Trojan.Zaccess - Zero Access infection

ScottRT · August 17, 2013

Hi,

Been working this for a while, but can't get rid of this root kit. Dang thing even deletes the txt files from my desktop!

Pasted files below:

Thanks!

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 6/15/2010 7:25:32 PM

System Uptime: 8/17/2013 1:21:39 PM (0 hours ago)

.

Motherboard: DELL Inc. | | 0X501H

Processor: Intel® Core i7 CPU 920 @ 2.67GHz | CPU 1 | 2668/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 585 GiB total, 435.797 GiB free.

D: is CDROM ()

E: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP283: 8/13/2013 6:41:30 AM - Malwarebytes Anti-Rootkit Restore Point

RP284: 8/13/2013 6:50:20 PM - Removed iTunes

RP285: 8/13/2013 6:58:07 PM - Removed Apple Application Support

RP286: 8/13/2013 7:00:30 PM - Removed Apple Mobile Device Support

RP287: 8/13/2013 7:03:52 PM - Windows Update

RP288: 8/13/2013 8:41:05 PM - Malwarebytes Anti-Rootkit Restore Point

RP289: 8/14/2013 4:50:30 AM - Malwarebytes Anti-Rootkit Restore Point

RP290: 8/17/2013 7:26:33 AM - Windows Update

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.7)

Adobe Shockwave Player 11.5

Avanquest update

Canon MF Toolbox 4.9.1.1.mf07

Canon MF4360-4390

CCleaner

Crystal Reports for .NET Framework 2.0 (x86)

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell Edoc Viewer

DirectXInstallService

EMC 10 Content

EMCGadgets64

EZReader6

EZWrapper

GoToAssist 8.0.0.514

HD Writer AE 3.0

Intel® Matrix Storage Manager

Java Auto Updater

Java 6 Update 18 (64-bit)

Java 6 Update 35

Junk Mail filter update

Malwarebytes Anti-Malware version 1.75.0.1300

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Business 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft SQL Server Compact 3.5 SP2 x64 ENU

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Monitor Webcam (SP2208WFP) Driver (1.00.08.0720)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB2758694)

MSXML 4.0 SP3 Parser (KB973685)

My Dell

NVIDIA Drivers

NVIDIA HD Audio Driver 1.3.18.0

NVIDIA Install Application

PowerDVD DX

QB Connection Diagnostic Tool

QuickBooks

QuickBooks Pro 2011

QuickTime

Realtek High Definition Audio Driver

RealUpgrade 1.1

Roxio Activation Module

Roxio BackOnTrack

Roxio Central Audio

Roxio Central Copy

Roxio Central Core

Roxio Central Data

Roxio Central Tools

Roxio Easy CD and DVD Burning

Roxio Express Labeler 3

Roxio File Backup

Roxio Update Manager

Safari

Samsung Mobile phone USB driver Drive Software

ScanSoft OmniPage SE 4

SDIComplete

SDWrapper

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition

Shared C Run-time for x64

Sonic CinePlayer Decoder Pack

SupportSoft Assisted Service

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

VD64Inst

VTech Download Agent Library

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live OneCare safety scanner

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Mobile Device Center

.

==== Event Viewer Messages From Past Week ========

.

8/17/2013 1:22:45 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

8/17/2013 1:22:13 PM, Error: Service Control Manager [7034] - The McAfee Application Installer Cleanup (0098141376356052) service terminated unexpectedly. It has done this 1 time(s).

8/17/2013 1:22:01 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: RxFilter StarOpen

8/17/2013 1:22:00 PM, Error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the file specified.

8/17/2013 1:21:46 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\StarOpen.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

8/14/2013 4:57:38 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss RxFilter spldr StarOpen tdx Wanarpv6 WfpLwf

8/14/2013 4:57:35 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/14/2013 4:57:35 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

8/14/2013 4:57:35 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

8/14/2013 4:57:35 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

8/14/2013 4:57:35 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

8/14/2013 4:57:35 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

8/14/2013 4:57:35 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/14/2013 4:57:35 AM, Error: Service Control Manager [7001] - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error: A device attached to the system is not functioning.

