rnct3 Posted June 22, 2013 ID:694598 Share Posted June 22, 2013 Hello,I have the FBI Moneypack virus on my computer. I am running 64bit Windows on a Dell Studio 1458. I have attached the frst logs to this post. Please help me with what to do next. Your help is greatly appreciated. Thank you! Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2013 02Ran by SYSTEM on 22-06-2013 23:05:22Running from F:\Windows 7 Ultimate (X64) OS Language: English(US)Internet Explorer Version 10Boot Mode: RecoveryThe current controlset is ControlSet001ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.==================== Registry (Whitelisted) ==================HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1825064 2009-09-03] (Synaptics Incorporated)HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8095776 2009-08-31] (Realtek Semiconductor)HKLM\...\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe [2384896 2009-07-22] ()HKLM\...\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5712896 2010-02-02] (Dell Inc.)HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)HKLM-x32\...\RunOnce: [b Register C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer [194912 2013-02-07] (DivX, LLC)HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-12-29] (CyberLink Corp.)HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)HKLM-x32\...\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [840768 2013-05-10] (Adobe Systems Inc.)HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)HKLM-x32\...\Run: [] [x]HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [38984 2013-05-10] (Adobe Systems Incorporated)HKLM-x32\...\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [358336 2011-08-11] (Citrix Systems, Inc.)HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263952 2013-02-12] ()HKLM-x32\...\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-01-29] (DivX, LLC)HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-04-30] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)HKU\Rita Nicole\...\Run: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [1272912 2013-05-10] (Adobe Systems Incorporated)HKU\Rita Nicole\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)HKU\Rita Nicole\...\Run: [Akamai NetSession Interface] "C:\Users\Rita Nicole\AppData\Local\Akamai\netsession_win.exe" [x]HKU\Rita Nicole\...\Run: [HideMyIP] C:\Program Files (x86)\Hide My IP\HideMyIP.exe [951952 2012-10-23] (www.hidemyip.com)HKU\Rita Nicole\...\Run: [Google Update] "C:\Users\Rita Nicole\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2013-02-18] (Google Inc.)HKU\Rita Nicole\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)HKU\Rita Nicole\...\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)HKU\Rita Nicole\...\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-04-05] (Apple Inc.)Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnkShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnkShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)==================== Services (Whitelisted) =================S2 ADVService; C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2011-11-23] (Amazon.com)S2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll [4561152 2013-03-21] (Akamai Technologies, Inc.)S3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2013-02-06] (Research In Motion Limited)S3 HideMyIpSRV; C:\Program Files (x86)\Hide My IP\HideMyIpSrv.exe [3572880 2012-10-23] (Hide My IP)S2 InstallFilterService; C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [60928 2009-06-23] ()S3 OpenVPNService; C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe [36352 2011-07-13] ()S2 Polar Daemon; C:\Program Files (x86)\Polar\Daemon\polard.exe [411136 2011-10-19] ()S2 Tether; C:\Program Files (x86)\Tether\TBService.exe [49080 2010-05-14] ()S2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE [48128 2010-02-02] (Dell Inc.)S2 0032611335484094mcinstcleanup; C:\Users\RITANI~1\AppData\Local\Temp\003261~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [x]S2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [x]==================== Drivers (Whitelisted) ====================S3 HP1210FAX; C:\Windows\System32\Drivers\HPM1210FAX.sys [16384 2011-04-15] ()S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2011-04-15] (Marvell Semiconductor, Inc.)S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)S3 rtlss; C:\Windows\System32\Drivers\rtlss.sys [27240 2010-06-21] (Realtek Semiconductor Corporation)S2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()S3 catchme; \??\C:\ComboFix\catchme.sys [x]S3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]S3 tsusbhub; system32\drivers\tsusbhub.sys [x]S3 VGPU; System32\drivers\rdvgkmd.sys [x]==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2013-06-22 23:05 - 2013-06-22 23:05 - 00000000 ____D C:\FRST2013-06-19 23:33 - 2013-06-19 23:33 - 02019324 ____A C:\ProgramData\Application Data\2433f4332013-06-19 23:33 - 2013-06-19 23:33 - 02019324 ____A C:\ProgramData\2433f4332013-06-19 23:33 - 2013-06-19 23:33 - 02019278 ____A C:\Users\Rita Nicole\Application Data\2433f4332013-06-19 23:33 - 2013-06-19 23:33 - 02019278 ____A C:\Users\Rita Nicole\AppData\Roaming\2433f4332013-06-19 23:33 - 2013-06-19 23:33 - 02019263 ____A C:\Users\Rita Nicole\Local Settings\Application Data\2433f4332013-06-19 23:33 - 2013-06-19 23:33 - 02019263 ____A C:\Users\Rita Nicole\Local Settings\2433f4332013-06-19 23:33 - 2013-06-19 23:33 - 02019263 ____A C:\Users\Rita Nicole\AppData\Local\2433f4332013-06-19 23:33 - 2013-06-19 23:33 - 00014624 ____A C:\Users\Rita Nicole\Desktop\hs_err_pid6656.log2013-06-08 10:38 - 2013-06-08 10:38 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk2013-06-08 10:38 - 2013-06-08 10:38 - 00001785 ____A C:\ProgramData\Desktop\iTunes.lnk2013-06-08 10:37 - 2013-06-22 02:05 - 00000000 ____D C:\ProgramData\Application Data\34BE82C4-E596-4e99-A191-52C6199EBF692013-06-08 10:37 - 2013-06-22 02:05 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692013-06-08 10:37 - 2013-06-22 02:05 - 00000000 ____D C:\Program Files\iTunes2013-06-08 10:37 - 2013-06-22 02:05 - 00000000 ____D C:\Program Files (x86)\iTunes2013-06-08 10:37 - 2013-06-22 01:59 - 00000000 ____D C:\Program Files\iPod2013-06-08 10:33 - 2013-06-22 02:05 - 00000000 ____D C:\Program Files (x86)\QuickTime2013-06-05 20:04 - 2013-06-05 20:04 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll2013-06-05 20:04 - 2013-06-05 20:04 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll2013-06-05 20:04 - 2013-06-05 20:04 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2013-06-05 20:04 - 2013-06-05 20:04 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2013-06-05 20:04 - 2013-06-05 20:04 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll2013-06-05 20:04 - 2013-06-05 20:04 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2013-06-05 20:04 - 2013-06-05 20:04 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2013-06-05 20:04 - 2013-06-05 20:04 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2013-06-05 20:04 - 2013-06-05 20:04 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll2013-06-05 20:04 - 2013-06-05 20:04 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll2013-06-05 20:04 - 2013-06-05 20:04 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2013-06-05 20:04 - 2013-06-05 20:04 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2013-06-05 20:04 - 2013-06-05 20:04 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl2013-06-05 20:04 - 2013-06-05 20:04 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2013-06-05 20:04 - 2013-06-05 20:04 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat2013-06-05 20:04 - 2013-06-05 20:04 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat2013-06-05 20:04 - 2013-06-05 20:04 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll2013-06-05 20:04 - 2013-06-05 20:04 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2013-06-05 20:04 - 2013-06-05 20:04 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe2013-06-05 20:04 - 2013-06-05 20:04 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec2013-06-05 20:04 - 2013-06-05 20:04 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec2013-06-05 20:04 - 2013-06-05 20:04 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe2013-06-05 20:04 - 2013-06-05 20:04 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe2013-06-05 20:04 - 2013-06-05 20:04 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe2013-06-05 20:04 - 2013-06-05 20:04 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe2013-06-05 20:04 - 2013-06-05 20:04 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe2013-06-05 20:04 - 2013-06-05 20:04 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2013-06-05 20:04 - 2013-06-05 20:04 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe2013-06-05 20:04 - 2013-06-05 20:04 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe2013-06-05 20:04 - 2013-06-05 20:04 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx2013-06-05 20:04 - 2013-06-05 20:04 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe2013-06-05 20:04 - 2013-06-05 20:04 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe2013-06-05 20:04 - 2013-06-05 20:04 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx2013-06-05 20:04 - 2013-06-05 20:04 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe2013-06-05 20:04 - 2013-06-05 20:04 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe2013-06-05 20:04 - 2013-06-05 20:04 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe2013-06-05 20:04 - 2013-06-05 20:04 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe2013-06-05 20:04 - 2013-06-05 20:04 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe2013-06-05 20:03 - 2013-06-05 20:03 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll2013-06-05 20:03 - 2013-06-05 20:03 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll2013-06-05 20:03 - 2013-06-05 20:03 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll2013-06-05 20:03 - 2013-06-05 20:03 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll2013-06-05 20:03 - 2013-06-05 20:03 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll2013-06-05 20:03 - 2013-06-05 20:03 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll2013-06-05 20:03 - 2013-06-05 20:03 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll2013-06-05 20:03 - 2013-06-05 20:03 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll2013-06-05 20:03 - 2013-06-05 20:03 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll2013-06-05 20:03 - 2013-06-05 20:03 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll2013-06-05 20:03 - 2013-06-05 20:03 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll2013-06-05 20:03 - 2013-06-05 20:03 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll2013-06-05 20:03 - 2013-06-05 20:03 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll2013-06-05 20:03 - 2013-06-05 20:03 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll2013-06-05 20:03 - 2013-06-05 20:03 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll2013-06-05 20:03 - 2013-06-05 20:03 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll2013-06-05 20:03 - 2013-06-05 20:03 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll2013-06-05 20:01 - 2013-06-05 20:10 - 00011161 ____A C:\Windows\IE10_main.log2013-06-05 08:54 - 2013-06-16 19:46 - 00000000 ____D C:\Users\Rita Nicole\Local Settings\Application Data\8D60C146-23F5-4458-89C5-7C1EC844C946.aplzod2013-06-05 08:54 - 2013-06-16 19:46 - 00000000 ____D C:\Users\Rita Nicole\Local Settings\8D60C146-23F5-4458-89C5-7C1EC844C946.aplzod2013-06-05 08:54 - 2013-06-16 19:46 - 00000000 ____D C:\Users\Rita Nicole\AppData\Local\8D60C146-23F5-4458-89C5-7C1EC844C946.aplzod2013-05-25 04:05 - 2013-05-25 04:27 - 00000000 ____D C:\Users\Rita Nicole\My Documents\Vodafone DE2013-05-25 04:05 - 2013-05-25 04:27 - 00000000 ____D C:\Users\Rita Nicole\Documents\Vodafone DE==================== One Month Modified Files and Folders =======2013-06-22 23:05 - 2013-06-22 23:05 - 00000000 ____D C:\FRST2013-06-22 16:00 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT2013-06-22 16:00 - 2009-07-13 23:51 - 00103476 ____A C:\Windows\setupact.log2013-06-22 02:06 - 2010-08-26 12:08 - 00000000 ____D C:\users\Rita Nicole2013-06-22 02:06 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Offline Web Pages2013-06-22 02:06 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK2013-06-22 02:06 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR2013-06-22 02:06 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\zh-HK2013-06-22 02:06 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\tr-TR2013-06-22 02:06 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\NDF2013-06-22 02:06 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache2013-06-22 02:06 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions2013-06-22 02:05 - 2013-06-08 10:37 - 00000000 ____D C:\ProgramData\Application Data\34BE82C4-E596-4e99-A191-52C6199EBF692013-06-22 02:05 - 2013-06-08 10:37 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692013-06-22 02:05 - 2013-06-08 10:37 - 00000000 ____D C:\Program Files\iTunes2013-06-22 02:05 - 2013-06-08 10:37 - 00000000 ____D C:\Program Files (x86)\iTunes2013-06-22 02:05 - 2013-06-08 10:33 - 00000000 ____D C:\Program Files (x86)\QuickTime2013-06-22 02:05 - 2010-08-29 22:37 - 00000000 ____D C:\Users\Rita Nicole\Local Settings\Microsoft Help2013-06-22 02:05 - 2010-08-29 22:37 - 00000000 ____D C:\Users\Rita Nicole\Local Settings\Application Data\Microsoft Help2013-06-22 02:05 - 2010-08-29 22:37 - 00000000 ____D C:\Users\Rita Nicole\AppData\Local\Microsoft Help2013-06-22 02:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration2013-06-22 02:03 - 2011-04-14 12:19 - 00000000 ____D C:\Windows\System32\Macromed2013-06-22 02:02 - 2010-08-26 16:56 - 00000000 ____D C:\Users\Rita Nicole\Application Data\Skype2013-06-22 02:02 - 2010-08-26 16:56 - 00000000 ____D C:\Users\Rita Nicole\AppData\Roaming\Skype2013-06-22 02:02 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat2013-06-22 01:59 - 2013-06-08 10:37 - 00000000 ____D C:\Program Files\iPod2013-06-22 01:59 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared2013-06-21 19:56 - 2012-07-19 22:31 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job2013-06-19 23:33 - 2013-06-19 23:33 - 02019324 ____A C:\ProgramData\Application Data\2433f4332013-06-19 23:33 - 2013-06-19 23:33 - 02019324 ____A C:\ProgramData\2433f4332013-06-19 23:33 - 2013-06-19 23:33 - 02019278 ____A C:\Users\Rita Nicole\Application Data\2433f4332013-06-19 23:33 - 2013-06-19 23:33 - 02019278 ____A C:\Users\Rita Nicole\AppData\Roaming\2433f4332013-06-19 23:33 - 2013-06-19 23:33 - 02019263 ____A C:\Users\Rita Nicole\Local Settings\Application Data\2433f4332013-06-19 23:33 - 2013-06-19 23:33 - 02019263 ____A C:\Users\Rita Nicole\Local Settings\2433f4332013-06-19 23:33 - 2013-06-19 23:33 - 02019263 ____A C:\Users\Rita Nicole\AppData\Local\2433f4332013-06-19 23:33 - 2013-06-19 23:33 - 00014624 ____A C:\Users\Rita Nicole\Desktop\hs_err_pid6656.log2013-06-16 20:00 - 2009-07-14 00:10 - 01125280 ____A C:\Windows\WindowsUpdate.log2013-06-16 19:48 - 2009-04-20 02:05 - 00000000 ____D C:\Users\Rita Nicole\My Documents\Outlook Files2013-06-16 19:48 - 2009-04-20 02:05 - 00000000 ____D C:\Users\Rita Nicole\Documents\Outlook Files2013-06-16 19:46 - 2013-06-05 08:54 - 00000000 ____D C:\Users\Rita Nicole\Local Settings\Application Data\8D60C146-23F5-4458-89C5-7C1EC844C946.aplzod2013-06-16 19:46 - 2013-06-05 08:54 - 00000000 ____D C:\Users\Rita Nicole\Local Settings\8D60C146-23F5-4458-89C5-7C1EC844C946.aplzod2013-06-16 19:46 - 2013-06-05 08:54 - 00000000 ____D C:\Users\Rita Nicole\AppData\Local\8D60C146-23F5-4458-89C5-7C1EC844C946.aplzod2013-06-16 19:39 - 2009-07-13 23:45 - 00019376 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-06-16 19:39 - 2009-07-13 23:45 - 00019376 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-06-16 19:38 - 2012-12-11 18:38 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe2013-06-16 19:38 - 2012-04-02 14:16 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2013-06-16 19:38 - 2011-06-06 11:21 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2013-06-16 19:36 - 2011-08-27 14:04 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-06-16 19:35 - 2013-04-19 11:03 - 00000932 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-121882709-412351183-818571276-1000UA.job2013-06-16 19:32 - 2011-08-27 14:04 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-06-16 08:52 - 2013-04-19 11:03 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-121882709-412351183-818571276-1000Core.job2013-06-08 10:38 - 2013-06-08 10:38 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk2013-06-08 10:38 - 2013-06-08 10:38 - 00001785 ____A C:\ProgramData\Desktop\iTunes.lnk2013-06-05 20:10 - 2013-06-05 20:01 - 00011161 ____A C:\Windows\IE10_main.log2013-06-05 20:04 - 2013-06-05 20:04 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll2013-06-05 20:04 - 2013-06-05 20:04 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll2013-06-05 20:04 - 2013-06-05 20:04 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2013-06-05 20:04 - 2013-06-05 20:04 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2013-06-05 20:04 - 2013-06-05 20:04 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll2013-06-05 20:04 - 2013-06-05 20:04 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2013-06-05 20:04 - 2013-06-05 20:04 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2013-06-05 20:04 - 2013-06-05 20:04 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2013-06-05 20:04 - 2013-06-05 20:04 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll2013-06-05 20:04 - 2013-06-05 20:04 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll2013-06-05 20:04 - 2013-06-05 20:04 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2013-06-05 20:04 - 2013-06-05 20:04 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2013-06-05 20:04 - 2013-06-05 20:04 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl2013-06-05 20:04 - 2013-06-05 20:04 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2013-06-05 20:04 - 2013-06-05 20:04 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat2013-06-05 20:04 - 2013-06-05 20:04 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat2013-06-05 20:04 - 2013-06-05 20:04 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll2013-06-05 20:04 - 2013-06-05 20:04 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2013-06-05 20:04 - 2013-06-05 20:04 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe2013-06-05 20:04 - 2013-06-05 20:04 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec2013-06-05 20:04 - 2013-06-05 20:04 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec2013-06-05 20:04 - 2013-06-05 20:04 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe2013-06-05 20:04 - 2013-06-05 20:04 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe2013-06-05 20:04 - 2013-06-05 20:04 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe2013-06-05 20:04 - 2013-06-05 20:04 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe2013-06-05 20:04 - 2013-06-05 20:04 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe2013-06-05 20:04 - 2013-06-05 20:04 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2013-06-05 20:04 - 2013-06-05 20:04 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe2013-06-05 20:04 - 2013-06-05 20:04 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe2013-06-05 20:04 - 2013-06-05 20:04 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx2013-06-05 20:04 - 2013-06-05 20:04 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe2013-06-05 20:04 - 2013-06-05 20:04 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe2013-06-05 20:04 - 2013-06-05 20:04 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx2013-06-05 20:04 - 2013-06-05 20:04 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe2013-06-05 20:04 - 2013-06-05 20:04 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll2013-06-05 20:04 - 2013-06-05 20:04 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe2013-06-05 20:04 - 2013-06-05 20:04 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe2013-06-05 20:04 - 2013-06-05 20:04 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe2013-06-05 20:04 - 2013-06-05 20:04 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe2013-06-05 20:03 - 2013-06-05 20:03 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll2013-06-05 20:03 - 2013-06-05 20:03 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll2013-06-05 20:03 - 2013-06-05 20:03 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll2013-06-05 20:03 - 2013-06-05 20:03 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll2013-06-05 20:03 - 2013-06-05 20:03 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll2013-06-05 20:03 - 2013-06-05 20:03 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll2013-06-05 20:03 - 2013-06-05 20:03 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll2013-06-05 20:03 - 2013-06-05 20:03 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll2013-06-05 20:03 - 2013-06-05 20:03 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll2013-06-05 20:03 - 2013-06-05 20:03 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll2013-06-05 20:03 - 2013-06-05 20:03 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll2013-06-05 20:03 - 2013-06-05 20:03 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll2013-06-05 20:03 - 2013-06-05 20:03 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll2013-06-05 20:03 - 2013-06-05 20:03 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll2013-06-05 20:03 - 2013-06-05 20:03 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll2013-06-05 20:03 - 2013-06-05 20:03 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll2013-06-05 20:03 - 2013-06-05 20:03 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll2013-06-05 20:03 - 2013-06-05 20:03 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll2013-06-05 09:00 - 2010-11-15 19:34 - 00000000 ____D C:\Users\Rita Nicole\Application Data\Apple Computer2013-06-05 09:00 - 2010-11-15 19:34 - 00000000 ____D C:\Users\Rita Nicole\AppData\Roaming\Apple Computer2013-06-05 08:48 - 2010-08-30 00:03 - 00000000 ____D C:\Users\Rita Nicole\Local Settings\Application Data\Apple Computer2013-06-05 08:48 - 2010-08-30 00:03 - 00000000 ____D C:\Users\Rita Nicole\Local Settings\Apple Computer2013-06-05 08:48 - 2010-08-30 00:03 - 00000000 ____D C:\Users\Rita Nicole\AppData\Local\Apple Computer2013-05-28 02:53 - 2010-07-13 10:56 - 00000000 ____D C:\Users\Rita Nicole\My Documents\Recipes2013-05-28 02:53 - 2010-07-13 10:56 - 00000000 ____D C:\Users\Rita Nicole\Documents\Recipes2013-05-25 04:27 - 2013-05-25 04:05 - 00000000 ____D C:\Users\Rita Nicole\My Documents\Vodafone DE2013-05-25 04:27 - 2013-05-25 04:05 - 00000000 ____D C:\Users\Rita Nicole\Documents\Vodafone DEZeroAccess:C:\$Recycle.Bin\S-1-5-21-121882709-412351183-818571276-1000\$b3e08003e8107cf7184dc005ab9859c5C:\$Recycle.Bin\S-1-5-21-121882709-412351183-818571276-1000\$b3e08003e8107cf7184dc005ab9859c5\@C:\$Recycle.Bin\S-1-5-21-121882709-412351183-818571276-1000\$b3e08003e8107cf7184dc005ab9859c5\LC:\$Recycle.Bin\S-1-5-21-121882709-412351183-818571276-1000\$b3e08003e8107cf7184dc005ab9859c5\UC:\$Recycle.Bin\S-1-5-21-121882709-412351183-818571276-1000\$b3e08003e8107cf7184dc005ab9859c5\L\00000004.@Files to move or delete:====================C:\Users\Rita Nicole\GoToAssistDownloadHelper.exe==================== Known DLLs (Whitelisted) ==================================== Bamital & volsnap Check =================C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit==================== EXE ASSOCIATION =====================HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK==================== Restore Points =========================Restore point made on: 2013-05-28 02:34:21Restore point made on: 2013-06-05 00:18:06Restore point made on: 2013-06-05 20:00:36Restore point made on: 2013-06-16 08:53:44Restore point made on: 2013-06-16 20:00:50Restore point made on: 2013-06-19 22:30:49==================== Memory info ===========================Percentage of memory in use: 12%Total physical RAM: 6004.52 MBAvailable physical RAM: 5273.75 MBTotal Pagefile: 6002.67 MBAvailable Pagefile: 5266.51 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.85 MB==================== Drives ================================Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:231.55 GB) NTFS (Disk=0 Partition=3)Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:7.76 GB) NTFS (Disk=0 Partition=2) ==>[system with boot components (obtained from reading drive)]Drive f: () (Removable) (Total:0.94 GB) (Free:0.83 GB) FAT (Disk=1 Partition=1)Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: C5D66832)Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)========================================================Disk: 1 (Size: 964 MB) (Disk ID: 69737369)Partition 1: (Not Active) - (Size=80 GB) - (Type=69)Partition 2: (Not Active) - (Size=892 GB) - (Type=73)Partition 3: (Not Active) - (Size=0) - (Type=74)Partition 4: (Not Active) - (Size=-440245157888) - (Type=00)LastRegBack: 2013-06-16 09:12==================== End Of Log ============================ Farbar Recovery Scan Tool (x64) Version: 22-06-2013 02Ran by SYSTEM at 2013-06-22 23:08:48Running from F:\Boot Mode: Recovery================== Search: "services.exe" ===================C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCBC:\Windows\System32\services.exe[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCBC:\Windows\ERDNT\cache64\services.exe[2012-04-26 18:43] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB====== End Of Search ======FRST.txtSearch.txt Link to post Share on other sites More sharing options...
