:05.0072 4524 TDPIPE - ok

23:41:05.0117 4524 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

23:41:05.0218 4524 TDTCP - ok

23:41:05.0282 4524 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

23:41:05.0395 4524 tdx - ok

23:41:05.0452 4524 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

23:41:05.0536 4524 TermDD - ok

23:41:05.0597 4524 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

23:41:05.0744 4524 TermService - ok

23:41:05.0784 4524 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

23:41:05.0891 4524 Themes - ok

23:41:05.0945 4524 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

23:41:05.0953 4524 THREADORDER - ok

23:41:06.0036 4524 [ 0236C23F66473DD99248BC3E7C5A433F ] tmactmon C:\Windows\system32\DRIVERS\tmactmon.sys

23:41:06.0125 4524 tmactmon - ok

23:41:06.0223 4524 [ 46EDB648C1B5C3ABD76BD5E912DAC026 ] tmcomm C:\Windows\system32\DRIVERS\tmcomm.sys

23:41:06.0373 4524 tmcomm - ok

23:41:06.0442 4524 [ 9D86A57FB83E39A967CD8D3AAE8A170A ] TMEBC C:\Windows\system32\DRIVERS\TMEBC64.sys

23:41:06.0533 4524 TMEBC - ok

23:41:06.0594 4524 [ 684AEC0A24E2E8F7A6723DA92078BFC1 ] tmeevw C:\Windows\system32\DRIVERS\tmeevw.sys

23:41:06.0697 4524 tmeevw - ok

23:41:06.0753 4524 [ C2E07FB90E9B02096A20E01A562BDCF7 ] tmevtmgr C:\Windows\system32\DRIVERS\tmevtmgr.sys

23:41:06.0859 4524 tmevtmgr - ok

23:41:06.0924 4524 [ 0FED34E72250A068BC4E7BA6EA07E7A0 ] tmnciesc C:\Windows\system32\DRIVERS\tmnciesc.sys

23:41:07.0048 4524 tmnciesc - ok

23:41:07.0117 4524 [ 48951FBFFFCAE52FADFCDFB76ED19749 ] tmtdi C:\Windows\system32\DRIVERS\tmtdi.sys

23:41:07.0208 4524 tmtdi - ok

23:41:07.0260 4524 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

23:41:07.0394 4524 TrkWks - ok

23:41:07.0479 4524 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

23:41:07.0627 4524 TrustedInstaller - ok

23:41:07.0740 4524 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

23:41:07.0869 4524 tssecsrv - ok

23:41:07.0936 4524 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

23:41:08.0037 4524 TsUsbFlt - ok

23:41:08.0114 4524 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

23:41:08.0222 4524 tunnel - ok

23:41:08.0262 4524 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

23:41:08.0396 4524 uagp35 - ok

23:41:08.0453 4524 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

23:41:08.0606 4524 udfs - ok

23:41:08.0677 4524 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

23:41:08.0790 4524 UI0Detect - ok

23:41:08.0885 4524 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

23:41:08.0992 4524 uliagpkx - ok

23:41:09.0063 4524 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys

23:41:09.0194 4524 umbus - ok

23:41:09.0234 4524 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

23:41:09.0302 4524 UmPass - ok

23:41:09.0369 4524 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

23:41:09.0482 4524 upnphost - ok

23:41:09.0549 4524 [ F724B03C3DFAACF08D17D38BF3333583 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

23:41:09.0638 4524 USBAAPL64 - ok

23:41:09.0694 4524 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

23:41:09.0789 4524 usbccgp - ok

23:41:09.0850 4524 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

23:41:09.0942 4524 usbcir - ok

23:41:09.0994 4524 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

23:41:10.0103 4524 usbehci - ok

23:41:10.0168 4524 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

23:41:10.0321 4524 usbhub - ok

23:41:10.0380 4524 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

23:41:10.0492 4524 usbohci - ok

23:41:10.0543 4524 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

23:41:10.0633 4524 usbprint - ok

23:41:10.0692 4524 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

23:41:10.0783 4524 usbscan - ok

23:41:10.0841 4524 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

23:41:10.0979 4524 USBSTOR - ok

23:41:11.0032 4524 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

23:41:11.0151 4524 usbuhci - ok

23:41:11.0211 4524 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys

23:41:11.0334 4524 usbvideo - ok

23:41:11.0389 4524 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

23:41:11.0471 4524 UxSms - ok

23:41:11.0498 4524 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

23:41:11.0503 4524 VaultSvc - ok

23:41:11.0569 4524 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

23:41:11.0648 4524 vdrvroot - ok

23:41:11.0743 4524 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

23:41:11.0888 4524 vds - ok

23:41:11.0942 4524 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

23:41:12.0030 4524 vga - ok

23:41:12.0064 4524 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

23:41:12.0188 4524 VgaSave - ok

23:41:12.0245 4524 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

23:41:12.0385 4524 vhdmp - ok

23:41:12.0424 4524 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

23:41:12.0518 4524 viaide - ok

23:41:12.0550 4524 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

23:41:12.0660 4524 volmgr - ok

23:41:12.0724 4524 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

23:41:12.0846 4524 volmgrx - ok

23:41:12.0890 4524 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

23:41:13.0045 4524 volsnap - ok

23:41:13.0116 4524 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

23:41:13.0228 4524 vsmraid - ok

23:41:13.0339 4524 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

23:41:13.0534 4524 VSS - ok

23:41:13.0566 4524 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

23:41:13.0639 4524 vwifibus - ok

23:41:13.0668 4524 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

23:41:13.0790 4524 vwififlt - ok

23:41:13.0855 4524 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys

23:41:13.0936 4524 vwifimp - ok

23:41:13.0994 4524 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

23:41:14.0108 4524 W32Time - ok

23:41:14.0161 4524 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

23:41:14.0268 4524 WacomPen - ok

23:41:14.0331 4524 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

23:41:14.0427 4524 WANARP - ok

23:41:14.0451 4524 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

23:41:14.0466 4524 Wanarpv6 - ok

23:41:14.0588 4524 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

23:41:14.0750 4524 WatAdminSvc - ok

23:41:14.0864 4524 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

23:41:15.0057 4524 wbengine - ok

23:41:15.0122 4524 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

23:41:15.0231 4524 WbioSrvc - ok

23:41:15.0272 4524 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll

23:41:15.0397 4524 WcesComm - ok

23:41:15.0473 4524 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

23:41:15.0597 4524 wcncsvc - ok

23:41:15.0642 4524 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

23:41:15.0735 4524 WcsPlugInService - ok

23:41:15.0784 4524 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

23:41:15.0856 4524 Wd - ok

23:41:15.0930 4524 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

23:41:16.0070 4524 Wdf01000 - ok

23:41:16.0104 4524 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

23:41:16.0216 4524 WdiServiceHost - ok

23:41:16.0273 4524 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

23:41:16.0282 4524 WdiSystemHost - ok

23:41:16.0540 4524 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

23:41:16.0814 4524 WebClient - ok

23:41:16.0903 4524 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

23:41:17.0041 4524 Wecsvc - ok

23:41:17.0086 4524 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

23:41:17.0232 4524 wercplsupport - ok

23:41:17.0336 4524 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

23:41:17.0427 4524 WerSvc - ok

23:41:17.0480 4524 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

23:41:17.0563 4524 WfpLwf - ok

23:41:17.0605 4524 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

23:41:17.0699 4524 WIMMount - ok

23:41:17.0776 4524 [ CBDEB4B3B5CF8C49ACC221D45F1C50C1 ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys

23:41:17.0921 4524 winachsf - ok

23:41:17.0945 4524 WinDefend - ok

23:41:17.0986 4524 WinHttpAutoProxySvc - ok

23:41:18.0101 4524 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

23:41:18.0210 4524 Winmgmt - ok

23:41:18.0337 4524 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

23:41:18.0569 4524 WinRM - ok

23:41:18.0695 4524 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

23:41:18.0785 4524 WinUsb - ok

23:41:18.0858 4524 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

23:41:19.0031 4524 Wlansvc - ok

23:41:19.0248 4524 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

23:41:19.0579 4524 wlidsvc - ok

23:41:19.0644 4524 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

23:41:19.0710 4524 WmiAcpi - ok

23:41:19.0773 4524 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

23:41:19.0981 4524 wmiApSrv - ok

23:41:20.0006 4524 WMPNetworkSvc - ok

23:41:20.0067 4524 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

23:41:20.0149 4524 WPCSvc - ok

23:41:20.0214 4524 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

23:41:20.0322 4524 WPDBusEnum - ok

23:41:20.0371 4524 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

23:41:20.0481 4524 ws2ifsl - ok

23:41:20.0522 4524 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll

23:41:20.0621 4524 wscsvc - ok

23:41:20.0648 4524 WSearch - ok

23:41:20.0816 4524 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

23:41:21.0119 4524 wuauserv - ok

23:41:21.0174 4524 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

23:41:21.0287 4524 WudfPf - ok

23:41:21.0347 4524 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

23:41:21.0464 4524 WUDFRd - ok

23:41:21.0526 4524 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

23:41:21.0612 4524 wudfsvc - ok

23:41:21.0666 4524 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll

23:41:21.0795 4524 WwanSvc - ok

23:41:21.0857 4524 [ F7C55995B234A8A8791C4A2A62D9AC61 ] XAudio C:\Windows\system32\DRIVERS\xaudio64.sys