8/14/2013 4:57:35 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/14/2013 4:57:35 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

8/14/2013 4:57:35 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

8/14/2013 4:57:35 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

8/13/2013 8:50:51 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for DeleteFlag with the following error: Access is denied.

8/13/2013 8:27:53 PM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.

8/13/2013 7:55:25 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.

8/13/2013 7:14:27 PM, Error: Service Control Manager [7000] - The Dock Login Service service failed to start due to the following error: The system cannot find the file specified.

8/13/2013 6:59:59 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.

8/13/2013 6:59:59 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

8/12/2013 9:56:02 PM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: 2.1.9700.0 Engine Type: Network Inspection System User: Rikki-PC\Scott Error Code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

8/12/2013 9:56:02 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 106.0.0.0 Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: Rikki-PC\Scott Current Engine Version: Previous Engine Version: 2.1.9700.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

8/12/2013 9:54:59 PM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: 2.1.9700.0 Engine Type: Network Inspection System User: Rikki-PC\Scott Error Code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

8/12/2013 9:54:59 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 106.0.0.0 Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: Rikki-PC\Scott Current Engine Version: Previous Engine Version: 2.1.9700.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

8/12/2013 9:07:10 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft Security Essentials - KB2805304.

8/12/2013 9:04:36 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 106.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 2.1.9700.0 Error code: 0x80070714 Error description: The specified image file did not contain a resource section.

8/12/2013 9:04:36 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.155.2105.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9700.0 Error code: 0x80070714 Error description: The specified image file did not contain a resource section.

8/12/2013 9:04:24 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.155.2105.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9700.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.

8/12/2013 9:04:24 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.155.2105.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9700.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.

8/12/2013 9:02:32 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

8/12/2013 9:02:32 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

8/12/2013 9:02:14 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

8/12/2013 9:02:14 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

8/12/2013 7:09:23 PM, Error: Service Control Manager [7000] - The Security Center service failed to start due to the following error: A required privilege is not held by the client.

8/12/2013 7:09:20 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error: The service start failed since one or more services in the same process have an incompatible service SID type setting. A service with restricted service SID type can only coexist in the same process with other services with a restricted SID type. If the service SID type for this service was just configured, the hosting process must be restarted in order to start this service.

8/12/2013 7:09:20 PM, Error: Service Control Manager [7000] - The Base Filtering Engine service failed to start due to the following error: The service start failed since one or more services in the same process have an incompatible service SID type setting. A service with restricted service SID type can only coexist in the same process with other services with a restricted SID type. If the service SID type for this service was just configured, the hosting process must be restarted in order to start this service.

8/12/2013 7:09:15 PM, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error: The service start failed since one or more services in the same process have an incompatible service SID type setting. A service with restricted service SID type can only coexist in the same process with other services with a restricted SID type. If the service SID type for this service was just configured, the hosting process must be restarted in order to start this service.

8/12/2013 6:43:39 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

8/12/2013 6:43:39 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

8/12/2013 6:42:47 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

8/12/2013 6:42:46 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

8/12/2013 6:42:45 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

8/12/2013 5:48:24 PM, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.

8/12/2013 10:03:43 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: Not enough storage is available to complete this operation.

8/12/2013 10:03:43 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: Not enough storage is available to complete this operation.

.