rnct3 Posted June 22, 2013 Author ID:694599 Share Posted June 22, 2013 Also, I have been unable to enter into safe mode. I am kicked out of it and pushed back to regular start up. Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted June 22, 2013 ID:694601 Share Posted June 22, 2013 Hello rnct3 and welcome to Malwarebytes! Please do the following:Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.Right-click in the open notepad and select Paste).Save it on the flashdrive as fixlist.txtC:\Users\Rita Nicole\GoToAssistDownloadHelper.exe C:\$Recycle.Bin\S-1-5-21-121882709-412351183-818571276-1000\$b3e08003e8107cf7184dc005ab9859c5 C:\$Recycle.Bin\S-1-5-21-121882709-412351183-818571276-1000\$b3e08003e8107cf7184dc005ab9859c5\@ C:\$Recycle.Bin\S-1-5-21-121882709-412351183-818571276-1000\$b3e08003e8107cf7184dc005ab9859c5\L C:\$Recycle.Bin\S-1-5-21-121882709-412351183-818571276-1000\$b3e08003e8107cf7184dc005ab9859c5\U C:\$Recycle.Bin\S-1-5-21-121882709-412351183-818571276-1000\$b3e08003e8107cf7184dc005ab9859c5\L\00000004.@ 2013-06-19 23:33 - 2013-06-19 23:33 - 02019324 ____A C:\ProgramData\Application Data\2433f433 2013-06-19 23:33 - 2013-06-19 23:33 - 02019324 ____A C:\ProgramData\2433f433 2013-06-19 23:33 - 2013-06-19 23:33 - 02019278 ____A C:\Users\Rita Nicole\Application Data\2433f433 2013-06-19 23:33 - 2013-06-19 23:33 - 02019278 ____A C:\Users\Rita Nicole\AppData\Roaming\2433f433 2013-06-19 23:33 - 2013-06-19 23:33 - 02019263 ____A C:\Users\Rita Nicole\Local Settings\Application Data\2433f433 2013-06-19 23:33 - 2013-06-19 23:33 - 02019263 ____A C:\Users\Rita Nicole\Local Settings\2433f433 2013-06-19 23:33 - 2013-06-19 23:33 - 02019263 ____A C:\Users\Rita Nicole\AppData\Local\2433f433 NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Now please enter System Recovery Options. Run FRST and press the Fix button just once and wait. The tool will make a log on the flashdrive (Fixlog.txt) please post it in your next reply. After that- are you able to boot into normal mode? Let me know when you can as we have more malware to remove. ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Note: Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly" -------> Your topic will be closed if you haven't replied within 3 days! <-------- (If I don't respond within 24 hours, please send me a PM) -DFB Link to post Share on other sites More sharing options...
rnct3 Posted June 22, 2013 Author ID:694612 Share Posted June 22, 2013 I was able to login to Windows normally and the computer has a message on the screen that says- "System Restore completed successfully. The system has been restored to 6/17/2013 3:00:23 AM. Your documents have not been affected."Here is the fix log. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-06-2013 02Ran by SYSTEM at 2013-06-23 00:38:37 Run:1Running from F:\Boot Mode: Recovery==============================================C:\Users\Rita Nicole\GoToAssistDownloadHelper.exe => Moved successfully.C:\$Recycle.Bin\S-1-5-21-121882709-412351183-818571276-1000\$b3e08003e8107cf7184dc005ab9859c5 => Moved successfully.C:\$Recycle.Bin\S-1-5-21-121882709-412351183-818571276-1000\$b3e08003e8107cf7184dc005ab9859c5\@ => File/Directory not found.C:\$Recycle.Bin\S-1-5-21-121882709-412351183-818571276-1000\$b3e08003e8107cf7184dc005ab9859c5\L => File/Directory not found.C:\$Recycle.Bin\S-1-5-21-121882709-412351183-818571276-1000\$b3e08003e8107cf7184dc005ab9859c5\U => File/Directory not found.C:\$Recycle.Bin\S-1-5-21-121882709-412351183-818571276-1000\$b3e08003e8107cf7184dc005ab9859c5\L\00000004.@ => File/Directory not found.C:\ProgramData\Application Data\2433f433 => Moved successfully.C:\ProgramData\2433f433 => File/Directory not found.C:\Users\Rita Nicole\Application Data\2433f433 => Moved successfully.C:\Users\Rita Nicole\AppData\Roaming\2433f433 => File/Directory not found.C:\Users\Rita Nicole\Local Settings\Application Data\2433f433 => Moved successfully.C:\Users\Rita Nicole\Local Settings\2433f433 => File/Directory not found.C:\Users\Rita Nicole\AppData\Local\2433f433 => File/Directory not found.==== End of Fixlog ==== Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted June 22, 2013 ID:694618 Share Posted June 22, 2013 Glad to hear you can log on normally. Let's start getting rid of the rest of it: ----------Step 1----------------Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Double-click on TDSSKiller.exe to run the tool for known TDSS variants.Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it.To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.----------Step 2----------------Please download Malwarebytes Anti-Rootkit from HEREUnzip the contents to a folder in a convenient location.Open the folder where the contents were unzipped and run mbar.exeFollow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt----------Step 3----------------Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:http://www.bleepingc...to-use-combofix***IMPORTANT: save ComboFix to your Desktop**** Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Please go here to see a list of programs that should be disabled.**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall** Please include the C:\ComboFix.txt in your next reply for further review.NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.----------Step 4----------------Please download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.----------Step 5----------------In your next reply, please include the following:TDSSKiller's logfileMBAR mbar-log.txt and system-log.txtComboFix's report (C:\ComboFix.txt)Security Check checkup.txtAfter that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. Link to post Share on other sites More sharing options...
rnct3 Posted June 23, 2013 Author ID:694652 Share Posted June 23, 2013 TDSS Killer log file:01:49:05.0206 2220 TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:1901:49:05.0908 2220 ============================================================01:49:05.0908 2220 Current date / time: 2013/06/23 01:49:05.090801:49:05.0908 2220 SystemInfo:01:49:05.0908 2220 01:49:05.0908 2220 OS Version: 6.1.7601 ServicePack: 1.001:49:05.0908 2220 Product type: Workstation01:49:05.0908 2220 ComputerName: RITANICOLE-PC01:49:05.0908 2220 UserName: Rita Nicole01:49:05.0908 2220 Windows directory: C:\Windows01:49:05.0908 2220 System windows directory: C:\Windows01:49:05.0908 2220 Running under WOW6401:49:05.0908 2220 Processor architecture: Intel x6401:49:05.0908 2220 Number of processors: 401:49:05.0908 2220 Page size: 0x100001:49:05.0908 2220 Boot type: Normal boot01:49:05.0908 2220 ============================================================01:49:07.0140 2220 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004001:49:07.0156 2220 ============================================================01:49:07.0156 2220 \Device\Harddisk0\DR0:01:49:07.0156 2220 MBR partitions:01:49:07.0156 2220 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C00001:49:07.0156 2220 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x3862583001:49:07.0156 2220 ============================================================01:49:07.0171 2220 C: <-> \Device\Harddisk0\DR0\Partition201:49:07.0171 2220 ============================================================01:49:07.0171 2220 Initialize success01:49:07.0171 2220 ============================================================01:49:21.0570 6184 ============================================================01:49:21.0570 6184 Scan started01:49:21.0570 6184 Mode: Manual;01:49:21.0570 6184 ============================================================01:49:22.0615 6184 ================ Scan system memory ========================01:49:22.0615 6184 System memory - ok01:49:22.0615 6184 ================ Scan services =============================01:49:22.0803 6184 0032611335484094mcinstcleanup - ok01:49:23.0005 6184 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys01:49:23.0005 6184 1394ohci - ok01:49:23.0052 6184 [ C49C56B35BFC6CDA8D1FDCAD2885568F ] Acceler C:\Windows\system32\DRIVERS\Acceler.sys01:49:23.0052 6184 Acceler - ok01:49:23.0099 6184 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys01:49:23.0115 6184 ACPI - ok01:49:23.0130 6184 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys01:49:23.0130 6184 AcpiPmi - ok01:49:23.0302 6184 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe01:49:23.0302 6184 AdobeARMservice - ok01:49:23.0458 6184 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe01:49:23.0458 6184 AdobeFlashPlayerUpdateSvc - ok01:49:23.0520 6184 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys01:49:23.0536 6184 adp94xx - ok01:49:23.0567 6184 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys01:49:23.0567 6184 adpahci - ok01:49:23.0598 6184 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys01:49:23.0598 6184 adpu320 - ok01:49:23.0692 6184 [ 96A0FF09E226B023DC6ACA253AACEE2E ] ADVService C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe01:49:23.0692 6184 ADVService - ok01:49:23.0739 6184 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll01:49:23.0739 6184 AeLookupSvc - ok01:49:23.0801 6184 [ 3AC22A3DFA8A050E35F0E3CD99D0CDF2 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe01:49:23.0801 6184 AERTFilters - ok01:49:23.0848 6184 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys01:49:23.0863 6184 AFD - ok01:49:23.0910 6184 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys01:49:23.0910 6184 agp440 - ok01:49:24.0097 6184 [ C7074BD8D4B8F564859ED373433030AE ] Akamai c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll01:49:24.0097 6184 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll. md5: C7074BD8D4B8F564859ED373433030AE01:49:24.0097 6184 Akamai ( HiddenFile.Multi.Generic ) - warning01:49:24.0097 6184 Akamai - detected HiddenFile.Multi.Generic (1)01:49:24.0129 6184 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe01:49:24.0129 6184 ALG - ok01:49:24.0144 6184 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys01:49:24.0144 6184 aliide - ok01:49:24.0207 6184 [ 962227630779043B5C1D4CD157ABB912 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe01:49:24.0207 6184 AMD External Events Utility - ok01:49:24.0238 6184 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys01:49:24.0238 6184 amdide - ok01:49:24.0269 6184 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys01:49:24.0269 6184 AmdK8 - ok01:49:24.0503 6184 [ 56D6631761EC37745F0DF16BCDC4CAF4 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys01:49:24.0659 6184 amdkmdag - ok01:49:24.0706 6184 [ 2D9005EA0BFD25C740E53C8DD3C069E0 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys01:49:24.0706 6184 amdkmdap - ok01:49:24.0721 6184 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys01:49:24.0721 6184 AmdPPM - ok01:49:24.0768 6184 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys01:49:24.0768 6184 amdsata - ok01:49:24.0815 6184 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys01:49:24.0815 6184 amdsbs - ok01:49:24.0831 6184 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys01:49:24.0831 6184 amdxata - ok01:49:24.0877 6184 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys01:49:24.0893 6184 AppID - ok01:49:24.0924 6184 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll01:49:24.0924 6184 AppIDSvc - ok01:49:24.0971 6184 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll01:49:24.0971 6184 Appinfo - ok01:49:25.0111 6184 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe01:49:25.0111 6184 Apple Mobile Device - ok01:49:25.0174 6184 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll01:49:25.0174 6184 AppMgmt - ok01:49:25.0189 6184 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys01:49:25.0189 6184 arc - ok01:49:25.0205 6184 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys01:49:25.0205 6184 arcsas - ok01:49:25.0236 6184 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys01:49:25.0236 6184 AsyncMac - ok01:49:25.0283 6184 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys01:49:25.0283 6184 atapi - ok01:49:25.0314 6184 [ 2B3B05C0A7768BF033217EB8F33F9C35 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys01:49:25.0314 6184 AtiHDAudioService - ok01:49:25.0345 6184 [ 637E0753BD6DEB8EA5314A5C357EC1A0 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys01:49:25.0345 6184 AtiHdmiService - ok01:49:25.0548 6184 [ 56D6631761EC37745F0DF16BCDC4CAF4 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys01:49:25.0595 6184 atikmdag - ok01:49:25.0657 6184 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll01:49:25.0673 6184 AudioEndpointBuilder - ok01:49:25.0704 6184 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll01:49:25.0704 6184 AudioSrv - ok01:49:25.0751 6184 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll01:49:25.0751 6184 AxInstSV - ok01:49:25.0782 6184 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys01:49:25.0798 6184 b06bdrv - ok01:49:25.0829 6184 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys01:49:25.0829 6184 b57nd60a - ok01:49:25.0876 6184 [ AC4E2D84DE54CD3A013AEFF0CC56095C ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys01:49:25.0876 6184 BCM42RLY - ok01:49:25.0969 6184 [ 8B5D16D20774FC3727F44E161BE2C0AC ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys01:49:25.0985 6184 BCM43XX - ok01:49:26.0016 6184 [ D224B2E6BB543F1D8F1177D57FEC2950 ] BcmVWL C:\Windows\system32\DRIVERS\bcmvwl64.sys01:49:26.0016 6184 BcmVWL - ok01:49:26.0063 6184 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll01:49:26.0063 6184 BDESVC - ok01:49:26.0079 6184 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys01:49:26.0079 6184 Beep - ok01:49:26.0141 6184 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll01:49:26.0157 6184 BFE - ok01:49:26.0219 6184 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll01:49:26.0250 6184 BITS - ok01:49:26.0375 6184 [ 64B487DF3BBBE47DBBCE4B8CAA8937CC ] BlackBerry Device Manager C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe01:49:26.0391 6184 BlackBerry Device Manager - ok01:49:26.0406 6184 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys01:49:26.0406 6184 blbdrive - ok01:49:26.0469 6184 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe01:49:26.0484 6184 Bonjour Service - ok01:49:26.0515 6184 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys01:49:26.0531 6184 bowser - ok01:49:26.0578 6184 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys01:49:26.0578 6184 BrFiltLo - ok01:49:26.0593 6184 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys01:49:26.0593 6184 BrFiltUp - ok01:49:26.0640 6184 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys01:49:26.0640 6184 BridgeMP - ok01:49:26.0703 6184 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll01:49:26.0703 6184 Browser - ok01:49:26.0734 6184 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys01:49:26.0734 6184 Brserid - ok01:49:26.0749 6184 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys01:49:26.0749 6184 BrSerWdm - ok01:49:26.0765 6184 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys01:49:26.0765 6184 BrUsbMdm - ok01:49:26.0781 6184 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys01:49:26.0781 6184 BrUsbSer - ok01:49:26.0812 6184 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys01:49:26.0812 6184 BthEnum - ok01:49:26.0843 6184 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys01:49:26.0843 6184 BTHMODEM - ok01:49:26.0874 6184 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys01:49:26.0874 6184 BthPan - ok01:49:26.0921 6184 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys01:49:26.0937 6184 BTHPORT - ok01:49:26.0999 6184 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll01:49:26.0999 6184 bthserv - ok01:49:27.0046 6184 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys01:49:27.0046 6184 BTHUSB - ok01:49:27.0077 6184 [ 6BCFDC2B5B7F66D484486D4BD4B39A6B ] btwaudio C:\Windows\system32\drivers\btwaudio.sys01:49:27.0077 6184 btwaudio - ok01:49:27.0108 6184 [ 82DC8B7C626E526681C1BEBED2BC3FF9 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys01:49:27.0108 6184 btwavdt - ok01:49:27.0155 6184 [ 6DDE1E97BE4D50253DFB9090A6A62524 ] btwdins c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe01:49:27.0171 6184 btwdins - ok01:49:27.0186 6184 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys01:49:27.0186 6184 btwl2cap - ok01:49:27.0202 6184 [ 28E105AD3B79F440BF94780F507BF66A ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys01:49:27.0217 6184 btwrchid - ok01:49:27.0249 6184 catchme - ok01:49:27.0264 6184 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys01:49:27.0264 6184 cdfs - ok01:49:27.0311 6184 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys01:49:27.0327 6184 cdrom - ok01:49:27.0373 6184 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll01:49:27.0389 6184 CertPropSvc - ok01:49:27.0436 6184 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys01:49:27.0436 6184 circlass - ok01:49:27.0498 6184 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys01:49:27.0514 6184 CLFS - ok01:49:27.0623 6184 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe01:49:27.0623 6184 clr_optimization_v2.0.50727_32 - ok01:49:27.0685 6184 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe01:49:27.0685 6184 clr_optimization_v2.0.50727_64 - ok01:49:27.0779 6184 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe01:49:27.0779 6184 clr_optimization_v4.0.30319_32 - ok01:49:27.0826 6184 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe01:49:27.0826 6184 clr_optimization_v4.0.30319_64 - ok01:49:27.0841 6184 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys01:49:27.0841 6184 CmBatt - ok01:49:27.0857 6184 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys01:49:27.0857 6184 cmdide - ok01:49:27.0904 6184 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys01:49:27.0904 6184 CNG - ok01:49:27.0919 6184 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys01:49:27.0919 6184 Compbatt - ok01:49:27.0982 6184 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys01:49:27.0982 6184 CompositeBus - ok01:49:27.0982 6184 COMSysApp - ok01:49:28.0013 6184 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys01:49:28.0013 6184 crcdisk - ok01:49:28.0060 6184 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll01:49:28.0060 6184 CryptSvc - ok01:49:28.0107 6184 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys01:49:28.0122 6184 CSC - ok01:49:28.0153 6184 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll01:49:28.0169 6184 CscService - ok01:49:28.0185 6184 [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys01:49:28.0200 6184 CtClsFlt - ok01:49:28.0216 6184 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll01:49:28.0231 6184 DcomLaunch - ok01:49:28.0278 6184 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll01:49:28.0278 6184 defragsvc - ok01:49:28.0325 6184 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys01:49:28.0325 6184 DfsC - ok01:49:28.0356 6184 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll01:49:28.0356 6184 Dhcp - ok01:49:28.0403 6184 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys01:49:28.0403 6184 discache - ok01:49:28.0465 6184 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys01:49:28.0465 6184 Disk - ok01:49:28.0512 6184 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll01:49:28.0512 6184 Dnscache - ok01:49:28.0575 6184 DockLoginService - ok01:49:28.0621 6184 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll01:49:28.0621 6184 dot3svc - ok01:49:28.0684 6184 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll01:49:28.0684 6184 DPS - ok01:49:28.0715 6184 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys01:49:28.0715 6184 drmkaud - ok01:49:28.0777 6184 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys01:49:28.0777 6184 DXGKrnl - ok01:49:28.0840 6184 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll01:49:28.0840 6184 EapHost - ok01:49:28.0949 6184 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys01:49:29.0043 6184 ebdrv - ok01:49:29.0089 6184 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe01:49:29.0105 6184 EFS - ok01:49:29.0167 6184 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe01:49:29.0183 6184 ehRecvr - ok01:49:29.0230 6184 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe01:49:29.0230 6184 ehSched - ok01:49:29.0261 6184 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys01:49:29.0277 6184 elxstor - ok01:49:29.0323 6184 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys01:49:29.0323 6184 ErrDev - ok01:49:29.0355 6184 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll01:49:29.0355 6184 EventSystem - ok01:49:29.0386 6184 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys01:49:29.0401 6184 exfat - ok01:49:29.0433 6184 [ 2C1D443E14F376E8331F52F135DCA9EF ] FACAP C:\Windows\system32\DRIVERS\facap.sys01:49:29.0433 6184 FACAP - ok01:49:29.0464 6184 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys01:49:29.0464 6184 fastfat - ok01:49:29.0526 6184 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe01:49:29.0542 6184 Fax - ok01:49:29.0557 6184 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys01:49:29.0573 6184 fdc - ok01:49:29.0589 6184 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll01:49:29.0589 6184 fdPHost - ok01:49:29.0604 6184 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll01:49:29.0604 6184 FDResPub - ok01:49:29.0620 6184 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys01:49:29.0620 6184 FileInfo - ok01:49:29.0635 6184 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys01:49:29.0635 6184 Filetrace - ok01:49:29.0698 6184 [ 8669BE94F63944E4F899C3950B520241 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe01:49:29.0713 6184 FLEXnet Licensing Service - ok01:49:29.0745 6184 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys01:49:29.0745 6184 flpydisk - ok01:49:29.0760 6184 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys01:49:29.0760 6184 FltMgr - ok01:49:29.0838 6184 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll01:49:29.0854 6184 FontCache - ok01:49:29.0932 6184 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe01:49:29.0947 6184 FontCache3.0.0.0 - ok01:49:29.0963 6184 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys01:49:29.0963 6184 FsDepends - ok01:49:29.0994 6184 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys01:49:30.0010 6184 Fs_Rec - ok01:49:30.0041 6184 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys01:49:30.0057 6184 fvevol - ok01:49:30.0072 6184 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys01:49:30.0072 6184 gagp30kx - ok01:49:30.0119 6184 [ C1BBCE4B30B45410178EE674C818D10C ] GameConsoleService C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe01:49:30.0135 6184 GameConsoleService - ok01:49:30.0166 6184 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys01:49:30.0166 6184 GEARAspiWDM - ok01:49:30.0228 6184 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll01:49:30.0259 6184 gpsvc - ok01:49:30.0415 6184 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe01:49:30.0415 6184 gupdate - ok01:49:30.0431 6184 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe01:49:30.0431 6184 gupdatem - ok01:49:30.0462 6184 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys01:49:30.0462 6184 hcw85cir - ok01:49:30.0525 6184 