Jump to content

FBI Moneypack Virus Windows 7-Please help

rnct3

By rnct3
in Resolved Malware Removal Logs

 Share

Recommended Posts

rnct3

rnct3

Posted
Posted

Hello,

I have the FBI Moneypack virus on my computer. I am running 64bit Windows on a Dell Studio 1458. I have attached the frst logs to this post. Please help me with what to do next. Your help is greatly appreciated. Thank you!

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2013 02
Ran by SYSTEM on 22-06-2013 23:05:22
Running from F:\
Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1825064 2009-09-03] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8095776 2009-08-31] (Realtek Semiconductor)
HKLM\...\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe [2384896 2009-07-22] ()
HKLM\...\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5712896 2010-02-02] (Dell Inc.)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [b Register C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer [194912 2013-02-07] (DivX, LLC)
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-12-29] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [840768 2013-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [38984 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [358336 2011-08-11] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263952 2013-02-12] ()
HKLM-x32\...\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-01-29] (DivX, LLC)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-04-30] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKU\Rita Nicole\...\Run: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [1272912 2013-05-10] (Adobe Systems Incorporated)
HKU\Rita Nicole\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\Rita Nicole\...\Run: [Akamai NetSession Interface] "C:\Users\Rita Nicole\AppData\Local\Akamai\netsession_win.exe" [x]
HKU\Rita Nicole\...\Run: [HideMyIP] C:\Program Files (x86)\Hide My IP\HideMyIP.exe [951952 2012-10-23] (www.hidemyip.com)
HKU\Rita Nicole\...\Run: [Google Update] "C:\Users\Rita Nicole\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2013-02-18] (Google Inc.)
HKU\Rita Nicole\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKU\Rita Nicole\...\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKU\Rita Nicole\...\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-04-05] (Apple Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)

==================== Services (Whitelisted) =================

S2 ADVService; C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2011-11-23] (Amazon.com)
S2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll [4561152 2013-03-21] (Akamai Technologies, Inc.)
S3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2013-02-06] (Research In Motion Limited)
S3 HideMyIpSRV; C:\Program Files (x86)\Hide My IP\HideMyIpSrv.exe [3572880 2012-10-23] (Hide My IP)
S2 InstallFilterService; C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [60928 2009-06-23] ()
S3 OpenVPNService; C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe [36352 2011-07-13] ()
S2 Polar Daemon; C:\Program Files (x86)\Polar\Daemon\polard.exe [411136 2011-10-19] ()
S2 Tether; C:\Program Files (x86)\Tether\TBService.exe [49080 2010-05-14] ()
S2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE [48128 2010-02-02] (Dell Inc.)
S2 0032611335484094mcinstcleanup; C:\Users\RITANI~1\AppData\Local\Temp\003261~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [x]
S2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [x]

==================== Drivers (Whitelisted) ====================

S3 HP1210FAX; C:\Windows\System32\Drivers\HPM1210FAX.sys [16384 2011-04-15] ()
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2011-04-15] (Marvell Semiconductor, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 rtlss; C:\Windows\System32\Drivers\rtlss.sys [27240 2010-06-21] (Realtek Semiconductor Corporation)
S2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-22 23:05 - 2013-06-22 23:05 - 00000000 ____D C:\FRST
2013-06-19 23:33 - 2013-06-19 23:33 - 02019324 ____A C:\ProgramData\Application Data\2433f433
2013-06-19 23:33 - 2013-06-19 23:33 - 02019324 ____A C:\ProgramData\2433f433
2013-06-19 23:33 - 2013-06-19 23:33 - 02019278 ____A C:\Users\Rita Nicole\Application Data\2433f433
2013-06-19 23:33 - 2013-06-19 23:33 - 02019278 ____A C:\Users\Rita Nicole\AppData\Roaming\2433f433
2013-06-19 23:33 - 2013-06-19 23:33 - 02019263 ____A C:\Users\Rita Nicole\Local Settings\Application Data\2433f433
2013-06-19 23:33 - 2013-06-19 23:33 - 02019263 ____A C:\Users\Rita Nicole\Local Settings\2433f433
2013-06-19 23:33 - 2013-06-19 23:33 - 02019263 ____A C:\Users\Rita Nicole\AppData\Local\2433f433
2013-06-19 23:33 - 2013-06-19 23:33 - 00014624 ____A C:\Users\Rita Nicole\Desktop\hs_err_pid6656.log
2013-06-08 10:38 - 2013-06-08 10:38 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-08 10:38 - 2013-06-08 10:38 - 00001785 ____A C:\ProgramData\Desktop\iTunes.lnk
2013-06-08 10:37 - 2013-06-22 02:05 - 00000000 ____D C:\ProgramData\Application Data\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-08 10:37 - 2013-06-22 02:05 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-08 10:37 - 2013-06-22 02:05 - 00000000 ____D C:\Program Files\iTunes
2013-06-08 10:37 - 2013-06-22 02:05 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-08 10:37 - 2013-06-22 01:59 - 00000000 ____D C:\Program Files\iPod
2013-06-08 10:33 - 2013-06-22 02:05 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-06-05 20:04 - 2013-06-05 20:04 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-05 20:04 - 2013-06-05 20:04 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-05 20:04 - 2013-06-05 20:04 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-05 20:04 - 2013-06-05 20:04 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-05 20:04 - 2013-06-05 20:04 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-05 20:04 - 2013-06-05 20:04 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-05 20:04 - 2013-06-05 20:04 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-05 20:04 - 2013-06-05 20:04 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-05 20:04 - 2013-06-05 20:04 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-05 20:04 - 2013-06-05 20:04 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-05 20:04 - 2013-06-05 20:04 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-05 20:04 - 2013-06-05 20:04 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-05 20:04 - 2013-06-05 20:04 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-05 20:04 - 2013-06-05 20:04 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-05 20:04 - 2013-06-05 20:04 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-05 20:04 - 2013-06-05 20:04 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-05 20:04 - 2013-06-05 20:04 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-05 20:04 - 2013-06-05 20:04 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-05 20:04 - 2013-06-05 20:04 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-05 20:04 - 2013-06-05 20:04 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-05 20:04 - 2013-06-05 20:04 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-05 20:04 - 2013-06-05 20:04 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-05 20:04 - 2013-06-05 20:04 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-05 20:04 - 2013-06-05 20:04 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-05 20:04 - 2013-06-05 20:04 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-05 20:04 - 2013-06-05 20:04 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-05 20:03 - 2013-06-05 20:03 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-05 20:01 - 2013-06-05 20:10 - 00011161 ____A C:\Windows\IE10_main.log
2013-06-05 08:54 - 2013-06-16 19:46 - 00000000 ____D C:\Users\Rita Nicole\Local Settings\Application Data\8D60C146-23F5-4458-89C5-7C1EC844C946.aplzod
2013-06-05 08:54 - 2013-06-16 19:46 - 00000000 ____D C:\Users\Rita Nicole\Local Settings\8D60C146-23F5-4458-89C5-7C1EC844C946.aplzod
2013-06-05 08:54 - 2013-06-16 19:46 - 00000000 ____D C:\Users\Rita Nicole\AppData\Local\8D60C146-23F5-4458-89C5-7C1EC844C946.aplzod
2013-05-25 04:05 - 2013-05-25 04:27 - 00000000 ____D C:\Users\Rita Nicole\My Documents\Vodafone DE
2013-05-25 04:05 - 2013-05-25 04:27 - 00000000 ____D C:\Users\Rita Nicole\Documents\Vodafone DE

==================== One Month Modified Files and Folders =======

2013-06-22 23:05 - 2013-06-22 23:05 - 00000000 ____D C:\FRST
2013-06-22 16:00 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-22 16:00 - 2009-07-13 23:51 - 00103476 ____A C:\Windows\setupact.log
2013-06-22 02:06 - 2010-08-26 12:08 - 00000000 ____D C:\users\Rita Nicole
2013-06-22 02:06 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Offline Web Pages
2013-06-22 02:06 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-06-22 02:06 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-06-22 02:06 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-06-22 02:06 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-06-22 02:06 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-22 02:06 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-06-22 02:06 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-22 02:05 - 2013-06-08 10:37 - 00000000 ____D C:\ProgramData\Application Data\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-22 02:05 - 2013-06-08 10:37 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-22 02:05 - 2013-06-08 10:37 - 00000000 ____D C:\Program Files\iTunes
2013-06-22 02:05 - 2013-06-08 10:37 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-22 02:05 - 2013-06-08 10:33 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-06-22 02:05 - 2010-08-29 22:37 - 00000000 ____D C:\Users\Rita Nicole\Local Settings\Microsoft Help
2013-06-22 02:05 - 2010-08-29 22:37 - 00000000 ____D C:\Users\Rita Nicole\Local Settings\Application Data\Microsoft Help
2013-06-22 02:05 - 2010-08-29 22:37 - 00000000 ____D C:\Users\Rita Nicole\AppData\Local\Microsoft Help
2013-06-22 02:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2013-06-22 02:03 - 2011-04-14 12:19 - 00000000 ____D C:\Windows\System32\Macromed
2013-06-22 02:02 - 2010-08-26 16:56 - 00000000 ____D C:\Users\Rita Nicole\Application Data\Skype
2013-06-22 02:02 - 2010-08-26 16:56 - 00000000 ____D C:\Users\Rita Nicole\AppData\Roaming\Skype
2013-06-22 02:02 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2013-06-22 01:59 - 2013-06-08 10:37 - 00000000 ____D C:\Program Files\iPod
2013-06-22 01:59 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-06-21 19:56 - 2012-07-19 22:31 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-19 23:33 - 2013-06-19 23:33 - 02019324 ____A C:\ProgramData\Application Data\2433f433
2013-06-19 23:33 - 2013-06-19 23:33 - 02019324 ____A C:\ProgramData\2433f433
2013-06-19 23:33 - 2013-06-19 23:33 - 02019278 ____A C:\Users\Rita Nicole\Application Data\2433f433
2013-06-19 23:33 - 2013-06-19 23:33 - 02019278 ____A C:\Users\Rita Nicole\AppData\Roaming\2433f433
2013-06-19 23:33 - 2013-06-19 23:33 - 02019263 ____A C:\Users\Rita Nicole\Local Settings\Application Data\2433f433
2013-06-19 23:33 - 2013-06-19 23:33 - 02019263 ____A C:\Users\Rita Nicole\Local Settings\2433f433
2013-06-19 23:33 - 2013-06-19 23:33 - 02019263 ____A C:\Users\Rita Nicole\AppData\Local\2433f433
2013-06-19 23:33 - 2013-06-19 23:33 - 00014624 ____A C:\Users\Rita Nicole\Desktop\hs_err_pid6656.log
2013-06-16 20:00 - 2009-07-14 00:10 - 01125280 ____A C:\Windows\WindowsUpdate.log
2013-06-16 19:48 - 2009-04-20 02:05 - 00000000 ____D C:\Users\Rita Nicole\My Documents\Outlook Files
2013-06-16 19:48 - 2009-04-20 02:05 - 00000000 ____D C:\Users\Rita Nicole\Documents\Outlook Files
2013-06-16 19:46 - 2013-06-05 08:54 - 00000000 ____D C:\Users\Rita Nicole\Local Settings\Application Data\8D60C146-23F5-4458-89C5-7C1EC844C946.aplzod
2013-06-16 19:46 - 2013-06-05 08:54 - 00000000 ____D C:\Users\Rita Nicole\Local Settings\8D60C146-23F5-4458-89C5-7C1EC844C946.aplzod
2013-06-16 19:46 - 2013-06-05 08:54 - 00000000 ____D C:\Users\Rita Nicole\AppData\Local\8D60C146-23F5-4458-89C5-7C1EC844C946.aplzod
2013-06-16 19:39 - 2009-07-13 23:45 - 00019376 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-16 19:39 - 2009-07-13 23:45 - 00019376 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-16 19:38 - 2012-12-11 18:38 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-16 19:38 - 2012-04-02 14:16 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-16 19:38 - 2011-06-06 11:21 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-16 19:36 - 2011-08-27 14:04 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-16 19:35 - 2013-04-19 11:03 - 00000932 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-121882709-412351183-818571276-1000UA.job
2013-06-16 19:32 - 2011-08-27 14:04 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-16 08:52 - 2013-04-19 11:03 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-121882709-412351183-818571276-1000Core.job
2013-06-08 10:38 - 2013-06-08 10:38 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-08 10:38 - 2013-06-08 10:38 - 00001785 ____A C:\ProgramData\Desktop\iTunes.lnk
2013-06-05 20:10 - 2013-06-05 20:01 - 00011161 ____A C:\Windows\IE10_main.log
2013-06-05 20:04 - 2013-06-05 20:04 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-05 20:04 - 2013-06-05 20:04 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-05 20:04 - 2013-06-05 20:04 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-05 20:04 - 2013-06-05 20:04 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-05 20:04 - 2013-06-05 20:04 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-05 20:04 - 2013-06-05 20:04 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-05 20:04 - 2013-06-05 20:04 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-05 20:04 - 2013-06-05 20:04 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-05 20:04 - 2013-06-05 20:04 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-05 20:04 - 2013-06-05 20:04 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-05 20:04 - 2013-06-05 20:04 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-05 20:04 - 2013-06-05 20:04 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-05 20:04 - 2013-06-05 20:04 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-05 20:04 - 2013-06-05 20:04 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-05 20:04 - 2013-06-05 20:04 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-05 20:04 - 2013-06-05 20:04 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-05 20:04 - 2013-06-05 20:04 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-05 20:04 - 2013-06-05 20:04 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-05 20:04 - 2013-06-05 20:04 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-05 20:04 - 2013-06-05 20:04 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-05 20:04 - 2013-06-05 20:04 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-05 20:04 - 2013-06-05 20:04 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-05 20:04 - 2013-06-05 20:04 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-05 20:04 - 2013-06-05 20:04 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-05 20:04 - 2013-06-05 20:04 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-05 20:04 - 2013-06-05 20:04 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-05 20:04 - 2013-06-05 20:04 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-05 20:03 - 2013-06-05 20:03 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-05 20:03 - 2013-06-05 20:03 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-05 09:00 - 2010-11-15 19:34 - 00000000 ____D C:\Users\Rita Nicole\Application Data\Apple Computer
2013-06-05 09:00 - 2010-11-15 19:34 - 00000000 ____D C:\Users\Rita Nicole\AppData\Roaming\Apple Computer
2013-06-05 08:48 - 2010-08-30 00:03 - 00000000 ____D C:\Users\Rita Nicole\Local Settings\Application Data\Apple Computer
2013-06-05 08:48 - 2010-08-30 00:03 - 00000000 ____D C:\Users\Rita Nicole\Local Settings\Apple Computer
2013-06-05 08:48 - 2010-08-30 00:03 - 00000000 ____D C:\Users\Rita Nicole\AppData\Local\Apple Computer
2013-05-28 02:53 - 2010-07-13 10:56 - 00000000 ____D C:\Users\Rita Nicole\My Documents\Recipes
2013-05-28 02:53 - 2010-07-13 10:56 - 00000000 ____D C:\Users\Rita Nicole\Documents\Recipes
2013-05-25 04:27 - 2013-05-25 04:05 - 00000000 ____D C:\Users\Rita Nicole\My Documents\Vodafone DE
2013-05-25 04:27 - 2013-05-25 04:05 - 00000000 ____D C:\Users\Rita Nicole\Documents\Vodafone DE

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-121882709-412351183-818571276-1000\$b3e08003e8107cf7184dc005ab9859c5
C:\$Recycle.Bin\S-1-5-21-121882709-412351183-818571276-1000\$b3e08003e8107cf7184dc005ab9859c5\@
C:\$Recycle.Bin\S-1-5-21-121882709-412351183-818571276-1000\$b3e08003e8107cf7184dc005ab9859c5\L
C:\$Recycle.Bin\S-1-5-21-121882709-412351183-818571276-1000\$b3e08003e8107cf7184dc005ab9859c5\U
C:\$Recycle.Bin\S-1-5-21-121882709-412351183-818571276-1000\$b3e08003e8107cf7184dc005ab9859c5\L\00000004.@

Files to move or delete:
====================
C:\Users\Rita Nicole\GoToAssistDownloadHelper.exe

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-05-28 02:34:21
Restore point made on: 2013-06-05 00:18:06
Restore point made on: 2013-06-05 20:00:36
Restore point made on: 2013-06-16 08:53:44
Restore point made on: 2013-06-16 20:00:50
Restore point made on: 2013-06-19 22:30:49

==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 6004.52 MB
Available physical RAM: 5273.75 MB
Total Pagefile: 6002.67 MB
Available Pagefile: 5266.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:231.55 GB) NTFS (Disk=0 Partition=3)
Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:7.76 GB) NTFS (Disk=0 Partition=2) ==>[system with boot components (obtained from reading drive)]
Drive f: () (Removable) (Total:0.94 GB) (Free:0.83 GB) FAT (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: C5D66832)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 964 MB) (Disk ID: 69737369)
Partition 1: (Not Active) - (Size=80 GB) - (Type=69)
Partition 2: (Not Active) - (Size=892 GB) - (Type=73)
Partition 3: (Not Active) - (Size=0) - (Type=74)
Partition 4: (Not Active) - (Size=-440245157888) - (Type=00)


LastRegBack: 2013-06-16 09:12

==================== End Of Log ============================

 

Farbar Recovery Scan Tool (x64) Version: 22-06-2013 02
Ran by SYSTEM at 2013-06-22 23:08:48
Running from F:\
Boot Mode: Recovery

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\ERDNT\cache64\services.exe
[2012-04-26 18:43] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

FRST.txt

Search.txt

Link to post
Share on other sites
D-FRED-BROWN

D-FRED-BROWN

Posted
Posted

Hello rnct3 and welcome to Malwarebytes!