==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16660

Run by CVWS at 13:49:51 on 2013-08-17

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.5876 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe

C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe

C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

C:\Windows\OEM05Mon.exe

C:\Program Files (x86)\Intuit\QuickBooks 2008\QBW32.EXE

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\SearchIndexer.exe

C:\Users\Scott\AppData\Local\Intuit\SyncManager\Current\IntuitSyncManager.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe

C:\Program Files (x86)\Safari\Safari.exe

C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe,

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun: [OEM05Mon.exe] C:\Windows\OEM05Mon.exe

mRun: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRunOnce: [ (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes' Anti-Malware (portable)\cleanup.dll",ProcessCleanupScript "C:\ProgramData\Malwarebytes' Anti-Malware (portable)"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HDWRIT~1.LNK - C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2008\QBW32.EXE

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

TCP: NameServer = 192.168.2.1

TCP: Interfaces\{06A868B5-B0B4-40C8-9A0D-5AAB485034EA} : DHCPNameServer = 192.168.2.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe

x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe

x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - <orphaned>

x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-6-10 55856]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-16 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-16 701512]

R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 139616]

R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-6-30 1248256]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-6-9 1692480]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-11-27 25928]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-6-20 366600]

R3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;C:\Windows\System32\drivers\OEM05Afx.sys [2007-6-8 212864]

R3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;C:\Windows\System32\drivers\OEM05Vfx.sys [2007-3-5 12288]

R3 OEM05Vid;Creative Camera OEM005 Driver;C:\Windows\System32\drivers\OEM05Vid.sys [2007-7-20 266720]

R3 QuickBooksDB21;QuickBooksDB21;C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB21 --> C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB21 [?]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-6-10 216064]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-10 215040]

R3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\System32\drivers\seehcri.sys [2010-6-15 34032]

S2 0098141376356052mcinstcleanup;McAfee Application Installer Cleanup (0098141376356052);C:\Users\Scott\AppData\Local\Temp\009814~1.EXE -cleanup -nolog --> C:\Users\Scott\AppData\Local\Temp\009814~1.EXE -cleanup -nolog [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-6-10 48488]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]

S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2013-8-17 36680]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-8-12 19456]

S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]

S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);C:\Windows\System32\drivers\s1018bus.sys [2010-6-15 113704]

S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;C:\Windows\System32\drivers\s1018mdfl.sys [2010-6-15 19496]

S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;C:\Windows\System32\drivers\s1018mdm.sys [2010-6-15 152616]

S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);C:\Windows\System32\drivers\s1018mgmt.sys [2010-6-15 132648]

S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);C:\Windows\System32\drivers\s1018nd5.sys [2010-6-15 34856]

S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;C:\Windows\System32\drivers\s1018obex.sys [2010-6-15 128552]

S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);C:\Windows\System32\drivers\s1018unic.sys [2010-6-15 145960]

S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.sys [2010-7-7 16448]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-8-12 57856]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-15 1255736]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2013-08-17 20:14:06 -------- d-----w- C:\FRST

2013-08-17 18:50:09 36680 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

2013-08-17 14:28:09 9460976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0C438286-D748-440D-A135-21D18E6C7101}\mpengine.dll

2013-08-16 13:48:05 9460976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-08-14 11:43:14 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-08-14 03:23:17 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-08-14 02:49:06 -------- d-----w- C:\Windows\pss

2013-08-14 01:58:56 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL

2013-08-14 01:57:55 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-08-14 01:53:45 -------- d-----w- C:\Users\CVWS\AppData\Local\Apple Computer

2013-08-13 04:04:31 941720 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2013-08-13 04:04:31 941720 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C0FB82F4-9E23-4852-AA37-FBAA25C7AE14}\gapaengine.dll

2013-08-13 04:00:45 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2013-08-13 04:00:42 -------- d-----w- C:\Program Files\Microsoft Security Client

2013-08-13 01:26:07 -------- d-s---w- C:\Windows\SysWow64\Microsoft

2013-08-13 00:40:39 -------- d-----w- C:\Users\CVWS\AppData\Local\Intuit

2013-08-08 02:10:28 934912 ----a-w- C:\ProgramData\Microsoft\Windows\Templates\VTechUninstall\QtNetwork4.dll

2013-08-08 02:10:28 7826432 ----a-w- C:\ProgramData\Microsoft\Windows\Templates\VTechUninstall\QtGui4.dll

2013-08-08 02:10:28 434112 ----a-w- C:\ProgramData\Microsoft\Windows\Templates\VTechUninstall\UninstallWizard.exe