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys01:49:30.0525 6184 HDAudBus - ok01:49:30.0571 6184 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys01:49:30.0571 6184 HECIx64 - ok01:49:30.0587 6184 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys01:49:30.0603 6184 HidBatt - ok01:49:30.0618 6184 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys01:49:30.0618 6184 HidBth - ok01:49:30.0774 6184 [ 3812319BDC6D31D5983CCF00B2E7D5F8 ] HideMyIpSRV C:\Program Files (x86)\Hide My IP\HideMyIpSrv.exe01:49:30.0852 6184 HideMyIpSRV - ok01:49:30.0883 6184 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys01:49:30.0883 6184 HidIr - ok01:49:30.0930 6184 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll01:49:30.0930 6184 hidserv - ok01:49:30.0977 6184 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys01:49:30.0977 6184 HidUsb - ok01:49:31.0008 6184 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll01:49:31.0024 6184 hkmsvc - ok01:49:31.0055 6184 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll01:49:31.0071 6184 HomeGroupListener - ok01:49:31.0102 6184 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll01:49:31.0117 6184 HomeGroupProvider - ok01:49:31.0211 6184 [ C4154FE402D09EF5964B5B8581514D11 ] HP LaserJet Service C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe01:49:31.0211 6184 HP LaserJet Service - ok01:49:31.0258 6184 [ 0570A17A2E5001B97E20C15B4FC516AE ] HP1210FAX C:\Windows\system32\Drivers\HPM1210FAX.sys01:49:31.0258 6184 HP1210FAX - ok01:49:31.0289 6184 [ DBD2BB97A574FC565B1EB5C0A03F917A ] HPFXBULK C:\Windows\system32\drivers\hpfx64bulk.sys01:49:31.0289 6184 HPFXBULK - ok01:49:31.0305 6184 [ 219C2A07FD07023D3905C332BF6F9BA8 ] HPFXFAX C:\Windows\system32\drivers\hpfx64fax.sys01:49:31.0305 6184 HPFXFAX - ok01:49:31.0367 6184 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys01:49:31.0367 6184 HpSAMD - ok01:49:31.0429 6184 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys01:49:31.0461 6184 HTTP - ok01:49:31.0492 6184 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys01:49:31.0492 6184 hwpolicy - ok01:49:31.0554 6184 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys01:49:31.0554 6184 i8042prt - ok01:49:31.0617 6184 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys01:49:31.0617 6184 iaStorV - ok01:49:31.0695 6184 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe01:49:31.0695 6184 IDriverT - ok01:49:31.0757 6184 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe01:49:31.0788 6184 idsvc - ok01:49:31.0819 6184 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys01:49:31.0819 6184 iirsp - ok01:49:31.0866 6184 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll01:49:31.0882 6184 IKEEXT - ok01:49:31.0944 6184 [ 36FDF367A1DABFF903E2214023D71368 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys01:49:31.0944 6184 Impcd - ok01:49:31.0975 6184 [ FD5EF1D0210CB9C0773BBA7CA360D762 ] InstallFilterService C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe01:49:31.0975 6184 InstallFilterService - ok01:49:32.0038 6184 [ A9638FA0FB0C5B86229C3FD809CE8CFF ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys01:49:32.0053 6184 IntcAzAudAddService - ok01:49:32.0100 6184 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys01:49:32.0100 6184 intelide - ok01:49:32.0131 6184 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys01:49:32.0131 6184 intelppm - ok01:49:32.0178 6184 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll01:49:32.0178 6184 IPBusEnum - ok01:49:32.0225 6184 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys01:49:32.0225 6184 IpFilterDriver - ok01:49:32.0272 6184 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll01:49:32.0287 6184 iphlpsvc - ok01:49:32.0334 6184 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys01:49:32.0334 6184 IPMIDRV - ok01:49:32.0350 6184 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys01:49:32.0350 6184 IPNAT - ok01:49:32.0443 6184 [ 0FF335D687C85097725A53458160E81E ] iPod Service C:\Program Files\iPod\bin\iPodService.exe01:49:32.0443 6184 iPod Service - ok01:49:32.0459 6184 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys01:49:32.0475 6184 IRENUM - ok01:49:32.0475 6184 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys01:49:32.0490 6184 isapnp - ok01:49:32.0537 6184 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys01:49:32.0537 6184 iScsiPrt - ok01:49:32.0553 6184 [ D85F3F18E44F7447B5F1BA5C85BAEB7C ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys01:49:32.0568 6184 k57nd60a - ok01:49:32.0568 6184 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys01:49:32.0568 6184 kbdclass - ok01:49:32.0631 6184 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys01:49:32.0631 6184 kbdhid - ok01:49:32.0646 6184 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe01:49:32.0646 6184 KeyIso - ok01:49:32.0693 6184 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys01:49:32.0693 6184 KSecDD - ok01:49:32.0709 6184 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys01:49:32.0709 6184 KSecPkg - ok01:49:32.0709 6184 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys01:49:32.0724 6184 ksthunk - ok01:49:32.0755 6184 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll01:49:32.0771 6184 KtmRm - ok01:49:32.0833 6184 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll01:49:32.0833 6184 LanmanServer - ok01:49:32.0880 6184 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll01:49:32.0880 6184 LanmanWorkstation - ok01:49:32.0896 6184 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys01:49:32.0911 6184 lltdio - ok01:49:32.0927 6184 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll01:49:32.0927 6184 lltdsvc - ok01:49:32.0943 6184 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll01:49:32.0943 6184 lmhosts - ok01:49:32.0974 6184 [ 7485FBCEF9136F530953575E2977859D ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe01:49:32.0989 6184 LMS - ok01:49:33.0005 6184 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys01:49:33.0021 6184 LSI_FC - ok01:49:33.0036 6184 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys01:49:33.0036 6184 LSI_SAS - ok01:49:33.0052 6184 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys01:49:33.0052 6184 LSI_SAS2 - ok01:49:33.0067 6184 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys01:49:33.0067 6184 LSI_SCSI - ok01:49:33.0083 6184 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys01:49:33.0083 6184 luafv - ok01:49:33.0145 6184 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll01:49:33.0145 6184 Mcx2Svc - ok01:49:33.0161 6184 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys01:49:33.0161 6184 megasas - ok01:49:33.0177 6184 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys01:49:33.0192 6184 MegaSR - ok01:49:33.0317 6184 Microsoft SharePoint Workspace Audit Service - ok01:49:33.0364 6184 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll01:49:33.0379 6184 MMCSS - ok01:49:33.0395 6184 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys01:49:33.0395 6184 Modem - ok01:49:33.0411 6184 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys01:49:33.0411 6184 monitor - ok01:49:33.0426 6184 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys01:49:33.0426 6184 mouclass - ok01:49:33.0442 6184 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys01:49:33.0457 6184 mouhid - ok01:49:33.0504 6184 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys01:49:33.0504 6184 mountmgr - ok01:49:33.0520 6184 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys01:49:33.0520 6184 mpio - ok01:49:33.0535 6184 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys01:49:33.0551 6184 mpsdrv - ok01:49:33.0598 6184 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll01:49:33.0629 6184 MpsSvc - ok01:49:33.0660 6184 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys01:49:33.0676 6184 MRxDAV - ok01:49:33.0723 6184 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys01:49:33.0723 6184 mrxsmb - ok01:49:33.0769 6184 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys01:49:33.0785 6184 mrxsmb10 - ok01:49:33.0801 6184 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys01:49:33.0801 6184 mrxsmb20 - ok01:49:33.0832 6184 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys01:49:33.0832 6184 msahci - ok01:49:33.0894 6184 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys01:49:33.0894 6184 msdsm - ok01:49:33.0910 6184 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe01:49:33.0910 6184 MSDTC - ok01:49:33.0941 6184 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys01:49:33.0941 6184 Msfs - ok01:49:33.0957 6184 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys01:49:33.0957 6184 mshidkmdf - ok01:49:33.0972 6184 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys01:49:33.0972 6184 msisadrv - ok01:49:34.0019 6184 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll01:49:34.0019 6184 MSiSCSI - ok01:49:34.0019 6184 msiserver - ok01:49:34.0050 6184 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys01:49:34.0050 6184 MSKSSRV - ok01:49:34.0066 6184 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys01:49:34.0066 6184 MSPCLOCK - ok01:49:34.0081 6184 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys01:49:34.0081 6184 MSPQM - ok01:49:34.0128 6184 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys01:49:34.0128 6184 MsRPC - ok01:49:34.0175 6184 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys01:49:34.0175 6184 mssmbios - ok01:49:34.0191 6184 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys01:49:34.0191 6184 MSTEE - ok01:49:34.0206 6184 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys01:49:34.0206 6184 MTConfig - ok01:49:34.0237 6184 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys01:49:34.0237 6184 Mup - ok01:49:34.0269 6184 [ 09818558C2579B45D78AB18A759B0CA8 ] mvusbews C:\Windows\system32\Drivers\mvusbews.sys01:49:34.0284 6184 mvusbews - ok01:49:34.0315 6184 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll01:49:34.0331 6184 napagent - ok01:49:34.0362 6184 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys01:49:34.0378 6184 NativeWifiP - ok01:49:34.0440 6184 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys01:49:34.0471 6184 NDIS - ok01:49:34.0471 6184 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys01:49:34.0487 6184 NdisCap - ok01:49:34.0487 6184 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys01:49:34.0487 6184 NdisTapi - ok01:49:34.0534 6184 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys01:49:34.0534 6184 Ndisuio - ok01:49:34.0581 6184 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys01:49:34.0581 6184 NdisWan - ok01:49:34.0627 6184 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys01:49:34.0627 6184 NDProxy - ok01:49:34.0690 6184 [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll01:49:34.0690 6184 Net Driver HPZ12 - ok01:49:34.0705 6184 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys01:49:34.0705 6184 NetBIOS - ok01:49:34.0752 6184 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys01:49:34.0752 6184 NetBT - ok01:49:34.0768 6184 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe01:49:34.0768 6184 Netlogon - ok01:49:34.0815 6184 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll01:49:34.0830 6184 Netman - ok01:49:34.0846 6184 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll01:49:34.0861 6184 netprofm - ok01:49:34.0908 6184 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe01:49:34.0908 6184 NetTcpPortSharing - ok01:49:34.0924 6184 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys01:49:34.0924 6184 nfrd960 - ok01:49:34.0971 6184 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll01:49:34.0986 6184 NlaSvc - ok01:49:34.0986 6184 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys01:49:34.0986 6184 Npfs - ok01:49:35.0002 6184 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll01:49:35.0002 6184 nsi - ok01:49:35.0017 6184 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys01:49:35.0017 6184 nsiproxy - ok01:49:35.0095 6184 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys01:49:35.0142 6184 Ntfs - ok01:49:35.0158 6184 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys01:49:35.0158 6184 Null - ok01:49:35.0205 6184 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys01:49:35.0205 6184 nvraid - ok01:49:35.0251 6184 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys01:49:35.0267 6184 nvstor - ok01:49:35.0314 6184 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys01:49:35.0314 6184 nv_agp - ok01:49:35.0361 6184 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys01:49:35.0361 6184 ohci1394 - ok01:49:35.0439 6184 [ D8A0164A79D4BFD6083945C5431E41E7 ] OpenVPNService C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe01:49:35.0439 6184 OpenVPNService - ok01:49:35.0532 6184 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE01:49:35.0532 6184 ose - ok01:49:35.0673 6184 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE01:49:35.0766 6184 osppsvc - ok01:49:35.0829 6184 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll01:49:35.0844 6184 p2pimsvc - ok01:49:35.0891 6184 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll01:49:35.0891 6184 p2psvc - ok01:49:35.0938 6184 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys01:49:35.0938 6184 Parport - ok01:49:35.0985 6184 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys01:49:35.0985 6184 partmgr - ok01:49:36.0000 6184 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll01:49:36.0016 6184 PcaSvc - ok01:49:36.0109 6184 [ 4B5F5774FF1C577B9515FDD2B5C535C5 ] PCDSRVC{1E208CE0-FB7451FF-06020200}_0 c:\program files\dell support center\pcdsrvc_x64.pkms01:49:36.0109 6184 PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - ok01:49:36.0156 6184 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys01:49:36.0156 6184 pci - ok01:49:36.0172 6184 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys01:49:36.0172 6184 pciide - ok01:49:36.0203 6184 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys01:49:36.0203 6184 pcmcia - ok01:49:36.0219 6184 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys01:49:36.0219 6184 pcw - ok01:49:36.0250 6184 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys01:49:36.0265 6184 PEAUTH - ok01:49:36.0328 6184 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll01:49:36.0359 6184 PeerDistSvc - ok01:49:36.0468 6184 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe01:49:36.0484 6184 PerfHost - ok01:49:36.0562 6184 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll01:49:36.0593 6184 pla - ok01:49:36.0655 6184 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll01:49:36.0655 6184 PlugPlay - ok01:49:36.0718 6184 [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll01:49:36.0733 6184 Pml Driver HPZ12 - ok01:49:36.0780 6184 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll01:49:36.0780 6184 PNRPAutoReg - ok01:49:36.0796 6184 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll01:49:36.0796 6184 PNRPsvc - ok01:49:36.0874 6184 [ C489D0C7D9684DCF98DC3F0272131419 ] Polar Daemon C:\Program Files (x86)\Polar\Daemon\polard.exe01:49:36.0874 6184 Polar Daemon - ok01:49:36.0905 6184 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll01:49:36.0921 6184 PolicyAgent - ok01:49:36.0967 6184 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll01:49:36.0967 6184 Power - ok01:49:37.0014 6184 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys01:49:37.0014 6184 PptpMiniport - ok01:49:37.0061 6184 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys01:49:37.0061 6184 Processor - ok01:49:37.0108 6184 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll01:49:37.0123 6184 ProfSvc - ok01:49:37.0123 6184 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe01:49:37.0139 6184 ProtectedStorage - ok01:49:37.0186 6184 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys01:49:37.0186 6184 Psched - ok01:49:37.0233 6184 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys01:49:37.0233 6184 PxHlpa64 - ok01:49:37.0295 6184 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys01:49:37.0326 6184 ql2300 - ok01:49:37.0342 6184 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys01:49:37.0342 6184 ql40xx - ok01:49:37.0404 6184 [ E92CA234469CC386AD81B9DB924FE9D4 ] qrkis C:\Windows\system32\DRIVERS\qrkis.sys01:49:37.0404 6184 qrkis - ok01:49:37.0451 6184 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll01:49:37.0451 6184 QWAVE - ok01:49:37.0467 6184 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys01:49:37.0467 6184 QWAVEdrv - ok01:49:37.0482 6184 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys01:49:37.0482 6184 RasAcd - ok01:49:37.0513 6184 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys01:49:37.0513 6184 RasAgileVpn - ok01:49:37.0529 6184 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll01:49:37.0545 6184 RasAuto - ok01:49:37.0576 6184 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys01:49:37.0591 6184 Rasl2tp - ok01:49:37.0607 6184 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll01:49:37.0623 6184 RasMan - ok01:49:37.0638 6184 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys01:49:37.0638 6184 RasPppoe - ok01:49:37.0654 6184 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys01:49:37.0654 6184 RasSstp - ok01:49:37.0669 6184 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys01:49:37.0669 6184 rdbss - ok01:49:37.0685 6184 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys01:49:37.0685 6184 rdpbus - ok01:49:37.0716 6184 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys01:49:37.0716 6184 RDPCDD - ok01:49:37.0763 6184 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys01:49:37.0763 6184 RDPDR - ok01:49:37.0794 6184 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys01:49:37.0794 6184 RDPENCDD - ok01:49:37.0794 6184 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys01:49:37.0794 6184 RDPREFMP - ok01:49:37.0888 6184 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys01:49:37.0903 6184 RdpVideoMiniport - ok01:49:37.0935 6184 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys01:49:37.0950 6184 RDPWD - ok01:49:37.0997 6184 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys01:49:38.0013 6184 rdyboost - ok01:49:38.0044 6184 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll01:49:38.0059 6184 RemoteAccess - ok01:49:38.0091 6184 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll01:49:38.0106 6184 RemoteRegistry - ok01:49:38.0137 6184 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys01:49:38.0137 6184 RFCOMM - ok01:49:38.0184 6184 [ 6D850FAD4CC9498D1F382B77BA4035CC ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys01:49:38.0184 6184 RimUsb - ok01:49:38.0247 6184 [ 344604E6913BD6E4EAEC34AF2E0943D7 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys01:49:38.0247 6184 RimVSerPort - ok01:49:38.0309 6184 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys01:49:38.0309 6184 ROOTMODEM - ok01:49:38.0434 6184 [ CC465ECBC1700B2D91E152ED9165994A ] RosettaStoneDaemon C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe01:49:38.0465 6184 RosettaStoneDaemon - ok01:49:38.0496 6184 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll01:49:38.0512 6184 RpcEptMapper - ok01:49:38.0559 6184 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe01:49:38.0559 6184 RpcLocator - ok01:49:38.0605 6184 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll01:49:38.0621 6184 RpcSs - ok01:49:38.0637 6184 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys01:49:38.0637 6184 rspndr - ok01:49:38.0699 6184 [ 502B316947EA887CDDD325D4745EB7D0 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys01:49:38.0699 6184 RSUSBSTOR - ok01:49:38.0761 6184 [ F8D53FFD2D4D307A8ABC5278121A9B33 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys01:49:38.0793 6184 RTL8192su - ok01:49:38.0855 6184 [ C66F68E501687573B6EAA66F3F0AB285 ] rtlss C:\Windows\system32\Drivers\rtlss.sys01:49:38.0855 6184 rtlss - ok01:49:38.0871 6184 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe01:49:38.0871 6184 SamSs - ok01:49:38.0917 6184 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys01:49:38.0917 6184 sbp2port - ok01:49:38.0964 6184 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll01:49:38.0980 6184 SCardSvr - ok01:49:39.0027 6184 [ 46942B6980B35FFDA6AFA40A8328938C ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys01:49:39.0027 6184 SCDEmu - ok01:49:39.0058 6184 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys01:49:39.0058 6184 scfilter - ok01:49:39.0105 6184 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll01:49:39.0136 6184 Schedule - ok01:49:39.0183 6184 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll01:49:39.0183 6184 SCPolicySvc - ok01:49:39.0198 6184 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll01:49:39.0198 6184 SDRSVC - ok01:49:39.0307 6184 [ 16A252022535B680046F6E34E136D378 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe01:49:39.0307 6184 SeaPort - ok01:49:39.0354 6184 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys01:49:39.0354 6184 secdrv - ok01:49:39.0401 6184 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll01:49:39.0401 6184 seclogon - ok01:49:39.0448 6184 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll01:49:39.0448 6184 SENS - ok01:49:39.0463 6184 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll01:49:39.0463 6184 SensrSvc - ok01:49:39.0479 6184 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys01:49:39.0479 6184 Serenum - ok01:49:39.0495 6184 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys01:49:39.0495 6184 Serial - ok01:49:39.0557 6184 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys01:49:39.0557 6184 sermouse - ok01:49:39.0619 6184 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll01:49:39.0619 6184 SessionEnv - ok01:49:39.0697 6184 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys01:49:39.0697 6184 sffdisk - ok01:49:39.0713 6184 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys01:49:39.0713 6184 sffp_mmc - ok01:49:39.0729 6184 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys01:49:39.0729 6184 sffp_sd - ok01:49:39.0744 6184 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys01:49:39.0744 6184 sfloppy - ok01:49:39.0807 6184 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll01:49:39.0807 6184 SharedAccess - ok01:49:39.0853 6184 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll01:49:39.0869 6184 ShellHWDetection - ok01:49:39.0885 6184 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys01:49:39.0885 6184 SiSRaid2 - ok01:49:39.0900 6184 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys01:49:39.0916 6184 SiSRaid4 - ok01:49:39.0994 6184 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe01:49:39.0994 6184 SkypeUpdate - ok01:49:40.0025 6184 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys01:49:40.0025 6184 Smb - ok01:49:40.0087 6184 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe01:49:40.0087 6184 SNMPTRAP - ok01:49:40.0103 6184 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys01:49:40.0103 6184 spldr - ok01:49:40.0150 6184 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe01:49:40.0181 6184 Spooler - ok01:49:40.0275 6184 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe01:49:40.0368 6184 sppsvc - ok01:49:40.0368 6184 