23:41:21.0926 4524 XAudio - ok

23:41:21.0984 4524 [ E9D3A0BD07DC551BE4727A8D366C8B10 ] XAudioService C:\Windows\system32\DRIVERS\xaudio64.exe

23:41:22.0132 4524 XAudioService - ok

23:41:22.0198 4524 ================ Scan global ===============================

23:41:22.0253 4524 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

23:41:22.0407 4524 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

23:41:22.0628 4524 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

23:41:22.0675 4524 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

23:41:22.0818 4524 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

23:41:22.0843 4524 [Global] - ok

23:41:22.0845 4524 ================ Scan MBR ==================================

23:41:22.0884 4524 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

23:41:23.0186 4524 \Device\Harddisk0\DR0 - ok

23:41:25.0072 4524 [ 1A1A06F62E891045814007163C1C76C3 ] \Device\Harddisk1\DR1

23:41:25.0206 4524 \Device\Harddisk1\DR1 - ok

23:41:25.0207 4524 ================ Scan VBR ==================================

23:41:25.0218 4524 [ DDCBF64E707A4072FFCBF9271F771509 ] \Device\Harddisk0\DR0\Partition1

23:41:25.0226 4524 \Device\Harddisk0\DR0\Partition1 - ok

23:41:25.0244 4524 [ 39FD17A47BD5685171B8B1DCB424DE67 ] \Device\Harddisk1\DR1\Partition1

23:41:25.0248 4524 \Device\Harddisk1\DR1\Partition1 - ok

23:41:25.0299 4524 [ 2BF9F481560C1C3DF11FD5BD713DE4A5 ] \Device\Harddisk1\DR1\Partition2

23:41:25.0304 4524 \Device\Harddisk1\DR1\Partition2 - ok

23:41:25.0312 4524 ============================================================

23:41:25.0312 4524 Scan finished

23:41:25.0313 4524 ============================================================

23:41:25.0356 6700 Detected object count: 1

23:41:25.0357 6700 Actual detected object count: 1

23:41:47.0087 6700 sptd ( LockedFile.Multi.Generic ) - skipped by user

23:41:47.0088 6700 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

23:42:05.0795 5212 Deinitialize success

MBAR Lot.Txt

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

www.malwarebytes.org

Database version: v2013.06.20.10

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16618

Jennie :: JENNIE-LAPTOP [administrator]

6/20/2013 11:46:11 PM

mbar-log-2013-06-20 (23-46-11).txt

Scan type: Quick scan

Scan options disabled: PUP

Objects scanned: 256801

Time elapsed: 54 minute(s), 37 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

Physical Sectors Detected: 0

(No malicious items detected)

(end)

NuclearGladiator · June 21, 2013

Sorry for the delay. The requested scans went into the early morning hours. Here is the info from the requested log files. Thanks for your help. Part 2

MBAR System Log.Txt File

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16618

Java version: 1.6.0_22

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED

CPU speed: 1.900000 GHz

Memory total: 2079248384, free: 322273280

Downloaded database version: v2013.06.20.10

Downloaded database version: v2013.05.22.01

Initializing...

------------ Kernel report ------------

06/20/2013 23:45:58

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_AuthenticAMD.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\DRIVERS\TMEBC64.sys

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\System32\Drivers\sptd.sys

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\system32\drivers\pciide.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\PxHlpa64.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\DRIVERS\tmcomm.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\system32\drivers\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\tmevtmgr.sys

\SystemRoot\system32\DRIVERS\tmactmon.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\tmtdi.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\System32\Drivers\cdrbsdrv.SYS

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\amdk8.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\cpqbttn.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\drivers\wmiacpi.sys

\SystemRoot\system32\DRIVERS\nvsmu.sys

\SystemRoot\system32\DRIVERS\usbohci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\drivers\HDAudBus.sys

\SystemRoot\system32\drivers\1394ohci.sys

\SystemRoot\system32\drivers\sdbus.sys

\SystemRoot\system32\DRIVERS\rimmpx64.sys

\SystemRoot\system32\DRIVERS\rimspx64.sys

\SystemRoot\system32\DRIVERS\rixdpx64.sys

\SystemRoot\system32\DRIVERS\nvmfdx64.sys

\SystemRoot\system32\DRIVERS\bcmwl664.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\nvlddmkm.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\drivers\mouclass.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\DRIVERS\scnuhst20.sys

\SystemRoot\system32\drivers\umbus.sys

\SystemRoot\system32\drivers\kbdhid.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\DRIVERS\sffp_sd.sys

\SystemRoot\system32\DRIVERS\sffdisk.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\DRIVERS\scnuhub20.sys

\SystemRoot\system32\drivers\CHDRT64.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\DRIVERS\CAXHWAZL.sys

\SystemRoot\system32\DRIVERS\CAX_DPV.sys

\SystemRoot\system32\DRIVERS\CAX_CNXT.sys

\SystemRoot\system32\drivers\modem.sys

\SystemRoot\system32\DRIVERS\pelusblf.sys

\SystemRoot\system32\DRIVERS\pelmouse.sys

\SystemRoot\system32\drivers\hidusb.sys

\SystemRoot\system32\drivers\btusbflt.sys

\SystemRoot\System32\Drivers\BTHUSB.sys

\SystemRoot\System32\Drivers\bthport.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\DRIVERS\rfcomm.sys

\SystemRoot\system32\drivers\BthEnum.sys

\SystemRoot\system32\DRIVERS\bthpan.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_dumpata.sys

\SystemRoot\System32\Drivers\dump_atapi.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\pnarp.sys

\SystemRoot\system32\DRIVERS\purendis.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\DRIVERS\mdmxsdk.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\system32\DRIVERS\xaudio64.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\WUDFRd.sys

\SystemRoot\system32\DRIVERS\tmnciesc.sys

\SystemRoot\system32\DRIVERS\tmeevw.sys

\??\C:\Windows\system32\drivers\mbam.sys

\SystemRoot\system32\DRIVERS\asyncmac.sys

\??\C:\Windows\system32\Drivers\PROCEXP113.SYS

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\gdi32.dll

\Windows\System32\ws2_32.dll

\Windows\System32\lpk.dll

\Windows\System32\shell32.dll

\Windows\System32\imm32.dll

\Windows\System32\usp10.dll

\Windows\System32\normaliz.dll

\Windows\System32\Wldap32.dll

\Windows\System32\shlwapi.dll

\Windows\System32\difxapi.dll

\Windows\System32\oleaut32.dll

\Windows\System32\advapi32.dll

\Windows\System32\iertutil.dll

\Windows\System32\rpcrt4.dll

\Windows\System32\ole32.dll

\Windows\System32\psapi.dll

\Windows\System32\imagehlp.dll

\Windows\System32\user32.dll

\Windows\System32\wininet.dll

\Windows\System32\msctf.dll

\Windows\System32\clbcatq.dll

\Windows\System32\setupapi.dll

\Windows\System32\comdlg32.dll

\Windows\System32\msvcrt.dll

\Windows\System32\urlmon.dll

\Windows\System32\nsi.dll

\Windows\System32\sechost.dll

\Windows\System32\kernel32.dll

\Windows\System32\crypt32.dll

\Windows\System32\comctl32.dll

\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

\Windows\System32\wintrust.dll

\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

\Windows\System32\devobj.dll

\Windows\System32\KernelBase.dll

\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

\Windows\System32\cfgmgr32.dll

\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

\Windows\System32\msasn1.dll

\Windows\SysWOW64\normaliz.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xfffffa8002740570

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-4\

Lower Device Object: 0xfffffa80021dc680

Lower Device Driver Name: \Driver\atapi\

IRP handler 0 of \Driver\atapi points to an unknown module

Unhooking enabled.

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xfffffa8002740570

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-4\

Lower Device Object: 0xfffffa80021dc680

Lower Device Driver Name: \Driver\atapi\

Driver name found: atapi

Initialization returned 0x0

Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)

Load Function returned 0x0

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa800273f360

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-3\

Lower Device Object: 0xfffffa80021e0680

Lower Device Driver Name: \Driver\atapi\

Driver name found: atapi

<<<2>>>

Device number: 0, partition: 1

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa800273f360, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8002740040, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800273f360, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80021db520, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xfffffa80021e0680, DeviceName: \Device\Ide\IdeDeviceP2T0L0-3\, DriverName: \Driver\atapi\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0xfffff8a00eb3ca20, 0xfffffa800273f360, 0xfffffa8005224790

Lower DeviceData: 0xfffff8a000ead800, 0xfffffa80021e0680, 0xfffffa80023e9e40

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

File user open failed: C:\Windows\system32\drivers\sptd.sys (0x00000020)

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 1A5A6B8

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 2048 Numsec = 488392704

Partition file system is NTFS

Partition is bootable

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 250059350016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)...