Please do the following:

  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the flashdrive as fixlist.txt

C:\Users\Rita Nicole\GoToAssistDownloadHelper.exe

C:\$Recycle.Bin\S-1-5-21-121882709-412351183-818571276-1000\$b3e08003e8107cf7184dc005ab9859c5

C:\$Recycle.Bin\S-1-5-21-121882709-412351183-818571276-1000\$b3e08003e8107cf7184dc005ab9859c5\@

C:\$Recycle.Bin\S-1-5-21-121882709-412351183-818571276-1000\$b3e08003e8107cf7184dc005ab9859c5\L

C:\$Recycle.Bin\S-1-5-21-121882709-412351183-818571276-1000\$b3e08003e8107cf7184dc005ab9859c5\U

C:\$Recycle.Bin\S-1-5-21-121882709-412351183-818571276-1000\$b3e08003e8107cf7184dc005ab9859c5\L\00000004.@

2013-06-19 23:33 - 2013-06-19 23:33 - 02019324 ____A C:\ProgramData\Application Data\2433f433

2013-06-19 23:33 - 2013-06-19 23:33 - 02019324 ____A C:\ProgramData\2433f433

2013-06-19 23:33 - 2013-06-19 23:33 - 02019278 ____A C:\Users\Rita Nicole\Application Data\2433f433

2013-06-19 23:33 - 2013-06-19 23:33 - 02019278 ____A C:\Users\Rita Nicole\AppData\Roaming\2433f433

2013-06-19 23:33 - 2013-06-19 23:33 - 02019263 ____A C:\Users\Rita Nicole\Local Settings\Application Data\2433f433

2013-06-19 23:33 - 2013-06-19 23:33 - 02019263 ____A C:\Users\Rita Nicole\Local Settings\2433f433

2013-06-19 23:33 - 2013-06-19 23:33 - 02019263 ____A C:\Users\Rita Nicole\AppData\Local\2433f433

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.

Run FRST and press the Fix button just once and wait. The tool will make a log on the flashdrive (Fixlog.txt) please post it in your next reply.

After that- are you able to boot into normal mode? Let me know when you can as we have more malware to remove.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"

-------> Your topic will be closed if you haven't replied within 3 days! <--------

(If I don't respond within 24 hours, please send me a PM)

-DFB

Link to post
Share on other sites
rnct3

rnct3

Posted
  • Author
Posted

I was able to login to Windows normally and the computer has a message on the screen that says- "System Restore completed successfully. The system has been restored to 6/17/2013 3:00:23 AM. Your documents have not been affected."

Here is the fix log.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-06-2013 02
Ran by SYSTEM at 2013-06-23 00:38:37 Run:1
Running from F:\
Boot Mode: Recovery
==============================================

C:\Users\Rita Nicole\GoToAssistDownloadHelper.exe => Moved successfully.
C:\$Recycle.Bin\S-1-5-21-121882709-412351183-818571276-1000\$b3e08003e8107cf7184dc005ab9859c5 => Moved successfully.
C:\$Recycle.Bin\S-1-5-21-121882709-412351183-818571276-1000\$b3e08003e8107cf7184dc005ab9859c5\@ => File/Directory not found.
C:\$Recycle.Bin\S-1-5-21-121882709-412351183-818571276-1000\$b3e08003e8107cf7184dc005ab9859c5\L => File/Directory not found.
C:\$Recycle.Bin\S-1-5-21-121882709-412351183-818571276-1000\$b3e08003e8107cf7184dc005ab9859c5\U => File/Directory not found.
C:\$Recycle.Bin\S-1-5-21-121882709-412351183-818571276-1000\$b3e08003e8107cf7184dc005ab9859c5\L\00000004.@ => File/Directory not found.
C:\ProgramData\Application Data\2433f433 => Moved successfully.
C:\ProgramData\2433f433 => File/Directory not found.
C:\Users\Rita Nicole\Application Data\2433f433 => Moved successfully.
C:\Users\Rita Nicole\AppData\Roaming\2433f433 => File/Directory not found.
C:\Users\Rita Nicole\Local Settings\Application Data\2433f433 => Moved successfully.
C:\Users\Rita Nicole\Local Settings\2433f433 => File/Directory not found.
C:\Users\Rita Nicole\AppData\Local\2433f433 => File/Directory not found.

==== End of Fixlog ====

Link to post
Share on other sites
D-FRED-BROWN

D-FRED-BROWN

Posted
Posted

Glad to hear you can log on normally. Let's start getting rid of the rest of it:

 

----------Step 1----------------
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

----------Step 2----------------
Please download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

----------Step 3----------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.


NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


----------Step 4----------------
Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 5----------------
In your next reply, please include the following:

  • TDSSKiller's logfile
  • MBAR mbar-log.txt and system-log.txt
  • ComboFix's report (C:\ComboFix.txt)
  • Security Check checkup.txt

After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. :)

Link to post
Share on other sites
rnct3

rnct3

Posted
  • Author
Posted

TDSS Killer log file:

01:49:05.0206 2220  TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
01:49:05.0908 2220  ============================================================
01:49:05.0908 2220  Current date / time: 2013/06/23 01:49:05.0908
01:49:05.0908 2220  SystemInfo:
01:49:05.0908 2220 
01:49:05.0908 2220  OS Version: 6.1.7601 ServicePack: 1.0
01:49:05.0908 2220  Product type: Workstation
01:49:05.0908 2220  ComputerName: RITANICOLE-PC
01:49:05.0908 2220  UserName: Rita Nicole
01:49:05.0908 2220  Windows directory: C:\Windows
01:49:05.0908 2220  System windows directory: C:\Windows
01:49:05.0908 2220  Running under WOW64
01:49:05.0908 2220  Processor architecture: Intel x64
01:49:05.0908 2220  Number of processors: 4
01:49:05.0908 2220  Page size: 0x1000
01:49:05.0908 2220  Boot type: Normal boot
01:49:05.0908 2220  ============================================================
01:49:07.0140 2220  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:49:07.0156 2220  ============================================================
01:49:07.0156 2220  \Device\Harddisk0\DR0:
01:49:07.0156 2220  MBR partitions:
01:49:07.0156 2220  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
01:49:07.0156 2220  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x38625830
01:49:07.0156 2220  ============================================================
01:49:07.0171 2220  C: <-> \Device\Harddisk0\DR0\Partition2
01:49:07.0171 2220  ============================================================
01:49:07.0171 2220  Initialize success
01:49:07.0171 2220  ============================================================
01:49:21.0570 6184  ============================================================
01:49:21.0570 6184  Scan started
01:49:21.0570 6184  Mode: Manual;
01:49:21.0570 6184  ============================================================
01:49:22.0615 6184  ================ Scan system memory ========================
01:49:22.0615 6184  System memory - ok
01:49:22.0615 6184  ================ Scan services =============================
01:49:22.0803 6184  0032611335484094mcinstcleanup - ok
01:49:23.0005 6184  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
01:49:23.0005 6184  1394ohci - ok
01:49:23.0052 6184  [ C49C56B35BFC6CDA8D1FDCAD2885568F ] Acceler         C:\Windows\system32\DRIVERS\Acceler.sys
01:49:23.0052 6184  Acceler - ok
01:49:23.0099 6184  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
01:49:23.0115 6184  ACPI - ok
01:49:23.0130 6184  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
01:49:23.0130 6184  AcpiPmi - ok
01:49:23.0302 6184  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
01:49:23.0302 6184  AdobeARMservice - ok
01:49:23.0458 6184  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
01:49:23.0458 6184  AdobeFlashPlayerUpdateSvc - ok
01:49:23.0520 6184  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
01:49:23.0536 6184  adp94xx - ok
01:49:23.0567 6184  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
01:49:23.0567 6184  adpahci - ok
01:49:23.0598 6184  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
01:49:23.0598 6184  adpu320 - ok
01:49:23.0692 6184  [ 96A0FF09E226B023DC6ACA253AACEE2E ] ADVService      C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
01:49:23.0692 6184  ADVService - ok
01:49:23.0739 6184  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
01:49:23.0739 6184  AeLookupSvc - ok
01:49:23.0801 6184  [ 3AC22A3DFA8A050E35F0E3CD99D0CDF2 ] AERTFilters     C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
01:49:23.0801 6184  AERTFilters - ok
01:49:23.0848 6184  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
01:49:23.0863 6184  AFD - ok
01:49:23.0910 6184  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
01:49:23.0910 6184  agp440 - ok
01:49:24.0097 6184  [ C7074BD8D4B8F564859ED373433030AE ] Akamai          c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll
01:49:24.0097 6184  Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll. md5: C7074BD8D4B8F564859ED373433030AE
01:49:24.0097 6184  Akamai ( HiddenFile.Multi.Generic ) - warning
01:49:24.0097 6184  Akamai - detected HiddenFile.Multi.Generic (1)
01:49:24.0129 6184  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
01:49:24.0129 6184  ALG - ok
01:49:24.0144 6184  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
01:49:24.0144 6184  aliide - ok
01:49:24.0207 6184  [ 962227630779043B5C1D4CD157ABB912 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
01:49:24.0207 6184  AMD External Events Utility - ok
01:49:24.0238 6184  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
01:49:24.0238 6184  amdide - ok
01:49:24.0269 6184  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
01:49:24.0269 6184  AmdK8 - ok
01:49:24.0503 6184  [ 56D6631761EC37745F0DF16BCDC4CAF4 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
01:49:24.0659 6184  amdkmdag - ok
01:49:24.0706 6184  [ 2D9005EA0BFD25C740E53C8DD3C069E0 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
01:49:24.0706 6184  amdkmdap - ok
01:49:24.0721 6184  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
01:49:24.0721 6184  AmdPPM - ok
01:49:24.0768 6184  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
01:49:24.0768 6184  amdsata - ok
01:49:24.0815 6184  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
01:49:24.0815 6184  amdsbs - ok
01:49:24.0831 6184  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
01:49:24.0831 6184  amdxata - ok
01:49:24.0877 6184  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
01:49:24.0893 6184  AppID - ok
01:49:24.0924 6184  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
01:49:24.0924 6184  AppIDSvc - ok
01:49:24.0971 6184  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
01:49:24.0971 6184  Appinfo - ok
01:49:25.0111 6184  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
01:49:25.0111 6184  Apple Mobile Device - ok
01:49:25.0174 6184  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
01:49:25.0174 6184  AppMgmt - ok
01:49:25.0189 6184  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
01:49:25.0189 6184  arc - ok
01:49:25.0205 6184  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
01:49:25.0205 6184  arcsas - ok
01:49:25.0236 6184  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
01:49:25.0236 6184  AsyncMac - ok
01:49:25.0283 6184  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
01:49:25.0283 6184  atapi - ok
01:49:25.0314 6184  [ 2B3B05C0A7768BF033217EB8F33F9C35 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
01:49:25.0314 6184  AtiHDAudioService - ok
01:49:25.0345 6184  [ 637E0753BD6DEB8EA5314A5C357EC1A0 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
01:49:25.0345 6184  AtiHdmiService - ok
01:49:25.0548 6184  [ 56D6631761EC37745F0DF16BCDC4CAF4 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
01:49:25.0595 6184  atikmdag - ok
01:49:25.0657 6184  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
01:49:25.0673 6184  AudioEndpointBuilder - ok
01:49:25.0704 6184  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
01:49:25.0704 6184  AudioSrv - ok
01:49:25.0751 6184  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
01:49:25.0751 6184  AxInstSV - ok
01:49:25.0782 6184  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
01:49:25.0798 6184  b06bdrv - ok
01:49:25.0829 6184  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
01:49:25.0829 6184  b57nd60a - ok
01:49:25.0876 6184  [ AC4E2D84DE54CD3A013AEFF0CC56095C ] BCM42RLY        C:\Windows\system32\drivers\BCM42RLY.sys
01:49:25.0876 6184  BCM42RLY - ok
01:49:25.0969 6184  [ 8B5D16D20774FC3727F44E161BE2C0AC ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
01:49:25.0985 6184  BCM43XX - ok
01:49:26.0016 6184  [ D224B2E6BB543F1D8F1177D57FEC2950 ] BcmVWL          C:\Windows\system32\DRIVERS\bcmvwl64.sys
01:49:26.0016 6184  BcmVWL - ok
01:49:26.0063 6184  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
01:49:26.0063 6184  BDESVC - ok
01:49:26.0079 6184  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
01:49:26.0079 6184  Beep - ok
01:49:26.0141 6184  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
01:49:26.0157 6184  BFE - ok
01:49:26.0219 6184  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
01:49:26.0250 6184  BITS - ok
01:49:26.0375 6184  [ 64B487DF3BBBE47DBBCE4B8CAA8937CC ] BlackBerry Device Manager C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
01:49:26.0391 6184  BlackBerry Device Manager - ok
01:49:26.0406 6184  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
01:49:26.0406 6184  blbdrive - ok
01:49:26.0469 6184  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
01:49:26.0484 6184  Bonjour Service - ok
01:49:26.0515 6184  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
01:49:26.0531 6184  bowser - ok
01:49:26.0578 6184  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
01:49:26.0578 6184  BrFiltLo - ok
01:49:26.0593 6184  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
01:49:26.0593 6184  BrFiltUp - ok
01:49:26.0640 6184  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
01:49:26.0640 6184  BridgeMP - ok
01:49:26.0703 6184  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
01:49:26.0703 6184  Browser - ok
01:49:26.0734 6184  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
01:49:26.0734 6184  Brserid - ok
01:49:26.0749 6184  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
01:49:26.0749 6184  BrSerWdm - ok
01:49:26.0765 6184  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
01:49:26.0765 6184  BrUsbMdm - ok
01:49:26.0781 6184  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
01:49:26.0781 6184  BrUsbSer - ok
01:49:26.0812 6184  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
01:49:26.0812 6184  BthEnum - ok
01:49:26.0843 6184  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
01:49:26.0843 6184  BTHMODEM - ok
01:49:26.0874 6184  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
01:49:26.0874 6184  BthPan - ok
01:49:26.0921 6184  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
01:49:26.0937 6184  BTHPORT - ok
01:49:26.0999 6184  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
01:49:26.0999 6184  bthserv - ok
01:49:27.0046 6184  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
01:49:27.0046 6184  BTHUSB - ok
01:49:27.0077 6184  [ 6BCFDC2B5B7F66D484486D4BD4B39A6B ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
01:49:27.0077 6184  btwaudio - ok
01:49:27.0108 6184  [ 82DC8B7C626E526681C1BEBED2BC3FF9 ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
01:49:27.0108 6184  btwavdt - ok
01:49:27.0155 6184  [ 6DDE1E97BE4D50253DFB9090A6A62524 ] btwdins         c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
01:49:27.0171 6184  btwdins - ok
01:49:27.0186 6184  [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
01:49:27.0186 6184  btwl2cap - ok
01:49:27.0202 6184  [ 28E105AD3B79F440BF94780F507BF66A ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
01:49:27.0217 6184  btwrchid - ok
01:49:27.0249 6184  catchme - ok
01:49:27.0264 6184  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
01:49:27.0264 6184  cdfs - ok
01:49:27.0311 6184  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
01:49:27.0327 6184  cdrom - ok
01:49:27.0373 6184  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
01:49:27.0389 6184  CertPropSvc - ok
01:49:27.0436 6184  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
01:49:27.0436 6184  circlass - ok
01:49:27.0498 6184  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
01:49:27.0514 6184  CLFS - ok
01:49:27.0623 6184  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:49:27.0623 6184  clr_optimization_v2.0.50727_32 - ok
01:49:27.0685 6184  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:49:27.0685 6184  clr_optimization_v2.0.50727_64 - ok
01:49:27.0779 6184  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:49:27.0779 6184  clr_optimization_v4.0.30319_32 - ok
01:49:27.0826 6184  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:49:27.0826 6184  clr_optimization_v4.0.30319_64 - ok
01:49:27.0841 6184  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
01:49:27.0841 6184  CmBatt - ok
01:49:27.0857 6184  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
01:49:27.0857 6184  cmdide - ok
01:49:27.0904 6184  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
01:49:27.0904 6184  CNG - ok
01:49:27.0919 6184  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
01:49:27.0919 6184  Compbatt - ok
01:49:27.0982 6184  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
01:49:27.0982 6184  CompositeBus - ok
01:49:27.0982 6184  COMSysApp - ok
01:49:28.0013 6184  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
01:49:28.0013 6184  crcdisk - ok
01:49:28.0060 6184  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
01:49:28.0060 6184  CryptSvc - ok
01:49:28.0107 6184  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
01:49:28.0122 6184  CSC - ok
01:49:28.0153 6184  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
01:49:28.0169 6184  CscService - ok
01:49:28.0185 6184  [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt        C:\Windows\system32\DRIVERS\CtClsFlt.sys
01:49:28.0200 6184  CtClsFlt - ok
01:49:28.0216 6184  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
01:49:28.0231 6184  DcomLaunch - ok
01:49:28.0278 6184  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
01:49:28.0278 6184  defragsvc - ok
01:49:28.0325 6184  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
01:49:28.0325 6184  DfsC - ok
01:49:28.0356 6184  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
01:49:28.0356 6184  Dhcp - ok
01:49:28.0403 6184  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
01:49:28.0403 6184  discache - ok
01:49:28.0465 6184  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
01:49:28.0465 6184  Disk - ok
01:49:28.0512 6184  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
01:49:28.0512 6184  Dnscache - ok
01:49:28.0575 6184  DockLoginService - ok
01:49:28.0621 6184  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
01:49:28.0621 6184  dot3svc - ok
01:49:28.0684 6184  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
01:49:28.0684 6184  DPS - ok
01:49:28.0715 6184  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
01:49:28.0715 6184  drmkaud - ok
01:49:28.0777 6184  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
01:49:28.0777 6184  DXGKrnl - ok
01:49:28.0840 6184  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
01:49:28.0840 6184  EapHost - ok
01:49:28.0949 6184  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
01:49:29.0043 6184  ebdrv - ok
01:49:29.0089 6184  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
01:49:29.0105 6184  EFS - ok
01:49:29.0167 6184  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
01:49:29.0183 6184  ehRecvr - ok
01:49:29.0230 6184  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
01:49:29.0230 6184  ehSched - ok
01:49:29.0261 6184  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
01:49:29.0277 6184  elxstor - ok
01:49:29.0323 6184  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
01:49:29.0323 6184  ErrDev - ok
01:49:29.0355 6184  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
01:49:29.0355 6184  EventSystem - ok
01:49:29.0386 6184  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
01:49:29.0401 6184  exfat - ok
01:49:29.0433 6184  [ 2C1D443E14F376E8331F52F135DCA9EF ] FACAP           C:\Windows\system32\DRIVERS\facap.sys
01:49:29.0433 6184  FACAP - ok
01:49:29.0464 6184  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
01:49:29.0464 6184  fastfat - ok
01:49:29.0526 6184  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
01:49:29.0542 6184  Fax - ok
01:49:29.0557 6184  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
01:49:29.0573 6184  fdc - ok
01:49:29.0589 6184  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
01:49:29.0589 6184  fdPHost - ok
01:49:29.0604 6184  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
01:49:29.0604 6184  FDResPub - ok
01:49:29.0620 6184  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
01:49:29.0620 6184  FileInfo - ok
01:49:29.0635 6184  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
01:49:29.0635 6184  Filetrace - ok
01:49:29.0698 6184  [ 8669BE94F63944E4F899C3950B520241 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
01:49:29.0713 6184  FLEXnet Licensing Service - ok
01:49:29.0745 6184  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
01:49:29.0745 6184  flpydisk - ok
01:49:29.0760 6184  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
01:49:29.0760 6184  FltMgr - ok
01:49:29.0838 6184  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
01:49:29.0854 6184  FontCache - ok
01:49:29.0932 6184  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:49:29.0947 6184  FontCache3.0.0.0 - ok
01:49:29.0963 6184  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
01:49:29.0963 6184  FsDepends - ok
01:49:29.0994 6184  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
01:49:30.0010 6184  Fs_Rec - ok
01:49:30.0041 6184  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
01:49:30.0057 6184  fvevol - ok
01:49:30.0072 6184  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
01:49:30.0072 6184  gagp30kx - ok
01:49:30.0119 6184  [ C1BBCE4B30B45410178EE674C818D10C ] GameConsoleService C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
01:49:30.0135 6184  GameConsoleService - ok
01:49:30.0166 6184  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
01:49:30.0166 6184  GEARAspiWDM - ok
01:49:30.0228 6184  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
01:49:30.0259 6184  gpsvc - ok
01:49:30.0415 6184  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:49:30.0415 6184  gupdate - ok
01:49:30.0431 6184  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:49:30.0431 6184  gupdatem - ok
01:49:30.0462 6184  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
01:49:30.0462 6184  hcw85cir - ok
01:49:30.0525 6184  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
01:49:30.0525 6184  HDAudBus - ok
01:49:30.0571 6184  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
01:49:30.0571 6184  HECIx64 - ok
01:49:30.0587 6184  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
01:49:30.0603 6184  HidBatt - ok
01:49:30.0618 6184  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
01:49:30.0618 6184  HidBth - ok
01:49:30.0774 6184  [ 3812319BDC6D31D5983CCF00B2E7D5F8 ] HideMyIpSRV     C:\Program Files (x86)\Hide My IP\HideMyIpSrv.exe
01:49:30.0852 6184  HideMyIpSRV - ok
01:49:30.0883 6184  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
01:49:30.0883 6184  HidIr - ok
01:49:30.0930 6184  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
01:49:30.0930 6184  hidserv - ok
01:49:30.0977 6184  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
01:49:30.0977 6184  HidUsb - ok
01:49:31.0008 6184  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
01:49:31.0024 6184  hkmsvc - ok
01:49:31.0055 6184  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
01:49:31.0071 6184  HomeGroupListener - ok
01:49:31.0102 6184  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
01:49:31.0117 6184  HomeGroupProvider - ok
01:49:31.0211 6184  [ C4154FE402D09EF5964B5B8581514D11 ] HP LaserJet Service C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
01:49:31.0211 6184  HP LaserJet Service - ok
01:49:31.0258 6184  [ 0570A17A2E5001B97E20C15B4FC516AE ] HP1210FAX       C:\Windows\system32\Drivers\HPM1210FAX.sys
01:49:31.0258 6184  HP1210FAX - ok
01:49:31.0289 6184  [ DBD2BB97A574FC565B1EB5C0A03F917A ] HPFXBULK        C:\Windows\system32\drivers\hpfx64bulk.sys
01:49:31.0289 6184  HPFXBULK - ok
01:49:31.0305 6184  [ 219C2A07FD07023D3905C332BF6F9BA8 ] HPFXFAX         C:\Windows\system32\drivers\hpfx64fax.sys
01:49:31.0305 6184  HPFXFAX - ok
01:49:31.0367 6184  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
01:49:31.0367 6184  HpSAMD - ok
01:49:31.0429 6184  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
01:49:31.0461 6184  HTTP - ok
01:49:31.0492 6184  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
01:49:31.0492 6184  hwpolicy - ok
01:49:31.0554 6184  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
01:49:31.0554 6184  i8042prt - ok
01:49:31.0617 6184  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
01:49:31.0617 6184  iaStorV - ok
01:49:31.0695 6184  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
01:49:31.0695 6184  IDriverT - ok
01:49:31.0757 6184  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:49:31.0788 6184  idsvc - ok
01:49:31.0819 6184  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
01:49:31.0819 6184  iirsp - ok
01:49:31.0866 6184  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
01:49:31.0882 6184  IKEEXT - ok
01:49:31.0944 6184  [ 36FDF367A1DABFF903E2214023D71368 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
01:49:31.0944 6184  Impcd - ok
01:49:31.0975 6184  [ FD5EF1D0210CB9C0773BBA7CA360D762 ] InstallFilterService C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
01:49:31.0975 6184  InstallFilterService - ok
01:49:32.0038 6184  [ A9638FA0FB0C5B86229C3FD809CE8CFF ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
01:49:32.0053 6184  IntcAzAudAddService - ok
01:49:32.0100 6184  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
01:49:32.0100 6184  intelide - ok
01:49:32.0131 6184  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
01:49:32.0131 6184  intelppm - ok
01:49:32.0178 6184  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
01:49:32.0178 6184  IPBusEnum - ok
01:49:32.0225 6184  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:49:32.0225 6184  IpFilterDriver - ok
01:49:32.0272 6184  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
01:49:32.0287 6184  iphlpsvc - ok
01:49:32.0334 6184  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
01:49:32.0334 6184  IPMIDRV - ok
01:49:32.0350 6184  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
01:49:32.0350 6184  IPNAT - ok
01:49:32.0443 6184  [ 0FF335D687C85097725A53458160E81E ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
01:49:32.0443 6184  iPod Service - ok
01:49:32.0459 6184  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
01:49:32.0475 6184  IRENUM - ok
01:49:32.0475 6184  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
01:49:32.0490 6184  isapnp - ok
01:49:32.0537 6184  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
01:49:32.0537 6184  iScsiPrt - ok
01:49:32.0553 6184  [ D85F3F18E44F7447B5F1BA5C85BAEB7C ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
01:49:32.0568 6184  k57nd60a - ok
01:49:32.0568 6184  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
01:49:32.0568 6184  kbdclass - ok
01:49:32.0631 6184  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
01:49:32.0631 6184  kbdhid - ok
01:49:32.0646 6184  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
01:49:32.0646 6184  KeyIso - ok
01:49:32.0693 6184  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
01:49:32.0693 6184  KSecDD - ok
01:49:32.0709 6184  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
01:49:32.0709 6184  KSecPkg - ok
01:49:32.0709 6184  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
01:49:32.0724 6184  ksthunk - ok
01:49:32.0755 6184  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
01:49:32.0771 6184  KtmRm - ok
01:49:32.0833 6184  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
01:49:32.0833 6184  LanmanServer - ok
01:49:32.0880 6184  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
01:49:32.0880 6184  LanmanWorkstation - ok
01:49:32.0896 6184  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
01:49:32.0911 6184  lltdio - ok
01:49:32.0927 6184  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
01:49:32.0927 6184  lltdsvc - ok
01:49:32.0943 6184  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
01:49:32.0943 6184  lmhosts - ok
01:49:32.0974 6184  [ 7485FBCEF9136F530953575E2977859D ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
01:49:32.0989 6184  LMS - ok
01:49:33.0005 6184  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
01:49:33.0021 6184  LSI_FC - ok
01:49:33.0036 6184  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
01:49:33.0036 6184  LSI_SAS - ok
01:49:33.0052 6184  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
01:49:33.0052 6184  LSI_SAS2 - ok
01:49:33.0067 6184  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
01:49:33.0067 6184  LSI_SCSI - ok
01:49:33.0083 6184  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
01:49:33.0083 6184  luafv - ok
01:49:33.0145 6184  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
01:49:33.0145 6184  Mcx2Svc - ok
01:49:33.0161 6184  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
01:49:33.0161 6184  megasas - ok
01:49:33.0177 6184  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
01:49:33.0192 6184  MegaSR - ok
01:49:33.0317 6184  Microsoft SharePoint Workspace Audit Service - ok
01:49:33.0364 6184  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
01:49:33.0379 6184  MMCSS - ok
01:49:33.0395 6184  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
01:49:33.0395 6184  Modem - ok
01:49:33.0411 6184  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
01:49:33.0411 6184  monitor - ok
01:49:33.0426 6184  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
01:49:33.0426 6184  mouclass - ok
01:49:33.0442 6184  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
01:49:33.0457 6184  mouhid - ok
01:49:33.0504 6184  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
01:49:33.0504 6184  mountmgr - ok
01:49:33.0520 6184  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
01:49:33.0520 6184  mpio - ok
01:49:33.0535 6184  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
01:49:33.0551 6184  mpsdrv - ok
01:49:33.0598 6184  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
01:49:33.0629 6184  MpsSvc - ok
01:49:33.0660 6184  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
01:49:33.0676 6184  MRxDAV - ok
01:49:33.0723 6184  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
01:49:33.0723 6184  mrxsmb - ok
01:49:33.0769 6184  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:49:33.0785 6184  mrxsmb10 - ok
01:49:33.0801 6184  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:49:33.0801 6184  mrxsmb20 - ok
01:49:33.0832 6184  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
01:49:33.0832 6184  msahci - ok
01:49:33.0894 6184  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
01:49:33.0894 6184  msdsm - ok
01:49:33.0910 6184  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
01:49:33.0910 6184  MSDTC - ok
01:49:33.0941 6184  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
01:49:33.0941 6184  Msfs - ok
01:49:33.0957 6184  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
01:49:33.0957 6184  mshidkmdf - ok
01:49:33.0972 6184  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
01:49:33.0972 6184  msisadrv - ok
01:49:34.0019 6184  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
01:49:34.0019 6184  MSiSCSI - ok
01:49:34.0019 6184  msiserver - ok
01:49:34.0050 6184  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
01:49:34.0050 6184  MSKSSRV - ok
01:49:34.0066 6184  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
01:49:34.0066 6184  MSPCLOCK - ok
01:49:34.0081 6184  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
01:49:34.0081 6184  MSPQM - ok
01:49:34.0128 6184  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
01:49:34.0128 6184  MsRPC - ok
01:49:34.0175 6184  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
01:49:34.0175 6184  mssmbios - ok
01:49:34.0191 6184  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
01:49:34.0191 6184  MSTEE - ok
01:49:34.0206 6184  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
01:49:34.0206 6184  MTConfig - ok
01:49:34.0237 6184  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
01:49:34.0237 6184  Mup - ok
01:49:34.0269 6184  [ 09818558C2579B45D78AB18A759B0CA8 ] mvusbews        C:\Windows\system32\Drivers\mvusbews.sys