2013-08-08 02:10:28 335360 ----a-w- C:\ProgramData\Microsoft\Windows\Templates\VTechUninstall\QtXml4.dll

2013-08-08 02:10:28 268800 ----a-w- C:\ProgramData\Microsoft\Windows\Templates\VTechUninstall\QtSvg4.dll

2013-08-08 02:10:28 2150400 ----a-w- C:\ProgramData\Microsoft\Windows\Templates\VTechUninstall\QtCore4.dll

2013-08-08 02:10:28 185800 ----a-w- C:\ProgramData\Microsoft\Windows\Templates\VTechUninstall\ProductExtend.exe

2013-07-26 21:34:37 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2013-07-26 21:34:11 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-07-26 21:30:51 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll

2013-07-26 21:30:51 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll

2013-07-26 21:30:51 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll

2013-07-26 21:30:51 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll

2013-07-26 21:30:51 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll

2013-07-22 04:26:08 -------- d-----w- C:\Windows\System32\MRT

.

==================== Find3M ====================

.

2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll

2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL

2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll

2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll

2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll

2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll

2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll

2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll

2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll

2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll

2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll

2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll

2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-06-19 04:50:08 247216 ----a-w- C:\Windows\System32\drivers\MpFilter.sys

2013-06-19 04:50:08 139616 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys

2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys

2013-06-12 14:25:09 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-06-12 14:25:09 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll

2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll

.

============= FINISH: 13:50:00.44 ===============

D-FRED-BROWN · August 17, 2013

Hello ScottRT and welcome to Malwarebytes!

I am D-FRED-BROWN and I will be helping you.

Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.

----------Step 1----------------

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.
If TDSSKiller does not run, try renaming it.
To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
Click the Start Scan button.
Do not use the computer during the scan
If the scan completes with nothing found, click Close to exit.
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
Copy and paste the contents of that file in your next reply.

----------Step 2----------------

Please download Malwarebytes Anti-Rootkit from HERE

Unzip the contents to a folder in a convenient location.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

----------Step 3----------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

----------Step 4----------------

Please download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 5----------------

In your next reply, please include the following:

TDSSKiller's logfile
MBAR mbar-log.txt and system-log.txt
ComboFix's report (C:\ComboFix.txt)
Security Check checkup.txt

After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"

-------> Your topic will be closed if you haven't replied within 3 days! <--------

(If I don't respond within 24 hours, please send me a PM)

-DFB

ScottRT · August 17, 2013

Thanks D-Fred, here is the TDSSKiller file

---------------

14:02:26.0845 0x09d8 TDSS rootkit removing tool 2.9.2.0 Aug 15 2013 16:44:29

14:02:27.0594 0x09d8 ============================================================

14:02:27.0594 0x09d8 Current date / time: 2013/08/17 14:02:27.0594

14:02:27.0594 0x09d8 SystemInfo:

14:02:27.0594 0x09d8

14:02:27.0594 0x09d8 OS Version: 6.1.7601 ServicePack: 1.0

14:02:27.0594 0x09d8 Product type: Workstation

14:02:27.0594 0x09d8 ComputerName: RIKKI-PC

14:02:27.0594 0x09d8 UserName: CVWS

14:02:27.0594 0x09d8 Windows directory: C:\Windows

14:02:27.0594 0x09d8 System windows directory: C:\Windows

14:02:27.0594 0x09d8 Running under WOW64

14:02:27.0594 0x09d8 Processor architecture: Intel x64

14:02:27.0594 0x09d8 Number of processors: 8

14:02:27.0594 0x09d8 Page size: 0x1000

14:02:27.0594 0x09d8 Boot type: Normal boot

14:02:27.0594 0x09d8 ============================================================

14:02:28.0623 0x09d8 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

14:02:28.0639 0x09d8 Drive \Device\Harddisk1\DR1 - Size: 0xF0300000 (3.75 Gb), SectorSize: 0x200, Cylinders: 0x1E9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