Done!

Physical Sector Size: 512

Drive: 1, DevicePointer: 0xfffffa8002740570, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8002741b20, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8002740570, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80021fc2d0, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xfffffa80021dc680, DeviceName: \Device\Ide\IdeDeviceP3T0L0-4\, DriverName: \Driver\atapi\

------------ End ----------

Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

Upper DeviceData: 0xfffff8a0038b8820, 0xfffffa8002740570, 0xfffffa8001e1e090

Lower DeviceData: 0xfffff8a0041154e0, 0xfffffa80021dc680, 0xfffffa8004cea650

Drive 1

Scanning MBR on drive 1...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 1F29DFAF

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 294937272

Partition file system is NTFS

Partition is not bootable

Partition 1 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 294937335 Numsec = 17639370

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 160041885696 bytes

Sector size: 512 bytes

Done!

Physical Sector Size: 0

Drive: 2, DevicePointer: 0xfffffa8002ee89b0, DeviceName: \Device\Harddisk2\SR0\, DriverName: \Driver\sffdisk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8002f1cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8002ee89b0, DeviceName: \Device\Harddisk2\SR0\, DriverName: \Driver\sffdisk\

DevicePointer: 0xfffffa8002ee79c0, DeviceName: Unknown, DriverName: \Driver\sffp_sd\

DevicePointer: 0xfffffa8002f2a8b0, DeviceName: \Device\SdBus-0\, DriverName: \Driver\sdbus\

------------ End ----------

Scan finished

=======================================

Removal queue found; removal started

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_1_0_63_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_r.mbam...

Removal finished

ComboFix's report Lot

ComboFix 13-06-21.01 - Jennie 06/21/2013 0:55.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1983.555 [GMT -4:00]

Running from: c:\users\Jennie\Desktop\ComboFix.exe

AV: Trend Micro Titanium Maximum Security *Disabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}

SP: Trend Micro Titanium Maximum Security *Disabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((( Files Created from 2013-05-21 to 2013-06-21 )))))))))))))))))))))))))))))))

.

2013-06-21 05:10 . 2013-06-21 05:10 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-06-20 22:00 . 2013-06-20 22:00 -------- d-----w- c:\users\Jennie\AppData\Roaming\AdobeUM

2013-06-20 21:56 . 2013-06-20 21:56 -------- d-----w- c:\users\Jennie\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2013-06-18 01:27 . 2013-06-18 01:27 -------- d-----w- c:\program files (x86)\Common Files\Adobe Systems Shared

2013-06-17 22:55 . 2013-06-17 23:00 -------- d-----w- C:\Creative Suite CS2

2013-06-17 19:05 . 2004-08-17 00:40 16384 ----a-w- c:\windows\SysWow64\FileOps.exe

2013-06-17 19:05 . 2013-06-17 19:05 -------- d-----w- c:\windows\SysWow64\Adobe

2013-06-16 02:25 . 2013-06-08 12:28 2706432 ----a-w- c:\windows\system32\mshtml.tlb

2013-06-16 02:25 . 2013-06-08 11:13 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb

2013-06-16 02:25 . 2013-06-08 14:08 279040 ----a-w- c:\program files\Internet Explorer\sqmapi.dll

2013-06-16 02:25 . 2013-06-08 11:41 218112 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll

2013-06-16 02:25 . 2013-06-08 14:08 1365504 ----a-w- c:\windows\system32\urlmon.dll

2013-06-16 02:24 . 2013-06-08 14:06 2648064 ----a-w- c:\windows\system32\iertutil.dll

2013-06-16 02:24 . 2013-06-08 14:06 526336 ----a-w- c:\windows\system32\ieui.dll

2013-06-16 02:24 . 2013-06-08 14:06 15404544 ----a-w- c:\windows\system32\ieframe.dll

2013-06-16 02:24 . 2013-06-08 14:07 19233792 ----a-w- c:\windows\system32\mshtml.dll

2013-06-12 15:25 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll

2013-06-12 15:25 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll

2013-06-12 15:25 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-06-12 15:23 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll

2013-06-12 15:23 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll

2013-06-09 02:34 . 2013-06-09 02:34 -------- d-----w- c:\program files (x86)\Cricut-Craft Room

2013-06-09 00:22 . 2013-06-09 00:22 -------- d-----w- c:\program files (x86)\CompanionLink

2013-06-08 19:21 . 2013-06-08 19:21 -------- d-----w- c:\program files\Common Files\DESIGNER

2013-06-08 19:06 . 2013-06-14 01:26 812240 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe

2013-06-08 19:01 . 2013-06-14 13:04 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft

2013-06-08 19:01 . 2013-06-08 19:01 -------- d-----w- c:\program files\Microsoft Office

2013-06-08 18:55 . 2013-06-14 12:58 -------- d-----w- c:\program files\Microsoft Office 15

2013-06-05 21:50 . 2013-06-05 21:50 234544 ----a-w- c:\windows\RegBootClean64.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-06-13 19:52 . 2009-12-29 16:32 75825640 ----a-w- c:\windows\system32\MRT.exe

2013-06-11 21:07 . 2012-04-13 15:27 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-06-11 21:07 . 2011-05-17 15:43 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-06-11 21:07 . 2013-05-15 10:41 17617288 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2013-05-10 19:23 . 2010-06-24 15:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-04-23 12:42 . 2013-04-23 12:42 829264 ----a-w- c:\windows\system32\msvcr100.dll

2013-04-23 12:42 . 2013-04-23 12:42 608080 ----a-w- c:\windows\system32\msvcp100.dll

2013-04-13 05:49 . 2013-05-15 09:43 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49 . 2013-05-15 09:43 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49 . 2013-05-15 09:43 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49 . 2013-05-15 09:43 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45 . 2013-05-15 09:43 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-05-15 09:43 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-04-12 14:45 . 2013-04-24 18:33 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-10 06:01 . 2013-05-15 09:43 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2013-04-10 06:01 . 2013-05-15 09:44 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2013-04-10 03:30 . 2013-05-15 09:43 3153920 ----a-w- c:\windows\system32\win32k.sys

2013-04-04 18:50 . 2009-12-30 04:19 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-25 16:11 . 2013-03-25 16:11 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-03-25 16:11 . 2013-03-25 16:11 185344 ----a-w- c:\windows\SysWow64\elshyph.dll

2013-03-25 16:11 . 2013-03-25 16:11 226304 ----a-w- c:\windows\system32\elshyph.dll

2013-03-25 16:11 . 2013-03-25 16:11 158720 ----a-w- c:\windows\SysWow64\msls31.dll

2013-03-25 16:10 . 2013-03-25 16:10 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2013-03-25 16:10 . 2013-03-25 16:10 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2013-03-25 16:10 . 2013-03-25 16:10 138752 ----a-w- c:\windows\SysWow64\wextract.exe

2013-03-25 16:10 . 2013-03-25 16:10 523264 ----a-w- c:\windows\SysWow64\vbscript.dll

2013-03-25 16:10 . 2013-03-25 16:10 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2013-03-25 16:10 . 2013-03-25 16:10 12800 ----a-w- c:\windows\SysWow64\mshta.exe

2013-03-25 16:10 . 2013-03-25 16:10 38400 ----a-w- c:\windows\SysWow64\imgutil.dll

2013-03-25 16:10 . 2013-03-25 16:10 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2013-03-25 16:10 . 2013-03-25 16:10 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2013-03-25 16:10 . 2013-03-25 16:10 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2013-03-25 16:10 . 2013-03-25 16:10 61952 ----a-w- c:\windows\SysWow64\tdc.ocx

2013-03-25 16:10 . 2013-03-25 16:10 361984 ----a-w- c:\windows\SysWow64\html.iec

2013-03-25 16:10 . 2013-03-25 16:10 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2013-03-25 16:10 . 2013-03-25 16:10 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll

2013-03-25 16:10 . 2013-03-25 16:10 197120 ----a-w- c:\windows\system32\msrating.dll

2013-03-25 16:10 . 2013-03-25 16:10 216064 ----a-w- c:\windows\system32\msls31.dll

2013-03-25 16:10 . 2013-03-25 16:10 441856 ----a-w- c:\windows\system32\html.iec

2013-03-25 16:10 . 2013-03-25 16:10 452096 ----a-w- c:\windows\system32\dxtmsft.dll

2013-03-25 16:10 . 2013-03-25 16:10 281600 ----a-w- c:\windows\system32\dxtrans.dll

2013-03-25 16:10 . 2013-03-25 16:10 1400416 ----a-w- c:\windows\system32\ieapfltr.dat

2013-03-25 16:10 . 2013-03-25 16:10 762368 ----a-w- c:\windows\system32\ieapfltr.dll