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll01:49:40.0384 6184 sppuinotify - ok01:49:40.0415 6184 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys01:49:40.0431 6184 srv - ok01:49:40.0477 6184 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys01:49:40.0493 6184 srv2 - ok01:49:40.0509 6184 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys01:49:40.0509 6184 srvnet - ok01:49:40.0524 6184 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll01:49:40.0540 6184 SSDPSRV - ok01:49:40.0555 6184 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll01:49:40.0555 6184 SstpSvc - ok01:49:40.0587 6184 [ C48E0745D33897C7A73394214F2B9B4F ] stdflt C:\Windows\system32\DRIVERS\stdflt.sys01:49:40.0587 6184 stdflt - ok01:49:40.0618 6184 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys01:49:40.0618 6184 stexstor - ok01:49:40.0680 6184 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys01:49:40.0680 6184 StillCam - ok01:49:40.0727 6184 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll01:49:40.0743 6184 stisvc - ok01:49:40.0789 6184 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys01:49:40.0789 6184 swenum - ok01:49:40.0914 6184 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe01:49:40.0914 6184 SwitchBoard - ok01:49:40.0945 6184 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll01:49:40.0961 6184 swprv - ok01:49:40.0977 6184 Synth3dVsc - ok01:49:41.0023 6184 [ 5AEEC2BB8065B563ADBC88CA22588953 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys01:49:41.0023 6184 SynTP - ok01:49:41.0117 6184 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll01:49:41.0179 6184 SysMain - ok01:49:41.0226 6184 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll01:49:41.0226 6184 TabletInputService - ok01:49:41.0242 6184 [ 3B73C849B41FB20D77B0E553214061A5 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys01:49:41.0257 6184 tap0901 - ok01:49:41.0273 6184 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll01:49:41.0273 6184 TapiSrv - ok01:49:41.0289 6184 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll01:49:41.0289 6184 TBS - ok01:49:41.0367 6184 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys01:49:41.0382 6184 Tcpip - ok01:49:41.0445 6184 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys01:49:41.0460 6184 TCPIP6 - ok01:49:41.0507 6184 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys01:49:41.0507 6184 tcpipreg - ok01:49:41.0538 6184 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys01:49:41.0538 6184 TDPIPE - ok01:49:41.0585 6184 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys01:49:41.0585 6184 TDTCP - ok01:49:41.0616 6184 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys01:49:41.0616 6184 tdx - ok01:49:41.0663 6184 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys01:49:41.0663 6184 TermDD - ok01:49:41.0694 6184 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll01:49:41.0710 6184 TermService - ok01:49:41.0788 6184 [ D018F3054D2211CD53CC7ECCE9B8A254 ] Tether C:\Program Files (x86)\Tether\TBService.exe01:49:41.0788 6184 Tether - ok01:49:41.0803 6184 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll01:49:41.0803 6184 Themes - ok01:49:41.0850 6184 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll01:49:41.0850 6184 THREADORDER - ok01:49:41.0897 6184 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll01:49:41.0897 6184 TrkWks - ok01:49:41.0975 6184 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe01:49:41.0975 6184 TrustedInstaller - ok01:49:42.0022 6184 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys01:49:42.0022 6184 tssecsrv - ok01:49:42.0037 6184 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys01:49:42.0037 6184 TsUsbFlt - ok01:49:42.0053 6184 tsusbhub - ok01:49:42.0100 6184 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys01:49:42.0115 6184 tunnel - ok01:49:42.0147 6184 [ 825E7A1F48FB8BCFBA27C178AAB4E275 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys01:49:42.0147 6184 TurboB - ok01:49:42.0209 6184 [ B206BE1174D5964D49A56BB6C4E0524A ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe01:49:42.0225 6184 TurboBoost - ok01:49:42.0256 6184 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys01:49:42.0271 6184 uagp35 - ok01:49:42.0318 6184 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys01:49:42.0318 6184 udfs - ok01:49:42.0334 6184 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe01:49:42.0349 6184 UI0Detect - ok01:49:42.0365 6184 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys01:49:42.0365 6184 uliagpkx - ok01:49:42.0427 6184 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys01:49:42.0427 6184 umbus - ok01:49:42.0459 6184 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys01:49:42.0459 6184 UmPass - ok01:49:42.0505 6184 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll01:49:42.0505 6184 UmRdpService - ok01:49:42.0583 6184 [ 765F2DD351BA064F657751D8D75E58C0 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe01:49:42.0646 6184 UNS - ok01:49:42.0661 6184 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll01:49:42.0677 6184 upnphost - ok01:49:42.0724 6184 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys01:49:42.0724 6184 USBAAPL64 - ok01:49:42.0771 6184 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys01:49:42.0771 6184 usbaudio - ok01:49:42.0817 6184 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys01:49:42.0817 6184 usbccgp - ok01:49:42.0864 6184 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys01:49:42.0864 6184 usbcir - ok01:49:42.0911 6184 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys01:49:42.0911 6184 usbehci - ok01:49:42.0958 6184 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys01:49:42.0958 6184 usbhub - ok01:49:43.0005 6184 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys01:49:43.0005 6184 usbohci - ok01:49:43.0051 6184 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys01:49:43.0051 6184 usbprint - ok01:49:43.0098 6184 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys01:49:43.0098 6184 usbscan - ok01:49:43.0114 6184 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS01:49:43.0114 6184 USBSTOR - ok01:49:43.0145 6184 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys01:49:43.0145 6184 usbuhci - ok01:49:43.0161 6184 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys01:49:43.0161 6184 usbvideo - ok01:49:43.0176 6184 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll01:49:43.0192 6184 UxSms - ok01:49:43.0207 6184 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe01:49:43.0207 6184 VaultSvc - ok01:49:43.0223 6184 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys01:49:43.0223 6184 vdrvroot - ok01:49:43.0285 6184 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe01:49:43.0301 6184 vds - ok01:49:43.0317 6184 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys01:49:43.0317 6184 vga - ok01:49:43.0317 6184 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys01:49:43.0332 6184 VgaSave - ok01:49:43.0348 6184 VGPU - ok01:49:43.0379 6184 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys01:49:43.0379 6184 vhdmp - ok01:49:43.0410 6184 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys01:49:43.0410 6184 viaide - ok01:49:43.0426 6184 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys01:49:43.0426 6184 volmgr - ok01:49:43.0488 6184 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys01:49:43.0488 6184 volmgrx - ok01:49:43.0504 6184 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys01:49:43.0504 6184 volsnap - ok01:49:43.0535 6184 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys01:49:43.0551 6184 vsmraid - ok01:49:43.0613 6184 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe01:49:43.0660 6184 VSS - ok01:49:43.0660 6184 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys01:49:43.0675 6184 vwifibus - ok01:49:43.0691 6184 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys01:49:43.0691 6184 vwififlt - ok01:49:43.0707 6184 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys01:49:43.0707 6184 vwifimp - ok01:49:43.0753 6184 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll01:49:43.0769 6184 W32Time - ok01:49:43.0800 6184 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys01:49:43.0800 6184 WacomPen - ok01:49:43.0831 6184 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys01:49:43.0831 6184 WANARP - ok01:49:43.0831 6184 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys01:49:43.0831 6184 Wanarpv6 - ok01:49:43.0909 6184 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe01:49:43.0941 6184 WatAdminSvc - ok01:49:43.0987 6184 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe01:49:44.0019 6184 wbengine - ok01:49:44.0034 6184 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll01:49:44.0034 6184 WbioSrvc - ok01:49:44.0081 6184 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll01:49:44.0097 6184 wcncsvc - ok01:49:44.0112 6184 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll01:49:44.0112 6184 WcsPlugInService - ok01:49:44.0128 6184 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys01:49:44.0128 6184 Wd - ok01:49:44.0190 6184 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys01:49:44.0221 6184 Wdf01000 - ok01:49:44.0237 6184 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll01:49:44.0237 6184 WdiServiceHost - ok01:49:44.0237 6184 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll01:49:44.0237 6184 WdiSystemHost - ok01:49:44.0284 6184 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll01:49:44.0299 6184 WebClient - ok01:49:44.0315 6184 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll01:49:44.0315 6184 Wecsvc - ok01:49:44.0331 6184 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll01:49:44.0331 6184 wercplsupport - ok01:49:44.0346 6184 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll01:49:44.0346 6184 WerSvc - ok01:49:44.0362 6184 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys01:49:44.0362 6184 WfpLwf - ok01:49:44.0409 6184 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys01:49:44.0409 6184 WimFltr - ok01:49:44.0424 6184 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys01:49:44.0424 6184 WIMMount - ok01:49:44.0471 6184 WinDefend - ok01:49:44.0487 6184 WinHttpAutoProxySvc - ok01:49:44.0580 6184 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll01:49:44.0580 6184 Winmgmt - ok01:49:44.0658 6184 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll01:49:44.0736 6184 WinRM - ok01:49:44.0783 6184 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys01:49:44.0783 6184 WinUsb - ok01:49:44.0830 6184 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll01:49:44.0861 6184 Wlansvc - ok01:49:44.0955 6184 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE01:49:45.0033 6184 wlidsvc - ok01:49:45.0095 6184 [ DE816A0624D54D68E1FB8A9028DCF81A ] wltrysvc C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE01:49:45.0095 6184 wltrysvc - ok01:49:45.0142 6184 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys01:49:45.0142 6184 WmiAcpi - ok01:49:45.0157 6184 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe01:49:45.0157 6184 wmiApSrv - ok01:49:45.0204 6184 WMPNetworkSvc - ok01:49:45.0235 6184 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll01:49:45.0235 6184 WPCSvc - ok01:49:45.0282 6184 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll01:49:45.0282 6184 WPDBusEnum - ok01:49:45.0329 6184 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys01:49:45.0329 6184 ws2ifsl - ok01:49:45.0360 6184 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll01:49:45.0360 6184 wscsvc - ok01:49:45.0391 6184 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys01:49:45.0407 6184 WSDPrintDevice - ok01:49:45.0407 6184 WSearch - ok01:49:45.0501 6184 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll01:49:45.0547 6184 wuauserv - ok01:49:45.0594 6184 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys01:49:45.0594 6184 WudfPf - ok01:49:45.0625 6184 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys01:49:45.0641 6184 WUDFRd - ok01:49:45.0672 6184 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll01:49:45.0688 6184 wudfsvc - ok01:49:45.0719 6184 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll01:49:45.0735 6184 WwanSvc - ok01:49:45.0844 6184 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe01:49:45.0844 6184 YahooAUService - ok01:49:45.0891 6184 ================ Scan global ===============================01:49:45.0937 6184 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll01:49:45.0984 6184 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll01:49:46.0000 6184 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll01:49:46.0031 6184 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll01:49:46.0047 6184 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe01:49:46.0062 6184 [Global] - ok01:49:46.0062 6184 ================ Scan MBR ==================================01:49:46.0078 6184 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR001:49:46.0343 6184 \Device\Harddisk0\DR0 - ok01:49:46.0343 6184 ================ Scan VBR ==================================01:49:46.0343 6184 [ 2A3E34585DC141E831F2139B9B1BE02F ] \Device\Harddisk0\DR0\Partition101:49:46.0343 6184 \Device\Harddisk0\DR0\Partition1 - ok01:49:46.0359 6184 [ CFF57BE81E7B177B033CFEDDF90EE663 ] \Device\Harddisk0\DR0\Partition201:49:46.0359 6184 \Device\Harddisk0\DR0\Partition2 - ok01:49:46.0359 6184 ============================================================01:49:46.0359 6184 Scan finished01:49:46.0359 6184 ============================================================01:49:46.0374 3920 Detected object count: 101:49:46.0374 3920 Actual detected object count: 101:50:20.0226 3920 Akamai ( HiddenFile.Multi.Generic ) - skipped by user01:50:20.0226 3920 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip Link to post Share on other sites More sharing options...
rnct3 Posted June 23, 2013 Author ID:694653 Share Posted June 23, 2013 MBAR mbar-log.txtMalwarebytes Anti-Rootkit BETA 1.06.0.1004www.malwarebytes.orgDatabase version: v2013.06.22.07Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16576Rita Nicole :: RITANICOLE-PC [administrator]6/23/2013 1:53:23 AMmbar-log-2013-06-23 (01-53-23).txtScan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2PScan options disabled: PUPObjects scanned: 259307Time elapsed: 19 minute(s), 58 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 2HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Hijack.Trojan.Siredef.C) -> Delete on reboot.HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32 (Trojan.Zaccess) -> Delete on reboot.Registry Values Detected: 1HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32| (Trojan.Zaccess) -> Data: C:\$Recycle.Bin\S-1-5-21-121882709-412351183-818571276-1000\$b3e08003e8107cf7184dc005ab9859c5\n. -> Delete on reboot.Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 1c:\Users\Rita Nicole\AppData\Roaming\Microsoft\Windows\Templates\2433f433 (Trojan.Agent.TPL) -> Delete on reboot.Physical Sectors Detected: 0(No malicious items detected)(end) system-log.txt---------------------------------------Malwarebytes Anti-Rootkit BETA 1.06.0.1004© Malwarebytes Corporation 2011-2012OS version: 6.1.7601 Windows 7 Service Pack 1 x64Account is AdministrativeInternet Explorer version: 10.0.9200.16576Java version: 1.6.0_33File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 2.394000 GHzMemory total: 6296199168, free: 3971891200Downloaded database version: v2013.06.22.07Initializing...------------ Kernel report ------------ 06/23/2013 01:53:20------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\drivers\msahci.sys\SystemRoot\system32\drivers\PCIIDEX.SYS\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\System32\Drivers\PxHlpa64.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\system32\DRIVERS\stdflt.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\DRIVERS\disk.sys\SystemRoot\system32\DRIVERS\CLASSPNP.SYS\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\afd.sys\SystemRoot\system32\drivers\ws2ifsl.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\drivers\termdd.sys\SystemRoot\System32\Drivers\SCDEmu.SYS\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\drivers\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\atikmpag.sys\SystemRoot\system32\DRIVERS\atikmdag.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\drivers\HDAudBus.sys\SystemRoot\system32\DRIVERS\HECIx64.sys\SystemRoot\system32\drivers\usbehci.sys\SystemRoot\system32\drivers\USBPORT.SYS\SystemRoot\system32\DRIVERS\k57nd60a.sys\SystemRoot\system32\DRIVERS\bcmwl664.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\drivers\i8042prt.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\SynTP.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys\SystemRoot\system32\DRIVERS\Impcd.sys\SystemRoot\system32\DRIVERS\Acceler.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\drivers\wmiacpi.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\drivers\CompositeBus.sys\SystemRoot\System32\Drivers\RootMdm.sys\SystemRoot\system32\drivers\modem.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\tap0901.sys\SystemRoot\system32\DRIVERS\bcmvwl64.sys\SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys\SystemRoot\system32\DRIVERS\rdpbus.sys\SystemRoot\system32\drivers\swenum.sys\SystemRoot\system32\drivers\ks.sys\SystemRoot\system32\drivers\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\AtihdW76.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\drivers\RTKVHD64.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_dumpata.sys\SystemRoot\System32\Drivers\dump_msahci.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\System32\Drivers\usbvideo.sys\SystemRoot\system32\DRIVERS\CtClsFlt.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\system32\DRIVERS\hidusb.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\System32\cdd.dll\SystemRoot\system32\DRIVERS\kbdhid.sys\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\System32\ATMFD.DLL\SystemRoot\system32\drivers\luafv.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\DRIVERS\TurboB.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\drivers\BCM42RLY.sys\SystemRoot\System32\Drivers\fastfat.SYS\SystemRoot\system32\DRIVERS\asyncmac.sys\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\mbamswissarmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\imagehlp.dll\Windows\System32\clbcatq.dll\Windows\System32\imm32.dll\Windows\System32\nsi.dll\Windows\System32\kernel32.dll\Windows\System32\shell32.dll\Windows\System32\lpk.dll\Windows\System32\psapi.dll\Windows\System32\ws2_32.dll\Windows\System32\gdi32.dll\Windows\System32\msctf.dll\Windows\System32\urlmon.dll\Windows\System32\advapi32.dll\Windows\System32\usp10.dll\Windows\System32\normaliz.dll\Windows\System32\difxapi.dll\Windows\System32\oleaut32.dll\Windows\System32\wininet.dll\Windows\System32\Wldap32.dll\Windows\System32\iertutil.dll\Windows\System32\shlwapi.dll\Windows\System32\rpcrt4.dll\Windows\System32\comdlg32.dll\Windows\System32\sechost.dll\Windows\System32\user32.dll\Windows\System32\ole32.dll\Windows\System32\setupapi.dll\Windows\System32\msvcrt.dll\Windows\System32\KernelBase.dll\Windows\System32\devobj.dll\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll\Windows\System32\crypt32.dll\Windows\System32\cfgmgr32.dll\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll\Windows\System32\comctl32.dll\Windows\System32\wintrust.dll\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll\Windows\System32\msasn1.dll\Windows\SysWOW64\normaliz.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa8006467060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\Lower Device Object: 0xfffffa80062111f0Lower Device Driver Name: \Driver\atapi\<<<2>>>Device number: 0, partition: 3Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa8006467060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8006467b90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8006467060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa800636cce0, DeviceName: Unknown, DriverName: \Driver\stdflt\DevicePointer: 0xfffffa80062111f0, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>>Device number: 0, partition: 3<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\Windows\system32\drivers...<<<2>>>Device number: 0, partition: 3<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: C5D66832Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 80262 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 81920 Numsec = 30720000 Partition file system is NTFS Partition is bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 30801920 Numsec = 945969200 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0Disk Size: 500107862016 bytesSector size: 512 bytesScanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)...Done!Infected: c:\Users\Rita Nicole\AppData\Roaming\Microsoft\Windows\Templates\2433f433 --> [Trojan.Agent.TPL]Infected: HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} --> [Hijack.Trojan.Siredef.C]Infected: HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32| --> [Trojan.Zaccess]Infected: HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32 --> [Trojan.Zaccess]Scan finishedCreating System Restore point...Cleaning up...Executing an action fixdamage.exe...Success!Queuing an action fixdamage.exeRemoval successful. No system shutdown is required.=======================================Removal queue found; removal startedRemoving c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_1_81920_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...Removal finished ComboFix's report (C:\ComboFix.txt)ComboFix 13-06-22.01 - Rita Nicole 06/23/2013 2:25.3.4 - x64Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6005.3801 [GMT 2:00]Running from: c:\users\Rita Nicole\Desktop\ComboFix.exeSP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\6CB1E612F0.sysc:\users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A6058252-AE0E-44E2-8956-1992889C1536}.xpsc:\users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C2DFF854-B054-476E-A640-A7522D65D2E7}.xpsc:\users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DE6A627E-B965-4688-980E-001536A8F049}.xpsc:\users\Rita Nicole\AppData\Roaming\Help\coredb\storagec:\users\Rita Nicole\AppData\Roaming\Oqyfuc:\users\Rita Nicole\AppData\Roaming\Oqyfu\negai.qea..((((((((((((((((((((((((( Files Created from 2013-05-23 to 2013-06-23 )))))))))))))))))))))))))))))))..2013-06-23 04:05 . 2013-06-23 04:05 -------- d-----w- C:\FRST2013-06-23 00:42 . 2013-06-23 00:42 -------- d-----w- c:\users\Public\AppData\Local\temp2013-06-23 00:42 . 2013-06-23 00:42 -------- d-----w- c:\users\Default\AppData\Local\temp2013-06-22 23:53 . 2013-06-23 00:17 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)2013-06-22 23:52 . 2013-06-22 23:52 36680 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2013-06-22 22:52 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0F1D1C06-246A-4EC2-BCAE-38A19478D319}\mpengine.dll2013-06-08 15:37 . 2013-06-22 06:59 -------- d-----w- c:\program files\iPod2013-06-08 15:37 . 2013-06-22 07:05 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF692013-06-08 15:37 . 2013-06-22 07:05 -------- d-----w- c:\program files\iTunes2013-06-08 15:37 . 2013-06-22 07:05 -------- d-----w- c:\program files (x86)\iTunes2013-06-08 15:34 . 