14:02:28.0655 0x09d8 ============================================================

14:02:28.0655 0x09d8 \Device\Harddisk0\DR0:

14:02:28.0655 0x09d8 MBR partitions:

14:02:28.0655 0x09d8 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x15C3000

14:02:28.0655 0x09d8 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x15D7000, BlocksNum 0x49280800

14:02:28.0655 0x09d8 \Device\Harddisk1\DR1:

14:02:28.0655 0x09d8 MBR partitions:

14:02:28.0655 0x09d8 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x77F880

14:02:28.0655 0x09d8 ============================================================

14:02:28.0686 0x09d8 C: <-> \Device\Harddisk0\DR0\Partition2

14:02:28.0686 0x09d8 ============================================================

14:02:28.0686 0x09d8 Initialize success

14:02:28.0686 0x09d8 ============================================================

14:03:06.0953 0x1d0c ============================================================

14:03:06.0953 0x1d0c Scan started

14:03:06.0953 0x1d0c Mode: Manual;

14:03:06.0953 0x1d0c ============================================================

14:03:07.0093 0x1d0c ================ Scan system memory ========================

14:03:07.0093 0x1d0c System memory - ok

14:03:07.0093 0x1d0c ================ Scan services =============================

14:03:07.0265 0x1d0c 0098141376356052mcinstcleanup - ok

14:03:07.0389 0x1d0c [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

14:03:07.0389 0x1d0c 1394ohci - ok

14:03:07.0436 0x1d0c [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

14:03:07.0436 0x1d0c ACPI - ok

14:03:07.0467 0x1d0c [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

14:03:07.0467 0x1d0c AcpiPmi - ok

14:03:07.0577 0x1d0c [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

14:03:07.0577 0x1d0c AdobeARMservice - ok

14:03:07.0670 0x1d0c [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

14:03:07.0670 0x1d0c AdobeFlashPlayerUpdateSvc - ok

14:03:07.0717 0x1d0c [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

14:03:07.0717 0x1d0c adp94xx - ok

14:03:07.0733 0x1d0c [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

14:03:07.0733 0x1d0c adpahci - ok

14:03:07.0748 0x1d0c [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

14:03:07.0748 0x1d0c adpu320 - ok

14:03:07.0764 0x1d0c [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

14:03:07.0764 0x1d0c AeLookupSvc - ok

14:03:07.0826 0x1d0c [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

14:03:07.0826 0x1d0c AFD - ok

14:03:07.0873 0x1d0c [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

14:03:07.0873 0x1d0c agp440 - ok

14:03:07.0889 0x1d0c [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

14:03:07.0889 0x1d0c ALG - ok

14:03:07.0904 0x1d0c [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

14:03:07.0904 0x1d0c aliide - ok

14:03:07.0920 0x1d0c [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

14:03:07.0920 0x1d0c amdide - ok

14:03:07.0935 0x1d0c [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

14:03:07.0935 0x1d0c AmdK8 - ok

14:03:07.0951 0x1d0c [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

14:03:07.0951 0x1d0c AmdPPM - ok

14:03:07.0967 0x1d0c [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

14:03:07.0967 0x1d0c amdsata - ok

14:03:08.0013 0x1d0c [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

14:03:08.0013 0x1d0c amdsbs - ok

14:03:08.0013 0x1d0c [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

14:03:08.0013 0x1d0c amdxata - ok

14:03:08.0045 0x1d0c [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

14:03:08.0045 0x1d0c AppID - ok

14:03:08.0076 0x1d0c [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

14:03:08.0076 0x1d0c AppIDSvc - ok

14:03:08.0107 0x1d0c [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll

14:03:08.0107 0x1d0c Appinfo - ok

14:03:08.0123 0x1d0c [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

14:03:08.0123 0x1d0c arc - ok

14:03:08.0138 0x1d0c [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

14:03:08.0138 0x1d0c arcsas - ok

14:03:08.0169 0x1d0c [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

14:03:08.0169 0x1d0c AsyncMac - ok

14:03:08.0169 0x1d0c [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