2013-03-25 16:10 . 2013-03-25 16:10 81408 ----a-w- c:\windows\system32\icardie.dll

2013-03-25 16:10 . 2013-03-25 16:10 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-03-25 16:10 . 2013-03-25 16:10 235008 ----a-w- c:\windows\system32\url.dll

2013-03-25 16:10 . 2013-03-25 16:10 270848 ----a-w- c:\windows\system32\iedkcs32.dll

2013-03-25 16:10 . 2013-03-25 16:10 1509376 ----a-w- c:\windows\system32\inetcpl.cpl

2013-03-25 16:10 . 2013-03-25 16:10 247296 ----a-w- c:\windows\system32\webcheck.dll

2013-03-25 16:10 . 2013-03-25 16:10 97280 ----a-w- c:\windows\system32\mshtmled.dll

2013-03-25 16:10 . 2013-03-25 16:10 27648 ----a-w- c:\windows\system32\licmgr10.dll

2013-03-25 16:10 . 2013-03-25 16:10 102912 ----a-w- c:\windows\system32\inseng.dll

2013-03-25 16:10 . 2013-03-25 16:10 599552 ----a-w- c:\windows\system32\vbscript.dll

2013-03-25 16:10 . 2013-03-25 16:10 167424 ----a-w- c:\windows\system32\iexpress.exe

2013-03-25 16:10 . 2013-03-25 16:10 144896 ----a-w- c:\windows\system32\wextract.exe

2013-03-25 16:10 . 2013-03-25 16:10 173568 ----a-w- c:\windows\system32\ieUnatt.exe

2013-03-25 16:10 . 2013-03-25 16:10 149504 ----a-w- c:\windows\system32\occache.dll

2013-03-25 16:10 . 2013-03-25 16:10 62976 ----a-w- c:\windows\system32\pngfilt.dll

2013-03-25 16:10 . 2013-03-25 16:10 51200 ----a-w- c:\windows\system32\imgutil.dll

2013-03-25 16:10 . 2013-03-25 16:10 13824 ----a-w- c:\windows\system32\mshta.exe

2013-03-25 16:10 . 2013-03-25 16:10 136192 ----a-w- c:\windows\system32\iepeers.dll

2013-03-25 16:10 . 2013-03-25 16:10 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-03-25 16:10 . 2013-03-25 16:10 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2013-03-25 16:10 . 2013-03-25 16:10 135680 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-03-25 16:10 . 2013-03-25 16:10 12800 ----a-w- c:\windows\system32\msfeedssync.exe

2013-03-25 16:10 . 2013-03-25 16:10 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-03-25 16:10 . 2013-03-25 16:10 77312 ----a-w- c:\windows\system32\tdc.ocx

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ce0c2586-da36-452b-acdb-320d9bcb19bf}]

c:\program files (x86)\iWin\tbiWin.dll [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{ce0c2586-da36-452b-acdb-320d9bcb19bf}"= "c:\program files (x86)\iWin\tbiWin.dll" [bU]

.

[HKEY_CLASSES_ROOT\clsid\{ce0c2586-da36-452b-acdb-320d9bcb19bf}]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]

@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"

[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]

2013-06-14 01:28 1725128 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]

@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"

[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]

2013-06-14 01:28 1725128 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]

@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"

[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]

2013-06-14 01:28 1725128 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"MusicManager"="c:\users\Jennie\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2013-03-18 7366656]

"CompanionLink"="c:\program files (x86)\companionlink\companionlink.exe" [2013-06-04 53106688]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"LELA"="c:\program files (x86)\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-05-01 131072]

"Adobe Version Cue CS2"="c:\progra~2\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 856064]

"Acrobat Assistant 7.0"="c:\program files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-13 483328]

.

c:\users\Jennie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

ClearPlay Easy Updates.lnk - c:\program files (x86)\ClearPlay\ClearPlay Easy Updates\ClearPlayEasyUpdates.exe -s [2008-3-4 1540096]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-1000003D0002}\SC_Acrobat.exe [2013-6-17 25214]

Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 gupdate1ca8903cefa7c70;Google Update Service (gupdate1ca8903cefa7c70);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]

R2 LinksysUpdater;Linksys Updater;c:\program files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe;c:\program files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]

R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]

R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys;c:\windows\SYSNATIVE\DRIVERS\FlyUsb.sys [x]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]

R3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys;c:\windows\SYSNATIVE\drivers\libusb0.sys [x]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 P2saltapn;P2saltapn;c:\windows\system32\drivers\libusb0.sys;c:\windows\SYSNATIVE\drivers\libusb0.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S0 TMEBC;TMEBC;c:\windows\system32\DRIVERS\TMEBC64.sys;c:\windows\SYSNATIVE\DRIVERS\TMEBC64.sys [x]

S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]

S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 scnuhst20;SC NUSB Host 20;c:\windows\system32\DRIVERS\scnuhst20.sys;c:\windows\SYSNATIVE\DRIVERS\scnuhst20.sys [x]

S3 SCNUHUB20;SC NUSB Hub 20;c:\windows\system32\DRIVERS\scnuhub20.sys;c:\windows\SYSNATIVE\DRIVERS\scnuhub20.sys [x]

S3 tmeevw;tmeevw;c:\windows\system32\DRIVERS\tmeevw.sys;c:\windows\SYSNATIVE\DRIVERS\tmeevw.sys [x]

S3 tmnciesc;tmnciesc;c:\windows\system32\DRIVERS\tmnciesc.sys;c:\windows\SYSNATIVE\DRIVERS\tmnciesc.sys [x]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 76388839

*NewlyCreated* - MBAMPROTECTOR

*Deregistered* - 76388839

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-06-19 17:33 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 21:07]

.

2013-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-30 03:54]

.

2013-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-30 03:54]

.

2013-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3117099601-213443366-1289735000-1001Core.job

- c:\users\Jennie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-07 14:18]

.

2013-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3117099601-213443366-1289735000-1001UA.job

- c:\users\Jennie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-07 14:18]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]

@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"

[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]

2013-06-14 01:28 2328776 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]

@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"

[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]

2013-06-14 01:28 2328776 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]

@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"

[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]

2013-06-14 01:28 2328776 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"Mouse Suite 98 Daemon"="ICO.EXE" [2008-04-02 94720]

"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-07-25 1374864]

"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2013-02-04 209712]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

FF - ProfilePath - c:\users\Jennie\AppData\Roaming\Mozilla\Firefox\Profiles\yq2i6bne.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - user.js: yahoo.homepage.dontask - true

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-06-21 01:15:44

ComboFix-quarantined-files.txt 2013-06-21 05:15

ComboFix2.txt 2013-06-21 02:39

.

Pre-Run: 115,269,083,136 bytes free

Post-Run: 115,203,887,104 bytes free

.

- - End Of File - - 59FC8875536B7CFCEDF8B85FC0401A00

A36C5E4F47E84449FF07ED3517B43A31

Security Check checkup.txt

Results of screen317's Security Check version 0.99.67

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 10

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Trend Micro Titanium Maximum Security

Antivirus up to date! (On Access scanning disabled!)

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.75.0.1300

Java 6 Update 22

Java 6 Update 3

Java version out of Date!

Adobe Flash Player 10 Flash Player out of Date!

Adobe Flash Player 11.7.700.224

Adobe Reader 10.1.7 Adobe Reader out of Date!

Mozilla Firefox (21.0)

Google Chrome 27.0.1453.110

Google Chrome 27.0.1453.116

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

Trend Micro Titanium Plugin TMAS\TMAS_WLM\TMAS_WLMMon.exe

Trend Micro UniClient UiFrmWrk uiWatchDog.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 22% Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log``````````````````````

D-FRED-BROWN · June 21, 2013

Please download RogueKiller to your desktop

Quit all running programs
For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
When prompted, type 1 and validate
The RKreport.txt shall be generated next to the executable.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

NuclearGladiator · June 21, 2013

Thanks for your help so far. Here is the RKreport.txt as requested.

RogueKiller V8.6.1 _x64_ [Jun 19 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Jennie [Admin rights]

Mode : Scan -- Date : 06/21/2013 15:49:48

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤

[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500BEVT-00ZCT0 ATA Device +++++

--- User ---

[MBR] 7481f34bfa71050e973b736e63ca3651

[bSP] 1352eea1506e2a44d0e0720dfcd4a45d : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 238473 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD2500BEVT-00ZCT0 ATA Device +++++

--- User ---

[MBR] 95871f2303682eb92fc470faaa2de542

[bSP] 3cbc9a35bfb340202973768d700164f5 : MBR Code unknown

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 144012 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 294937335 | Size: 8612 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive2: WDC WD2500BEVT-00ZCT0 ATA Device +++++

--- User ---

[MBR] 3048a03ef339680e745d6960be96e5be

[bSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code

Partition table:

0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8192 | Size: 15275 Mo

Error reading LL1 MBR!

Error reading LL2 MBR!