2013-06-08 15:34 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll2013-06-08 15:34 . 2013-06-08 15:34 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\npqtplugin5.dll2013-06-08 15:34 . 2013-06-08 15:34 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll2013-06-08 15:34 . 2013-06-08 15:34 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll2013-06-08 15:34 . 2013-06-08 15:34 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\npqtplugin4.dll2013-06-08 15:34 . 2013-06-08 15:34 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\npqtplugin3.dll2013-06-08 15:34 . 2013-06-08 15:34 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll2013-06-08 15:34 . 2013-06-08 15:34 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll2013-06-08 15:34 . 2013-06-08 15:34 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\npqtplugin2.dll2013-06-08 15:34 . 2013-06-08 15:34 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\npqtplugin.dll2013-06-08 15:33 . 2013-06-22 07:05 -------- d-----w- c:\program files (x86)\QuickTime2013-06-06 01:03 . 2013-06-06 01:03 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-06-05 13:54 . 2013-06-17 00:46 -------- d-----w- c:\users\Rita Nicole\AppData\Local\8D60C146-23F5-4458-89C5-7C1EC844C946.aplzod...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-06-17 00:38 . 2012-04-02 19:16 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-06-17 00:38 . 2011-06-06 16:21 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-06-17 00:38 . 2012-12-11 23:38 9089416 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe2013-05-16 09:03 . 2013-05-16 09:03 53248 ----a-r- c:\users\Rita Nicole\AppData\Roaming\Microsoft\Installer\{29F6BF0C-3D0E-4480-8B55-85EDECE418FF}\ARPPRODUCTICON.exe2013-05-16 01:07 . 2010-08-30 15:29 75016696 ----a-w- c:\windows\system32\MRT.exe2013-05-11 16:15 . 2010-06-24 17:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2013-05-10 07:57 . 2013-05-10 07:57 27208 ----a-w- c:\windows\system32\AdobePDFUI.dll2013-05-10 07:57 . 2013-05-10 07:57 55872 ----a-w- c:\windows\system32\AdobePDF.dll2013-05-02 00:06 . 2012-04-27 09:47 278800 ------w- c:\windows\system32\MpSigStub.exe2013-05-01 01:59 . 2013-05-01 01:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx2013-05-01 01:59 . 2013-05-01 01:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts2013-04-13 05:49 . 2013-05-15 06:58 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll2013-04-13 05:49 . 2013-05-15 06:58 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll2013-04-13 05:49 . 2013-05-15 06:58 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll2013-04-13 05:49 . 2013-05-15 06:58 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll2013-04-13 04:45 . 2013-05-15 06:58 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll2013-04-13 04:45 . 2013-05-15 06:58 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll2013-04-12 14:45 . 2013-05-02 09:34 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys2013-04-10 06:01 . 2013-05-15 06:58 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys2013-04-10 06:01 . 2013-05-15 06:58 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys2013-04-10 03:30 . 2013-05-15 06:58 3153920 ----a-w- c:\windows\system32\win32k.sys2013-04-04 12:50 . 2011-05-04 01:32 25928 ----a-w- c:\windows\system32\drivers\mbam.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Adobe Acrobat Synchronizer"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2013-05-10 1272912]"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [bU]"HideMyIP"="c:\program files (x86)\Hide My IP\HideMyIP.exe" [2012-10-23 951952]"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-04-05 59720]"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-04-05 59720]"com.apple.dav.bookmarks.daemon"="c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2013-04-05 59720].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2013-05-10 840768]"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2013-01-17 267792]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2013-05-10 38984]"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2011-08-11 358336]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-01-30 450560]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux8"=wdmaud.drv.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".R2 0032611335484094mcinstcleanup;McAfee Application Installer Cleanup (0032611335484094);c:\users\RITANI~1\AppData\Local\Temp\003261~1.EXE;c:\users\RITANI~1\AppData\Local\Temp\003261~1.EXE [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]R2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x]R2 Polar Daemon;Polar Daemon;c:\program files (x86)\Polar\Daemon\polard.exe;c:\program files (x86)\Polar\Daemon\polard.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys;c:\windows\SYSNATIVE\DRIVERS\facap.sys [x]R3 HP1210FAX;HP1210MFP FAX;c:\windows\system32\Drivers\HPM1210FAX.sys;c:\windows\SYSNATIVE\Drivers\HPM1210FAX.sys [x]R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfx64fax.sys;c:\windows\SYSNATIVE\drivers\hpfx64fax.sys [x]R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]R3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms;c:\program files\dell support center\pcdsrvc_x64.pkms [x]R3 qrkis;Tether Miniport;c:\windows\system32\DRIVERS\qrkis.sys;c:\windows\SYSNATIVE\DRIVERS\qrkis.sys [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]R3 rtlss;Service for enabling selective suspend to RTL device;c:\windows\system32\Drivers\rtlss.sys;c:\windows\SYSNATIVE\Drivers\rtlss.sys [x]R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys;c:\windows\SYSNATIVE\DRIVERS\stdflt.sys [x]S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [x]S2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [x]S2 Tether;Tether;c:\program files (x86)\Tether\TBService.exe;c:\program files (x86)\Tether\TBService.exe [x]S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys;c:\windows\SYSNATIVE\DRIVERS\Acceler.sys [x]S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys;c:\windows\SYSNATIVE\DRIVERS\bcmvwl64.sys [x]S3 BlackBerry Device Manager;BlackBerry Device Manager;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [x]S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]S3 HideMyIpSRV;HideMyIpSRV;c:\program files (x86)\Hide My IP\HideMyIpSrv.exe;c:\program files (x86)\Hide My IP\HideMyIpSrv.exe [x]S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - 72034033*NewlyCreated* - MBAMCHAMELEON*Deregistered* - 72034033.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]Akamai REG_MULTI_SZ Akamai.Contents of the 'Scheduled Tasks' folder.2013-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 00:38].2013-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 19:04].2013-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 19:04].2013-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-121882709-412351183-818571276-1000Core.job- c:\users\Rita Nicole\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-19 18:26].2013-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-121882709-412351183-818571276-1000UA.job- c:\users\Rita Nicole\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-19 18:26]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-31 8095776]"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896]"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-02 5712896].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmIE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.htmlIE: Open with WordPerfect - c:\program files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.htaIE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htmTrusted Zone: hcdistrictclerk.comTrusted Zone: picnik.comTrusted Zone: snapfish.comTrusted Zone: texasbar.comTrusted Zone: texasbar.com\wwwTrusted Zone: usps.comTrusted Zone: usps.com\sss-webTrusted Zone: walgreens.comTrusted Zone: westcheck.comTrusted Zone: westlaw.comTrusted Zone: westlaw.com\web2TCP: DhcpNameServer = 192.168.1.254TCP: Interfaces\{61FA3B78-D9F6-4DF0-BCB1-F8A4A1E2730B}: NameServer = 208.67.222.222,208.67.220.220FF - ProfilePath - c:\users\Rita Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\73x01k6x.default\FF - user.js: network.cookie.cookieBehavior - 0FF - user.js: privacy.clearOnShutdown.cookies - falseFF - user.js: security.warn_viewing_mixed - falseFF - user.js: security.warn_viewing_mixed.show_once - falseFF - user.js: security.warn_submit_insecure - falseFF - user.js: security.warn_submit_insecure.show_once - false.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\Rita Nicole\AppData\Local\Akamai\netsession_win.exeWow6432Node-HKLM-Run-<NO NAME> - (no file)c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrunHKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start...[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll".[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020200}_0]"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-06-23 02:47:13ComboFix-quarantined-files.txt 2013-06-23 00:47ComboFix2.txt 2012-04-27 00:10ComboFix3.txt 2012-04-26 23:44.Pre-Run: 255,660,490,752 bytes freePost-Run: 259,729,317,888 bytes free.- - End Of File - - 1A008A9DEC33C5BE75919E98ADD6F8625C616939100B85E558DA92B899A0FC36 Security Check checkup.txt Results of screen317's Security Check version 0.99.67 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update.`````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 6 Update 33 Java version out of Date! Adobe Flash Player 11.7.700.224 Adobe Reader 9 Adobe Reader out of Date! Adobe Reader 10.1.7 Adobe Reader out of Date! Mozilla Firefox 12.0 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0%````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted June 23, 2013 ID:694675 Share Posted June 23, 2013 Making progress, but we still have some more to go: Please do the following:1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Open notepad and copy/paste the text in the quotebox below into it:KILLALL:: Driver::72034033File::C:\Windows\System32\Drivers\72034033.sys Reboot::Save this as CFScript.txt, in the same location as ComboFix.exeRefering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted June 26, 2013 ID:695860 Share Posted June 26, 2013 Still with me? Are there any remaining issues? Link to post Share on other sites More sharing options...
rnct3 Posted June 27, 2013 Author ID:696192 Share Posted June 27, 2013 Hi, I have only used the computer a little bit since we fixed it because I have been traveling. However, when I have used it everything seems to be working fine. If something does pop up I will seek you out again if that is alright. Thank you so much for your help, I appreciate it so much. Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted June 27, 2013 ID:696193 Share Posted June 27, 2013 There is likely still malware on the machine- that's why I included another set of instructions. It's up to you. Link to post Share on other sites More sharing options...
rnct3 Posted June 29, 2013 Author ID:696813 Share Posted June 29, 2013 Hi here is the log text: ComboFix 13-06-28.02 - Rita Nicole 06/29/2013 5:42.4.4 - x64Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6005.4284 [GMT 2:00]Running from: c:\users\Rita Nicole\Desktop\ComboFix.exeCommand switches used :: c:\users\Rita Nicole\Desktop\CFScript.txtSP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.FILE ::"c:\windows\System32\Drivers\72034033.sys"..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))...((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Legacy_72034033..((((((((((((((((((((((((( Files Created from 2013-05-28 to 2013-06-29 )))))))))))))))))))))))))))))))..2013-06-29 03:52 . 2013-06-29 03:52 -------- d-----w- c:\users\Public\AppData\Local\temp2013-06-29 03:52 . 2013-06-29 03:52 -------- d-----w- c:\users\Default\AppData\Local\temp2013-06-29 03:31 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3727BBEA-6E5F-4E41-9CFF-111CEBCBF893}\mpengine.dll2013-06-23 04:05 . 2013-06-23 04:05 -------- d-----w- C:\FRST2013-06-23 01:01 . 2013-06-08 14:08 1365504 ----a-w- c:\windows\system32\urlmon.dll2013-06-22 23:53 . 2013-06-23 00:17 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)2013-06-22 23:52 . 2013-06-22 23:52 36680 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2013-06-22 22:51 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-06-22 22:51 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll2013-06-22 22:51 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll2013-06-22 22:51 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll2013-06-22 22:51 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll2013-06-22 22:50 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll2013-06-22 22:50 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll2013-06-22 22:50 . 2013-05-13 05:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll2013-06-22 22:50 . 2013-05-13 05:51 1464320 ----a-w- c:\windows\system32\crypt32.dll2013-06-22 22:50 . 2013-05-13 05:51 139776 ----a-w- c:\windows\system32\cryptnet.dll2013-06-22 22:50 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll2013-06-22 22:50 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe2013-06-22 22:50 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe2013-06-22 22:50 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll2013-06-22 22:50 . 2013-05-13 04:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll2013-06-22 22:50 . 2013-05-13 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll2013-06-22 22:50 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll2013-06-22 22:49 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll2013-06-22 22:49 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll2013-06-08 15:37 . 2013-06-22 06:59 -------- d-----w- c:\program files\iPod2013-06-08 15:37 . 2013-06-22 07:05 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF692013-06-08 15:37 . 2013-06-22 07:05 -------- d-----w- c:\program files\iTunes2013-06-08 15:37 . 2013-06-22 07:05 -------- d-----w- c:\program files (x86)\iTunes2013-06-08 15:34 . 2013-06-08 15:34 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll2013-06-08 15:34 . 2013-06-08 15:34 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\npqtplugin5.dll2013-06-08 15:34 . 2013-06-08 15:34 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll2013-06-08 15:34 . 2013-06-08 15:34 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll2013-06-08 15:34 . 2013-06-08 15:34 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\npqtplugin4.dll2013-06-08 15:34 . 2013-06-08 15:34 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\npqtplugin3.dll2013-06-08 15:34 . 2013-06-08 15:34 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll2013-06-08 15:34 . 2013-06-08 15:34 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll2013-06-08 15:34 . 2013-06-08 15:34 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\npqtplugin2.dll2013-06-08 15:34 . 2013-06-08 15:34 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\npqtplugin.dll2013-06-08 15:33 . 2013-06-22 07:05 -------- d-----w- c:\program files (x86)\QuickTime2013-06-06 01:03 . 2013-06-06 01:03 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-06-05 13:54 . 2013-06-23 01:10 -------- d-----w- c:\users\Rita Nicole\AppData\Local\8D60C146-23F5-4458-89C5-7C1EC844C946.aplzod...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-06-23 01:02 . 2010-08-30 15:29 75825640 ----a-w- c:\windows\system32\MRT.exe2013-06-17 00:38 . 2012-04-02 19:16 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-06-17 00:38 . 2011-06-06 16:21 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-06-17 00:38 . 2012-12-11 23:38 9089416 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe2013-05-16 09:03 . 2013-05-16 09:03 53248 ----a-r- c:\users\Rita Nicole\AppData\Roaming\Microsoft\Installer\{29F6BF0C-3D0E-4480-8B55-85EDECE418FF}\ARPPRODUCTICON.exe2013-05-11 16:15 . 2010-06-24 17:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2013-05-10 07:57 . 2013-05-10 07:57 27208 ----a-w- c:\windows\system32\AdobePDFUI.dll2013-05-10 07:57 . 2013-05-10 07:57 55872 ----a-w- c:\windows\system32\AdobePDF.dll2013-05-02 00:06 . 2012-04-27 09:47 278800 ------w- c:\windows\system32\MpSigStub.exe2013-05-01 01:59 . 2013-05-01 01:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx2013-05-01 01:59 . 2013-05-01 01:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts2013-04-13 05:49 . 2013-05-15 06:58 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll2013-04-13 05:49 . 2013-05-15 06:58 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll2013-04-13 05:49 . 2013-05-15 06:58 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll2013-04-13 05:49 . 2013-05-15 06:58 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll2013-04-13 04:45 . 2013-05-15 06:58 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll2013-04-13 04:45 . 2013-05-15 06:58 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll2013-04-12 14:45 . 2013-05-02 09:34 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys2013-04-10 06:01 . 2013-05-15 06:58 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys2013-04-10 06:01 . 2013-05-15 06:58 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys2013-04-10 03:30 . 2013-05-15 06:58 3153920 ----a-w- c:\windows\system32\win32k.sys2013-04-04 12:50 . 2011-05-04 01:32 25928 ----a-w- c:\windows\system32\drivers\mbam.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Adobe Acrobat Synchronizer"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2013-05-10 1272912]"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [bU]"HideMyIP"="c:\program files (x86)\Hide My IP\HideMyIP.exe" [2012-10-23 951952]"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-04-05 59720]"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-04-05 59720]"com.apple.dav.bookmarks.daemon"="c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2013-04-05 59720].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2013-05-10 840768]"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2013-01-17 267792]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2013-05-10 38984]"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2011-08-11 358336]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-01-30 450560]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux8"=wdmaud.drv.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".R2 0032611335484094mcinstcleanup;McAfee Application Installer Cleanup (0032611335484094);c:\users\RITANI~1\AppData\Local\Temp\003261~1.EXE;c:\users\RITANI~1\AppData\Local\Temp\003261~1.EXE [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]R2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 BlackBerry Device Manager;BlackBerry Device Manager;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [x]R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys;c:\windows\SYSNATIVE\DRIVERS\facap.sys [x]R3 HideMyIpSRV;HideMyIpSRV;c:\program files (x86)\Hide My IP\HideMyIpSrv.exe;c:\program files (x86)\Hide My IP\HideMyIpSrv.exe [x]R3 HP1210FAX;HP1210MFP FAX;c:\windows\system32\Drivers\HPM1210FAX.sys;c:\windows\SYSNATIVE\Drivers\HPM1210FAX.sys [x]R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfx64fax.sys;c:\windows\SYSNATIVE\drivers\hpfx64fax.sys [x]R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]R3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms;c:\program files\dell support center\pcdsrvc_x64.pkms [x]R3 qrkis;Tether Miniport;c:\windows\system32\DRIVERS\qrkis.sys;c:\windows\SYSNATIVE\DRIVERS\qrkis.sys [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]R3 rtlss;Service for enabling selective suspend to RTL device;c:\windows\system32\Drivers\rtlss.sys;c:\windows\SYSNATIVE\Drivers\rtlss.sys [x]R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys;c:\windows\SYSNATIVE\DRIVERS\stdflt.sys [x]S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [x]S2 Polar Daemon;Polar Daemon;c:\program files (x86)\Polar\Daemon\polard.exe;c:\program files (x86)\Polar\Daemon\polard.exe [x]S2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [x]S2 Tether;Tether;c:\program files (x86)\Tether\TBService.exe;c:\program files (x86)\Tether\TBService.exe [x]S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys;c:\windows\SYSNATIVE\DRIVERS\Acceler.sys [x]S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys;c:\windows\SYSNATIVE\DRIVERS\bcmvwl64.sys [x]S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]Akamai REG_MULTI_SZ Akamai.Contents of the 'Scheduled Tasks' folder.2013-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 00:38].2013-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 19:04].2013-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 19:04].2013-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-121882709-412351183-818571276-1000Core.job- c:\users\Rita Nicole\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-19 18:26].2013-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-121882709-412351183-818571276-1000UA.job- c:\users\Rita Nicole\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-19 18:26]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-31 8095776]"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896]"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-02 5712896].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmIE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.htmlIE: Open with WordPerfect - c:\program files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.htaIE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htmTrusted Zone: hcdistrictclerk.comTrusted Zone: picnik.comTrusted Zone: snapfish.comTrusted Zone: texasbar.comTrusted Zone: texasbar.com\wwwTrusted Zone: usps.comTrusted Zone: usps.com\sss-webTrusted Zone: walgreens.comTrusted Zone: westcheck.comTrusted Zone: westlaw.comTrusted Zone: westlaw.com\web2TCP: DhcpNameServer = 192.168.1.254TCP: Interfaces\{61FA3B78-D9F6-4DF0-BCB1-F8A4A1E2730B}: NameServer = 208.67.222.222,208.67.220.220FF - ProfilePath - c:\users\Rita Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\73x01k6x.default\FF - user.js: network.cookie.cookieBehavior - 0FF - user.js: privacy.clearOnShutdown.cookies - falseFF - user.js: security.warn_viewing_mixed - falseFF - user.js: security.warn_viewing_mixed.show_once - falseFF - user.js: security.warn_submit_insecure - falseFF - user.js: security.warn_submit_insecure.show_once - false.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)Wow6432Node-HKLM-Run-<NO NAME> - (no file)...[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll".[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020200}_0]"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exec:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exec:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exec:\program files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe.**************************************************************************.Completion time: 2013-06-29 06:14:34 - machine was rebootedComboFix-quarantined-files.txt 2013-06-29 04:14ComboFix2.txt 2013-06-23 00:47ComboFix3.txt 2012-04-27 00:10ComboFix4.txt 2012-04-26 23:44.Pre-Run: 256,797,216,768 bytes freePost-Run: 255,836,573,696 bytes free.- - End Of File - - 447FB0D35B3FFAD799D041362454628B5C616939100B85E558DA92B899A0FC36 Link to post Share on other sites More sharing options...