14:03:08.0169 0x1d0c atapi - ok

14:03:08.0216 0x1d0c [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

14:03:08.0232 0x1d0c AudioEndpointBuilder - ok

14:03:08.0232 0x1d0c [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

14:03:08.0247 0x1d0c AudioSrv - ok

14:03:08.0279 0x1d0c [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

14:03:08.0279 0x1d0c AxInstSV - ok

14:03:08.0294 0x1d0c [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

14:03:08.0294 0x1d0c b06bdrv - ok

14:03:08.0325 0x1d0c [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

14:03:08.0325 0x1d0c b57nd60a - ok

14:03:08.0341 0x1d0c [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

14:03:08.0341 0x1d0c BDESVC - ok

14:03:08.0357 0x1d0c [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

14:03:08.0357 0x1d0c Beep - ok

14:03:08.0419 0x1d0c [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

14:03:08.0419 0x1d0c BFE - ok

14:03:08.0450 0x1d0c [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

14:03:08.0466 0x1d0c BITS - ok

14:03:08.0481 0x1d0c [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

14:03:08.0481 0x1d0c blbdrive - ok

14:03:08.0513 0x1d0c [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

14:03:08.0513 0x1d0c bowser - ok

14:03:08.0528 0x1d0c [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

14:03:08.0528 0x1d0c BrFiltLo - ok

14:03:08.0528 0x1d0c [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

14:03:08.0528 0x1d0c BrFiltUp - ok

14:03:08.0575 0x1d0c [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

14:03:08.0575 0x1d0c Browser - ok

14:03:08.0591 0x1d0c [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

14:03:08.0591 0x1d0c Brserid - ok

14:03:08.0591 0x1d0c [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

14:03:08.0591 0x1d0c BrSerWdm - ok

14:03:08.0606 0x1d0c [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

14:03:08.0606 0x1d0c BrUsbMdm - ok

14:03:08.0606 0x1d0c [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

14:03:08.0606 0x1d0c BrUsbSer - ok

14:03:08.0637 0x1d0c [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

14:03:08.0637 0x1d0c BTHMODEM - ok

14:03:08.0653 0x1d0c [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

14:03:08.0653 0x1d0c bthserv - ok

14:03:08.0669 0x1d0c [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

14:03:08.0669 0x1d0c cdfs - ok

14:03:08.0700 0x1d0c [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

14:03:08.0700 0x1d0c cdrom - ok

14:03:08.0747 0x1d0c [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

14:03:08.0747 0x1d0c CertPropSvc - ok

14:03:08.0762 0x1d0c [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

14:03:08.0762 0x1d0c circlass - ok

14:03:08.0778 0x1d0c [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

14:03:08.0793 0x1d0c CLFS - ok

14:03:08.0825 0x1d0c [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

14:03:08.0825 0x1d0c clr_optimization_v2.0.50727_32 - ok

14:03:08.0856 0x1d0c [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

14:03:08.0856 0x1d0c clr_optimization_v2.0.50727_64 - ok

14:03:08.0934 0x1d0c [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

14:03:08.0934 0x1d0c clr_optimization_v4.0.30319_32 - ok

14:03:08.0949 0x1d0c [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

14:03:08.0949 0x1d0c clr_optimization_v4.0.30319_64 - ok

14:03:08.0965 0x1d0c [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

14:03:08.0965 0x1d0c CmBatt - ok

14:03:08.0981 0x1d0c [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

14:03:08.0981 0x1d0c cmdide - ok

14:03:09.0012 0x1d0c [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys

14:03:09.0027 0x1d0c CNG - ok

14:03:09.0027 0x1d0c [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

14:03:09.0027 0x1d0c Compbatt - ok

14:03:09.0059 0x1d0c [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

14:03:09.0074 0x1d0c CompositeBus - ok

14:03:09.0074 0x1d0c COMSysApp - ok

14:03:09.0074 0x1d0c [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

14:03:09.0090 0x1d0c crcdisk - ok

14:03:09.0121 0x1d0c [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc C:\Windows\system32\cryptsvc.dll