Finished : << RKreport[0]_S_06212013_154948.txt >>

D-FRED-BROWN · June 22, 2013

We're making progress

Still have just a little more to go

----------Step 1----------------
Please download AdwCleaner by Xplode onto your desktop.

Double click on AdwCleaner.exe to run the tool.
Click on Search.
A logfile will automatically open after the scan has finished.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[R1].txt as well.

----------Step 2----------------
Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

----------Step 3----------------
We need to create a New FULL OTL Report

Please download OTL from here if you have not done so already:
- Main Mirror
Save it to your desktop.
Double click on the OTL icon on your desktop.
Click the "Scan All Users" checkbox.
Change the "Extra Registry" option to "SafeList"
Push the Run Scan button.
Two reports will open, copy and paste them in a reply here:
- OTL.txt <-- Will be opened
- Extra.txt <-- Will be minimized

----------Step 4 (note: this scan may take a little time)----------------I'd like us to scan your machine with ESET OnlineScan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Push the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

----------Step 5----------------
Please post the AdwCleaner logfile, the JRT.txt, the OTL.txt and Extras.txt, and the ESET online scan log in your next reply.

Let me know how things go.

NuclearGladiator · June 23, 2013

I ran into some problems running the OTL scan as it would hang while it was reading the Firefox settings and then go non responsive. I finally figured out that I had to restore Firefox to its original settings and then everything worked great. There must have been something in my custom settings that was conflicting with OTL.

With that said I'm still running the ESET scan and will post the results once it's done. Here are the results you requested from the other scans: Part 1

AdwCleaner Log File:

# AdwCleaner v2.303 - Logfile created 06/21/2013 at 23:21:29

# Updated 08/06/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Jennie - JENNIE-LAPTOP

# Boot Mode : Normal

# Running from : C:\Users\Jennie\Desktop\AdwCleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\Conduit

Folder Found : C:\Program Files (x86)\Inbox Toolbar

Folder Found : C:\Program Files (x86)\iWin

Folder Found : C:\Users\Jennie\AppData\LocalLow\Conduit

Folder Found : C:\Users\Jennie\AppData\LocalLow\iWin

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\AppDataLow\Software\iWin

Key Found : HKCU\Software\AppDataLow\Toolbar

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}

Key Found : HKCU\Software\YahooPartnerToolbar

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1678857

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}

Key Found : HKLM\Software\Conduit

Key Found : HKLM\Software\iWin

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DCD015F1-6764-4625-B53A-059B56E2EF1D}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CE0C2586-DA36-452B-ACDB-320D9BCB19BF}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DCD015F1-6764-4625-B53A-059B56E2EF1D}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE0C2586-DA36-452B-ACDB-320D9BCB19BF}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iWin Toolbar

Key Found : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}

Key Found : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}

Key Found : HKU\S-1-5-21-3117099601-213443366-1289735000-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}

Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{CE0C2586-DA36-452B-ACDB-320D9BCB19BF}]

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{CE0C2586-DA36-452B-ACDB-320D9BCB19BF}]

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Jennie\AppData\Roaming\Mozilla\Firefox\Profiles\yq2i6bne.default\prefs.js

-\\ Google Chrome v27.0.1453.116

File : C:\Users\Jennie\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4904 octets] - [21/06/2013 23:21:29]

########## EOF - C:\AdwCleaner[R1].txt - [4964 octets] ##########

JRT LOG FILE:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.4 (05.06.2013:1)

OS: Windows 7 Home Premium x64

Ran by Jennie on Fri 06/21/2013 at 23:31:29.76

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT1678857

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE0C2586-DA36-452B-ACDB-320D9BCB19BF}

~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Jennie\appdata\locallow\conduit"

Successfully deleted: [Folder] "C:\Users\Jennie\appdata\locallow\iwin"

Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"

Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"

Successfully deleted: [Folder] "C:\Program Files (x86)\inbox toolbar"

Successfully deleted: [Folder] "C:\Program Files (x86)\iwin"

Successfully deleted: [Empty Folder] C:\Users\Jennie\appdata\local\{021AA683-1495-42FA-B896-406E23B9BEFC}

Successfully deleted: [Empty Folder] C:\Users\Jennie\appdata\local\{0C7524BE-3EC9-4C3F-99D1-E96FCE929732}

Successfully deleted: [Empty Folder] C:\Users\Jennie\appdata\local\{145150A1-5A12-4C18-9C87-19490D93D603}

Successfully deleted: [Empty Folder] C:\Users\Jennie\appdata\local\{16DA7FCD-3482-4D19-87B5-C3E9ED2329E7}

Successfully deleted: [Empty Folder] C:\Users\Jennie\appdata\local\{2045AEF5-7135-4503-9E2F-DBA60459A529}

Successfully deleted: [Empty Folder] C:\Users\Jennie\appdata\local\{21626840-3D50-4D00-B3D7-835ED47E0D45}

Successfully deleted: [Empty Folder] C:\Users\Jennie\appdata\local\{224C8C6B-4A0B-488C-ACA5-2ECF5139116D}

Successfully deleted: [Empty Folder] C:\Users\Jennie\appdata\local\{2536556F-3EED-484B-AECE-52A8450F1853}

Successfully deleted: [Empty Folder] C:\Users\Jennie\appdata\local\{35F798F8-7498-4363-811B-1E85C482C57B}

Successfully deleted: [Empty Folder] C:\Users\Jennie\appdata\local\{3D11A7AC-F4F1-4EBA-8D7D-3DCF78B3F01F}

Successfully deleted: [Empty Folder] C:\Users\Jennie\appdata\local\{3EFD612C-E738-4C40-AB8E-8C3C5DA7533A}

Successfully deleted: [Empty Folder] C:\Users\Jennie\appdata\local\{3F0D6E3C-C53E-4304-8B3F-558B406A60A2}

Successfully deleted: [Empty Folder] C:\Users\Jennie\appdata\local\{4C4B20A5-5239-4728-9249-CBF3AB89C105}

Successfully deleted: [Empty Folder] C:\Users\Jennie\appdata\local\{58CF27A9-F01F-4688-971E-AC4FF04B8761}

Successfully deleted: [Empty Folder] C:\Users\Jennie\appdata\local\{5A58ACD3-BBB4-48F9-A2AB-ABDB2E63FB71}

Successfully deleted: [Empty Folder] C:\Users\Jennie\appdata\local\{6C674F25-EBE6-4B70-A51A-4E04FEC6DAE1}

Successfully deleted: [Empty Folder] C:\Users\Jennie\appdata\local\{6E43F723-5092-402E-8578-35B3361159F2}

Successfully deleted: [Empty Folder] C:\Users\Jennie\appdata\local\{6FEA52B2-2632-4A2F-9247-EC1083699513}

Successfully deleted: [Empty Folder] C:\Users\Jennie\appdata\local\{7DC01A59-CDD6-4CCE-AE93-721EF8D69CDE}

Successfully deleted: [Empty Folder] C:\Users\Jennie\appdata\local\{7F035DA1-7F11-497F-AFCA-D226172B2169}

Successfully deleted: [Empty Folder] C:\Users\Jennie\appdata\local\{853A2B58-B1CB-40B9-97E7-819653F2155B}

Successfully deleted: [Empty Folder] C:\Users\Jennie\appdata\local\{8A8382D8-2480-4AAE-AD82-40E3377D3A65}

Successfully deleted: [Empty Folder] C:\Users\Jennie\appdata\local\{92FAD35A-99D0-4CDD-8030-2E44FD11A6AF}

Successfully deleted: [Empty Folder] C:\Users\Jennie\appdata\local\{B1AD58D9-14A9-4AE8-87C0-7BEE1D12F881}

Successfully deleted: [Empty Folder] C:\Users\Jennie\appdata\local\{BC459C0B-5FAE-4F56-BBD8-E1F0A3D5A776}

Successfully deleted: [Empty Folder] C:\Users\Jennie\appdata\local\{BCC81D6B-8AAF-4ED2-83F6-6CBB85AC9DB5}

Successfully deleted: [Empty Folder] C:\Users\Jennie\appdata\local\{BD59710D-B188-4575-8473-BB2AE15D06DF}

Successfully deleted: [Empty Folder] C:\Users\Jennie\appdata\local\{C522687B-D96B-4FD1-BC5D-8E223C86800A}

Successfully deleted: [Empty Folder] C:\Users\Jennie\appdata\local\{C7E600EA-89C9-4D46-8194-2A2D5B95FF19}

Successfully deleted: [Empty Folder] C:\Users\Jennie\appdata\local\{C85A5209-49E4-4755-B263-33AF7CE8CC16}

Successfully deleted: [Empty Folder] C:\Users\Jennie\appdata\local\{CBFB043C-8070-4258-833F-47D0AC09B851}

Successfully deleted: [Empty Folder] C:\Users\Jennie\appdata\local\{CEF1C677-35BD-47FC-A2C5-7703162150A9}

Successfully deleted: [Empty Folder] C:\Users\Jennie\appdata\local\{D0813F59-8F79-48B0-900A-A51B6935C41F}