01:49:34.0284 6184  mvusbews - ok
01:49:34.0315 6184  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
01:49:34.0331 6184  napagent - ok
01:49:34.0362 6184  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
01:49:34.0378 6184  NativeWifiP - ok
01:49:34.0440 6184  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
01:49:34.0471 6184  NDIS - ok
01:49:34.0471 6184  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
01:49:34.0487 6184  NdisCap - ok
01:49:34.0487 6184  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
01:49:34.0487 6184  NdisTapi - ok
01:49:34.0534 6184  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
01:49:34.0534 6184  Ndisuio - ok
01:49:34.0581 6184  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
01:49:34.0581 6184  NdisWan - ok
01:49:34.0627 6184  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
01:49:34.0627 6184  NDProxy - ok
01:49:34.0690 6184  [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
01:49:34.0690 6184  Net Driver HPZ12 - ok
01:49:34.0705 6184  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
01:49:34.0705 6184  NetBIOS - ok
01:49:34.0752 6184  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
01:49:34.0752 6184  NetBT - ok
01:49:34.0768 6184  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
01:49:34.0768 6184  Netlogon - ok
01:49:34.0815 6184  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
01:49:34.0830 6184  Netman - ok
01:49:34.0846 6184  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
01:49:34.0861 6184  netprofm - ok
01:49:34.0908 6184  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:49:34.0908 6184  NetTcpPortSharing - ok
01:49:34.0924 6184  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
01:49:34.0924 6184  nfrd960 - ok
01:49:34.0971 6184  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
01:49:34.0986 6184  NlaSvc - ok
01:49:34.0986 6184  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
01:49:34.0986 6184  Npfs - ok
01:49:35.0002 6184  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
01:49:35.0002 6184  nsi - ok
01:49:35.0017 6184  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
01:49:35.0017 6184  nsiproxy - ok
01:49:35.0095 6184  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
01:49:35.0142 6184  Ntfs - ok
01:49:35.0158 6184  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
01:49:35.0158 6184  Null - ok
01:49:35.0205 6184  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
01:49:35.0205 6184  nvraid - ok
01:49:35.0251 6184  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
01:49:35.0267 6184  nvstor - ok
01:49:35.0314 6184  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
01:49:35.0314 6184  nv_agp - ok
01:49:35.0361 6184  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
01:49:35.0361 6184  ohci1394 - ok
01:49:35.0439 6184  [ D8A0164A79D4BFD6083945C5431E41E7 ] OpenVPNService  C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe
01:49:35.0439 6184  OpenVPNService - ok
01:49:35.0532 6184  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:49:35.0532 6184  ose - ok
01:49:35.0673 6184  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
01:49:35.0766 6184  osppsvc - ok
01:49:35.0829 6184  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
01:49:35.0844 6184  p2pimsvc - ok
01:49:35.0891 6184  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
01:49:35.0891 6184  p2psvc - ok
01:49:35.0938 6184  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
01:49:35.0938 6184  Parport - ok
01:49:35.0985 6184  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
01:49:35.0985 6184  partmgr - ok
01:49:36.0000 6184  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
01:49:36.0016 6184  PcaSvc - ok
01:49:36.0109 6184  [ 4B5F5774FF1C577B9515FDD2B5C535C5 ] PCDSRVC{1E208CE0-FB7451FF-06020200}_0 c:\program files\dell support center\pcdsrvc_x64.pkms
01:49:36.0109 6184  PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - ok
01:49:36.0156 6184  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
01:49:36.0156 6184  pci - ok
01:49:36.0172 6184  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
01:49:36.0172 6184  pciide - ok
01:49:36.0203 6184  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
01:49:36.0203 6184  pcmcia - ok
01:49:36.0219 6184  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
01:49:36.0219 6184  pcw - ok
01:49:36.0250 6184  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
01:49:36.0265 6184  PEAUTH - ok
01:49:36.0328 6184  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
01:49:36.0359 6184  PeerDistSvc - ok
01:49:36.0468 6184  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
01:49:36.0484 6184  PerfHost - ok
01:49:36.0562 6184  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
01:49:36.0593 6184  pla - ok
01:49:36.0655 6184  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
01:49:36.0655 6184  PlugPlay - ok
01:49:36.0718 6184  [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
01:49:36.0733 6184  Pml Driver HPZ12 - ok
01:49:36.0780 6184  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
01:49:36.0780 6184  PNRPAutoReg - ok
01:49:36.0796 6184  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
01:49:36.0796 6184  PNRPsvc - ok
01:49:36.0874 6184  [ C489D0C7D9684DCF98DC3F0272131419 ] Polar Daemon    C:\Program Files (x86)\Polar\Daemon\polard.exe
01:49:36.0874 6184  Polar Daemon - ok
01:49:36.0905 6184  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
01:49:36.0921 6184  PolicyAgent - ok
01:49:36.0967 6184  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
01:49:36.0967 6184  Power - ok
01:49:37.0014 6184  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
01:49:37.0014 6184  PptpMiniport - ok
01:49:37.0061 6184  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
01:49:37.0061 6184  Processor - ok
01:49:37.0108 6184  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
01:49:37.0123 6184  ProfSvc - ok
01:49:37.0123 6184  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
01:49:37.0139 6184  ProtectedStorage - ok
01:49:37.0186 6184  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
01:49:37.0186 6184  Psched - ok
01:49:37.0233 6184  [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
01:49:37.0233 6184  PxHlpa64 - ok
01:49:37.0295 6184  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
01:49:37.0326 6184  ql2300 - ok
01:49:37.0342 6184  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
01:49:37.0342 6184  ql40xx - ok
01:49:37.0404 6184  [ E92CA234469CC386AD81B9DB924FE9D4 ] qrkis           C:\Windows\system32\DRIVERS\qrkis.sys
01:49:37.0404 6184  qrkis - ok
01:49:37.0451 6184  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
01:49:37.0451 6184  QWAVE - ok
01:49:37.0467 6184  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
01:49:37.0467 6184  QWAVEdrv - ok
01:49:37.0482 6184  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
01:49:37.0482 6184  RasAcd - ok
01:49:37.0513 6184  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
01:49:37.0513 6184  RasAgileVpn - ok
01:49:37.0529 6184  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
01:49:37.0545 6184  RasAuto - ok
01:49:37.0576 6184  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
01:49:37.0591 6184  Rasl2tp - ok
01:49:37.0607 6184  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
01:49:37.0623 6184  RasMan - ok
01:49:37.0638 6184  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
01:49:37.0638 6184  RasPppoe - ok
01:49:37.0654 6184  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
01:49:37.0654 6184  RasSstp - ok
01:49:37.0669 6184  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
01:49:37.0669 6184  rdbss - ok
01:49:37.0685 6184  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
01:49:37.0685 6184  rdpbus - ok
01:49:37.0716 6184  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
01:49:37.0716 6184  RDPCDD - ok
01:49:37.0763 6184  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
01:49:37.0763 6184  RDPDR - ok
01:49:37.0794 6184  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
01:49:37.0794 6184  RDPENCDD - ok
01:49:37.0794 6184  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
01:49:37.0794 6184  RDPREFMP - ok
01:49:37.0888 6184  [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
01:49:37.0903 6184  RdpVideoMiniport - ok
01:49:37.0935 6184  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
01:49:37.0950 6184  RDPWD - ok
01:49:37.0997 6184  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
01:49:38.0013 6184  rdyboost - ok
01:49:38.0044 6184  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
01:49:38.0059 6184  RemoteAccess - ok
01:49:38.0091 6184  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
01:49:38.0106 6184  RemoteRegistry - ok
01:49:38.0137 6184  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
01:49:38.0137 6184  RFCOMM - ok
01:49:38.0184 6184  [ 6D850FAD4CC9498D1F382B77BA4035CC ] RimUsb          C:\Windows\system32\Drivers\RimUsb_AMD64.sys
01:49:38.0184 6184  RimUsb - ok
01:49:38.0247 6184  [ 344604E6913BD6E4EAEC34AF2E0943D7 ] RimVSerPort     C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
01:49:38.0247 6184  RimVSerPort - ok
01:49:38.0309 6184  [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM       C:\Windows\system32\Drivers\RootMdm.sys
01:49:38.0309 6184  ROOTMODEM - ok
01:49:38.0434 6184  [ CC465ECBC1700B2D91E152ED9165994A ] RosettaStoneDaemon C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
01:49:38.0465 6184  RosettaStoneDaemon - ok
01:49:38.0496 6184  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
01:49:38.0512 6184  RpcEptMapper - ok
01:49:38.0559 6184  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
01:49:38.0559 6184  RpcLocator - ok
01:49:38.0605 6184  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
01:49:38.0621 6184  RpcSs - ok
01:49:38.0637 6184  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
01:49:38.0637 6184  rspndr - ok
01:49:38.0699 6184  [ 502B316947EA887CDDD325D4745EB7D0 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
01:49:38.0699 6184  RSUSBSTOR - ok
01:49:38.0761 6184  [ F8D53FFD2D4D307A8ABC5278121A9B33 ] RTL8192su       C:\Windows\system32\DRIVERS\RTL8192su.sys
01:49:38.0793 6184  RTL8192su - ok
01:49:38.0855 6184  [ C66F68E501687573B6EAA66F3F0AB285 ] rtlss           C:\Windows\system32\Drivers\rtlss.sys
01:49:38.0855 6184  rtlss - ok
01:49:38.0871 6184  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
01:49:38.0871 6184  SamSs - ok
01:49:38.0917 6184  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
01:49:38.0917 6184  sbp2port - ok
01:49:38.0964 6184  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
01:49:38.0980 6184  SCardSvr - ok
01:49:39.0027 6184  [ 46942B6980B35FFDA6AFA40A8328938C ] SCDEmu          C:\Windows\system32\drivers\SCDEmu.sys
01:49:39.0027 6184  SCDEmu - ok
01:49:39.0058 6184  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
01:49:39.0058 6184  scfilter - ok
01:49:39.0105 6184  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
01:49:39.0136 6184  Schedule - ok
01:49:39.0183 6184  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
01:49:39.0183 6184  SCPolicySvc - ok
01:49:39.0198 6184  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
01:49:39.0198 6184  SDRSVC - ok
01:49:39.0307 6184  [ 16A252022535B680046F6E34E136D378 ] SeaPort         C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
01:49:39.0307 6184  SeaPort - ok
01:49:39.0354 6184  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
01:49:39.0354 6184  secdrv - ok
01:49:39.0401 6184  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
01:49:39.0401 6184  seclogon - ok
01:49:39.0448 6184  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
01:49:39.0448 6184  SENS - ok
01:49:39.0463 6184  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
01:49:39.0463 6184  SensrSvc - ok
01:49:39.0479 6184  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
01:49:39.0479 6184  Serenum - ok
01:49:39.0495 6184  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
01:49:39.0495 6184  Serial - ok
01:49:39.0557 6184  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
01:49:39.0557 6184  sermouse - ok
01:49:39.0619 6184  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
01:49:39.0619 6184  SessionEnv - ok
01:49:39.0697 6184  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
01:49:39.0697 6184  sffdisk - ok
01:49:39.0713 6184  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
01:49:39.0713 6184  sffp_mmc - ok
01:49:39.0729 6184  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
01:49:39.0729 6184  sffp_sd - ok
01:49:39.0744 6184  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
01:49:39.0744 6184  sfloppy - ok
01:49:39.0807 6184  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
01:49:39.0807 6184  SharedAccess - ok
01:49:39.0853 6184  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
01:49:39.0869 6184  ShellHWDetection - ok
01:49:39.0885 6184  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
01:49:39.0885 6184  SiSRaid2 - ok
01:49:39.0900 6184  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
01:49:39.0916 6184  SiSRaid4 - ok
01:49:39.0994 6184  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
01:49:39.0994 6184  SkypeUpdate - ok
01:49:40.0025 6184  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
01:49:40.0025 6184  Smb - ok
01:49:40.0087 6184  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
01:49:40.0087 6184  SNMPTRAP - ok
01:49:40.0103 6184  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
01:49:40.0103 6184  spldr - ok
01:49:40.0150 6184  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
01:49:40.0181 6184  Spooler - ok
01:49:40.0275 6184  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
01:49:40.0368 6184  sppsvc - ok
01:49:40.0368 6184  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
01:49:40.0384 6184  sppuinotify - ok
01:49:40.0415 6184  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
01:49:40.0431 6184  srv - ok
01:49:40.0477 6184  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
01:49:40.0493 6184  srv2 - ok
01:49:40.0509 6184  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
01:49:40.0509 6184  srvnet - ok
01:49:40.0524 6184  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
01:49:40.0540 6184  SSDPSRV - ok
01:49:40.0555 6184  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
01:49:40.0555 6184  SstpSvc - ok
01:49:40.0587 6184  [ C48E0745D33897C7A73394214F2B9B4F ] stdflt          C:\Windows\system32\DRIVERS\stdflt.sys
01:49:40.0587 6184  stdflt - ok
01:49:40.0618 6184  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
01:49:40.0618 6184  stexstor - ok
01:49:40.0680 6184  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
01:49:40.0680 6184  StillCam - ok
01:49:40.0727 6184  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
01:49:40.0743 6184  stisvc - ok
01:49:40.0789 6184  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
01:49:40.0789 6184  swenum - ok
01:49:40.0914 6184  [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
01:49:40.0914 6184  SwitchBoard - ok
01:49:40.0945 6184  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
01:49:40.0961 6184  swprv - ok
01:49:40.0977 6184  Synth3dVsc - ok
01:49:41.0023 6184  [ 5AEEC2BB8065B563ADBC88CA22588953 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
01:49:41.0023 6184  SynTP - ok
01:49:41.0117 6184  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
01:49:41.0179 6184  SysMain - ok
01:49:41.0226 6184  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
01:49:41.0226 6184  TabletInputService - ok
01:49:41.0242 6184  [ 3B73C849B41FB20D77B0E553214061A5 ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
01:49:41.0257 6184  tap0901 - ok
01:49:41.0273 6184  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
01:49:41.0273 6184  TapiSrv - ok
01:49:41.0289 6184  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
01:49:41.0289 6184  TBS - ok
01:49:41.0367 6184  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
01:49:41.0382 6184  Tcpip - ok
01:49:41.0445 6184  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
01:49:41.0460 6184  TCPIP6 - ok
01:49:41.0507 6184  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
01:49:41.0507 6184  tcpipreg - ok
01:49:41.0538 6184  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
01:49:41.0538 6184  TDPIPE - ok
01:49:41.0585 6184  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
01:49:41.0585 6184  TDTCP - ok
01:49:41.0616 6184  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
01:49:41.0616 6184  tdx - ok
01:49:41.0663 6184  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
01:49:41.0663 6184  TermDD - ok
01:49:41.0694 6184  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
01:49:41.0710 6184  TermService - ok
01:49:41.0788 6184  [ D018F3054D2211CD53CC7ECCE9B8A254 ] Tether          C:\Program Files (x86)\Tether\TBService.exe
01:49:41.0788 6184  Tether - ok
01:49:41.0803 6184  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
01:49:41.0803 6184  Themes - ok
01:49:41.0850 6184  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
01:49:41.0850 6184  THREADORDER - ok
01:49:41.0897 6184  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
01:49:41.0897 6184  TrkWks - ok
01:49:41.0975 6184  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
01:49:41.0975 6184  TrustedInstaller - ok
01:49:42.0022 6184  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
01:49:42.0022 6184  tssecsrv - ok
01:49:42.0037 6184  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
01:49:42.0037 6184  TsUsbFlt - ok
01:49:42.0053 6184  tsusbhub - ok
01:49:42.0100 6184  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
01:49:42.0115 6184  tunnel - ok
01:49:42.0147 6184  [ 825E7A1F48FB8BCFBA27C178AAB4E275 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
01:49:42.0147 6184  TurboB - ok
01:49:42.0209 6184  [ B206BE1174D5964D49A56BB6C4E0524A ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
01:49:42.0225 6184  TurboBoost - ok
01:49:42.0256 6184  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
01:49:42.0271 6184  uagp35 - ok
01:49:42.0318 6184  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
01:49:42.0318 6184  udfs - ok
01:49:42.0334 6184  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
01:49:42.0349 6184  UI0Detect - ok
01:49:42.0365 6184  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
01:49:42.0365 6184  uliagpkx - ok
01:49:42.0427 6184  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
01:49:42.0427 6184  umbus - ok
01:49:42.0459 6184  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
01:49:42.0459 6184  UmPass - ok
01:49:42.0505 6184  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
01:49:42.0505 6184  UmRdpService - ok
01:49:42.0583 6184  [ 765F2DD351BA064F657751D8D75E58C0 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
01:49:42.0646 6184  UNS - ok
01:49:42.0661 6184  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
01:49:42.0677 6184  upnphost - ok
01:49:42.0724 6184  [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
01:49:42.0724 6184  USBAAPL64 - ok
01:49:42.0771 6184  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
01:49:42.0771 6184  usbaudio - ok
01:49:42.0817 6184  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
01:49:42.0817 6184  usbccgp - ok
01:49:42.0864 6184  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
01:49:42.0864 6184  usbcir - ok
01:49:42.0911 6184  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
01:49:42.0911 6184  usbehci - ok
01:49:42.0958 6184  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
01:49:42.0958 6184  usbhub - ok
01:49:43.0005 6184  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
01:49:43.0005 6184  usbohci - ok
01:49:43.0051 6184  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
01:49:43.0051 6184  usbprint - ok
01:49:43.0098 6184  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
01:49:43.0098 6184  usbscan - ok
01:49:43.0114 6184  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:49:43.0114 6184  USBSTOR - ok
01:49:43.0145 6184  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
01:49:43.0145 6184  usbuhci - ok
01:49:43.0161 6184  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
01:49:43.0161 6184  usbvideo - ok
01:49:43.0176 6184  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
01:49:43.0192 6184  UxSms - ok
01:49:43.0207 6184  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
01:49:43.0207 6184  VaultSvc - ok
01:49:43.0223 6184  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
01:49:43.0223 6184  vdrvroot - ok
01:49:43.0285 6184  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
01:49:43.0301 6184  vds - ok
01:49:43.0317 6184  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
01:49:43.0317 6184  vga - ok
01:49:43.0317 6184  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
01:49:43.0332 6184  VgaSave - ok
01:49:43.0348 6184  VGPU - ok
01:49:43.0379 6184  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
01:49:43.0379 6184  vhdmp - ok
01:49:43.0410 6184  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
01:49:43.0410 6184  viaide - ok
01:49:43.0426 6184  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
01:49:43.0426 6184  volmgr - ok
01:49:43.0488 6184  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
01:49:43.0488 6184  volmgrx - ok
01:49:43.0504 6184  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
01:49:43.0504 6184  volsnap - ok
01:49:43.0535 6184  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
01:49:43.0551 6184  vsmraid - ok
01:49:43.0613 6184  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
01:49:43.0660 6184  VSS - ok
01:49:43.0660 6184  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
01:49:43.0675 6184  vwifibus - ok
01:49:43.0691 6184  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
01:49:43.0691 6184  vwififlt - ok
01:49:43.0707 6184  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
01:49:43.0707 6184  vwifimp - ok
01:49:43.0753 6184  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
01:49:43.0769 6184  W32Time - ok
01:49:43.0800 6184  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
01:49:43.0800 6184  WacomPen - ok
01:49:43.0831 6184  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
01:49:43.0831 6184  WANARP - ok
01:49:43.0831 6184  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
01:49:43.0831 6184  Wanarpv6 - ok
01:49:43.0909 6184  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
01:49:43.0941 6184  WatAdminSvc - ok
01:49:43.0987 6184  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
01:49:44.0019 6184  wbengine - ok
01:49:44.0034 6184  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
01:49:44.0034 6184  WbioSrvc - ok
01:49:44.0081 6184  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
01:49:44.0097 6184  wcncsvc - ok
01:49:44.0112 6184  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
01:49:44.0112 6184  WcsPlugInService - ok
01:49:44.0128 6184  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
01:49:44.0128 6184  Wd - ok
01:49:44.0190 6184  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
01:49:44.0221 6184  Wdf01000 - ok
01:49:44.0237 6184  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
01:49:44.0237 6184  WdiServiceHost - ok
01:49:44.0237 6184  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
01:49:44.0237 6184  WdiSystemHost - ok
01:49:44.0284 6184  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
01:49:44.0299 6184  WebClient - ok
01:49:44.0315 6184  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
01:49:44.0315 6184  Wecsvc - ok
01:49:44.0331 6184  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
01:49:44.0331 6184  wercplsupport - ok
01:49:44.0346 6184  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
01:49:44.0346 6184  WerSvc - ok
01:49:44.0362 6184  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
01:49:44.0362 6184  WfpLwf - ok
01:49:44.0409 6184  [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
01:49:44.0409 6184  WimFltr - ok
01:49:44.0424 6184  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
01:49:44.0424 6184  WIMMount - ok
01:49:44.0471 6184  WinDefend - ok
01:49:44.0487 6184  WinHttpAutoProxySvc - ok
01:49:44.0580 6184  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
01:49:44.0580 6184  Winmgmt - ok
01:49:44.0658 6184  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
01:49:44.0736 6184  WinRM - ok
01:49:44.0783 6184  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
01:49:44.0783 6184  WinUsb - ok
01:49:44.0830 6184  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
01:49:44.0861 6184  Wlansvc - ok
01:49:44.0955 6184  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
01:49:45.0033 6184  wlidsvc - ok
01:49:45.0095 6184  [ DE816A0624D54D68E1FB8A9028DCF81A ] wltrysvc        C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
01:49:45.0095 6184  wltrysvc - ok
01:49:45.0142 6184  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
01:49:45.0142 6184  WmiAcpi - ok
01:49:45.0157 6184  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
01:49:45.0157 6184  wmiApSrv - ok
01:49:45.0204 6184  WMPNetworkSvc - ok
01:49:45.0235 6184  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
01:49:45.0235 6184  WPCSvc - ok
01:49:45.0282 6184  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
01:49:45.0282 6184  WPDBusEnum - ok
01:49:45.0329 6184  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
01:49:45.0329 6184  ws2ifsl - ok
01:49:45.0360 6184  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
01:49:45.0360 6184  wscsvc - ok
01:49:45.0391 6184  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
01:49:45.0407 6184  WSDPrintDevice - ok
01:49:45.0407 6184  WSearch - ok
01:49:45.0501 6184  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
01:49:45.0547 6184  wuauserv - ok
01:49:45.0594 6184  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
01:49:45.0594 6184  WudfPf - ok
01:49:45.0625 6184  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
01:49:45.0641 6184  WUDFRd - ok
01:49:45.0672 6184  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
01:49:45.0688 6184  wudfsvc - ok
01:49:45.0719 6184  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
01:49:45.0735 6184  WwanSvc - ok
01:49:45.0844 6184  [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService  C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
01:49:45.0844 6184  YahooAUService - ok
01:49:45.0891 6184  ================ Scan global ===============================
01:49:45.0937 6184  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
01:49:45.0984 6184  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
01:49:46.0000 6184  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
01:49:46.0031 6184  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
01:49:46.0047 6184  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
01:49:46.0062 6184  [Global] - ok
01:49:46.0062 6184  ================ Scan MBR ==================================
01:49:46.0078 6184  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
01:49:46.0343 6184  \Device\Harddisk0\DR0 - ok
01:49:46.0343 6184  ================ Scan VBR ==================================
01:49:46.0343 6184  [ 2A3E34585DC141E831F2139B9B1BE02F ] \Device\Harddisk0\DR0\Partition1
01:49:46.0343 6184  \Device\Harddisk0\DR0\Partition1 - ok
01:49:46.0359 6184  [ CFF57BE81E7B177B033CFEDDF90EE663 ] \Device\Harddisk0\DR0\Partition2
01:49:46.0359 6184  \Device\Harddisk0\DR0\Partition2 - ok
01:49:46.0359 6184  ============================================================
01:49:46.0359 6184  Scan finished
01:49:46.0359 6184  ============================================================
01:49:46.0374 3920  Detected object count: 1
01:49:46.0374 3920  Actual detected object count: 1
01:50:20.0226 3920  Akamai ( HiddenFile.Multi.Generic ) - skipped by user
01:50:20.0226 3920  Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip

 

 

 

 

Link to post
Share on other sites
rnct3

rnct3

Posted
  • Author
Posted

MBAR mbar-log.txt

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.06.22.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Rita Nicole :: RITANICOLE-PC [administrator]

6/23/2013 1:53:23 AM
mbar-log-2013-06-23 (01-53-23).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 259307
Time elapsed: 19 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Hijack.Trojan.Siredef.C) -> Delete on reboot.
HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32 (Trojan.Zaccess) -> Delete on reboot.

Registry Values Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32| (Trojan.Zaccess) -> Data: C:\$Recycle.Bin\S-1-5-21-121882709-412351183-818571276-1000\$b3e08003e8107cf7184dc005ab9859c5\n. -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\Users\Rita Nicole\AppData\Roaming\Microsoft\Windows\Templates\2433f433 (Trojan.Agent.TPL) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

system-log.txt

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16576

Java version: 1.6.0_33

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 6296199168, free: 3971891200

Downloaded database version: v2013.06.22.07
Initializing...
------------ Kernel report ------------
     06/23/2013 01:53:20
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\stdflt.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\System32\Drivers\SCDEmu.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\k57nd60a.sys
\SystemRoot\system32\DRIVERS\bcmwl664.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\Impcd.sys
\SystemRoot\system32\DRIVERS\Acceler.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\System32\Drivers\RootMdm.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\tap0901.sys
\SystemRoot\system32\DRIVERS\bcmvwl64.sys
\SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\CtClsFlt.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\TurboB.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\BCM42RLY.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\imagehlp.dll
\Windows\System32\clbcatq.dll
\Windows\System32\imm32.dll
\Windows\System32\nsi.dll
\Windows\System32\kernel32.dll
\Windows\System32\shell32.dll
\Windows\System32\lpk.dll
\Windows\System32\psapi.dll
\Windows\System32\ws2_32.dll
\Windows\System32\gdi32.dll
\Windows\System32\msctf.dll
\Windows\System32\urlmon.dll
\Windows\System32\advapi32.dll
\Windows\System32\usp10.dll
\Windows\System32\normaliz.dll
\Windows\System32\difxapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\wininet.dll
\Windows\System32\Wldap32.dll
\Windows\System32\iertutil.dll
\Windows\System32\shlwapi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\comdlg32.dll
\Windows\System32\sechost.dll
\Windows\System32\user32.dll
\Windows\System32\ole32.dll
\Windows\System32\setupapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\KernelBase.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006467060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa80062111f0
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006467060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006467b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006467060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800636cce0, DeviceName: Unknown, DriverName: \Driver\stdflt\
DevicePointer: 0xfffffa80062111f0, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C5D66832

Partition information:

    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 80262

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 81920  Numsec = 30720000
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 30801920  Numsec = 945969200

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)...
Done!
Infected: c:\Users\Rita Nicole\AppData\Roaming\Microsoft\Windows\Templates\2433f433 --> [Trojan.Agent.TPL]
Infected: HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} --> [Hijack.Trojan.Siredef.C]
Infected: HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32| --> [Trojan.Zaccess]
Infected: HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32 --> [Trojan.Zaccess]
Scan finished
Creating System Restore point...
Cleaning up...
Executing an action fixdamage.exe...
Success!
Queuing an action fixdamage.exe
Removal successful. No system shutdown is required.
=======================================

Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_1_81920_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished

 

 

ComboFix's report (C:\ComboFix.txt)

ComboFix 13-06-22.01 - Rita Nicole 06/23/2013   2:25.3.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.6005.3801 [GMT 2:00]
Running from: c:\users\Rita Nicole\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\6CB1E612F0.sys
c:\users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A6058252-AE0E-44E2-8956-1992889C1536}.xps
c:\users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C2DFF854-B054-476E-A640-A7522D65D2E7}.xps
c:\users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DE6A627E-B965-4688-980E-001536A8F049}.xps
c:\users\Rita Nicole\AppData\Roaming\Help\coredb\storage
c:\users\Rita Nicole\AppData\Roaming\Oqyfu
c:\users\Rita Nicole\AppData\Roaming\Oqyfu\negai.qea
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-23 to 2013-06-23  )))))))))))))))))))))))))))))))
.
.
2013-06-23 04:05 . 2013-06-23 04:05 -------- d-----w- C:\FRST
2013-06-23 00:42 . 2013-06-23 00:42 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-06-23 00:42 . 2013-06-23 00:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-22 23:53 . 2013-06-23 00:17 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-06-22 23:52 . 2013-06-22 23:52 36680 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-06-22 22:52 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0F1D1C06-246A-4EC2-BCAE-38A19478D319}\mpengine.dll
2013-06-08 15:37 . 2013-06-22 06:59 -------- d-----w- c:\program files\iPod
2013-06-08 15:37 . 2013-06-22 07:05 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-08 15:37 . 2013-06-22 07:05 -------- d-----w- c:\program files\iTunes
2013-06-08 15:37 . 2013-06-22 07:05 -------- d-----w- c:\program files (x86)\iTunes
2013-06-08 15:34 . 2013-06-08 15:34 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-06-08 15:34 . 2013-06-08 15:34 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\npqtplugin5.dll
2013-06-08 15:34 . 2013-06-08 15:34 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-06-08 15:34 . 2013-06-08 15:34 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-06-08 15:34 . 2013-06-08 15:34 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\npqtplugin4.dll
2013-06-08 15:34 . 2013-06-08 15:34 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\npqtplugin3.dll
2013-06-08 15:34 . 2013-06-08 15:34 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-06-08 15:34 . 2013-06-08 15:34 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-06-08 15:34 . 2013-06-08 15:34 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\npqtplugin2.dll
2013-06-08 15:34 . 2013-06-08 15:34 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\npqtplugin.dll
2013-06-08 15:33 . 2013-06-22 07:05 -------- d-----w- c:\program files (x86)\QuickTime
2013-06-06 01:03 . 2013-06-06 01:03 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-05 13:54 . 2013-06-17 00:46 -------- d-----w- c:\users\Rita Nicole\AppData\Local\8D60C146-23F5-4458-89C5-7C1EC844C946.aplzod
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-17 00:38 . 2012-04-02 19:16 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-17 00:38 . 2011-06-06 16:21 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-17 00:38 . 2012-12-11 23:38 9089416 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-05-16 09:03 . 2013-05-16 09:03 53248 ----a-r- c:\users\Rita Nicole\AppData\Roaming\Microsoft\Installer\{29F6BF0C-3D0E-4480-8B55-85EDECE418FF}\ARPPRODUCTICON.exe
2013-05-16 01:07 . 2010-08-30 15:29 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-11 16:15 . 2010-06-24 17:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-10 07:57 . 2013-05-10 07:57 27208 ----a-w- c:\windows\system32\AdobePDFUI.dll
2013-05-10 07:57 . 2013-05-10 07:57 55872 ----a-w- c:\windows\system32\AdobePDF.dll
2013-05-02 00:06 . 2012-04-27 09:47 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 01:59 . 2013-05-01 01:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 01:59 . 2013-05-01 01:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2013-04-13 05:49 . 2013-05-15 06:58 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 06:58 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 06:58 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 06:58 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 06:58 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 06:58 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-05-02 09:34 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-15 06:58 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 06:58 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 06:58 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 12:50 . 2011-05-04 01:32 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Acrobat Synchronizer"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2013-05-10 1272912]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [bU]
"HideMyIP"="c:\program files (x86)\Hide My IP\HideMyIP.exe" [2012-10-23 951952]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-04-05 59720]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-04-05 59720]
"com.apple.dav.bookmarks.daemon"="c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2013-04-05 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2013-05-10 840768]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2013-01-17 267792]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2013-05-10 38984]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2011-08-11 358336]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-01-30 450560]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux8"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 0032611335484094mcinstcleanup;McAfee Application Installer Cleanup (0032611335484094);c:\users\RITANI~1\AppData\Local\Temp\003261~1.EXE;c:\users\RITANI~1\AppData\Local\Temp\003261~1.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x]
R2 Polar Daemon;Polar Daemon;c:\program files (x86)\Polar\Daemon\polard.exe;c:\program files (x86)\Polar\Daemon\polard.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys;c:\windows\SYSNATIVE\DRIVERS\facap.sys [x]
R3 HP1210FAX;HP1210MFP FAX;c:\windows\system32\Drivers\HPM1210FAX.sys;c:\windows\SYSNATIVE\Drivers\HPM1210FAX.sys [x]
R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfx64fax.sys;c:\windows\SYSNATIVE\drivers\hpfx64fax.sys [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]
R3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms;c:\program files\dell support center\pcdsrvc_x64.pkms [x]
R3 qrkis;Tether Miniport;c:\windows\system32\DRIVERS\qrkis.sys;c:\windows\SYSNATIVE\DRIVERS\qrkis.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
R3 rtlss;Service for enabling selective suspend to RTL device;c:\windows\system32\Drivers\rtlss.sys;c:\windows\SYSNATIVE\Drivers\rtlss.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys;c:\windows\SYSNATIVE\DRIVERS\stdflt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [x]
S2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [x]
S2 Tether;Tether;c:\program files (x86)\Tether\TBService.exe;c:\program files (x86)\Tether\TBService.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys;c:\windows\SYSNATIVE\DRIVERS\Acceler.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys;c:\windows\SYSNATIVE\DRIVERS\bcmvwl64.sys [x]
S3 BlackBerry Device Manager;BlackBerry Device Manager;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 HideMyIpSRV;HideMyIpSRV;c:\program files (x86)\Hide My IP\HideMyIpSrv.exe;c:\program files (x86)\Hide My IP\HideMyIpSrv.exe [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 72034033
*NewlyCreated* - MBAMCHAMELEON
*Deregistered* - 72034033
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ    Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 00:38]
.
2013-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 19:04]
.
2013-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 19:04]
.
2013-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-121882709-412351183-818571276-1000Core.job
- c:\users\Rita Nicole\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-19 18:26]
.
2013-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-121882709-412351183-818571276-1000UA.job
- c:\users\Rita Nicole\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-19 18:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-31 8095776]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-02 5712896]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Open with WordPerfect - c:\program files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: hcdistrictclerk.com
Trusted Zone: picnik.com
Trusted Zone: snapfish.com
Trusted Zone: texasbar.com
Trusted Zone: texasbar.com\www
Trusted Zone: usps.com
Trusted Zone: usps.com\sss-web
Trusted Zone: walgreens.com
Trusted Zone: westcheck.com
Trusted Zone: westlaw.com
Trusted Zone: westlaw.com\web2
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{61FA3B78-D9F6-4DF0-BCB1-F8A4A1E2730B}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Rita Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\73x01k6x.default\

FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\Rita Nicole\AppData\Local\Akamai\netsession_win.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020200}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-23  02:47:13
ComboFix-quarantined-files.txt  2013-06-23 00:47
ComboFix2.txt  2012-04-27 00:10
ComboFix3.txt  2012-04-26 23:44
.
Pre-Run: 255,660,490,752 bytes free
Post-Run: 259,729,317,888 bytes free
.
- - End Of File - - 1A008A9DEC33C5BE75919E98ADD6F862
5C616939100B85E558DA92B899A0FC36

 

Security Check checkup.txt

 

 Results of screen317's Security Check version 0.99.67 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java 6 Update 33 
 Java version out of Date!
 Adobe Flash Player 11.7.700.224 
 Adobe Reader 9 Adobe Reader out of Date!
 Adobe Reader 10.1.7 Adobe Reader out of Date! 
 Mozilla Firefox 12.0 Firefox out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

Link to post
Share on other sites
D-FRED-BROWN

D-FRED-BROWN

Posted
Posted

Making progress, but we still have some more to go:

 

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

 

Driver::
72034033

File::
C:\Windows\System32\Drivers\72034033.sys

 

Reboot::



Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now
 
Link to post
Share on other sites
rnct3

rnct3

Posted
  • Author
Posted

Hi, 

 

I have only used the computer a little bit since we fixed it because I have been traveling. However, when I have used it everything seems to be working fine. If something does pop up I will seek you out again if that is alright. Thank you so much for your help, I appreciate it so much. 

Link to post
Share on other sites
rnct3

rnct3

Posted
  • Author
Posted

Hi here is the log text:

 

ComboFix 13-06-28.02 - Rita Nicole 06/29/2013   5:42.4.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.6005.4284 [GMT 2:00]
Running from: c:\users\Rita Nicole\Desktop\ComboFix.exe
Command switches used :: c:\users\Rita Nicole\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\System32\Drivers\72034033.sys"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_72034033
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-28 to 2013-06-29  )))))))))))))))))))))))))))))))
.
.
2013-06-29 03:52 . 2013-06-29 03:52    --------    d-----w-    c:\users\Public\AppData\Local\temp
2013-06-29 03:52 . 2013-06-29 03:52    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-06-29 03:31 . 2013-06-12 03:08    9552976    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{3727BBEA-6E5F-4E41-9CFF-111CEBCBF893}\mpengine.dll
2013-06-23 04:05 . 2013-06-23 04:05    --------    d-----w-    C:\FRST
2013-06-23 01:01 . 2013-06-08 14:08    1365504    ----a-w-    c:\windows\system32\urlmon.dll
2013-06-22 23:53 . 2013-06-23 00:17    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-06-22 23:52 . 2013-06-22 23:52    36680    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-06-22 22:51 . 2013-05-08 06:39    1910632    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-06-22 22:51 . 2013-04-26 05:51    751104    ----a-w-    c:\windows\system32\win32spl.dll
2013-06-22 22:51 . 2013-04-26 04:55    492544    ----a-w-    c:\windows\SysWow64\win32spl.dll
2013-06-22 22:51 . 2013-05-10 05:49    30720    ----a-w-    c:\windows\system32\cryptdlg.dll
2013-06-22 22:51 . 2013-05-10 03:20    24576    ----a-w-    c:\windows\SysWow64\cryptdlg.dll
2013-06-22 22:50 . 2013-04-17 07:02    1230336    ----a-w-    c:\windows\SysWow64\WindowsCodecs.dll
2013-06-22 22:50 . 2013-04-17 06:24    1424384    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2013-06-22 22:50 . 2013-05-13 05:51    184320    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-06-22 22:50 . 2013-05-13 05:51    1464320    ----a-w-    c:\windows\system32\crypt32.dll
2013-06-22 22:50 . 2013-05-13 05:51    139776    ----a-w-    c:\windows\system32\cryptnet.dll
2013-06-22 22:50 . 2013-05-13 04:45    1160192    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-06-22 22:50 . 2013-05-13 03:43    1192448    ----a-w-    c:\windows\system32\certutil.exe
2013-06-22 22:50 . 2013-05-13 03:08    903168    ----a-w-    c:\windows\SysWow64\certutil.exe
2013-06-22 22:50 . 2013-05-13 05:50    52224    ----a-w-    c:\windows\system32\certenc.dll
2013-06-22 22:50 . 2013-05-13 04:45    140288    ----a-w-    c:\windows\SysWow64\cryptsvc.dll
2013-06-22 22:50 . 2013-05-13 04:45    103936    ----a-w-    c:\windows\SysWow64\cryptnet.dll
2013-06-22 22:50 . 2013-05-13 03:08    43008    ----a-w-    c:\windows\SysWow64\certenc.dll
2013-06-22 22:49 . 2013-04-25 23:30    1505280    ----a-w-    c:\windows\SysWow64\d3d11.dll
2013-06-22 22:49 . 2013-03-31 22:52    1887232    ----a-w-    c:\windows\system32\d3d11.dll
2013-06-08 15:37 . 2013-06-22 06:59    --------    d-----w-    c:\program files\iPod
2013-06-08 15:37 . 2013-06-22 07:05    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-08 15:37 . 2013-06-22 07:05    --------    d-----w-    c:\program files\iTunes
2013-06-08 15:37 . 2013-06-22 07:05    --------    d-----w-    c:\program files (x86)\iTunes
2013-06-08 15:34 . 2013-06-08 15:34    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-06-08 15:34 . 2013-06-08 15:34    159744    ----a-w-    c:\program files (x86)\Mozilla Firefox\Plugins\npqtplugin5.dll
2013-06-08 15:34 . 2013-06-08 15:34    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-06-08 15:34 . 2013-06-08 15:34    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-06-08 15:34 . 2013-06-08 15:34    159744    ----a-w-    c:\program files (x86)\Mozilla Firefox\Plugins\npqtplugin4.dll
2013-06-08 15:34 . 2013-06-08 15:34    159744    ----a-w-    c:\program files (x86)\Mozilla Firefox\Plugins\npqtplugin3.dll
2013-06-08 15:34 . 2013-06-08 15:34    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-06-08 15:34 . 2013-06-08 15:34    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-06-08 15:34 . 2013-06-08 15:34    159744    ----a-w-    c:\program files (x86)\Mozilla Firefox\Plugins\npqtplugin2.dll
2013-06-08 15:34 . 2013-06-08 15:34    159744    ----a-w-    c:\program files (x86)\Mozilla Firefox\Plugins\npqtplugin.dll
2013-06-08 15:33 . 2013-06-22 07:05    --------    d-----w-    c:\program files (x86)\QuickTime
2013-06-06 01:03 . 2013-06-06 01:03    9728    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-05 13:54 . 2013-06-23 01:10    --------    d-----w-    c:\users\Rita Nicole\AppData\Local\8D60C146-23F5-4458-89C5-7C1EC844C946.aplzod
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-23 01:02 . 2010-08-30 15:29    75825640    ----a-w-    c:\windows\system32\MRT.exe
2013-06-17 00:38 . 2012-04-02 19:16    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-17 00:38 . 2011-06-06 16:21    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-17 00:38 . 2012-12-11 23:38    9089416    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-05-16 09:03 . 2013-05-16 09:03    53248    ----a-r-    c:\users\Rita Nicole\AppData\Roaming\Microsoft\Installer\{29F6BF0C-3D0E-4480-8B55-85EDECE418FF}\ARPPRODUCTICON.exe
2013-05-11 16:15 . 2010-06-24 17:33    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-10 07:57 . 2013-05-10 07:57    27208    ----a-w-    c:\windows\system32\AdobePDFUI.dll
2013-05-10 07:57 . 2013-05-10 07:57    55872    ----a-w-    c:\windows\system32\AdobePDF.dll
2013-05-02 00:06 . 2012-04-27 09:47    278800    ------w-    c:\windows\system32\MpSigStub.exe
2013-05-01 01:59 . 2013-05-01 01:59    94208    ----a-w-    c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 01:59 . 2013-05-01 01:59    69632    ----a-w-    c:\windows\SysWow64\QuickTime.qts
2013-04-13 05:49 . 2013-05-15 06:58    135168    ----a-w-    c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 06:58    308736    ----a-w-    c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 06:58    350208    ----a-w-    c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 06:58    111104    ----a-w-    c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 06:58    474624    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 06:58    2176512    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-05-02 09:34    1656680    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-15 06:58    265064    ----a-w-    c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 06:58    983400    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 06:58    3153920    ----a-w-    c:\windows\system32\win32k.sys
2013-04-04 12:50 . 2011-05-04 01:32    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Acrobat Synchronizer"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2013-05-10 1272912]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [bU]
"HideMyIP"="c:\program files (x86)\Hide My IP\HideMyIP.exe" [2012-10-23 951952]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-04-05 59720]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-04-05 59720]
"com.apple.dav.bookmarks.daemon"="c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2013-04-05 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2013-05-10 840768]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2013-01-17 267792]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2013-05-10 38984]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2011-08-11 358336]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-01-30 450560]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux8"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 0032611335484094mcinstcleanup;McAfee Application Installer Cleanup (0032611335484094);c:\users\RITANI~1\AppData\Local\Temp\003261~1.EXE;c:\users\RITANI~1\AppData\Local\Temp\003261~1.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BlackBerry Device Manager;BlackBerry Device Manager;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys;c:\windows\SYSNATIVE\DRIVERS\facap.sys [x]
R3 HideMyIpSRV;HideMyIpSRV;c:\program files (x86)\Hide My IP\HideMyIpSrv.exe;c:\program files (x86)\Hide My IP\HideMyIpSrv.exe [x]
R3 HP1210FAX;HP1210MFP FAX;c:\windows\system32\Drivers\HPM1210FAX.sys;c:\windows\SYSNATIVE\Drivers\HPM1210FAX.sys [x]
R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfx64fax.sys;c:\windows\SYSNATIVE\drivers\hpfx64fax.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]
R3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms;c:\program files\dell support center\pcdsrvc_x64.pkms [x]
R3 qrkis;Tether Miniport;c:\windows\system32\DRIVERS\qrkis.sys;c:\windows\SYSNATIVE\DRIVERS\qrkis.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
R3 rtlss;Service for enabling selective suspend to RTL device;c:\windows\system32\Drivers\rtlss.sys;c:\windows\SYSNATIVE\Drivers\rtlss.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys;c:\windows\SYSNATIVE\DRIVERS\stdflt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [x]
S2 Polar Daemon;Polar Daemon;c:\program files (x86)\Polar\Daemon\polard.exe;c:\program files (x86)\Polar\Daemon\polard.exe [x]
S2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [x]
S2 Tether;Tether;c:\program files (x86)\Tether\TBService.exe;c:\program files (x86)\Tether\TBService.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys;c:\windows\SYSNATIVE\DRIVERS\Acceler.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys;c:\windows\SYSNATIVE\DRIVERS\bcmvwl64.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai    REG_MULTI_SZ       Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 00:38]
.
2013-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 19:04]
.
2013-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 19:04]
.
2013-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-121882709-412351183-818571276-1000Core.job
- c:\users\Rita Nicole\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-19 18:26]
.
2013-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-121882709-412351183-818571276-1000UA.job
- c:\users\Rita Nicole\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-19 18:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-31 8095776]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-02 5712896]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Open with WordPerfect - c:\program files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: hcdistrictclerk.com
Trusted Zone: picnik.com
Trusted Zone: snapfish.com
Trusted Zone: texasbar.com
Trusted Zone: texasbar.com\www
Trusted Zone: usps.com
Trusted Zone: usps.com\sss-web
Trusted Zone: walgreens.com
Trusted Zone: westcheck.com
Trusted Zone: westlaw.com
Trusted Zone: westlaw.com\web2
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{61FA3B78-D9F6-4DF0-BCB1-F8A4A1E2730B}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Rita Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\73x01k6x.default\

FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020200}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
.
**************************************************************************
.
Completion time: 2013-06-29  06:14:34 - machine was rebooted
ComboFix-quarantined-files.txt  2013-06-29 04:14
ComboFix2.txt  2013-06-23 00:47
ComboFix3.txt  2012-04-27 00:10
ComboFix4.txt  2012-04-26 23:44
.
Pre-Run: 256,797,216,768 bytes free
Post-Run: 255,836,573,696 bytes free
.
- - End Of File - - 447FB0D35B3FFAD799D041362454628B
5C616939100B85E558DA92B899A0FC36
 

Link to post
Share on other sites
D-FRED-BROWN

D-FRED-BROWN

Posted
Posted

Reboot the system. :)

 

Things look a whole lot better. Let's run some more scans to verify there isn't anything left:

 

----------Step 1----------------
Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

----------Step 2----------------
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

----------Step 3----------------
We need to create a New FULL OTL Report

  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the OTL icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Run Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

 

----------Step 4 (note: this scan may take a little time)----------------

I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt


----------Step 5----------------
Please post the AdwCleaner logfile, the JRT.txt, the OTL.txt and Extras.txt, and the ESET online scan log in your next reply.

Let me know how things go.

Link to post
Share on other sites
rnct3

rnct3

Posted
  • Author
Posted

# AdwCleaner v2.303 - Logfile created 07/03/2013 at 05:39:22
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Rita Nicole - RITANICOLE-PC
# Boot Mode : Normal
# Running from : C:\Users\Rita Nicole\Desktop\AdwCleaner.exe
# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\Users\Rita Nicole\AppData\Local\PackageAware
Folder Found : C:\Users\Rita Nicole\AppData\LocalLow\boost_interprocess

***** [Registry] *****

Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (en-US)

File : C:\Users\Rita Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\73x01k6x.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1340 octets] - [03/07/2013 05:39:22]

########## EOF - C:\AdwCleaner[R1].txt - [1400 octets] ##########

Link to post
Share on other sites
rnct3

rnct3

Posted
  • Author
Posted

# AdwCleaner v2.303 - Logfile created 07/03/2013 at 05:44:10
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Rita Nicole - RITANICOLE-PC
# Boot Mode : Normal
# Running from : C:\Users\Rita Nicole\Desktop\AdwCleaner.exe
# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\Users\Rita Nicole\AppData\Local\PackageAware
Folder Found : C:\Users\Rita Nicole\AppData\LocalLow\boost_interprocess

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (en-US)

File : C:\Users\Rita Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\73x01k6x.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1469 octets] - [03/07/2013 05:39:22]
AdwCleaner[R2].txt - [1509 octets] - [03/07/2013 05:44:10]

########## EOF - C:\AdwCleaner[R2].txt - [1569 octets] ########

Link to post
Share on other sites
rnct3

rnct3

Posted
  • Author
Posted

# AdwCleaner v2.303 - Logfile created 07/03/2013 at 05:44:56
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Rita Nicole - RITANICOLE-PC
# Boot Mode : Normal
# Running from : C:\Users\Rita Nicole\Desktop\AdwCleaner.exe
# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Users\Rita Nicole\AppData\Local\PackageAware
Folder Deleted : C:\Users\Rita Nicole\AppData\LocalLow\boost_interprocess

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (en-US)

File : C:\Users\Rita Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\73x01k6x.default\prefs.js

C:\Users\Rita Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\73x01k6x.default\user.js ... Deleted !

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1469 octets] - [03/07/2013 05:39:22]
AdwCleaner[R2].txt - [1638 octets] - [03/07/2013 05:44:10]
AdwCleaner[s1].txt - [1689 octets] - [03/07/2013 05:44:56]

########## EOF - C:\AdwCleaner[s1].txt - [1749 octets] ##########

Link to post
Share on other sites
rnct3

rnct3

Posted
  • Author
Posted

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Ultimate x64
Ran by Rita Nicole on Wed 07/03/2013 at  5:52:22.95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll

 

~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Rita Nicole\appdata\local\{273D01C5-95A1-49B9-8977-FBCF839E5552}
Successfully deleted: [Empty Folder] C:\Users\Rita Nicole\appdata\local\{42DC7302-01F5-4C4F-9323-A50B53DE393C}
Successfully deleted: [Empty Folder] C:\Users\Rita Nicole\appdata\local\{861ADCB2-E095-4A01-A32B-E21653AD941D}
Successfully deleted: [Empty Folder] C:\Users\Rita Nicole\appdata\local\{95B90E78-02FC-4286-8766-26E4C335AD9F}
Successfully deleted: [Empty Folder] C:\Users\Rita Nicole\appdata\local\{9A8153FB-899B-4CBA-9AD6-4F3B21661FEA}
Successfully deleted: [Empty Folder] C:\Users\Rita Nicole\appdata\local\{F24DA58B-07ED-4BB8-9150-60F944D53CE8}
Successfully deleted: [Empty Folder] C:\Users\Rita Nicole\appdata\local\{F65849C0-F277-43C3-A7DB-55E0F4A49540}