14:03:09.0121 0x1d0c CryptSvc - ok

14:03:09.0152 0x1d0c [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

14:03:09.0168 0x1d0c DcomLaunch - ok

14:03:09.0199 0x1d0c [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

14:03:09.0199 0x1d0c defragsvc - ok

14:03:09.0230 0x1d0c [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

14:03:09.0230 0x1d0c DfsC - ok

14:03:09.0261 0x1d0c [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

14:03:09.0261 0x1d0c Dhcp - ok

14:03:09.0277 0x1d0c [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

14:03:09.0277 0x1d0c discache - ok

14:03:09.0308 0x1d0c [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

14:03:09.0308 0x1d0c Disk - ok

14:03:09.0339 0x1d0c [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

14:03:09.0339 0x1d0c Dnscache - ok

14:03:09.0371 0x1d0c [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

14:03:09.0371 0x1d0c dot3svc - ok

14:03:09.0402 0x1d0c [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

14:03:09.0402 0x1d0c DPS - ok

14:03:09.0433 0x1d0c [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

14:03:09.0433 0x1d0c drmkaud - ok

14:03:09.0480 0x1d0c [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

14:03:09.0480 0x1d0c DXGKrnl - ok

14:03:09.0495 0x1d0c [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

14:03:09.0511 0x1d0c EapHost - ok

14:03:09.0573 0x1d0c [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

14:03:09.0589 0x1d0c ebdrv - ok

14:03:09.0620 0x1d0c [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

14:03:09.0620 0x1d0c EFS - ok

14:03:09.0683 0x1d0c [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

14:03:09.0683 0x1d0c ehRecvr - ok

14:03:09.0698 0x1d0c [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

14:03:09.0698 0x1d0c ehSched - ok

14:03:09.0729 0x1d0c [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

14:03:09.0729 0x1d0c elxstor - ok

14:03:09.0776 0x1d0c [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

14:03:09.0776 0x1d0c ErrDev - ok

14:03:09.0792 0x1d0c [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

14:03:09.0792 0x1d0c EventSystem - ok

14:03:09.0823 0x1d0c [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

14:03:09.0823 0x1d0c exfat - ok

14:03:09.0839 0x1d0c [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

14:03:09.0839 0x1d0c fastfat - ok

14:03:09.0885 0x1d0c [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

14:03:09.0885 0x1d0c Fax - ok

14:03:09.0901 0x1d0c [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

14:03:09.0901 0x1d0c fdc - ok

14:03:09.0901 0x1d0c [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

14:03:09.0901 0x1d0c fdPHost - ok

14:03:09.0917 0x1d0c [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

14:03:09.0917 0x1d0c FDResPub - ok

14:03:09.0932 0x1d0c [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

14:03:09.0932 0x1d0c FileInfo - ok

14:03:09.0948 0x1d0c [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

14:03:09.0948 0x1d0c Filetrace - ok

14:03:09.0963 0x1d0c [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

14:03:09.0963 0x1d0c flpydisk - ok

14:03:09.0979 0x1d0c [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

14:03:09.0979 0x1d0c FltMgr - ok

14:03:10.0041 0x1d0c [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll

14:03:10.0041 0x1d0c FontCache - ok

14:03:10.0104 0x1d0c [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

14:03:10.0104 0x1d0c FontCache3.0.0.0 - ok

14:03:10.0104 0x1d0c [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

14:03:10.0104 0x1d0c FsDepends - ok

14:03:10.0151 0x1d0c [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys

14:03:10.0151 0x1d0c fssfltr - ok

14:03:10.0244 0x1d0c [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

14:03:10.0244 0x1d0c fsssvc - ok

14:03:10.0275 0x1d0c [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

14:03:10.0275 0x1d0c Fs_Rec - ok

14:03:10.0307 0x1d0c [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