rnct3 Posted June 29, 2013 Author ID:696814 Share Posted June 29, 2013 I am having an issue. When I try to open an internet browser, IE or FF, I get the message "Illegal operation attempted on a registry key that has been marked for deletion." Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted June 29, 2013 ID:696831 Share Posted June 29, 2013 Reboot the system. Things look a whole lot better. Let's run some more scans to verify there isn't anything left: ----------Step 1----------------Please download AdwCleaner by Xplode onto your desktop.Double click on AdwCleaner.exe to run the tool.Click on Search.A logfile will automatically open after the scan has finished.Please post the contents of that logfile with your next reply.You can find the logfile at C:\AdwCleaner[R1].txt as well.----------Step 2----------------Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".The tool will open start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message. ----------Step 3----------------We need to create a New FULL OTL ReportPlease download OTL from here if you have not done so already:Main MirrorSave it to your desktop.Double click on the OTL icon on your desktop.Click the "Scan All Users" checkbox.Change the "Extra Registry" option to "SafeList"Push the Run Scan button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimized ----------Step 4 (note: this scan may take a little time)----------------I'd like us to scan your machine with ESET OnlineScanHold down Control and click on the following link to open ESET OnlineScan in a new window.ESET OnlineScanClick the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on to download the ESET Smart Installer. Save it to your desktop.Double click on the icon on your desktop.Check Click the button.Accept any security warnings from your browser.Check Push the Start button.ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, push Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.Push the button.Push A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt----------Step 5----------------Please post the AdwCleaner logfile, the JRT.txt, the OTL.txt and Extras.txt, and the ESET online scan log in your next reply.Let me know how things go. Link to post Share on other sites More sharing options...
rnct3 Posted July 3, 2013 Author ID:698107 Share Posted July 3, 2013 # AdwCleaner v2.303 - Logfile created 07/03/2013 at 05:39:22# Updated 08/06/2013 by Xplode# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)# User : Rita Nicole - RITANICOLE-PC# Boot Mode : Normal# Running from : C:\Users\Rita Nicole\Desktop\AdwCleaner.exe# Option [search]***** [services] ********** [Files / Folders] *****Folder Found : C:\Users\Rita Nicole\AppData\Local\PackageAwareFolder Found : C:\Users\Rita Nicole\AppData\LocalLow\boost_interprocess***** [Registry] *****Key Found : HKCU\Software\YahooPartnerToolbarKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}***** [internet Browsers] *****-\\ Internet Explorer v10.0.9200.16611[OK] Registry is clean.-\\ Mozilla Firefox v12.0 (en-US)File : C:\Users\Rita Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\73x01k6x.default\prefs.js[OK] File is clean.*************************AdwCleaner[R1].txt - [1340 octets] - [03/07/2013 05:39:22]########## EOF - C:\AdwCleaner[R1].txt - [1400 octets] ########## Link to post Share on other sites More sharing options...
rnct3 Posted July 3, 2013 Author ID:698109 Share Posted July 3, 2013 # AdwCleaner v2.303 - Logfile created 07/03/2013 at 05:44:10# Updated 08/06/2013 by Xplode# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)# User : Rita Nicole - RITANICOLE-PC# Boot Mode : Normal# Running from : C:\Users\Rita Nicole\Desktop\AdwCleaner.exe# Option [search]***** [services] ********** [Files / Folders] *****Folder Found : C:\Users\Rita Nicole\AppData\Local\PackageAwareFolder Found : C:\Users\Rita Nicole\AppData\LocalLow\boost_interprocess***** [Registry] *****Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKCU\Software\YahooPartnerToolbarKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}***** [internet Browsers] *****-\\ Internet Explorer v10.0.9200.16611[OK] Registry is clean.-\\ Mozilla Firefox v12.0 (en-US)File : C:\Users\Rita Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\73x01k6x.default\prefs.js[OK] File is clean.*************************AdwCleaner[R1].txt - [1469 octets] - [03/07/2013 05:39:22]AdwCleaner[R2].txt - [1509 octets] - [03/07/2013 05:44:10]########## EOF - C:\AdwCleaner[R2].txt - [1569 octets] ######## Link to post Share on other sites More sharing options...
rnct3 Posted July 3, 2013 Author ID:698113 Share Posted July 3, 2013 # AdwCleaner v2.303 - Logfile created 07/03/2013 at 05:44:56# Updated 08/06/2013 by Xplode# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)# User : Rita Nicole - RITANICOLE-PC# Boot Mode : Normal# Running from : C:\Users\Rita Nicole\Desktop\AdwCleaner.exe# Option [Delete]***** [services] ********** [Files / Folders] *****Folder Deleted : C:\Users\Rita Nicole\AppData\Local\PackageAwareFolder Deleted : C:\Users\Rita Nicole\AppData\LocalLow\boost_interprocess***** [Registry] *****Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKCU\Software\YahooPartnerToolbarKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}***** [internet Browsers] *****-\\ Internet Explorer v10.0.9200.16611[OK] Registry is clean.-\\ Mozilla Firefox v12.0 (en-US)File : C:\Users\Rita Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\73x01k6x.default\prefs.jsC:\Users\Rita Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\73x01k6x.default\user.js ... Deleted ![OK] File is clean.*************************AdwCleaner[R1].txt - [1469 octets] - [03/07/2013 05:39:22]AdwCleaner[R2].txt - [1638 octets] - [03/07/2013 05:44:10]AdwCleaner[s1].txt - [1689 octets] - [03/07/2013 05:44:56]########## EOF - C:\AdwCleaner[s1].txt - [1749 octets] ########## Link to post Share on other sites More sharing options...
rnct3 Posted July 3, 2013 Author ID:698117 Share Posted July 3, 2013 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 4.9.4 (05.06.2013:1)OS: Windows 7 Ultimate x64Ran by Rita Nicole on Wed 07/03/2013 at 5:52:22.95~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ FilesSuccessfully deleted: [File] C:\eula.1028.txtSuccessfully deleted: [File] C:\eula.1031.txtSuccessfully deleted: [File] C:\eula.1033.txtSuccessfully deleted: [File] C:\eula.1036.txtSuccessfully deleted: [File] C:\eula.1040.txtSuccessfully deleted: [File] C:\eula.1041.txtSuccessfully deleted: [File] C:\eula.1042.txtSuccessfully deleted: [File] C:\eula.2052.txtSuccessfully deleted: [File] C:\install.res.1028.dllSuccessfully deleted: [File] C:\install.res.1031.dllSuccessfully deleted: [File] C:\install.res.1033.dllSuccessfully deleted: [File] C:\install.res.1036.dllSuccessfully deleted: [File] C:\install.res.1040.dllSuccessfully deleted: [File] C:\install.res.1041.dllSuccessfully deleted: [File] C:\install.res.1042.dllSuccessfully deleted: [File] C:\install.res.2052.dllSuccessfully deleted: [File] C:\install.res.3082.dll ~~~ FoldersSuccessfully deleted: [Empty Folder] C:\Users\Rita Nicole\appdata\local\{273D01C5-95A1-49B9-8977-FBCF839E5552}Successfully deleted: [Empty Folder] C:\Users\Rita Nicole\appdata\local\{42DC7302-01F5-4C4F-9323-A50B53DE393C}Successfully deleted: [Empty Folder] C:\Users\Rita Nicole\appdata\local\{861ADCB2-E095-4A01-A32B-E21653AD941D}Successfully deleted: [Empty Folder] C:\Users\Rita Nicole\appdata\local\{95B90E78-02FC-4286-8766-26E4C335AD9F}Successfully deleted: [Empty Folder] C:\Users\Rita Nicole\appdata\local\{9A8153FB-899B-4CBA-9AD6-4F3B21661FEA}Successfully deleted: [Empty Folder] C:\Users\Rita Nicole\appdata\local\{F24DA58B-07ED-4BB8-9150-60F944D53CE8}Successfully deleted: [Empty Folder] C:\Users\Rita Nicole\appdata\local\{F65849C0-F277-43C3-A7DB-55E0F4A49540} ~~~ FireFoxEmptied folder: C:\Users\Rita Nicole\AppData\Roaming\mozilla\firefox\profiles\73x01k6x.default\minidumps [26 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Wed 07/03/2013 at 5:56:57.60End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites More sharing options...
rnct3 Posted July 3, 2013 Author ID:698131 Share Posted July 3, 2013 OTL logfile created on: 7/3/2013 6:00:09 AM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rita Nicole\Desktop64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.10.9200.16614)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.86 Gb Total Physical Memory | 4.18 Gb Available Physical Memory | 71.33% Memory free11.73 Gb Paging File | 9.90 Gb Available in Paging File | 84.41% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 451.07 Gb Total Space | 239.82 Gb Free Space | 53.17% Space Free | Partition Type: NTFS Computer Name: RITANICOLE-PC | User Name: Rita Nicole | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/07/03 05:58:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rita Nicole\Desktop\OTL.exePRC - [2013/05/10 09:57:36 | 000,840,768 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exePRC - [2013/05/10 00:57:24 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exePRC - [2013/04/21 21:43:52 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exePRC - [2013/04/05 12:59:08 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exePRC - [2013/04/05 12:58:26 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exePRC - [2013/04/05 12:58:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exePRC - [2013/02/13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exePRC - [2013/02/06 12:23:14 | 000,585,728 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exePRC - [2013/01/17 16:08:26 | 000,267,792 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exePRC - [2012/10/23 13:25:18 | 003,572,880 | ---- | M] (Hide My IP) -- C:\Program Files (x86)\Hide My IP\HideMyIpSrv.exePRC - [2012/10/23 13:25:18 | 000,951,952 | ---- | M] (www.hidemyip.com) -- C:\Program Files (x86)\Hide My IP\HideMyIP.exePRC - [2012/06/19 23:21:24 | 001,646,608 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exePRC - [2011/11/23 21:21:24 | 000,025,704 | R--- | M] (Amazon.com) -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exePRC - [2011/10/19 16:48:08 | 000,411,136 | ---- | M] () -- C:\Program Files (x86)\Polar\Daemon\polard.exePRC - [2011/08/11 13:28:10 | 000,862,144 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exePRC - [2011/08/11 13:27:02 | 000,358,336 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exePRC - [2010/05/14 17:56:58 | 000,049,080 | ---- | M] () -- C:\Program Files (x86)\Tether\TBService.exePRC - [2009/12/29 23:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exePRC - [2009/10/01 11:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exePRC - [2009/10/01 11:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exePRC - [2009/07/22 15:52:12 | 002,384,896 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exePRC - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe ========== Modules (No Company Name) ========== MOD - [2013/05/16 03:06:32 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dllMOD - [2013/05/16 03:06:08 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dllMOD - [2013/02/14 04:39:43 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dllMOD - [2013/02/14 04:35:08 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dllMOD - [2013/02/13 04:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dllMOD - [2013/02/13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exeMOD - [2013/01/26 18:56:08 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dllMOD - [2013/01/26 16:47:18 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\5baea82888a13fa558004b24e3b107cf\CustomMarshalers.ni.dllMOD - [2013/01/26 16:46:48 | 002,382,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\cedfc98e1e998c103a2a98298d40b11e\Microsoft.Office.Interop.Outlook.ni.dllMOD - [2013/01/26 16:46:47 | 001,017,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\office\c032b45d3a3c912e41992c0a9c256e5f\office.ni.dllMOD - [2013/01/26 16:46:47 | 000,044,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\stdole\f698ac346476a20a02725b8e9de422cd\stdole.ni.dllMOD - [2013/01/26 16:46:47 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Extensibility\40ae80b5416554417d40f6fd4df4c62a\Extensibility.ni.dllMOD - [2013/01/26 15:39:09 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dllMOD - [2013/01/26 15:38:53 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dllMOD - [2013/01/26 15:38:50 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dllMOD - [2013/01/26 15:38:45 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dllMOD - [2012/11/28 15:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dllMOD - [2012/11/28 15:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dllMOD - [2011/03/17 07:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODFMOD - [2010/12/21 08:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dllMOD - [2010/11/05 03:57:39 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllMOD - [2010/08/30 05:40:58 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dllMOD - [2009/07/22 15:52:12 | 002,384,896 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ========== Services (SafeList) ========== SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)SRV:64bit: - [2012/02/15 05:13:00 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)SRV:64bit: - [2010/02/02 14:14:38 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)SRV:64bit: - [2009/11/02 19:48:18 | 000,126,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)SRV:64bit: - [2009/08/18 04:09:52 | 000,868,128 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)SRV:64bit: - [2009/03/31 08:01:34 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)SRV - [2013/07/03 05:24:41 | 004,569,856 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll -- (Akamai)SRV - [2013/06/17 02:38:26 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2013/05/10 00:57:24 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)SRV - [2013/02/06 12:23:14 | 000,585,728 | ---- | M] (Research In Motion Limited) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe -- (BlackBerry Device Manager)SRV - [2012/10/23 13:25:18 | 003,572,880 | ---- | M] (Hide My IP) [On_Demand | Running] -- C:\Program Files (x86)\Hide My IP\HideMyIpSrv.exe -- (HideMyIpSRV)SRV - [2012/08/08 00:31:04 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)SRV - [2012/06/19 23:21:24 | 001,646,608 | ---- | M] (Rosetta Stone Ltd.) [Auto | Running] -- C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe -- (RosettaStoneDaemon)SRV - [2011/11/23 21:21:24 | 000,025,704 | R--- | M] (Amazon.com) [Auto | Running] -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)SRV - [2011/10/19 16:48:08 | 000,411,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Polar\Daemon\polard.exe -- (Polar Daemon)SRV - [2011/07/13 16:00:16 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe -- (OpenVPNService)SRV - [2010/05/14 17:56:58 | 000,049,080 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Tether\TBService.exe -- (Tether)SRV - [2010/03/18 20:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2010/02/19 20:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)SRV - [2009/10/01 11:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)SRV - [2009/10/01 11:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)SRV - [2009/06/23 23:02:42 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe -- (InstallFilterService)SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)SRV - [2009/06/06 02:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)SRV - [2009/06/01 16:26:34 | 000,136,192 | ---- | M] (HP) [Auto | Stopped] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)SRV - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/06/23 01:52:55 | 000,036,680 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)DRV:64bit: - [2013/01/28 19:03:04 | 000,025,584 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020200}_0)DRV:64bit: - [2013/01/03 13:50:48 | 000,078,336 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)DRV:64bit: - [2012/12/10 15:48:02 | 000,044,544 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2012/02/15 05:48:32 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)DRV:64bit: - [2012/02/15 05:48:32 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)DRV:64bit: - [2012/02/15 04:13:12 | 000,327,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)DRV:64bit: - [2011/12/05 21:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)DRV:64bit: - [2011/11/29 04:28:28 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)DRV:64bit: - [2011/07/13 16:00:14 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)DRV:64bit: - [2011/04/15 18:14:15 | 000,020,480 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mvusbews.sys -- (mvusbews)DRV:64bit: - [2011/04/15 18:14:15 | 000,016,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HPM1210FAX.sys -- (HP1210FAX)DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2010/11/20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)DRV:64bit: - [2010/11/05 11:13:10 | 000,694,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)DRV:64bit: - [2010/06/21 17:56:20 | 000,027,240 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtlss.sys -- (rtlss)DRV:64bit: - [2010/04/07 22:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)DRV:64bit: - [2010/02/02 14:14:36 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)DRV:64bit: - [2010/02/02 14:14:36 | 000,020,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)DRV:64bit: - [2010/02/02 14:14:34 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)DRV:64bit: - [2009/11/02 19:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)DRV:64bit: - [2009/10/26 06:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)DRV:64bit: - [2009/10/16 17:23:00 | 000,050,856 | ---- | M] (Tether) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qrkis.sys -- (qrkis)DRV:64bit: - [2009/10/12 19:26:00 | 000,023,912 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Acceler.sys -- (Acceler)DRV:64bit: - [2009/09/17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)DRV:64bit: - [2009/09/03 12:15:26 | 000,292,400 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)DRV:64bit: - [2009/08/20 09:34:38 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)DRV:64bit: - [2009/07/27 04:54:30 | 000,090,544 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)DRV:64bit: - [2009/07/23 19:57:48 | 000,018,792 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdflt.sys -- (stdflt)DRV:64bit: - [2009/07/17 05:14:00 | 000,220,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/07/14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)DRV:64bit: - [2009/07/14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)DRV:64bit: - [2009/07/14 02:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)DRV:64bit: - [2009/07/01 06:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)DRV:64bit: - [2009/07/01 06:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)DRV:64bit: - [2009/07/01 06:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)DRV:64bit: - [2009/06/15 20:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV:64bit: - [2009/04/07 09:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)DRV:64bit: - [2008/09/25 02:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\facap.sys -- (FACAP)DRV:64bit: - [2007/07/16 23:29:33 | 000,023,064 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hpfx64fax.sys -- (HPFXFAX)DRV:64bit: - [2007/07/16 23:29:23 | 000,020,504 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hpfx64bulk.sys -- (HPFXBULK)DRV:64bit: - [2006/11/01 19:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope =IE:64bit: - HKLM\..\SearchScopes\{7EAECF87-B68D-44DB-87CC-7CC089FEBA3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBoxIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\..\SearchScopes,DefaultScope =IE - HKLM\..\SearchScopes\{D9982E70-8256-46AA-B0A4-868C686C648A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-121882709-412351183-818571276-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1IE - HKU\S-1-5-21-121882709-412351183-818571276-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9IE - HKU\S-1-5-21-121882709-412351183-818571276-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usIE - HKU\S-1-5-21-121882709-412351183-818571276-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5F 6A E3 8E D5 FD CA 01 [binary data]IE - HKU\S-1-5-21-121882709-412351183-818571276-1000\..\SearchScopes,DefaultScope = {A4B1803A-CE3A-4984-9ABB-D1572FA4A0F7}IE - HKU\S-1-5-21-121882709-412351183-818571276-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SRIE - HKU\S-1-5-21-121882709-412351183-818571276-1000\..\SearchScopes\{2EF9C486-8AAD-485F-9AFF-66E1B3AE5AA7}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}IE - HKU\S-1-5-21-121882709-412351183-818571276-1000\..\SearchScopes\{3C7F9014-82E3-4AAA-BB7F-7C85671E2B80}: "URL" = http://duckduckgo.com/?q={searchTerms}IE - HKU\S-1-5-21-121882709-412351183-818571276-1000\..\SearchScopes\{4A9980DA-0979-43C6-A818-928775591F31}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}IE - HKU\S-1-5-21-121882709-412351183-818571276-1000\..\SearchScopes\{A4B1803A-CE3A-4984-9ABB-D1572FA4A0F7}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9IE - HKU\S-1-5-21-121882709-412351183-818571276-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316"FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.172FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=827316&p="FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Rita Nicole\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Rita Nicole\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/05/16 11:13:48 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 22:27:28 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/03/15 18:44:53 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/08 17:34:04 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/06/22 09:05:40 | 000,000,000 | ---D | M] [2012/04/09 14:39:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rita Nicole\AppData\Roaming\Mozilla\Extensions[2013/05/28 09:40:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rita Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\73x01k6x.default\extensions[2010/08/30 06:17:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Rita Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\73x01k6x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}[2012/08/05 17:48:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions[2012/08/05 17:48:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}[2013/03/15 18:44:53 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5[2012/04/21 03:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll[2011/08/11 13:18:12 | 000,128,960 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll[2011/08/11 00:16:34 | 000,096,192 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll[2011/08/11 13:18:30 | 000,092,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll[2011/08/11 13:18:08 | 000,022,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll[2011/08/11 13:19:38 | 000,436,136 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll[2011/08/11 00:16:34 | 000,024,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll[2012/08/08 19:03:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml[2012/08/08 19:03:55 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2013/06/29 06:11:24 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKU\S-1-5-21-121882709-412351183-818571276-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.O3 - HKU\S-1-5-21-121882709-412351183-818571276-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.O3 - HKU\S-1-5-21-121882709-412351183-818571276-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O4:64bit: - HKLM..\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)O4 - HKLM..\Run: [] File not foundO4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)O4 - HKU\S-1-5-21-121882709-412351183-818571276-1000..\Run: [Adobe Acrobat Synchronizer] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)O4 - HKU\S-1-5-21-121882709-412351183-818571276-1000..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)O4 - HKU\S-1-5-21-121882709-412351183-818571276-1000..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)O4 - HKU\S-1-5-21-121882709-412351183-818571276-1000..\Run: [HideMyIP] C:\Program Files (x86)\Hide My IP\HideMyIP.exe (www.hidemyip.com)O4 - HKU\S-1-5-21-121882709-412351183-818571276-1000..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)O4 - HKU\S-1-5-21-121882709-412351183-818571276-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not foundO4 - HKLM..\RunOnce: [b Register C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-121882709-412351183-818571276-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-121882709-412351183-818571276-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O8:64bit: - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta File not foundO8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O8 - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta File not foundO8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)O15 - HKU\S-1-5-21-121882709-412351183-818571276-1000\..Trusted Domains: hcdistrictclerk.com ([]* in Trusted sites)O15 - HKU\S-1-5-21-121882709-412351183-818571276-1000\..Trusted Domains: picnik.com ([]* in Trusted sites)O15 - HKU\S-1-5-21-121882709-412351183-818571276-1000\..Trusted Domains: snapfish.com ([]* in Trusted sites)O15 - HKU\S-1-5-21-121882709-412351183-818571276-1000\..Trusted Domains: texasbar.com ([]* in Trusted sites)O15 - HKU\S-1-5-21-121882709-412351183-818571276-1000\..Trusted Domains: texasbar.com ([www] http in Trusted sites)O15 - HKU\S-1-5-21-121882709-412351183-818571276-1000\..Trusted Domains: texasbar.com ([www] https in Trusted sites)O15 - HKU\S-1-5-21-121882709-412351183-818571276-1000\..Trusted Domains: usps.com ([]* in Trusted sites)O15 - HKU\S-1-5-21-121882709-412351183-818571276-1000\..Trusted Domains: usps.com ([sss-web] https in Trusted sites)O15 - HKU\S-1-5-21-121882709-412351183-818571276-1000\..Trusted Domains: walgreens.com ([]* in Trusted sites)O15 - HKU\S-1-5-21-121882709-412351183-818571276-1000\..Trusted Domains: westcheck.com ([]* in Trusted sites)O15 - HKU\S-1-5-21-121882709-412351183-818571276-1000\..Trusted Domains: westlaw.com ([]* in Trusted sites)O15 - HKU\S-1-5-21-121882709-412351183-818571276-1000\..Trusted Domains: westlaw.com ([web2] http in Trusted sites)O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} https://www.linkedin.com/cab/LinkedInContactFinderControl.cab (LinkedIn ContactFinderControl)O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (RIM AxLoader)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61FA3B78-D9F6-4DF0-BCB1-F8A4A1E2730B}: NameServer = 208.67.222.222,208.67.220.220O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8EAFE9AE-64B4-4D44-8C9A-82B9C7767A06}: DhcpNameServer = 192.168.178.