 

~~~ FireFox

Emptied folder: C:\Users\Rita Nicole\AppData\Roaming\mozilla\firefox\profiles\73x01k6x.default\minidumps [26 files]

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/03/2013 at  5:56:57.60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites
rnct3

rnct3

Posted
  • Author
Posted

OTL logfile created on: 7/3/2013 6:00:09 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Rita Nicole\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.86 Gb Total Physical Memory | 4.18 Gb Available Physical Memory | 71.33% Memory free
11.73 Gb Paging File | 9.90 Gb Available in Paging File | 84.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 239.82 Gb Free Space | 53.17% Space Free | Partition Type: NTFS
 
Computer Name: RITANICOLE-PC | User Name: Rita Nicole | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/07/03 05:58:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rita Nicole\Desktop\OTL.exe
PRC - [2013/05/10 09:57:36 | 000,840,768 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2013/05/10 00:57:24 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/21 21:43:52 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2013/04/05 12:59:08 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2013/04/05 12:58:26 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2013/04/05 12:58:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
PRC - [2013/02/13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2013/02/06 12:23:14 | 000,585,728 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
PRC - [2013/01/17 16:08:26 | 000,267,792 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2012/10/23 13:25:18 | 003,572,880 | ---- | M] (Hide My IP) -- C:\Program Files (x86)\Hide My IP\HideMyIpSrv.exe
PRC - [2012/10/23 13:25:18 | 000,951,952 | ---- | M] (www.hidemyip.com) -- C:\Program Files (x86)\Hide My IP\HideMyIP.exe
PRC - [2012/06/19 23:21:24 | 001,646,608 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
PRC - [2011/11/23 21:21:24 | 000,025,704 | R--- | M] (Amazon.com) -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
PRC - [2011/10/19 16:48:08 | 000,411,136 | ---- | M] () -- C:\Program Files (x86)\Polar\Daemon\polard.exe
PRC - [2011/08/11 13:28:10 | 000,862,144 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2011/08/11 13:27:02 | 000,358,336 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2010/05/14 17:56:58 | 000,049,080 | ---- | M] () -- C:\Program Files (x86)\Tether\TBService.exe
PRC - [2009/12/29 23:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/10/01 11:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/10/01 11:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/07/22 15:52:12 | 002,384,896 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
PRC - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/05/16 03:06:32 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013/05/16 03:06:08 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013/02/14 04:39:43 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll
MOD - [2013/02/14 04:35:08 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll
MOD - [2013/02/13 04:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013/02/13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2013/01/26 18:56:08 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013/01/26 16:47:18 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\5baea82888a13fa558004b24e3b107cf\CustomMarshalers.ni.dll
MOD - [2013/01/26 16:46:48 | 002,382,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\cedfc98e1e998c103a2a98298d40b11e\Microsoft.Office.Interop.Outlook.ni.dll
MOD - [2013/01/26 16:46:47 | 001,017,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\office\c032b45d3a3c912e41992c0a9c256e5f\office.ni.dll
MOD - [2013/01/26 16:46:47 | 000,044,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\stdole\f698ac346476a20a02725b8e9de422cd\stdole.ni.dll
MOD - [2013/01/26 16:46:47 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Extensibility\40ae80b5416554417d40f6fd4df4c62a\Extensibility.ni.dll
MOD - [2013/01/26 15:39:09 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/26 15:38:53 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/26 15:38:50 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/26 15:38:45 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/11/28 15:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/11/28 15:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 07:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/12/21 08:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2010/11/05 03:57:39 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2010/08/30 05:40:58 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2009/07/22 15:52:12 | 002,384,896 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2012/02/15 05:13:00 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/02/02 14:14:38 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/11/02 19:48:18 | 000,126,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/08/18 04:09:52 | 000,868,128 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/03/31 08:01:34 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2013/07/03 05:24:41 | 004,569,856 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll -- (Akamai)
SRV - [2013/06/17 02:38:26 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/10 00:57:24 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/06 12:23:14 | 000,585,728 | ---- | M] (Research In Motion Limited) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe -- (BlackBerry Device Manager)
SRV - [2012/10/23 13:25:18 | 003,572,880 | ---- | M] (Hide My IP) [On_Demand | Running] -- C:\Program Files (x86)\Hide My IP\HideMyIpSrv.exe -- (HideMyIpSRV)
SRV - [2012/08/08 00:31:04 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/06/19 23:21:24 | 001,646,608 | ---- | M] (Rosetta Stone Ltd.) [Auto | Running] -- C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe -- (RosettaStoneDaemon)
SRV - [2011/11/23 21:21:24 | 000,025,704 | R--- | M] (Amazon.com) [Auto | Running] -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2011/10/19 16:48:08 | 000,411,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Polar\Daemon\polard.exe -- (Polar Daemon)
SRV - [2011/07/13 16:00:16 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2010/05/14 17:56:58 | 000,049,080 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Tether\TBService.exe -- (Tether)
SRV - [2010/03/18 20:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 20:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/01 11:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/10/01 11:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/23 23:02:42 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe -- (InstallFilterService)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/06 02:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/01 16:26:34 | 000,136,192 | ---- | M] (HP) [Auto | Stopped] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/06/23 01:52:55 | 000,036,680 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV:64bit: - [2013/01/28 19:03:04 | 000,025,584 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020200}_0)
DRV:64bit: - [2013/01/03 13:50:48 | 000,078,336 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/12/10 15:48:02 | 000,044,544 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 05:48:32 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/02/15 05:48:32 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/02/15 04:13:12 | 000,327,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/12/05 21:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/11/29 04:28:28 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/07/13 16:00:14 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/04/15 18:14:15 | 000,020,480 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mvusbews.sys -- (mvusbews)
DRV:64bit: - [2011/04/15 18:14:15 | 000,016,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HPM1210FAX.sys -- (HP1210FAX)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/05 11:13:10 | 000,694,376 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010/06/21 17:56:20 | 000,027,240 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtlss.sys -- (rtlss)
DRV:64bit: - [2010/04/07 22:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/02/02 14:14:36 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2010/02/02 14:14:36 | 000,020,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)
DRV:64bit: - [2010/02/02 14:14:34 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/11/02 19:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/10/26 06:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/16 17:23:00 | 000,050,856 | ---- | M] (Tether) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qrkis.sys -- (qrkis)
DRV:64bit: - [2009/10/12 19:26:00 | 000,023,912 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Acceler.sys -- (Acceler)
DRV:64bit: - [2009/09/17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/09/03 12:15:26 | 000,292,400 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/08/20 09:34:38 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/07/27 04:54:30 | 000,090,544 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2009/07/23 19:57:48 | 000,018,792 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdflt.sys -- (stdflt)
DRV:64bit: - [2009/07/17 05:14:00 | 000,220,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/14 02:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/01 06:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/01 06:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/01 06:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/15 20:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/07 09:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/09/25 02:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\facap.sys -- (FACAP)
DRV:64bit: - [2007/07/16 23:29:33 | 000,023,064 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hpfx64fax.sys -- (HPFXFAX)
DRV:64bit: - [2007/07/16 23:29:23 | 000,020,504 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hpfx64bulk.sys -- (HPFXBULK)
DRV:64bit: - [2006/11/01 19:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{7EAECF87-B68D-44DB-87CC-7CC089FEBA3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{D9982E70-8256-46AA-B0A4-868C686C648A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-121882709-412351183-818571276-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-121882709-412351183-818571276-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-121882709-412351183-818571276-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-121882709-412351183-818571276-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5F 6A E3 8E D5 FD CA 01  [binary data]
IE - HKU\S-1-5-21-121882709-412351183-818571276-1000\..\SearchScopes,DefaultScope = {A4B1803A-CE3A-4984-9ABB-D1572FA4A0F7}
IE - HKU\S-1-5-21-121882709-412351183-818571276-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-121882709-412351183-818571276-1000\..\SearchScopes\{2EF9C486-8AAD-485F-9AFF-66E1B3AE5AA7}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-121882709-412351183-818571276-1000\..\SearchScopes\{3C7F9014-82E3-4AAA-BB7F-7C85671E2B80}: "URL" = http://duckduckgo.com/?q={searchTerms}
IE - HKU\S-1-5-21-121882709-412351183-818571276-1000\..\SearchScopes\{4A9980DA-0979-43C6-A818-928775591F31}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-121882709-412351183-818571276-1000\..\SearchScopes\{A4B1803A-CE3A-4984-9ABB-D1572FA4A0F7}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
IE - HKU\S-1-5-21-121882709-412351183-818571276-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316"
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.172
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=827316&p="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Rita Nicole\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Rita Nicole\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/05/16 11:13:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 22:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/03/15 18:44:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/08 17:34:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/06/22 09:05:40 | 000,000,000 | ---D | M]
 
[2012/04/09 14:39:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rita Nicole\AppData\Roaming\Mozilla\Extensions
[2013/05/28 09:40:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rita Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\73x01k6x.default\extensions
[2010/08/30 06:17:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Rita Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\73x01k6x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/08/05 17:48:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/08/05 17:48:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/03/15 18:44:53 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/04/21 03:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/08/11 13:18:12 | 000,128,960 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2011/08/11 00:16:34 | 000,096,192 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2011/08/11 13:18:30 | 000,092,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2011/08/11 13:18:08 | 000,022,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2011/08/11 13:19:38 | 000,436,136 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2011/08/11 00:16:34 | 000,024,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2012/08/08 19:03:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/08 19:03:55 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2013/06/29 06:11:24 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-121882709-412351183-818571276-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-121882709-412351183-818571276-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-121882709-412351183-818571276-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-121882709-412351183-818571276-1000..\Run: [Adobe Acrobat Synchronizer] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-121882709-412351183-818571276-1000..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-121882709-412351183-818571276-1000..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKU\S-1-5-21-121882709-412351183-818571276-1000..\Run: [HideMyIP] C:\Program Files (x86)\Hide My IP\HideMyIP.exe (www.hidemyip.com)
O4 - HKU\S-1-5-21-121882709-412351183-818571276-1000..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-121882709-412351183-818571276-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKLM..\RunOnce: [b Register C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-121882709-412351183-818571276-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-121882709-412351183-818571276-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta File not found
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-121882709-412351183-818571276-1000\..Trusted Domains: hcdistrictclerk.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-121882709-412351183-818571276-1000\..Trusted Domains: picnik.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-121882709-412351183-818571276-1000\..Trusted Domains: snapfish.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-121882709-412351183-818571276-1000\..Trusted Domains: texasbar.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-121882709-412351183-818571276-1000\..Trusted Domains: texasbar.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-121882709-412351183-818571276-1000\..Trusted Domains: texasbar.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-121882709-412351183-818571276-1000\..Trusted Domains: usps.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-121882709-412351183-818571276-1000\..Trusted Domains: usps.com ([sss-web] https in Trusted sites)
O15 - HKU\S-1-5-21-121882709-412351183-818571276-1000\..Trusted Domains: walgreens.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-121882709-412351183-818571276-1000\..Trusted Domains: westcheck.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-121882709-412351183-818571276-1000\..Trusted Domains: westlaw.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-121882709-412351183-818571276-1000\..Trusted Domains: westlaw.com ([web2] http in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} https://www.linkedin.com/cab/LinkedInContactFinderControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (RIM AxLoader)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61FA3B78-D9F6-4DF0-BCB1-F8A4A1E2730B}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8EAFE9AE-64B4-4D44-8C9A-82B9C7767A06}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9DD21D22-FE89-478E-9125-D010A4A3612D}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/03 05:58:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Rita Nicole\Desktop\OTL.exe
[2013/07/03 05:52:20 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/07/03 05:52:04 | 000,000,000 | ---D | C] -- C:\JRT
[2013/07/03 05:42:05 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Rita Nicole\Desktop\JRT.exe
[2013/06/29 06:11:26 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/06/29 05:37:20 | 000,000,000 | ---D | C] -- C:\Users\Rita Nicole\Desktop\Combofix
[2013/06/23 06:05:07 | 000,000,000 | ---D | C] -- C:\FRST
[2013/06/23 03:02:17 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/06/23 03:02:17 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/06/23 03:02:17 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/06/23 03:02:17 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/06/23 03:02:17 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/06/23 03:02:17 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/06/23 03:02:17 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/06/23 03:02:17 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/06/23 03:02:17 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/06/23 03:02:16 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/06/23 03:02:15 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/06/23 03:02:15 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/06/23 03:02:15 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/06/23 03:01:37 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/06/23 03:01:37 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/06/23 02:22:56 | 005,084,379 | R--- | C] (Swearware) -- C:\Users\Rita Nicole\Desktop\ComboFix.exe
[2013/06/23 01:53:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/06/23 01:52:31 | 000,000,000 | ---D | C] -- C:\Users\Rita Nicole\Desktop\mbar
[2013/06/23 01:48:51 | 002,240,864 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Rita Nicole\Desktop\tdsskiller.exe
[2013/06/23 00:51:17 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/06/23 00:51:17 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/06/23 00:51:09 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013/06/23 00:51:09 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013/06/23 00:50:41 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/06/23 00:50:31 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/06/23 00:50:31 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013/06/23 00:50:31 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013/06/23 00:50:31 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/06/23 00:50:30 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013/06/23 00:50:30 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013/06/23 00:49:58 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/06/23 00:49:58 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/06/08 17:38:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/06/08 17:37:36 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/06/08 17:37:35 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/06/08 17:37:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/06/08 17:37:35 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/06/08 17:33:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/06/08 17:33:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013/06/06 03:04:53 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/06/06 03:04:53 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/06/06 03:04:53 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/06/06 03:04:53 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/06/06 03:04:53 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/06/06 03:04:53 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/06/06 03:04:53 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/06/06 03:04:53 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/06/06 03:04:53 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/06/06 03:04:53 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/06/06 03:04:53 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/06/06 03:04:53 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/06/06 03:04:53 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/06/06 03:04:53 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/06/06 03:04:53 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/06/06 03:04:53 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/06/06 03:04:53 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/06/06 03:04:53 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/06/06 03:04:53 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/06/06 03:04:53 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/06/06 03:04:53 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/06/06 03:04:53 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/06/06 03:04:53 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/06/06 03:04:53 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/06/06 03:04:53 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/06/06 03:04:53 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/06/06 03:04:53 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/06/06 03:04:53 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/06/06 03:04:53 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/06/06 03:04:53 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/06/06 03:04:53 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/06/06 03:04:53 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/06/06 03:04:53 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/06/06 03:04:53 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/06/06 03:04:53 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/06/06 03:04:53 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/06/06 03:04:53 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/06/06 03:04:53 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/06/06 03:04:53 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/06/06 03:04:53 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/06/06 03:04:53 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/06/06 03:04:53 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/06/06 03:04:53 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/06/06 03:04:53 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/06/06 03:04:53 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/06/06 03:04:53 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/06/06 03:04:53 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/06/06 03:04:53 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/06/06 03:04:53 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/06/06 03:04:53 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/06/06 03:04:53 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/06/06 03:04:53 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/06/06 03:04:53 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/06/06 03:03:47 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013/06/06 03:03:47 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013/06/06 03:03:47 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013/06/06 03:03:47 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013/06/06 03:03:47 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013/06/06 03:03:47 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/06/06 03:03:47 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013/06/06 03:03:47 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013/06/06 03:03:47 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013/06/06 03:03:47 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013/06/06 03:03:47 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/06/06 03:03:47 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/06/06 03:03:47 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013/06/06 03:03:47 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013/06/06 03:03:47 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013/06/06 03:03:47 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013/06/06 03:03:47 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013/06/06 03:03:47 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013/06/06 03:03:47 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013/06/06 03:03:47 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013/06/06 03:03:47 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/06/06 03:03:47 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/06/06 03:03:47 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/06/06 03:03:47 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/06/06 03:03:47 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/06/06 03:03:47 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/06/06 03:03:47 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/06/06 03:03:47 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/06/06 03:03:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/06/06 03:03:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/06/06 03:03:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/06/06 03:03:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/06/06 03:03:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/06/06 03:03:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013/06/06 03:03:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/06/06 03:03:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/06/06 03:03:47 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/06/06 03:03:47 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/06/05 15:54:53 | 000,000,000 | ---D | C] -- C:\Users\Rita Nicole\AppData\Local\8D60C146-23F5-4458-89C5-7C1EC844C946.aplzod
[2 C:\Users\Rita Nicole\Desktop\*.tmp files -> C:\Users\Rita Nicole\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/03 05:58:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rita Nicole\Desktop\OTL.exe
[2013/07/03 05:55:30 | 000,019,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/03 05:55:30 | 000,019,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/03 05:48:07 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/03 05:47:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/03 05:47:29 | 427,180,031 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/03 05:42:05 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Rita Nicole\Desktop\JRT.exe
[2013/07/03 05:38:40 | 000,648,201 | ---- | M] () -- C:\Users\Rita Nicole\Desktop\AdwCleaner.exe
[2013/07/03 05:38:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/03 05:36:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/03 05:35:04 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-121882709-412351183-818571276-1000UA.job
[2013/06/29 06:23:30 | 002,339,896 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/29 06:23:30 | 000,704,762 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2013/06/29 06:23:30 | 000,655,144 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013/06/29 06:23:30 | 000,627,316 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/29 06:23:30 | 000,138,274 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2013/06/29 06:23:30 | 000,130,752 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013/06/29 06:23:30 | 000,107,600 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/29 06:11:24 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/06/29 05:39:27 | 005,084,379 | R--- | M] (Swearware) -- C:\Users\Rita Nicole\Desktop\ComboFix.exe
[2013/06/23 12:35:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-121882709-412351183-818571276-1000Core.job
[2013/06/23 02:47:54 | 000,890,978 | ---- | M] () -- C:\Users\Rita Nicole\Desktop\SecurityCheck.exe
[2013/06/23 01:52:55 | 000,036,680 | ---- | M] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013/06/23 01:52:45 | 000,000,864 | ---- | M] () -- C:\Users\Rita Nicole\Desktop\mbar-1.06.0.1004.zip
[2013/06/23 01:48:53 | 002,240,864 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Rita Nicole\Desktop\tdsskiller.exe
[2013/06/17 02:48:33 | 000,391,797 | ---- | M] () -- C:\Users\Rita Nicole\Desktop\Thomas.Rita.IOA July2013 PhoenixTraining.2.pdf
[2013/06/17 02:46:44 | 000,107,465 | ---- | M] () -- C:\Users\Rita Nicole\Desktop\Thomas.Erica.IOA July2013 PhoenixTrainingRegistration.pdf
[2013/06/17 02:41:25 | 000,107,746 | ---- | M] () -- C:\Users\Rita Nicole\Desktop\Thomas.Rita.IOA July2013 PhoenixTrainingRegistration.pdf