Successfully deleted: [Empty Folder] C:\Users\Jennie\appdata\local\{D466F75E-2C70-46B8-909C-96BEC4F70DA5}

Successfully deleted: [Empty Folder] C:\Users\Jennie\appdata\local\{E20230E7-BA31-4501-A4E5-8C48C7992A82}

Successfully deleted: [Empty Folder] C:\Users\Jennie\appdata\local\{E3A7C5D6-5D9B-4AF8-8B8E-A63F28626E75}

Successfully deleted: [Empty Folder] C:\Users\Jennie\appdata\local\{EF8E6DCA-5FEF-4299-874B-04E52F6098EF}

Successfully deleted: [Empty Folder] C:\Users\Jennie\appdata\local\{FD3276C6-EC94-4787-B8AE-F3670CB50701}

Successfully deleted: [Empty Folder] C:\Users\Jennie\appdata\local\{FDB94D8A-4E05-4A90-8D8C-B68C8732D8E9}

Successfully deleted: [Empty Folder] C:\Users\Jennie\appdata\local\{FF8F99FC-2A78-44F5-B0F3-1700FCD27E29}

~~~ FireFox

Successfully deleted: [File] C:\Users\Jennie\AppData\Roaming\mozilla\firefox\profiles\yq2i6bne.default\user.js

Successfully deleted the following from C:\Users\Jennie\AppData\Roaming\mozilla\firefox\profiles\yq2i6bne.default\prefs.js

Emptied folder: C:\Users\Jennie\AppData\Roaming\mozilla\firefox\profiles\yq2i6bne.default\minidumps [110 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Fri 06/21/2013 at 23:41:29.03

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL LOG FILE

OTL logfile created on: 6/22/2013 7:53:50 AM - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jennie\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16614)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 0.80 Gb Available Physical Memory | 41.55% Memory free

4.28 Gb Paging File | 2.29 Gb Available in Paging File | 53.60% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 232.88 Gb Total Space | 105.29 Gb Free Space | 45.21% Space Free | Partition Type: NTFS

Drive D: | 140.64 Gb Total Space | 140.54 Gb Free Space | 99.93% Space Free | Partition Type: NTFS

Drive E: | 8.41 Gb Total Space | 1.79 Gb Free Space | 21.23% Space Free | Partition Type: NTFS

Drive G: | 14.91 Gb Total Space | 14.16 Gb Free Space | 94.94% Space Free | Partition Type: FAT32

Computer Name: JENNIE-LAPTOP | User Name: Jennie | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/21 23:03:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jennie\Desktop\OTL.exe

PRC - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2013/01/31 13:36:02 | 000,039,528 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Titanium\plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe

PRC - [2012/09/28 15:19:16 | 007,392,648 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

PRC - [2011/03/15 10:38:16 | 004,460,032 | ---- | M] (Craft Edge) -- C:\Program Files (x86)\Craft Edge\Sure Cuts A Lot 2\Sure Cuts A Lot 2.exe

PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

PRC - [2008/05/01 07:38:00 | 000,131,072 | ---- | M] (Linksys LLC - A Division of Cisco Systems) -- C:\Program Files (x86)\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe

PRC - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\SysWOW64\bgsvcgen.exe

PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe

PRC - [2006/01/12 20:52:32 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe

PRC - [2005/04/04 18:58:30 | 000,856,064 | ---- | M] (Adobe Sytems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

PRC - [2005/04/04 18:58:28 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe

========== Modules (No Company Name) ==========

MOD - [2013/05/20 06:56:35 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll

MOD - [2013/05/20 06:55:47 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll

MOD - [2013/05/20 06:55:27 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll

MOD - [2013/05/20 06:55:00 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll

MOD - [2013/05/20 06:54:42 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll

MOD - [2013/01/31 13:36:02 | 000,719,256 | ---- | M] () -- C:\Program Files\Trend Micro\Titanium\plugin\TMAS\TMAS_WLM\WLMailApiCore.dll

MOD - [2013/01/12 09:02:47 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll

MOD - [2013/01/12 08:59:12 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll

MOD - [2013/01/12 08:57:38 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll

MOD - [2013/01/12 08:57:05 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll

MOD - [2013/01/12 08:52:25 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll

MOD - [2009/11/03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2006/01/12 21:20:26 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\AcroTray.DEU

MOD - [2006/01/12 21:13:46 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\AcroTray.FRA

========== Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)

SRV:64bit: - [2013/06/06 00:54:04 | 001,900,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2007/07/10 07:28:28 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.exe -- (XAudioService)

SRV - [2013/06/11 17:07:35 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/05/11 18:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/09/28 15:19:16 | 007,392,648 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)

SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2009/11/04 08:07:31 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008/04/18 05:30:42 | 000,204,800 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)

SRV - [2008/04/09 01:15:12 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)

SRV - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen)

SRV - [2007/05/31 11:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2007/05/31 11:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)

SRV - [2005/04/04 18:58:28 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [Auto | Stop_Pending] -- c:\Program Files (x86)\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/12/21 19:50:12 | 000,174,016 | ---- | M] (Trend Micro Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)

DRV:64bit: - [2012/12/21 19:50:12 | 000,108,584 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)

DRV:64bit: - [2012/12/21 19:50:12 | 000,077,184 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)

DRV:64bit: - [2012/12/07 14:33:04 | 000,094,520 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tmeevw.sys -- (tmeevw)

DRV:64bit: - [2012/08/24 09:07:14 | 000,046,392 | ---- | M] (Trend Micro Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TMEBC64.sys -- (TMEBC)

DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012/07/05 23:35:58 | 000,210,232 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tmnciesc.sys -- (tmnciesc)

DRV:64bit: - [2012/05/02 15:27:22 | 000,105,744 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)

DRV:64bit: - [2012/04/15 16:24:36 | 000,526,392 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)

DRV:64bit: - [2012/03/02 00:13:58 | 000,029,184 | ---- | M] (http://libusb-win32.sourceforge.net) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (P2saltapn)

DRV:64bit: - [2012/03/02 00:13:58 | 000,029,184 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0)

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/10/14 05:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2011/05/13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)

DRV:64bit: - [2011/05/13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)

DRV:64bit: - [2011/05/13 03:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)

DRV:64bit: - [2011/05/13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)

DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010/11/11 01:11:50 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)

DRV:64bit: - [2010/11/11 01:11:50 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)

DRV:64bit: - [2010/11/11 01:11:50 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)

DRV:64bit: - [2010/09/28 16:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2010/07/12 13:49:14 | 000,072,648 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)

DRV:64bit: - [2010/07/12 13:48:50 | 000,085,320 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)

DRV:64bit: - [2010/04/14 01:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)

DRV:64bit: - [2010/02/25 01:02:38 | 000,019,000 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CPQBttn.sys -- (HBtnKey)

DRV:64bit: - [2009/11/10 10:27:06 | 000,024,576 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FlyUsb.sys -- (FlyUsb)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/08 01:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)

DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/04/29 07:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV:64bit: - [2008/07/10 19:43:18 | 000,037,376 | ---- | M] (SerComm) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\scnuhub20.sys -- (SCNUHUB20)

DRV:64bit: - [2008/06/06 16:49:02 | 000,015,872 | ---- | M] (SerComm) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\scnuhst20.sys -- (scnuhst20)

DRV:64bit: - [2008/04/09 01:14:02 | 000,031,544 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)

DRV:64bit: - [2008/04/09 01:14:00 | 000,033,080 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)

DRV:64bit: - [2008/03/03 12:32:46 | 000,222,720 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)

DRV:64bit: - [2007/07/10 07:28:16 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)

DRV:64bit: - [2007/06/20 05:32:58 | 001,478,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)

DRV:64bit: - [2007/06/20 05:30:18 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)

DRV:64bit: - [2007/06/20 05:29:14 | 000,740,352 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)

DRV:64bit: - [2007/03/26 20:48:24 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)

DRV:64bit: - [2007/03/19 13:09:36 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)

DRV:64bit: - [2007/02/27 17:10:38 | 000,053,760 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)

DRV:64bit: - [2007/02/02 04:00:00 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2006/08/25 14:36:52 | 000,039,208 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cdrbsdrv.sys -- (cdrbsdrv)

DRV:64bit: - [2006/06/18 16:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)

DRV - [2010/06/24 18:53:04 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [File_System | Disabled | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (P2saltapn)

DRV - [2010/06/24 18:53:04 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)

DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2006/05/23 17:00:26 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\pfc.sys -- (pfc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80417

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80417&lng=en

IE - HKLM\..\URLSearchHook: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - SOFTWARE\Classes\CLSID\{ce0c2586-da36-452b-acdb-320d9bcb19bf}\InprocServer32 File not found

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3117099601-213443366-1289735000-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-3117099601-213443366-1289735000-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-3117099601-213443366-1289735000-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 E0 A6 97 6C 0E CB 01 [binary data]

IE - HKU\S-1-5-21-3117099601-213443366-1289735000-1001\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found