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9DD21D22-FE89-478E-9125-D010A4A3612D}: DhcpNameServer = 192.168.1.254O18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\skype4com - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value foundO18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value foundO18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value foundO18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value foundO18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value foundO18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value foundO18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value foundO18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value foundO18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value foundO18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value foundO18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value foundO18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value foundO18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value foundO18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value foundO18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value foundO18:64bit: - Protocol\Filter\ica - No CLSID value foundO18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)O32 - HKLM CDRom: AutoRun - 1O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/07/03 05:58:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Rita Nicole\Desktop\OTL.exe[2013/07/03 05:52:20 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT[2013/07/03 05:52:04 | 000,000,000 | ---D | C] -- C:\JRT[2013/07/03 05:42:05 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Rita Nicole\Desktop\JRT.exe[2013/06/29 06:11:26 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN[2013/06/29 05:37:20 | 000,000,000 | ---D | C] -- C:\Users\Rita Nicole\Desktop\Combofix[2013/06/23 06:05:07 | 000,000,000 | ---D | C] -- C:\FRST[2013/06/23 03:02:17 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll[2013/06/23 03:02:17 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll[2013/06/23 03:02:17 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe[2013/06/23 03:02:17 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe[2013/06/23 03:02:17 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll[2013/06/23 03:02:17 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll[2013/06/23 03:02:17 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe[2013/06/23 03:02:17 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll[2013/06/23 03:02:17 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll[2013/06/23 03:02:16 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll[2013/06/23 03:02:15 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll[2013/06/23 03:02:15 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll[2013/06/23 03:02:15 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll[2013/06/23 03:01:37 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll[2013/06/23 03:01:37 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll[2013/06/23 02:22:56 | 005,084,379 | R--- | C] (Swearware) -- C:\Users\Rita Nicole\Desktop\ComboFix.exe[2013/06/23 01:53:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)[2013/06/23 01:52:31 | 000,000,000 | ---D | C] -- C:\Users\Rita Nicole\Desktop\mbar[2013/06/23 01:48:51 | 002,240,864 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Rita Nicole\Desktop\tdsskiller.exe[2013/06/23 00:51:17 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll[2013/06/23 00:51:17 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll[2013/06/23 00:51:09 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll[2013/06/23 00:51:09 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll[2013/06/23 00:50:41 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll[2013/06/23 00:50:31 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll[2013/06/23 00:50:31 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe[2013/06/23 00:50:31 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe[2013/06/23 00:50:31 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll[2013/06/23 00:50:30 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll[2013/06/23 00:50:30 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll[2013/06/23 00:49:58 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll[2013/06/23 00:49:58 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll[2013/06/08 17:38:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes[2013/06/08 17:37:36 | 000,000,000 | ---D | C] -- C:\Program Files\iPod[2013/06/08 17:37:35 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes[2013/06/08 17:37:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes[2013/06/08 17:37:35 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69[2013/06/08 17:33:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime[2013/06/08 17:33:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime[2013/06/06 03:04:53 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl[2013/06/06 03:04:53 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl[2013/06/06 03:04:53 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat[2013/06/06 03:04:53 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat[2013/06/06 03:04:53 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe[2013/06/06 03:04:53 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll[2013/06/06 03:04:53 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll[2013/06/06 03:04:53 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll[2013/06/06 03:04:53 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll[2013/06/06 03:04:53 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll[2013/06/06 03:04:53 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll[2013/06/06 03:04:53 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec[2013/06/06 03:04:53 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec[2013/06/06 03:04:53 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll[2013/06/06 03:04:53 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll[2013/06/06 03:04:53 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll[2013/06/06 03:04:53 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll[2013/06/06 03:04:53 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll[2013/06/06 03:04:53 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll[2013/06/06 03:04:53 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll[2013/06/06 03:04:53 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe[2013/06/06 03:04:53 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe[2013/06/06 03:04:53 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll[2013/06/06 03:04:53 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe[2013/06/06 03:04:53 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll[2013/06/06 03:04:53 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe[2013/06/06 03:04:53 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe[2013/06/06 03:04:53 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe[2013/06/06 03:04:53 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll[2013/06/06 03:04:53 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll[2013/06/06 03:04:53 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll[2013/06/06 03:04:53 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll[2013/06/06 03:04:53 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll[2013/06/06 03:04:53 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll[2013/06/06 03:04:53 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll[2013/06/06 03:04:53 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe[2013/06/06 03:04:53 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll[2013/06/06 03:04:53 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll[2013/06/06 03:04:53 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll[2013/06/06 03:04:53 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx[2013/06/06 03:04:53 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe[2013/06/06 03:04:53 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll[2013/06/06 03:04:53 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll[2013/06/06 03:04:53 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx[2013/06/06 03:04:53 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll[2013/06/06 03:04:53 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll[2013/06/06 03:04:53 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll[2013/06/06 03:04:53 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll[2013/06/06 03:04:53 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll[2013/06/06 03:04:53 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll[2013/06/06 03:04:53 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe[2013/06/06 03:04:53 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe[2013/06/06 03:04:53 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe[2013/06/06 03:03:47 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll[2013/06/06 03:03:47 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll[2013/06/06 03:03:47 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll[2013/06/06 03:03:47 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll[2013/06/06 03:03:47 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll[2013/06/06 03:03:47 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll[2013/06/06 03:03:47 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll[2013/06/06 03:03:47 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll[2013/06/06 03:03:47 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll[2013/06/06 03:03:47 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll[2013/06/06 03:03:47 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll[2013/06/06 03:03:47 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll[2013/06/06 03:03:47 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll[2013/06/06 03:03:47 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll[2013/06/06 03:03:47 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll[2013/06/06 03:03:47 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll[2013/06/06 03:03:47 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll[2013/06/06 03:03:47 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll[2013/06/06 03:03:47 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll[2013/06/06 03:03:47 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll[2013/06/06 03:03:47 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll[2013/06/06 03:03:47 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll[2013/06/06 03:03:47 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll[2013/06/06 03:03:47 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll[2013/06/06 03:03:47 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll[2013/06/06 03:03:47 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll[2013/06/06 03:03:47 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll[2013/06/06 03:03:47 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll[2013/06/06 03:03:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll[2013/06/06 03:03:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll[2013/06/06 03:03:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll[2013/06/06 03:03:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll[2013/06/06 03:03:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll[2013/06/06 03:03:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll[2013/06/06 03:03:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll[2013/06/06 03:03:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll[2013/06/06 03:03:47 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll[2013/06/06 03:03:47 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll[2013/06/05 15:54:53 | 000,000,000 | ---D | C] -- C:\Users\Rita Nicole\AppData\Local\8D60C146-23F5-4458-89C5-7C1EC844C946.aplzod[2 C:\Users\Rita Nicole\Desktop\*.tmp files -> C:\Users\Rita Nicole\Desktop\*.tmp -> ][1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/07/03 05:58:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rita Nicole\Desktop\OTL.exe[2013/07/03 05:55:30 | 000,019,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2013/07/03 05:55:30 | 000,019,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2013/07/03 05:48:07 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2013/07/03 05:47:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2013/07/03 05:47:29 | 427,180,031 | -HS- | M] () -- C:\hiberfil.sys[2013/07/03 05:42:05 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Rita Nicole\Desktop\JRT.exe[2013/07/03 05:38:40 | 000,648,201 | ---- | M] () -- C:\Users\Rita Nicole\Desktop\AdwCleaner.exe[2013/07/03 05:38:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2013/07/03 05:36:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2013/07/03 05:35:04 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-121882709-412351183-818571276-1000UA.job[2013/06/29 06:23:30 | 002,339,896 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2013/06/29 06:23:30 | 000,704,762 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat[2013/06/29 06:23:30 | 000,655,144 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat[2013/06/29 06:23:30 | 000,627,316 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2013/06/29 06:23:30 | 000,138,274 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat[2013/06/29 06:23:30 | 000,130,752 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat[2013/06/29 06:23:30 | 000,107,600 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2013/06/29 06:11:24 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts[2013/06/29 05:39:27 | 005,084,379 | R--- | M] (Swearware) -- C:\Users\Rita Nicole\Desktop\ComboFix.exe[2013/06/23 12:35:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-121882709-412351183-818571276-1000Core.job[2013/06/23 02:47:54 | 000,890,978 | ---- | M] () -- C:\Users\Rita Nicole\Desktop\SecurityCheck.exe[2013/06/23 01:52:55 | 000,036,680 | ---- | M] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys[2013/06/23 01:52:45 | 000,000,864 | ---- | M] () -- C:\Users\Rita Nicole\Desktop\mbar-1.06.0.1004.zip[2013/06/23 01:48:53 | 002,240,864 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Rita Nicole\Desktop\tdsskiller.exe[2013/06/17 02:48:33 | 000,391,797 | ---- | M] () -- C:\Users\Rita Nicole\Desktop\Thomas.Rita.IOA July2013 PhoenixTraining.2.pdf[2013/06/17 02:46:44 | 000,107,465 | ---- | M] () -- C:\Users\Rita Nicole\Desktop\Thomas.Erica.IOA July2013 PhoenixTrainingRegistration.pdf[2013/06/17 02:41:25 | 000,107,746 | ---- | M] () -- C:\Users\Rita Nicole\Desktop\Thomas.Rita.IOA July2013 PhoenixTrainingRegistration.pdf[2013/06/17 02:38:25 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe[2013/06/17 02:38:25 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl[2013/06/17 02:38:09 | 009,089,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe[2013/06/08 17:38:09 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk[2013/06/08 16:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll[2013/06/08 13:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll[2013/06/06 03:04:53 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl[2013/06/06 03:04:53 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl[2013/06/06 03:04:53 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat[2013/06/06 03:04:53 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat[2013/06/06 03:04:53 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe[2013/06/06 03:04:53 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll[2013/06/06 03:04:53 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll[2013/06/06 03:04:53 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll[2013/06/06 03:04:53 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll[2013/06/06 03:04:53 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll[2013/06/06 03:04:53 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll[2013/06/06 03:04:53 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec[2013/06/06 03:04:53 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec[2013/06/06 03:04:53 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll[2013/06/06 03:04:53 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll[2013/06/06 03:04:53 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll[2013/06/06 03:04:53 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll[2013/06/06 03:04:53 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll[2013/06/06 03:04:53 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll[2013/06/06 03:04:53 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll[2013/06/06 03:04:53 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe[2013/06/06 03:04:53 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe[2013/06/06 03:04:53 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll[2013/06/06 03:04:53 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe[2013/06/06 03:04:53 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll[2013/06/06 03:04:53 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe[2013/06/06 03:04:53 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe[2013/06/06 03:04:53 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe[2013/06/06 03:04:53 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll[2013/06/06 03:04:53 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll[2013/06/06 03:04:53 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll[2013/06/06 03:04:53 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll[2013/06/06 03:04:53 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll[2013/06/06 03:04:53 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll[2013/06/06 03:04:53 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll[2013/06/06 03:04:53 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe[2013/06/06 03:04:53 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll[2013/06/06 03:04:53 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll[2013/06/06 03:04:53 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll[2013/06/06 03:04:53 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx[2013/06/06 03:04:53 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe[2013/06/06 03:04:53 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll[2013/06/06 03:04:53 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll[2013/06/06 03:04:53 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx[2013/06/06 03:04:53 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll[2013/06/06 03:04:53 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll[2013/06/06 03:04:53 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll[2013/06/06 03:04:53 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll[2013/06/06 03:04:53 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll[2013/06/06 03:04:53 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf[2013/06/06 03:04:53 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf[2013/06/06 03:04:53 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll[2013/06/06 03:04:53 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe[2013/06/06 03:04:53 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe[2013/06/06 03:04:53 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe[2013/06/06 03:03:47 | 003,928,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll[2013/06/06 03:03:47 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll[2013/06/06 03:03:47 | 002,565,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll[2013/06/06 03:03:47 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll[2013/06/06 03:03:47 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll[2013/06/06 03:03:47 | 001,643,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll[2013/06/06 03:03:47 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll[2013/06/06 03:03:47 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll[2013/06/06 03:03:47 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll[2013/06/06 03:03:47 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll[2013/06/06 03:03:47 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll[2013/06/06 03:03:47 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll[2013/06/06 03:03:47 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll[2013/06/06 03:03:47 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll[2013/06/06 03:03:47 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll[2013/06/06 03:03:47 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll[2013/06/06 03:03:47 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll[2013/06/06 03:03:47 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll[2013/06/06 03:03:47 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll[2013/06/06 03:03:47 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll[2013/06/06 03:03:47 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll[2013/06/06 03:03:47 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll[2013/06/06 03:03:47 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll[2013/06/06 03:03:47 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll[2013/06/06 03:03:47 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll[2013/06/06 03:03:47 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll[2013/06/06 03:03:47 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll[2013/06/06 03:03:47 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll[2013/06/06 03:03:47 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll[2013/06/06 03:03:47 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll[2013/06/06 03:03:47 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll[2013/06/06 03:03:47 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll[2013/06/06 03:03:47 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll[2013/06/06 03:03:47 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll[2013/06/06 03:03:47 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll[2013/06/06 03:03:47 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll[2013/06/06 03:03:47 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll[2013/06/06 03:03:47 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll[2 C:\Users\Rita Nicole\Desktop\*.tmp files -> C:\Users\Rita Nicole\Desktop\*.tmp -> ][1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/07/03 05:37:38 | 000,648,201 | ---- | C] () -- C:\Users\Rita Nicole\Desktop\AdwCleaner.exe[2013/06/23 02:47:48 | 000,890,978 | ---- | C] () -- C:\Users\Rita Nicole\Desktop\SecurityCheck.exe[2013/06/23 01:52:55 | 000,036,680 | ---- | C] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys[2013/06/23 01:51:56 | 000,000,864 | ---- | C] () -- C:\Users\Rita Nicole\Desktop\mbar-1.06.0.1004.zip[2013/06/17 02:46:44 | 000,107,465 | ---- | C] () -- C:\Users\Rita Nicole\Desktop\Thomas.Erica.IOA July2013 PhoenixTrainingRegistration.pdf[2013/06/17 02:41:25 | 000,107,746 | ---- | C] () -- C:\Users\Rita Nicole\Desktop\Thomas.Rita.IOA July2013 PhoenixTrainingRegistration.pdf[2013/06/17 02:37:37 | 000,391,797 | ---- | C] () -- C:\Users\Rita Nicole\Desktop\Thomas.Rita.IOA July2013 PhoenixTraining.2.pdf[2013/06/08 17:38:09 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk[2013/06/06 03:04:53 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf[2013/06/06 03:04:53 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf[2012/11/27 00:36:41 | 000,004,416 | ---- | C] () -- C:\Windows\SysWow64\HideMyIpSRV.ini[2012/11/27 00:36:41 | 000,002,664 | ---- | C] () -- C:\Windows\SysWow64\HideMyIpSRVOff.ini[2012/08/09 07:39:25 | 000,081,920 | R--- | C] () -- C:\Windows\SysWow64\mvusbews.dll[2012/08/07 23:20:48 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll[2012/04/27 01:31:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe[2012/04/27 01:31:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe[2012/04/27 01:31:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe[2012/04/27 01:31:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe[2012/04/27 01:31:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe[2012/02/15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat[2012/02/15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat[2012/02/14 23:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll[2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll[2011/09/13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat[2011/09/04 19:23:57 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI[2011/09/04 19:23:57 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD5240.DAT[2011/05/17 16:49:16 | 000,021,504 | ---- | C] () -- C:\Users\Rita Nicole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2010/09/15 21:00:49 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys[2010/09/14 23:39:28 | 000,306,415 | ---- | C] () -- C:\Users\Rita Nicole\letter.pdf[2010/09/14 19:14:48 | 000,036,581 | ---- | C] () -- C:\Users\Rita Nicole\AppData\Roaming\Comma Separated Values (Windows).ADR[2010/08/26 23:59:53 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]< End of report > Link to post Share on other sites More sharing options...