[2013/06/17 02:38:25 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/06/17 02:38:25 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/06/17 02:38:09 | 009,089,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/06/08 17:38:09 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/06/08 16:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/06/08 13:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/06/06 03:04:53 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/06/06 03:04:53 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/06/06 03:04:53 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/06/06 03:04:53 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/06/06 03:04:53 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/06/06 03:04:53 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/06/06 03:04:53 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/06/06 03:04:53 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/06/06 03:04:53 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/06/06 03:04:53 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/06/06 03:04:53 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/06/06 03:04:53 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/06/06 03:04:53 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/06/06 03:04:53 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/06/06 03:04:53 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/06/06 03:04:53 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/06/06 03:04:53 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/06/06 03:04:53 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/06/06 03:04:53 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/06/06 03:04:53 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/06/06 03:04:53 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/06/06 03:04:53 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/06/06 03:04:53 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/06/06 03:04:53 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/06/06 03:04:53 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/06/06 03:04:53 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/06/06 03:04:53 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/06/06 03:04:53 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/06/06 03:04:53 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/06/06 03:04:53 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/06/06 03:04:53 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/06/06 03:04:53 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/06/06 03:04:53 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/06/06 03:04:53 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/06/06 03:04:53 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/06/06 03:04:53 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/06/06 03:04:53 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/06/06 03:04:53 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/06/06 03:04:53 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/06/06 03:04:53 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/06/06 03:04:53 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/06/06 03:04:53 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/06/06 03:04:53 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/06/06 03:04:53 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/06/06 03:04:53 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/06/06 03:04:53 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/06/06 03:04:53 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/06/06 03:04:53 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/06/06 03:04:53 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/06/06 03:04:53 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/06/06 03:04:53 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/06/06 03:04:53 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/06/06 03:04:53 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/06/06 03:04:53 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/06/06 03:04:53 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/06/06 03:03:47 | 003,928,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013/06/06 03:03:47 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013/06/06 03:03:47 | 002,565,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013/06/06 03:03:47 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013/06/06 03:03:47 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013/06/06 03:03:47 | 001,643,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/06/06 03:03:47 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013/06/06 03:03:47 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013/06/06 03:03:47 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013/06/06 03:03:47 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013/06/06 03:03:47 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/06/06 03:03:47 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/06/06 03:03:47 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013/06/06 03:03:47 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013/06/06 03:03:47 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013/06/06 03:03:47 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013/06/06 03:03:47 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013/06/06 03:03:47 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013/06/06 03:03:47 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013/06/06 03:03:47 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013/06/06 03:03:47 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/06/06 03:03:47 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/06/06 03:03:47 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/06/06 03:03:47 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/06/06 03:03:47 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/06/06 03:03:47 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/06/06 03:03:47 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/06/06 03:03:47 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/06/06 03:03:47 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/06/06 03:03:47 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/06/06 03:03:47 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/06/06 03:03:47 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/06/06 03:03:47 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/06/06 03:03:47 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013/06/06 03:03:47 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/06/06 03:03:47 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/06/06 03:03:47 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/06/06 03:03:47 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2 C:\Users\Rita Nicole\Desktop\*.tmp files -> C:\Users\Rita Nicole\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/07/03 05:37:38 | 000,648,201 | ---- | C] () -- C:\Users\Rita Nicole\Desktop\AdwCleaner.exe
[2013/06/23 02:47:48 | 000,890,978 | ---- | C] () -- C:\Users\Rita Nicole\Desktop\SecurityCheck.exe
[2013/06/23 01:52:55 | 000,036,680 | ---- | C] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013/06/23 01:51:56 | 000,000,864 | ---- | C] () -- C:\Users\Rita Nicole\Desktop\mbar-1.06.0.1004.zip
[2013/06/17 02:46:44 | 000,107,465 | ---- | C] () -- C:\Users\Rita Nicole\Desktop\Thomas.Erica.IOA July2013 PhoenixTrainingRegistration.pdf
[2013/06/17 02:41:25 | 000,107,746 | ---- | C] () -- C:\Users\Rita Nicole\Desktop\Thomas.Rita.IOA July2013 PhoenixTrainingRegistration.pdf
[2013/06/17 02:37:37 | 000,391,797 | ---- | C] () -- C:\Users\Rita Nicole\Desktop\Thomas.Rita.IOA July2013 PhoenixTraining.2.pdf
[2013/06/08 17:38:09 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/06/06 03:04:53 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/06/06 03:04:53 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/11/27 00:36:41 | 000,004,416 | ---- | C] () -- C:\Windows\SysWow64\HideMyIpSRV.ini
[2012/11/27 00:36:41 | 000,002,664 | ---- | C] () -- C:\Windows\SysWow64\HideMyIpSRVOff.ini
[2012/08/09 07:39:25 | 000,081,920 | R--- | C] () -- C:\Windows\SysWow64\mvusbews.dll
[2012/08/07 23:20:48 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2012/04/27 01:31:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/27 01:31:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/27 01:31:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/27 01:31:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/27 01:31:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/02/14 23:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/09/13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/09/04 19:23:57 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/09/04 19:23:57 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD5240.DAT
[2011/05/17 16:49:16 | 000,021,504 | ---- | C] () -- C:\Users\Rita Nicole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/15 21:00:49 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/09/14 23:39:28 | 000,306,415 | ---- | C] () -- C:\Users\Rita Nicole\letter.pdf
[2010/09/14 19:14:48 | 000,036,581 | ---- | C] () -- C:\Users\Rita Nicole\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/08/26 23:59:53 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Link to post
Share on other sites
rnct3

rnct3

Posted
  • Author
Posted

OTL Extras logfile created on: 7/3/2013 6:00:09 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Rita Nicole\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.86 Gb Total Physical Memory | 4.18 Gb Available Physical Memory | 71.33% Memory free
11.73 Gb Paging File | 9.90 Gb Available in Paging File | 84.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 239.82 Gb Free Space | 53.17% Space Free | Partition Type: NTFS
 
Computer Name: RITANICOLE-PC | User Name: Rita Nicole | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05613960-6D04-4E51-B0C2-561D63C98C37}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{0859FF57-3BAC-4B0D-B0C6-71A025DCDA61}" = lport=49679 | protocol=6 | dir=in | name=akamai netsession interface |
"{09749C85-DB9A-41D9-9267-6C4F0470D6D8}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{0D979B2E-67EC-48B9-A378-6B170281D9D3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0FD630D7-DB4E-41F2-859E-F731CBEA4130}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2C3449EE-3D9A-464E-943F-DAD65F5EBA10}" = lport=445 | protocol=6 | dir=in | app=system |
"{315CC472-AC44-43E5-9B9C-EE30C71BAB13}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3C0F2B06-FF96-4F3A-BC10-6B6016203857}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3F6EFED3-B4E5-44A1-98FB-C52C27767664}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{42051ED3-B2F2-4ABE-888C-44E042C21E23}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{52A22ABE-512C-4312-B21F-CC0DBA2AAC9D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{640FA49D-995B-4A02-815D-216525F8E737}" = lport=139 | protocol=6 | dir=in | app=system |
"{6AD22838-E39D-4406-9723-17DD8FF68948}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{720CB6D9-F2C0-4F9A-A53E-497138982CCB}" = rport=445 | protocol=6 | dir=out | app=system |
"{77F1D73B-BEBD-47A0-9D31-823258560B49}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{84236F06-8402-415E-B9F1-22565AF26B08}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{87EE93A1-EB55-48C5-A87C-7F8CEFF3F5B0}" = rport=138 | protocol=17 | dir=out | app=system |
"{8AD379B0-8CBB-4FB1-A336-0B67667F0AEE}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{8B5AE864-0049-471E-9D64-B58B113AB066}" = lport=49160 | protocol=6 | dir=in | name=akamai netsession interface |
"{91BCA23A-D40C-4500-B9F7-EAFCCF7CC924}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{99538F47-A81F-4EA5-9674-1AE3D6BBD0AB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A843297F-7B6C-4CFC-A873-9EDB46D17A10}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A8CD0555-CBE4-49EA-871E-7D233D73129A}" = lport=138 | protocol=17 | dir=in | app=system |
"{B20D71E9-CA52-4601-B3D6-3B05795F684B}" = lport=137 | protocol=17 | dir=in | app=system |
"{B3B09637-1C33-4E25-9598-EE4CB6BA6782}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BAB51849-38FD-429D-B9A0-AB3DEFB849B8}" = lport=7000 | protocol=17 | dir=in | name=windows easy transfer udp port |
"{BE95571E-F1ED-488C-A926-19BFA344BC50}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{BF04AB20-5E25-4B0A-B7AC-439A938033F2}" = lport=7000 | protocol=6 | dir=in | name=windows easy transfer tcp port |
"{BFFAC155-C0DC-45AE-B6C7-8AE21AF389C1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C5016D4D-CA9C-4D8E-AADA-1C018557C698}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C94C00CD-D951-45D4-9CCA-BF5BD44E794C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DC96EAD5-888C-466B-815F-E70A546BDD7C}" = rport=139 | protocol=6 | dir=out | app=system |
"{DE3CDCD2-EC8F-4BBD-944C-26865607486B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{EA957601-555C-46EC-84E3-4AF36DF556F0}" = rport=137 | protocol=17 | dir=out | app=system |
"{F341BFBC-9D0F-4D45-AD20-B4D3C763AB95}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{F52A902B-26D9-441E-8181-41CF2815F74E}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{F97CC94B-6A58-4C12-91E2-F262EBD33DF2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FA1486C0-A2BE-4DF0-A9A3-7D6F7E8376F1}" = lport=2869 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04A62466-9BDA-4D4B-B78B-48573ECB88FF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{050598D3-559D-46E2-8206-29505ED0BA7E}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{129AE2F4-B431-4E31-898E-6D8342CD1D2C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{14821C1B-804E-47A6-9C4D-C6AEF527E46E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{1C701A13-F45D-4021-B42B-E44A175C30FB}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{1F89499E-22B9-4C3B-87DD-49A9B50B265C}" = dir=in | app=c:\program files (x86)\rosettastoneltdservices\rosettastonedaemon.exe |
"{21B878F4-0C90-4A6C-9B22-7E7BC26D3C22}" = protocol=6 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |
"{2CD978F7-F2E3-4897-A750-F1EBEDCA966B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2EAD71CF-C2A7-4303-81B3-C06B1DC5A794}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{3228DCE7-7999-4904-B0AD-7FE0A4B336E1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{376BA394-4235-4FAE-95C5-928B2777B729}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{42085E94-C4C7-48E6-88F2-5DD9EE96FAE3}" = protocol=6 | dir=out | app=c:\program files (x86)\rosettastoneltdservices\rosettastonedaemon.exe |
"{459E4330-D977-457D-BFA7-62EDBF34FD11}" = protocol=6 | dir=out | app=c:\program files (x86)\rosettastoneltdservices\rosettastoneltdservices.exe |
"{517B7712-37A5-443B-9EAF-05730ECE6823}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{53A2FBF2-9E31-4862-8EF6-20ABF5D71F72}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5AF3A28B-0387-40E6-9B06-B015E9E0A6FD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5B7D23F8-A7CF-45E3-95F9-A601FFBBB3B4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5CC298E0-8D2D-44D0-A167-EE98C5DF3B93}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6646C110-4322-4AF6-922E-CEEAE06E4231}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{6AE11876-E2D7-4F44-8BE9-98457546FD3B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{7BE7F97C-51E8-45F4-9E5C-6F39F92561EF}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{7D163C10-EFD1-4B0C-B352-1C413F643DCF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{818D6CFD-7509-4612-BA04-0613271F88DE}" = dir=in | app=c:\program files (x86)\rosettastoneltdservices\rosettastoneltdservices.exe |
"{81A33F67-8E4D-4357-B66C-9AC5919B890B}" = protocol=17 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |
"{86AB7B81-8131-419B-A917-4E8ADA7579AD}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{8ED2EC08-2A47-4F3D-A489-09D9295AB8BB}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{925BFB0F-824B-4616-B4AF-9F9D5E67AA67}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{926B00B9-0738-4263-8C9C-82366939550A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9648048C-D543-4767-A25F-AF413CDDEA2E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{96682E63-C70E-4357-B4B0-80DA5293FAB6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B185B68C-8781-4CAD-8F83-FAB7D103DC84}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B3527E84-DF2E-4921-A9AA-5B96C24519AB}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe |
"{B7E255B7-C273-4C07-A9F9-BBFB7774AB35}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BD28A9FF-FD0A-47AC-A362-9C8C388E1650}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C727E3B6-38CB-4CAD-8872-B05B5DAE21AA}" = protocol=6 | dir=out | app=system |
"{C846DA7D-5A2A-4CF3-AFD3-1FC495BA5EAB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{C8CE0B61-9084-458C-B2EE-408130D1D9D0}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{CAA889FC-33C8-4466-8D8C-4F4673B75C58}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{CB4F6FEC-6833-4C9B-A59E-FD7BB191BA27}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D0188878-AF35-4544-9292-6475786DBE0C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D1F42302-0A8C-4E04-89AC-EFDD64AB5103}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DBF17FA4-58E7-4ABF-807B-2D5C2354FA2B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DF73E0C2-7B1A-4CBA-BF8E-D1C0AE407F26}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E6116AA9-0CB4-4280-B2C1-02621BE80581}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{E959D121-7879-4B79-8659-30986A0DB83F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EA8DF0EA-16DD-4968-B89B-A67CA8A8E981}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{F19DD231-0765-4E98-8E1F-7412BE8FE088}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{37E88C41-A02B-40DD-94D2-67B3583F6B18}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{50CE042C-230E-44AA-8D44-D026F2768D58}C:\users\rita nicole\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\rita nicole\appdata\local\akamai\netsession_win.exe |
"TCP Query User{7345D348-6D38-45B9-B3BA-DB65226BFCE6}C:\users\rita nicole\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\rita nicole\appdata\local\akamai\netsession_win.exe |
"TCP Query User{747CE8AD-7E27-4B7A-911C-E70A9456757B}C:\users\rita nicole\appdata\roaming\cuuqx\ruidq.exe" = protocol=6 | dir=in | app=c:\users\rita nicole\appdata\roaming\cuuqx\ruidq.exe |
"TCP Query User{8F506C36-E3F1-42AC-9EAD-DEC3F0CB3F51}C:\users\rita nicole\appdata\roaming\cuuqx\ruidq.exe" = protocol=6 | dir=in | app=c:\users\rita nicole\appdata\roaming\cuuqx\ruidq.exe |
"UDP Query User{6AB23E7D-CA9B-4F41-BA86-847FD6C96CD0}C:\users\rita nicole\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\rita nicole\appdata\local\akamai\netsession_win.exe |
"UDP Query User{6B2FC588-CE67-44C2-BB88-1772FEE67038}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{A15D3AF7-BFD9-449C-9B00-4BDC2DA2B450}C:\users\rita nicole\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\rita nicole\appdata\local\akamai\netsession_win.exe |
"UDP Query User{AF59DC1E-23D4-42A1-947D-DA17129D0535}C:\users\rita nicole\appdata\roaming\cuuqx\ruidq.exe" = protocol=17 | dir=in | app=c:\users\rita nicole\appdata\roaming\cuuqx\ruidq.exe |
"UDP Query User{B0758168-7BC8-4812-89CA-FBA1E07F4FDB}C:\users\rita nicole\appdata\roaming\cuuqx\ruidq.exe" = protocol=17 | dir=in | app=c:\users\rita nicole\appdata\roaming\cuuqx\ruidq.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0611B3CC-B5DB-4B93-ACE4-97B8F938E6B7}" = 64 Bit HP CIO Components Installer
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java 6 Update 20 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel® Turbo Boost Technology Monitor
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5F352F3C-160B-713A-A031-18293EC4CA5A}" = AMD Media Foundation Decoders
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{704C0303-D20C-45AF-BD2B-556EAF31BE09}" = iCloud
"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
"{78E9970B-4395-61A6-B912-1CC406174773}" = AMD Catalyst Install Manager
"{7A80B61A-72A1-7800-C4B0-855F056243DA}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F12D74-C53F-6276-73CB-851E73482270}" = AMD Drag and Drop Transcoding
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A9B1C6B6-CCB9-4211-842A-BA2870F987A8}" = Sperry Software - Auto Print (x64)
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C4171DD9-EED6-2613-312A-FC8E168E7C3B}" = AMD Accelerated Video Transcoding
"{C7E6313A-995E-D994-3998-2BA6752EE49C}" = ccc-utility64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"DW WLAN Card Utility" = DW WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PC-Doctor for Windows" = Dell Support Center
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02561BD9-F241-082A-02BA-E5782242F13D}" = CCC Help English
"{02EF3AFA-CC2F-4907-8A85-1FE3BF9C0ED2}_is1" = Flash and Pics Control
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05DCB19F-234A-7E88-522D-4C90F3D501EE}" = CCC Help Chinese Standard
"{0825DB8F-54A6-1964-3E8E-D9548777447E}" = CCC Help Greek
"{086326C7-7425-AEC1-E987-A2BB363A6D6B}" = CCC Help Portuguese
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A4EA26D-4C36-4B75-9759-48F14DE34C86}" = Polar WebSync
"{0AF3986A-29E2-42C8-9CF2-6E1931038CFE}" = CCC Help French
"{0B0116D6-60DD-9DDB-39A3-B9E82EB82FFA}" = CCC Help Finnish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6F13C8-83EE-5B1E-AFA2-D048118F8E17}" = CCC Help Swedish
"{0DE301AD-CAD4-EECF-DF0C-4A394776D855}" = Catalyst Control Center Graphics Previews Common
"{0E448256-D515-4C3E-A5BE-0A7B76CED5D4}" = hppM1130M1210SeriesLaserJetService
"{0E6C5F7C-42A0-EBD5-50AD-441CA56474AD}" = CCC Help Korean
"{0E9E7F27-15EA-C664-796F-BF0B51FAA8D2}" = CCC Help Danish
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1204BC47-3822-B05A-ED32-987F3653A954}" = Catalyst Control Center Graphics Previews Common
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{1577F264-A7FC-5A53-823B-D1EDF32D611D}" = CCC Help Japanese
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{245B8890-054E-4D86-6350-74927EB60DD9}" = Catalyst Control Center Graphics Previews Vista
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java 6 Update 33
"{26C5D4C6-E7EC-64B2-E119-549D9B271820}" = CCC Help Turkish
"{28241D8C-C149-57A3-9659-6C1C2F3588C5}" = CCC Help Czech
"{2863C12B-2A02-4258-8495-6220605B2E5C}_is1" = Tether 1.1.0.6
"{29F6BF0C-3D0E-4480-8B55-85EDECE418FF}" = BlackBerry Device Software Updater
"{30049C5C-B801-07DA-AA92-675724314687}" = CCC Help Danish
"{3165E4A6-D5DE-46B0-8597-D55E2B826B84}" = Rosetta Stone Ltd Services
"{32C09AEA-BCAE-4595-0A9E-1DA30A0CA936}" = CCC Help English
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{377A97B7-B054-409A-9C86-CB5B4CC5BABB}" = WebSlingPlayer ActiveX
"{38663438-2F39-2AB7-2059-85C9631613BD}" = CCC Help Chinese Standard
"{3880E12E-99E8-0191-B947-498F87E360E1}" = CCC Help Korean
"{3C8BD1B0-5E91-573D-A5F5-B80430D30436}" = CCC Help Spanish
"{4026AEE5-528D-72E8-9A23-C51C7EBCB124}" = CCC Help Norwegian
"{40F4FF7A-B214-4453-B973-080B09CED019}" = LoJack Factory Installer
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A53FD97-3EAA-0667-F8D3-E738C0E36C43}" = Catalyst Control Center Graphics Full Existing
"{4B8FD0B6-CFC9-E468-357C-E6EAA83EE2EB}" = CCC Help German
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4FA22A9D-EA4D-B9EC-20D3-138DCED75D9A}" = Catalyst Control Center InstallProxy
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{521DE3E0-AD03-8E3D-8207-C53F515F940F}" = Skins
"{53A5DF5E-E0B2-64D7-9908-500B590B0C7F}" = CCC Help Polish
"{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"{59C45031-B4B1-EAA3-01B3-23FF59A1DDB5}" = CCC Help Thai
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5FAD81FB-FB4B-9AAD-BD6B-5F9CEFAF3BD6}" = CCC Help German
"{5FF15491-B82B-946B-29B0-43BF4DEB92F5}" = CCC Help Italian
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B6BC189-D606-4BC7-9758-E6C364F76A55}" = Rosetta Stone TOTALe
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E015CC-52DA-4536-AF0C-C643BA1E45FB}" = Catalyst Control Center - Branding
"{72E8555C-9468-F3FA-CEDA-2A05E0C339D7}" = ccc-core-static
"{734892CE-38E8-53E5-CEBB-6931F15C3484}" = CCC Help Spanish
"{73A0F8AC-61F6-4C86-D448-7EB8C066A0F3}" = CCC Help French
"{75430901-2556-AAAF-C31A-CB35BEE5DB71}" = CCC Help Hungarian
"{7616111A-EB1D-40A0-BD90-B8F7697F2C33}" = Acrobat.com Add-in for Microsoft Outlook
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{7C2B745A-E7F1-41F1-B9BB-3DDB8D52E4CE}" = Readiris Pro 11
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8314F0F7-2E1F-BAFE-E734-F481988D5631}" = Catalyst Control Center Localization All
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8651BEDC-F331-8263-B856-696194F55B9A}" = CCC Help Russian
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = Accelerometer
"{8D4F1C64-4E17-9532-E0DC-A08E2A7A7502}" = CCC Help Chinese Traditional
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DE03F6E-FCD2-4497-A8FF-F6C4430618B6}" = BlackBerry App World Browser Plugin
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{98A4C42E-D767-9B07-B373-7A9BC03B821A}" = CCC Help Dutch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAED519-EDA3-AC00-753A-BA40707CFDD2}" = Catalyst Control Center Graphics Light
"{9FD17B01-2356-455D-5397-1BED89DFA07F}" = CCC Help Dutch
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A6E593E1-D1B1-4468-E17C-FA51458F108F}" = CCC Help Swedish
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-1033-0000-7760-000000000005}" = Adobe Acrobat X Pro
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE2E0F4A-E08F-4A15-B4DC-D8FC9CEFF9C7}" = Online Plug-in
"{B04E62F2-6EDA-71F5-8F4B-EF40E5222A6E}" = CCC Help Japanese
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B99D0CFD-2C04-4E86-9B71-124D46010766}" = Polar Daemon
"{BB87040F-C72D-69D8-356B-F7ABE8FD792E}" = CCC Help Portuguese
"{BD4D0EE6-979E-F0F0-8924-6A400383ED9F}" = CCC Help Finnish
"{BE5B0450-DCCB-4FE9-93E2-3B38D88A745B}" = BlackBerry Desktop Software 7.1
"{C444E209-9D73-4106-EEEA-7A940E6B9063}" = CCC Help Russian
"{C4625A3D-F9A3-D5F4-F60F-2BB24DCC1C01}" = Catalyst Control Center
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C71F7817-955A-370D-FF5F-8F569C62DC5A}" = Catalyst Control Center Graphics Full New
"{C7F33D4B-AA58-8240-65F6-27F6583B21F0}" = Catalyst Control Center Core Implementation
"{C9CF43F4-CFFA-629E-C2EF-D5F330D593F4}" = Catalyst Control Center InstallProxy
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CDC08463-9303-4BF1-BF8C-E1A2ECEE3248}" = Adobe Creative Suite 5 Web Premium
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}" = hppLaserJetService
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA6CC3A5-1F5B-4068-8BFF-C597BB6B8158}" = hppusgM1130M1210Series
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DFDDBC6C-54F0-A526-40C5-E3DC41BD4098}" = CCC Help Italian
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E19490CD-5380-4F37-B0A7-624D635605DC}" = Catalyst Control Center - Branding
"{E5019BBE-7737-5D07-5639-A258B3F0F248}" = CCC Help Chinese Traditional
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F06119B1-23C6-8EB7-D8B9-1EDBAC8B254A}" = Catalyst Control Center Localization All
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F9FD130E-2CE2-B7AE-33B9-8F3D275EA6A4}" = CCC Help Norwegian
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF841249-0D6B-41D7-8013-953EE3A33263}" = hppQFolderCM2320
"7-Zip" = 7-Zip 9.16 beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Akamai" = Akamai NetSession Interface Service
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
"AviSynth" = AviSynth 2.5
"BlackBerry_Desktop" = BlackBerry Desktop Software 7.1
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Dell Webcam Central" = Dell Webcam Central
"DivX Setup" = DivX Setup
"ffdshow_is1" = ffdshow [rev 2583] [2009-01-05]
"Free RAR Extract Frog" = Free RAR Extract Frog
"HaaliMkx" = Haali Media Splitter
"HMA! Pro VPN" = HMA! Pro VPN 2.6.9
"HMIP50_is1" = Hide My IP 5.4
"InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Origin" = Origin
"PowerISO" = PowerISO
"Texas Collections Manual 20101.5" = Texas Collections Manual 2010
"uTorrent" = µTorrent
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Software Update" = Yahoo! Software Update
"YTdetect" = Yahoo! Detect
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-121882709-412351183-818571276-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"optimizer_ie" = Widevine Media Optimizer IE 6.0.0
 
========== Last 20 Event Log Errors ==========
 
[ Broadcom Wireless LAN Events ]
Error - 6/28/2013 11:56:57 PM | Computer Name = RitaNicole-PC | Source = WLAN-Tray | ID = 0
Description = 05:56:57, Sat, Jun 29, 13 Error - Unable to gain access to user store

 
 
< End of report >

Link to post
Share on other sites
  • 2 weeks later...
rnct3

rnct3

Posted
  • Author
Posted

C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O2M2H0A7\afr[4].htm HTML/Iframe.B.Gen virus 
C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O2M2H0A7\afr[5].htm HTML/Iframe.B.Gen virus 
C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O2M2H0A7\afr[6].htm HTML/Iframe.B.Gen virus 
C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q83ZV0EH\channel-reward-central_com[1].htm HTML/Fraud.BG trojan 
C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RHD181CX\afr[2].htm HTML/Iframe.B.Gen virus 
C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WG32QT48\afr[1].htm HTML/Iframe.B.Gen virus 
C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WG32QT48\neostrata[1].htm JS/Iframe.CV trojan 
C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XI0HQO81\afr[1].htm HTML/Iframe.B.Gen virus 
C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XI0HQO81\afr[2].htm HTML/Iframe.B.Gen virus 
C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XI0HQO81\afr[3].htm HTML/Iframe.B.Gen virus 
C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTTH6MTX\afr[2].htm HTML/Iframe.B.Gen virus 
C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTTH6MTX\afr[3].htm HTML/Iframe.B.Gen virus 
C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTTH6MTX\afr[4].htm HTML/Iframe.B.Gen virus 
C:\Users\Rita Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTTH6MTX\afr[5].htm HTML/Iframe.B.Gen virus 
C:\Users\Rita Nicole\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\5f4b043d-565cdced Java/Exploit.CVE-2012-1723.DZ trojan 
 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.