IE - HKU\S-1-5-21-3117099601-213443366-1289735000-1001\..\SearchScopes,DefaultScope = {180780f0-b348-4b44-8210-94a8f3ee15b2}

IE - HKU\S-1-5-21-3117099601-213443366-1289735000-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR

IE - HKU\S-1-5-21-3117099601-213443366-1289735000-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@TrendMicro.com/FFExtension: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.)

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Jennie\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Jennie\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Jennie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Jennie\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Jennie\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jennie\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jennie\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\tmbepff-7.5@trendmicro.com: C:\PROGRAM FILES\TREND MICRO\AMSP\MODULE\20002\7.5.1130\7.5.1130\FIREFOXEXTENSION [2013/06/15 22:07:42 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\tmbepff-7.5@trendmicro.com: C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1130\7.5.1130\firefoxextension [2013/06/15 22:07:42 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2013/01/26 14:15:13 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2013/06/15 22:09:08 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/29 21:11:35 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/06/21 23:35:36 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Jennie\AppData\Roaming\Move Networks [2012/01/21 15:02:53 | 000,000,000 | ---D | M]

[2009/12/29 23:28:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jennie\AppData\Roaming\Mozilla\Extensions

[2013/05/29 21:11:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions

[2013/06/22 07:46:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2012/10/18 19:54:43 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll

[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2012/02/28 16:04:46 | 000,020,569 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\xfinity.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},

CHR - homepage: http://www.google.com

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll

CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll

CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll

CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Jennie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Jennie\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Trend Micro Titanium (Enabled) = C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Jennie\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll

CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Jennie\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll

CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Jennie\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll

CHR - Extension: TrendMicro BEP Extension = C:\Users\Jennie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee\7.5.0.1130_0\

CHR - Extension: Pinterest = C:\Users\Jennie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.1_0\

CHR - Extension: TrendMicro Toolbar = C:\Users\Jennie\AppData\Local\Google\Chrome\User Data\Default\Extensions\heoldelcflnigdllmlopiefhkkobendj\6.0.0.1318_0\

O1 HOSTS File: ([2013/06/20 22:33:58 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.)

O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)

O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1130\7.5.1130\TmBpIe64.dll (Trend Micro Inc.)

O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll (Trend Micro Inc.)

O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1130\7.5.1130\TmBpIe32.dll (Trend Micro Inc.)

O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)

O3 - HKLM\..\Toolbar: (iWin Toolbar) - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files (x86)\iWin\tbiWin.dll File not found

O3 - HKU\S-1-5-21-3117099601-213443366-1289735000-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O4:64bit: - HKLM..\Run: [Mouse Suite 98 Daemon] C:\Windows\SysNative\ICO.EXE (Primax Electronics Ltd.)

O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)

O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)

O4:64bit: - HKLM..\Run: [WLM] C:\Program Files\Trend Micro\Titanium\Plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe (Trend Micro Inc.)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Adobe Version Cue CS2] c:\Program Files (x86)\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)

O4 - HKLM..\Run: [LELA] C:\Program Files (x86)\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe (Linksys LLC - A Division of Cisco Systems)

O4 - HKU\S-1-5-21-3117099601-213443366-1289735000-1001..\Run: [CompanionLink] c:\program files (x86)\companionlink\companionlink.exe (CompanionLink Software, Inc.)

O4 - HKU\S-1-5-21-3117099601-213443366-1289735000-1001..\Run: [MusicManager] C:\Users\Jennie\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)

O4 - Startup: C:\Users\Jennie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClearPlay Easy Updates.lnk = C:\Program Files (x86)\ClearPlay\ClearPlay Easy Updates\ClearPlayEasyUpdates.exe (ClearPlay Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3117099601-213443366-1289735000-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3117099601-213443366-1289735000-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)

O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)

O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)

O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B19A340-02F6-4190-9AF4-90D879836E65}: DhcpNameServer = 75.75.75.75 75.75.76.76

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)

O18:64bit: - Protocol\Handler\pure-go - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1130\7.5.1130\TmBpIe64.dll (Trend Micro Inc.)

O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.)

O18:64bit: - Protocol\Handler\tmtb - No CLSID value found

O18:64bit: - Protocol\Handler\tmtbim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)

O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1130\7.5.1130\TmBpIe32.dll (Trend Micro Inc.)

O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll (Trend Micro Inc.)

O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)

O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - E:\AUTOMODE -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKU\S-1-5-21-3117099601-213443366-1289735000-1001\...com [@ = ComFile] -- Reg Error: Key error. File not found

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/22 07:52:02 | 000,000,000 | ---D | C] -- C:\Users\Jennie\Desktop\Old Firefox Data

[2013/06/22 07:47:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service

[2013/06/22 07:40:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2013/06/22 07:38:29 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Jennie\Desktop\esetsmartinstaller_enu.exe

[2013/06/21 23:31:17 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2013/06/21 23:30:29 | 000,000,000 | ---D | C] -- C:\JRT

[2013/06/21 23:14:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jennie\Desktop\OTL.exe

[2013/06/21 21:56:18 | 000,000,000 | ---D | C] -- C:\Users\Jennie\Desktop\EpicRoot

[2013/06/21 21:48:49 | 000,000,000 | ---D | C] -- C:\Users\Jennie\Desktop\Epic 4G Files

[2013/06/21 21:24:09 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG

[2013/06/21 21:17:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung

[2013/06/21 08:23:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler

[2013/06/21 07:39:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013/06/21 07:35:14 | 000,000,000 | ---D | C] -- C:\Windows\LastGood

[2013/06/21 00:52:09 | 000,000,000 | ---D | C] -- C:\ComboFix

[2013/06/20 23:46:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)

[2013/06/20 23:37:03 | 000,000,000 | ---D | C] -- C:\Users\Jennie\Desktop\Virus Fixing

[2013/06/20 22:12:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2013/06/20 22:12:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2013/06/20 22:12:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2013/06/20 22:11:44 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/06/20 22:10:29 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013/06/20 18:00:27 | 000,000,000 | ---D | C] -- C:\Users\Jennie\AppData\Roaming\AdobeUM

[2013/06/20 17:56:15 | 000,000,000 | ---D | C] -- C:\Users\Jennie\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2013/06/19 12:04:42 | 000,000,000 | ---D | C] -- C:\Users\Jennie\Documents\Custom Office Templates

[2013/06/18 18:42:48 | 000,000,000 | ---D | C] -- C:\Users\Jennie\Desktop\blog ready photos

[2013/06/17 21:58:09 | 000,000,000 | ---D | C] -- C:\Users\Jennie\Documents\Updater

[2013/06/17 21:27:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe Systems Shared

[2013/06/17 21:27:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe

[2013/06/17 21:08:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF

[2013/06/17 18:55:17 | 000,000,000 | ---D | C] -- C:\Creative Suite CS2

[2013/06/17 15:05:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe

[2013/06/15 22:24:56 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2013/06/15 22:24:53 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2013/06/13 15:50:33 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2013/06/13 15:50:33 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2013/06/13 15:50:33 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2013/06/13 15:50:33 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2013/06/13 15:50:32 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll

[2013/06/13 15:50:32 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2013/06/13 15:50:32 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe

[2013/06/13 15:50:32 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe

[2013/06/13 15:50:32 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2013/06/13 15:50:29 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2013/06/13 15:50:29 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013/06/13 15:50:29 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2013/06/13 15:50:28 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2013/06/12 11:25:06 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll

[2013/06/12 11:25:06 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll

[2013/06/12 11:24:59 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll

[2013/06/12 11:24:59 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll

[2013/06/12 11:24:45 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll

[2013/06/12 11:24:39 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll

[2013/06/12 11:24:39 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe

[2013/06/12 11:24:39 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe

[2013/06/12 11:24:38 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll

[2013/06/12 11:24:38 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll

[2013/06/12 11:24:38 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll

[2013/06/12 11:23:35 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll

[2013/06/12 11:23:34 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll

[2013/06/08 22:34:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cricut-Craft Room

[2013/06/08 20:22:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CompanionLink Software, Inc

[2013/06/08 20:22:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CompanionLink

[2013/06/08 15:42:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013

[2013/06/08 15:21:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER

[2013/06/08 15:01:23 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft

[2013/06/08 15:01:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office

[2013/06/08 14:55:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15

[2013/06/04 19:11:44 | 037,076,504 | ---- | C] (Stampin' Up!) -- C:\Users\Jennie\Documents\mds_2_3_2_update.exe

[2013/05/29 21:10:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/22 07:47:10 | 000,001,161 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2013/06/22 07:38:41 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Jennie\Desktop\esetsmartinstaller_enu.exe

[2013/06/22 07:32:03 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3117099601-213443366-1289735000-1001UA.job

[2013/06/22 07:32:03 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/06/22 07:10:23 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/06/22 07:10:02 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3117099601-213443366-1289735000-1001Core.job

[2013/06/22 07:07:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/06/22 06:59:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/06/21 23:03:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jennie\Desktop\OTL.exe

[2013/06/21 21:48:13 | 000,759,518 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/06/21 21:48:13 | 000,647,604 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/06/21 21:48:13 | 000,115,486 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/06/21 09:04:53 | 000,013,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/06/21 09:04:53 | 000,013,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/06/21 08:23:42 | 000,001,945 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk

[2013/06/20 22:33:58 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2013/06/20 21:21:41 | 1559,433,216 | -HS- | M] () -- C:\hiberfil.sys

[2013/06/20 20:18:12 | 000,001,147 | ---- | M] () -- C:\Users\Jennie\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk

[2013/06/20 20:18:12 | 000,001,123 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/06/20 18:54:23 | 000,002,039 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat 3D.lnk

[2013/06/20 18:54:22 | 000,002,453 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk

[2013/06/20 13:18:38 | 000,002,468 | ---- | M] () -- C:\Users\Jennie\mydigitalstudio2.prefs

[2013/06/18 18:29:13 | 000,000,218 | ---- | M] () -- C:\Users\Jennie\.recently-used.xbel

[2013/06/18 16:14:58 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLec.DAT

[2013/06/18 16:14:58 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLds.DAT

[2013/06/18 08:16:32 | 000,584,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/06/17 21:28:34 | 000,001,305 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk

[2013/06/11 17:07:33 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013/06/11 17:07:33 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2013/06/11 17:07:15 | 017,617,288 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe

[2013/06/08 20:22:51 | 000,002,031 | ---- | M] () -- C:\Users\Public\Desktop\CompanionLink.lnk

[2013/06/08 15:45:16 | 000,001,219 | ---- | M] () -- C:\Users\Jennie\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk

[2013/06/08 14:31:32 | 000,000,028 | ---- | M] () -- C:\Windows\ODBC.INI

[2013/06/08 14:20:51 | 292,316,160 | ---- | M] () -- C:\Users\Jennie\Desktop\Comcast.pst

[2013/06/08 14:20:51 | 004,334,592 | ---- | M] () -- C:\Users\Jennie\Desktop\Contacts.pst

[2013/06/08 14:20:48 | 004,334,592 | ---- | M] () -- C:\Users\Jennie\Desktop\Calendar.pst

[2013/06/08 10:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2013/06/08 07:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2013/06/05 17:50:30 | 000,234,544 | ---- | M] () -- C:\Windows\RegBootClean64.exe

[2013/06/04 19:12:06 | 037,076,504 | ---- | M] (Stampin' Up!) -- C:\Users\Jennie\Documents\mds_2_3_2_update.exe

[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/22 07:47:10 | 000,001,173 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2013/06/22 07:47:10 | 000,001,161 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2013/06/21 08:23:42 | 000,001,945 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk

[2013/06/20 22:12:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2013/06/20 22:12:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2013/06/20 22:12:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2013/06/20 22:12:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2013/06/20 22:12:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2013/06/20 20:18:12 | 000,001,147 | ---- | C] () -- C:\Users\Jennie\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk

[2013/06/20 20:18:12 | 000,001,123 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/06/20 18:54:23 | 000,002,039 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat 3D.lnk

[2013/06/18 18:29:13 | 000,000,218 | ---- | C] () -- C:\Users\Jennie\.recently-used.xbel

[2013/06/17 23:18:45 | 000,001,019 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe GoLive CS2.lnk

[2013/06/17 22:43:42 | 000,002,191 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 3D Toolkit.lnk

[2013/06/17 22:43:41 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk

[2013/06/17 22:43:41 | 000,002,051 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 3D.lnk

[2013/06/17 22:43:40 | 000,002,459 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 7.0.lnk

[2013/06/17 22:43:40 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Designer 7.0.lnk

[2013/06/17 22:12:17 | 000,001,019 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InCopy CS2.lnk

[2013/06/17 21:52:58 | 000,002,584 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS2.lnk

[2013/06/17 21:41:09 | 000,001,041 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CS2.lnk

[2013/06/17 21:34:57 | 000,002,056 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk

[2013/06/17 21:34:56 | 000,002,059 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk

[2013/06/17 21:32:17 | 000,002,027 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk

[2013/06/17 21:28:34 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk

[2013/06/17 21:27:32 | 000,002,009 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk

[2013/06/17 15:05:41 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe

[2013/06/08 20:22:51 | 000,002,031 | ---- | C] () -- C:\Users\Public\Desktop\CompanionLink.lnk

[2013/06/08 15:45:16 | 000,001,219 | ---- | C] () -- C:\Users\Jennie\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk

[2013/06/08 14:11:21 | 292,316,160 | ---- | C] () -- C:\Users\Jennie\Desktop\Comcast.pst

[2013/06/08 14:10:38 | 004,334,592 | ---- | C] () -- C:\Users\Jennie\Desktop\Contacts.pst

[2013/06/08 14:08:41 | 004,334,592 | ---- | C] () -- C:\Users\Jennie\Desktop\Calendar.pst

[2013/06/05 17:50:15 | 000,234,544 | ---- | C] () -- C:\Windows\RegBootClean64.exe

[2013/01/26 14:10:47 | 000,000,036 | ---- | C] () -- C:\Users\Jennie\AppData\Local\housecall.guid.cache

[2012/12/05 21:03:25 | 000,000,031 | ---- | C] () -- C:\Users\Jennie\mds2Custom.prefs

[2012/12/05 20:54:08 | 000,002,468 | ---- | C] () -- C:\Users\Jennie\mydigitalstudio2.prefs

[2012/06/22 14:25:24 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2011/04/18 21:11:23 | 000,002,374 | ---- | C] () -- C:\Users\Jennie\mydigitalstudio.prefs

[2011/04/12 08:18:11 | 000,007,680 | ---- | C] () -- C:\Users\Jennie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/07/26 20:36:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/07/10 08:49:50 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Podcasting

[2010/07/10 08:49:50 | 000,000,268 | RH-- | C] () -- C:\Users\Jennie\AppData\Roaming\Plants

[2010/07/10 08:49:50 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT

[2010/07/10 08:49:50 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Work - Home

[2010/07/10 08:49:46 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Pop Flute

[2010/07/10 08:49:46 | 000,000,268 | RH-- | C] () -- C:\Users\Jennie\AppData\Roaming\Plug-In Settings

[2010/07/10 08:49:46 | 000,000,012 | RH-- | C] () -- C:\ProgramData\business-inkjet

[2010/07/10 08:19:24 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT

[2009/12/30 00:51:05 | 000,000,268 | RH-- | C] () -- C:\Users\Jennie\AppData\Roaming\Guitars

[2009/12/30 00:51:05 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT

[2009/12/30 00:51:05 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Hybrid Morph

[2009/12/30 00:39:26 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Halftone

[2009/12/30 00:39:26 | 000,000,268 | RH-- | C] () -- C:\Users\Jennie\AppData\Roaming\Guides

[2009/12/30 00:39:26 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT

[2009/12/30 00:39:26 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Horn Section

[2009/12/29 23:53:54 | 000,000,094 | ---- | C] () -- C:\Users\Jennie\AppData\Local\fusioncache.dat

[2009/12/29 14:58:40 | 000,024,064 | ---- | C] () -- C:\Users\Jennie\AppData\Roaming\UserTile.png

[2009/12/29 14:34:25 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLec.DAT

[2009/12/29 14:31:27 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Helper Scripts

[2009/12/29 14:31:27 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Guitars

[2009/12/29 14:31:27 | 000,000,268 | RH-- | C] () -- C:\Users\Jennie\AppData\Roaming\Grapher

[2009/12/29 14:31:27 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLds.DAT

[2008/03/24 10:47:02 | 000,000,012 | ---- | C] () -- C:\Users\Jennie\AppData\Roaming\userdic.tlx

========== ZeroAccess Check ==========

[2013/06/21 19:05:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-3117099601-213443366-1289735000-1001\$RHGFTMN.1-20130621-NIGHTLY-epicmtd\system\etc\terminfo\l

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 793 bytes -> C:\Users\Jennie\Documents\Order Confirmation (#3).eml:OECustomProperty

@Alternate Data Stream - 772 bytes -> C:\Users\Jennie\Documents\Re_ Order #3 - Canceled.eml:OECustomProperty

@Alternate Data Stream - 769 bytes -> C:\Users\Jennie\Documents\Order #3 - Canceled.eml:OECustomProperty

@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:3BFA9622

< End of report >

NuclearGladiator · June 23, 2013

I ran into some problems running the OTL scan as it would hang while it was reading the Firefox settings and then go non responsive. I finally figured out that I had to restore Firefox to its original settings and then everything worked great. There must have been something in my custom settings that was conflicting with OTL.

With that said I'm still running the ESET scan and will post the results once it's done. Here are the results you requested from the other scans: Part 2

OTL EXTRAS LOG

OTL Extras logfile created on: 6/22/2013 7:53:50 AM - Run 2