rnct3 Posted July 3, 2013 Author ID:698132 Share Posted July 3, 2013 OTL Extras logfile created on: 7/3/2013 6:00:09 AM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rita Nicole\Desktop64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.10.9200.16614)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.86 Gb Total Physical Memory | 4.18 Gb Available Physical Memory | 71.33% Memory free11.73 Gb Paging File | 9.90 Gb Available in Paging File | 84.41% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 451.07 Gb Total Space | 239.82 Gb Free Space | 53.17% Space Free | Partition Type: NTFS Computer Name: RITANICOLE-PC | User Name: Rita Nicole | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation).url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation).html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 1"FirewallDisableNotify" = 0"AntiVirusDisableNotify" = 0"UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"FirewallDisableNotify" = 0"AntiVirusDisableNotify" = 0"UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"DisableNotifications" = 0"EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"DisableNotifications" = 0"EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"DisableNotifications" = 0"EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{05613960-6D04-4E51-B0C2-561D63C98C37}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |"{0859FF57-3BAC-4B0D-B0C6-71A025DCDA61}" = lport=49679 | protocol=6 | dir=in | name=akamai netsession interface |"{09749C85-DB9A-41D9-9267-6C4F0470D6D8}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |"{0D979B2E-67EC-48B9-A378-6B170281D9D3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |"{0FD630D7-DB4E-41F2-859E-F731CBEA4130}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |"{2C3449EE-3D9A-464E-943F-DAD65F5EBA10}" = lport=445 | protocol=6 | dir=in | app=system |"{315CC472-AC44-43E5-9B9C-EE30C71BAB13}" = rport=10243 | protocol=6 | dir=out | app=system |"{3C0F2B06-FF96-4F3A-BC10-6B6016203857}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |"{3F6EFED3-B4E5-44A1-98FB-C52C27767664}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |"{42051ED3-B2F2-4ABE-888C-44E042C21E23}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |"{52A22ABE-512C-4312-B21F-CC0DBA2AAC9D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |"{640FA49D-995B-4A02-815D-216525F8E737}" = lport=139 | protocol=6 | dir=in | app=system |"{6AD22838-E39D-4406-9723-17DD8FF68948}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |"{720CB6D9-F2C0-4F9A-A53E-497138982CCB}" = rport=445 | protocol=6 | dir=out | app=system |"{77F1D73B-BEBD-47A0-9D31-823258560B49}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |"{84236F06-8402-415E-B9F1-22565AF26B08}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |"{87EE93A1-EB55-48C5-A87C-7F8CEFF3F5B0}" = rport=138 | protocol=17 | dir=out | app=system |"{8AD379B0-8CBB-4FB1-A336-0B67667F0AEE}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |"{8B5AE864-0049-471E-9D64-B58B113AB066}" = lport=49160 | protocol=6 | dir=in | name=akamai netsession interface |"{91BCA23A-D40C-4500-B9F7-EAFCCF7CC924}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |"{99538F47-A81F-4EA5-9674-1AE3D6BBD0AB}" = lport=10243 | protocol=6 | dir=in | app=system |"{A843297F-7B6C-4CFC-A873-9EDB46D17A10}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |"{A8CD0555-CBE4-49EA-871E-7D233D73129A}" = lport=138 | protocol=17 | dir=in | app=system |"{B20D71E9-CA52-4601-B3D6-3B05795F684B}" = lport=137 | protocol=17 | dir=in | app=system |"{B3B09637-1C33-4E25-9598-EE4CB6BA6782}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |"{BAB51849-38FD-429D-B9A0-AB3DEFB849B8}" = lport=7000 | protocol=17 | dir=in | name=windows easy transfer udp port |"{BE95571E-F1ED-488C-A926-19BFA344BC50}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |"{BF04AB20-5E25-4B0A-B7AC-439A938033F2}" = lport=7000 | protocol=6 | dir=in | name=windows easy transfer tcp port |"{BFFAC155-C0DC-45AE-B6C7-8AE21AF389C1}" = lport=2869 | protocol=6 | dir=in | app=system |"{C5016D4D-CA9C-4D8E-AADA-1C018557C698}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |"{C94C00CD-D951-45D4-9CCA-BF5BD44E794C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |"{DC96EAD5-888C-466B-815F-E70A546BDD7C}" = rport=139 | protocol=6 | dir=out | app=system |"{DE3CDCD2-EC8F-4BBD-944C-26865607486B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |"{EA957601-555C-46EC-84E3-4AF36DF556F0}" = rport=137 | protocol=17 | dir=out | app=system |"{F341BFBC-9D0F-4D45-AD20-B4D3C763AB95}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |"{F52A902B-26D9-441E-8181-41CF2815F74E}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |"{F97CC94B-6A58-4C12-91E2-F262EBD33DF2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |"{FA1486C0-A2BE-4DF0-A9A3-7D6F7E8376F1}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{04A62466-9BDA-4D4B-B78B-48573ECB88FF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |"{050598D3-559D-46E2-8206-29505ED0BA7E}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |"{129AE2F4-B431-4E31-898E-6D8342CD1D2C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |"{14821C1B-804E-47A6-9C4D-C6AEF527E46E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |"{1C701A13-F45D-4021-B42B-E44A175C30FB}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |"{1F89499E-22B9-4C3B-87DD-49A9B50B265C}" = dir=in | app=c:\program files (x86)\rosettastoneltdservices\rosettastonedaemon.exe |"{21B878F4-0C90-4A6C-9B22-7E7BC26D3C22}" = protocol=6 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |"{2CD978F7-F2E3-4897-A750-F1EBEDCA966B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"{2EAD71CF-C2A7-4303-81B3-C06B1DC5A794}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe |"{3228DCE7-7999-4904-B0AD-7FE0A4B336E1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |"{376BA394-4235-4FAE-95C5-928B2777B729}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |"{42085E94-C4C7-48E6-88F2-5DD9EE96FAE3}" = protocol=6 | dir=out | app=c:\program files (x86)\rosettastoneltdservices\rosettastonedaemon.exe |"{459E4330-D977-457D-BFA7-62EDBF34FD11}" = protocol=6 | dir=out | app=c:\program files (x86)\rosettastoneltdservices\rosettastoneltdservices.exe |"{517B7712-37A5-443B-9EAF-05730ECE6823}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |"{53A2FBF2-9E31-4862-8EF6-20ABF5D71F72}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"{5AF3A28B-0387-40E6-9B06-B015E9E0A6FD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |"{5B7D23F8-A7CF-45E3-95F9-A601FFBBB3B4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |"{5CC298E0-8D2D-44D0-A167-EE98C5DF3B93}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |"{6646C110-4322-4AF6-922E-CEEAE06E4231}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |"{6AE11876-E2D7-4F44-8BE9-98457546FD3B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |"{7BE7F97C-51E8-45F4-9E5C-6F39F92561EF}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |"{7D163C10-EFD1-4B0C-B352-1C413F643DCF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |"{818D6CFD-7509-4612-BA04-0613271F88DE}" = dir=in | app=c:\program files (x86)\rosettastoneltdservices\rosettastoneltdservices.exe |"{81A33F67-8E4D-4357-B66C-9AC5919B890B}" = protocol=17 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |"{86AB7B81-8131-419B-A917-4E8ADA7579AD}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |"{8ED2EC08-2A47-4F3D-A489-09D9295AB8BB}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |"{925BFB0F-824B-4616-B4AF-9F9D5E67AA67}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |"{926B00B9-0738-4263-8C9C-82366939550A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |"{9648048C-D543-4767-A25F-AF413CDDEA2E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"{96682E63-C70E-4357-B4B0-80DA5293FAB6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |"{B185B68C-8781-4CAD-8F83-FAB7D103DC84}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |"{B3527E84-DF2E-4921-A9AA-5B96C24519AB}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe |"{B7E255B7-C273-4C07-A9F9-BBFB7774AB35}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |"{BD28A9FF-FD0A-47AC-A362-9C8C388E1650}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |"{C727E3B6-38CB-4CAD-8872-B05B5DAE21AA}" = protocol=6 | dir=out | app=system |"{C846DA7D-5A2A-4CF3-AFD3-1FC495BA5EAB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |"{C8CE0B61-9084-458C-B2EE-408130D1D9D0}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |"{CAA889FC-33C8-4466-8D8C-4F4673B75C58}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |"{CB4F6FEC-6833-4C9B-A59E-FD7BB191BA27}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |"{D0188878-AF35-4544-9292-6475786DBE0C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |"{D1F42302-0A8C-4E04-89AC-EFDD64AB5103}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |"{DBF17FA4-58E7-4ABF-807B-2D5C2354FA2B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |"{DF73E0C2-7B1A-4CBA-BF8E-D1C0AE407F26}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |"{E6116AA9-0CB4-4280-B2C1-02621BE80581}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |"{E959D121-7879-4B79-8659-30986A0DB83F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"{EA8DF0EA-16DD-4968-B89B-A67CA8A8E981}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |"{F19DD231-0765-4E98-8E1F-7412BE8FE088}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |"TCP Query User{37E88C41-A02B-40DD-94D2-67B3583F6B18}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |"TCP Query User{50CE042C-230E-44AA-8D44-D026F2768D58}C:\users\rita nicole\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\rita nicole\appdata\local\akamai\netsession_win.exe |"TCP Query User{7345D348-6D38-45B9-B3BA-DB65226BFCE6}C:\users\rita nicole\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\rita nicole\appdata\local\akamai\netsession_win.exe |"TCP Query User{747CE8AD-7E27-4B7A-911C-E70A9456757B}C:\users\rita nicole\appdata\roaming\cuuqx\ruidq.exe" = protocol=6 | dir=in | app=c:\users\rita nicole\appdata\roaming\cuuqx\ruidq.exe |"TCP Query User{8F506C36-E3F1-42AC-9EAD-DEC3F0CB3F51}C:\users\rita nicole\appdata\roaming\cuuqx\ruidq.exe" = protocol=6 | dir=in | app=c:\users\rita nicole\appdata\roaming\cuuqx\ruidq.exe |"UDP Query User{6AB23E7D-CA9B-4F41-BA86-847FD6C96CD0}C:\users\rita nicole\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\rita nicole\appdata\local\akamai\netsession_win.exe |"UDP Query User{6B2FC588-CE67-44C2-BB88-1772FEE67038}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |"UDP Query User{A15D3AF7-BFD9-449C-9B00-4BDC2DA2B450}C:\users\rita nicole\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\rita nicole\appdata\local\akamai\netsession_win.exe |"UDP Query User{AF59DC1E-23D4-42A1-947D-DA17129D0535}C:\users\rita nicole\appdata\roaming\cuuqx\ruidq.exe" = protocol=17 | dir=in | app=c:\users\rita nicole\appdata\roaming\cuuqx\ruidq.exe |"UDP Query User{B0758168-7BC8-4812-89CA-FBA1E07F4FDB}C:\users\rita nicole\appdata\roaming\cuuqx\ruidq.exe" = protocol=17 | dir=in | app=c:\users\rita nicole\appdata\roaming\cuuqx\ruidq.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{0611B3CC-B5DB-4B93-ACE4-97B8F938E6B7}" = 64 Bit HP CIO Components Installer"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java 6 Update 20 (64-bit)"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel® Turbo Boost Technology Monitor"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector"{5F352F3C-160B-713A-A031-18293EC4CA5A}" = AMD Media Foundation Decoders"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)"{704C0303-D20C-45AF-BD2B-556EAF31BE09}" = iCloud"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes"{78E9970B-4395-61A6-B912-1CC406174773}" = AMD Catalyst Install Manager"{7A80B61A-72A1-7800-C4B0-855F056243DA}" = ccc-utility64"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting"{96F12D74-C53F-6276-73CB-851E73482270}" = AMD Drag and Drop Transcoding"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64"{A9B1C6B6-CCB9-4211-842A-BA2870F987A8}" = Sperry Software - Auto Print (x64)"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053"{C4171DD9-EED6-2613-312A-FC8E168E7C3B}" = AMD Accelerated Video Transcoding"{C7E6313A-995E-D994-3998-2BA6752EE49C}" = ccc-utility64"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit"DW WLAN Card Utility" = DW WLAN Card Utility"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile"PC-Doctor for Windows" = Dell Support Center"SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148"{02561BD9-F241-082A-02BA-E5782242F13D}" = CCC Help English"{02EF3AFA-CC2F-4907-8A85-1FE3BF9C0ED2}_is1" = Flash and Pics Control"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center"{05DCB19F-234A-7E88-522D-4C90F3D501EE}" = CCC Help Chinese Standard"{0825DB8F-54A6-1964-3E8E-D9548777447E}" = CCC Help Greek"{086326C7-7425-AEC1-E987-A2BB363A6D6B}" = CCC Help Portuguese"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86"{0A4EA26D-4C36-4B75-9759-48F14DE34C86}" = Polar WebSync"{0AF3986A-29E2-42C8-9CF2-6E1931038CFE}" = CCC Help French"{0B0116D6-60DD-9DDB-39A3-B9E82EB82FFA}" = CCC Help Finnish"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help"{0D6F13C8-83EE-5B1E-AFA2-D048118F8E17}" = CCC Help Swedish"{0DE301AD-CAD4-EECF-DF0C-4A394776D855}" = Catalyst Control Center Graphics Previews Common"{0E448256-D515-4C3E-A5BE-0A7B76CED5D4}" = hppM1130M1210SeriesLaserJetService"{0E6C5F7C-42A0-EBD5-50AD-441CA56474AD}" = CCC Help Korean"{0E9E7F27-15EA-C664-796F-BF0B51FAA8D2}" = CCC Help Danish"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86"{1204BC47-3822-B05A-ED32-987F3653A954}" = Catalyst Control Center Graphics Previews Common"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online"{1577F264-A7FC-5A53-823B-D1EDF32D611D}" = CCC Help Japanese"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions"{245B8890-054E-4D86-6350-74927EB60DD9}" = Catalyst Control Center Graphics Previews Vista"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java 6 Update 33"{26C5D4C6-E7EC-64B2-E119-549D9B271820}" = CCC Help Turkish"{28241D8C-C149-57A3-9659-6C1C2F3588C5}" = CCC Help Czech"{2863C12B-2A02-4258-8495-6220605B2E5C}_is1" = Tether 1.1.0.6"{29F6BF0C-3D0E-4480-8B55-85EDECE418FF}" = BlackBerry Device Software Updater"{30049C5C-B801-07DA-AA92-675724314687}" = CCC Help Danish"{3165E4A6-D5DE-46B0-8597-D55E2B826B84}" = Rosetta Stone Ltd Services"{32C09AEA-BCAE-4595-0A9E-1DA30A0CA936}" = CCC Help English"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery"{377A97B7-B054-409A-9C86-CB5B4CC5BABB}" = WebSlingPlayer ActiveX"{38663438-2F39-2AB7-2059-85C9631613BD}" = CCC Help Chinese Standard"{3880E12E-99E8-0191-B947-498F87E360E1}" = CCC Help Korean"{3C8BD1B0-5E91-573D-A5F5-B80430D30436}" = CCC Help Spanish"{4026AEE5-528D-72E8-9A23-C51C7EBCB124}" = CCC Help Norwegian"{40F4FF7A-B214-4453-B973-080B09CED019}" = LoJack Factory Installer"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{4A53FD97-3EAA-0667-F8D3-E738C0E36C43}" = Catalyst Control Center Graphics Full Existing"{4B8FD0B6-CFC9-E468-357C-E6EAA83EE2EB}" = CCC Help German"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3"{4FA22A9D-EA4D-B9EC-20D3-138DCED75D9A}" = Catalyst Control Center InstallProxy"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module"{521DE3E0-AD03-8E3D-8207-C53F515F940F}" = Skins"{53A5DF5E-E0B2-64D7-9908-500B590B0C7F}" = CCC Help Polish"{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video"{59C45031-B4B1-EAA3-01B3-23FF59A1DDB5}" = CCC Help Thai"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support"{5FAD81FB-FB4B-9AAD-BD6B-5F9CEFAF3BD6}" = CCC Help German"{5FF15491-B82B-946B-29B0-43BF4DEB92F5}" = CCC Help Italian"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack"{6B6BC189-D606-4BC7-9758-E6C364F76A55}" = Rosetta Stone TOTALe"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{71E015CC-52DA-4536-AF0C-C643BA1E45FB}" = Catalyst Control Center - Branding"{72E8555C-9468-F3FA-CEDA-2A05E0C339D7}" = ccc-core-static"{734892CE-38E8-53E5-CEBB-6931F15C3484}" = CCC Help Spanish"{73A0F8AC-61F6-4C86-D448-7EB8C066A0F3}" = CCC Help French"{75430901-2556-AAAF-C31A-CB35BEE5DB71}" = CCC Help Hungarian"{7616111A-EB1D-40A0-BD90-B8F7697F2C33}" = Acrobat.com Add-in for Microsoft Outlook"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply"{7C2B745A-E7F1-41F1-B9BB-3DDB8D52E4CE}" = Readiris Pro 11"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger"{8314F0F7-2E1F-BAFE-E734-F481988D5631}" = Catalyst Control Center Localization All"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync"{8651BEDC-F331-8263-B856-696194F55B9A}" = CCC Help Russian"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570"{87434D51-51DB-4109-B68F-A829ECDCF380}" = Accelerometer"{8D4F1C64-4E17-9532-E0DC-A08E2A7A7502}" = CCC Help Chinese Traditional"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT"{8DE03F6E-FCD2-4497-A8FF-F6C4430618B6}" = BlackBerry App World Browser Plugin"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010"{98A4C42E-D767-9B07-B373-7A9BC03B821A}" = CCC Help Dutch"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail"{9DAED519-EDA3-AC00-753A-BA40707CFDD2}" = Catalyst Control Center Graphics Light"{9FD17B01-2356-455D-5397-1BED89DFA07F}" = CCC Help Dutch"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn"{A6E593E1-D1B1-4468-E17C-FA51458F108F}" = CCC Help Swedish"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer"{AC76BA86-1033-0000-7760-000000000005}" = Adobe Acrobat X Pro"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9"{AE2E0F4A-E08F-4A15-B4DC-D8FC9CEFF9C7}" = Online Plug-in"{B04E62F2-6EDA-71F5-8F4B-EF40E5222A6E}" = CCC Help Japanese"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime"{B99D0CFD-2C04-4E86-9B71-124D46010766}" = Polar Daemon"{BB87040F-C72D-69D8-356B-F7ABE8FD792E}" = CCC Help Portuguese"{BD4D0EE6-979E-F0F0-8924-6A400383ED9F}" = CCC Help Finnish"{BE5B0450-DCCB-4FE9-93E2-3B38D88A745B}" = BlackBerry Desktop Software 7.1"{C444E209-9D73-4106-EEEA-7A940E6B9063}" = CCC Help Russian"{C4625A3D-F9A3-D5F4-F60F-2BB24DCC1C01}" = Catalyst Control Center"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail"{C71F7817-955A-370D-FF5F-8F569C62DC5A}" = Catalyst Control Center Graphics Full New"{C7F33D4B-AA58-8240-65F6-27F6583B21F0}" = Catalyst Control Center Core Implementation"{C9CF43F4-CFFA-629E-C2EF-D5F330D593F4}" = Catalyst Control Center InstallProxy"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection"{CDC08463-9303-4BF1-BF8C-E1A2ECEE3248}" = Adobe Creative Suite 5 Web Premium"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86"{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}" = hppLaserJetService"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86"{DA6CC3A5-1F5B-4068-8BFF-C597BB6B8158}" = hppusgM1130M1210Series"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player"{DFDDBC6C-54F0-A526-40C5-E3DC41BD4098}" = CCC Help Italian"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10"{E19490CD-5380-4F37-B0A7-624D635605DC}" = Catalyst Control Center - Branding"{E5019BBE-7737-5D07-5639-A258B3F0F248}" = CCC Help Chinese Traditional"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module"{F06119B1-23C6-8EB7-D8B9-1EDBAC8B254A}" = Catalyst Control Center Localization All"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver"{F9FD130E-2CE2-B7AE-33B9-8F3D275EA6A4}" = CCC Help Norwegian"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022"{FF841249-0D6B-41D7-8013-953EE3A33263}" = hppQFolderCM2320"7-Zip" = 7-Zip 9.16 beta"Adobe AIR" = Adobe AIR"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin"Advanced Audio FX Engine" = Advanced Audio FX Engine"Akamai" = Akamai NetSession Interface Service"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17"AviSynth" = AviSynth 2.5"BlackBerry_Desktop" = BlackBerry Desktop Software 7.1"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player"Dell Webcam Central" = Dell Webcam Central"DivX Setup" = DivX Setup"ffdshow_is1" = ffdshow [rev 2583] [2009-01-05]"Free RAR Extract Frog" = Free RAR Extract Frog"HaaliMkx" = Haali Media Splitter"HMA! Pro VPN" = HMA! Pro VPN 2.6.9"HMIP50_is1" = Hide My IP 5.4"InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010"Origin" = Origin"PowerISO" = PowerISO"Texas Collections Manual 20101.5" = Texas Collections Manual 2010"uTorrent" = µTorrent"WildTangent dell Master Uninstall" = WildTangent Games"WinLiveSuite" = Windows Live Essentials"Yahoo! Software Update" = Yahoo! Software Update"YTdetect" = Yahoo! Detect ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-121882709-412351183-818571276-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"Akamai" = Akamai NetSession Interface"optimizer_ie" = Widevine Media Optimizer IE 6.0.0 ========== Last 20 Event Log Errors ========== [ Broadcom Wireless LAN Events ]Error - 6/28/2013 11:56:57 PM | Computer Name = RitaNicole-PC | Source = WLAN-Tray | ID = 0Description = 05:56:57, Sat, Jun 29, 13 Error - Unable to gain access to user store < End of report > Link to post Share on other sites More sharing options...
rnct3 Posted July 3, 2013 Author ID:698327 Share Posted July 3, 2013 The final scan has not completed yet and I will not have my laptop with me for 10 days. I will post the completed scan as soon as I get back. Thanks. Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted July 3, 2013 ID:698331 Share Posted July 3, 2013 Sounds good. I'll keep the thread open. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 13, 2013 Root Admin ID:702188 Share Posted July 13, 2013 bump to keep on top Link to post Share on other sites More sharing options...
rnct3 Posted July 13, 2013 Author ID:702249 Share Posted July 13, 2013 The last scan is now running. Thanks for your patience. Link to post Share on other sites More sharing options...
rnct3 Posted July 13, 2013 Author ID:702375 Share Posted July 13, 2013 C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O2M2H0A7\afr[4].htm HTML/Iframe.B.Gen virus C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O2M2H0A7\afr[5].htm HTML/Iframe.B.Gen virus C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O2M2H0A7\afr[6].htm HTML/Iframe.B.Gen virus C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q83ZV0EH\channel-reward-central_com[1].htm HTML/Fraud.BG trojan C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RHD181CX\afr[2].htm HTML/Iframe.B.Gen virus C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WG32QT48\afr[1].htm HTML/Iframe.B.Gen virus C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WG32QT48\neostrata[1].htm JS/Iframe.CV trojan C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XI0HQO81\afr[1].htm HTML/Iframe.B.Gen virus C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XI0HQO81\afr[2].htm HTML/Iframe.B.Gen virus C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XI0HQO81\afr[3].htm HTML/Iframe.B.Gen virus C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTTH6MTX\afr[2].htm HTML/Iframe.B.Gen virus C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTTH6MTX\afr[3].htm HTML/Iframe.B.Gen virus C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTTH6MTX\afr[4].htm HTML/Iframe.B.Gen virus C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTTH6MTX\afr[5].htm HTML/Iframe.B.Gen virus C:\Users\Rita Nicole\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\5f4b043d-565cdced Java/Exploit.CVE-2012-1723.DZ trojan Link to post Share on other sites More sharing options...
Recommended Posts