14:03:10.0307 0x1d0c fvevol - ok

14:03:10.0338 0x1d0c [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

14:03:10.0338 0x1d0c gagp30kx - ok

14:03:10.0385 0x1d0c [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

14:03:10.0385 0x1d0c GEARAspiWDM - ok

14:03:10.0431 0x1d0c [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe

14:03:10.0431 0x1d0c GoToAssist - ok

14:03:10.0478 0x1d0c [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

14:03:10.0478 0x1d0c gpsvc - ok

14:03:10.0494 0x1d0c [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

14:03:10.0494 0x1d0c hcw85cir - ok

14:03:10.0525 0x1d0c [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

14:03:10.0525 0x1d0c HDAudBus - ok

14:03:10.0541 0x1d0c [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

14:03:10.0541 0x1d0c HidBatt - ok

14:03:10.0541 0x1d0c [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

14:03:10.0556 0x1d0c HidBth - ok

14:03:10.0603 0x1d0c [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

14:03:10.0603 0x1d0c HidIr - ok

14:03:10.0619 0x1d0c [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

14:03:10.0619 0x1d0c hidserv - ok

14:03:10.0665 0x1d0c [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

14:03:10.0665 0x1d0c HidUsb - ok

14:03:10.0697 0x1d0c [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

14:03:10.0697 0x1d0c hkmsvc - ok

14:03:10.0728 0x1d0c [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

14:03:10.0728 0x1d0c HomeGroupListener - ok

14:03:10.0759 0x1d0c [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

14:03:10.0759 0x1d0c HomeGroupProvider - ok

14:03:10.0790 0x1d0c [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

14:03:10.0790 0x1d0c HpSAMD - ok

14:03:10.0821 0x1d0c [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

14:03:10.0837 0x1d0c HTTP - ok

14:03:10.0884 0x1d0c [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

14:03:10.0884 0x1d0c hwpolicy - ok

14:03:10.0915 0x1d0c [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

14:03:10.0915 0x1d0c i8042prt - ok

14:03:10.0977 0x1d0c [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

14:03:10.0977 0x1d0c IAANTMON - ok

14:03:11.0009 0x1d0c [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

14:03:11.0009 0x1d0c iaStor - ok

14:03:11.0040 0x1d0c [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

14:03:11.0040 0x1d0c iaStorV - ok

14:03:11.0087 0x1d0c [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

14:03:11.0087 0x1d0c idsvc - ok

14:03:11.0102 0x1d0c [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

14:03:11.0102 0x1d0c iirsp - ok

14:03:11.0149 0x1d0c [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

14:03:11.0165 0x1d0c IKEEXT - ok

14:03:11.0211 0x1d0c [ 2A7CF87BE453241FE0BAA1C8651E7AA4 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

14:03:11.0227 0x1d0c IntcAzAudAddService - ok

14:03:11.0227 0x1d0c [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

14:03:11.0227 0x1d0c intelide - ok

14:03:11.0258 0x1d0c [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

14:03:11.0258 0x1d0c intelppm - ok

14:03:11.0289 0x1d0c [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

14:03:11.0289 0x1d0c IPBusEnum - ok

14:03:11.0305 0x1d0c [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

14:03:11.0305 0x1d0c IpFilterDriver - ok

14:03:11.0367 0x1d0c [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

14:03:11.0367 0x1d0c iphlpsvc - ok

14:03:11.0399 0x1d0c [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

14:03:11.0414 0x1d0c IPMIDRV - ok

14:03:11.0430 0x1d0c [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

14:03:11.0430 0x1d0c IPNAT - ok

14:03:11.0445 0x1d0c [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

14:03:11.0445 0x1d0c IRENUM - ok

14:03:11.0492 0x1d0c [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

14:03:11.0492 0x1d0c isapnp - ok

14:03:11.0508 0x1d0c [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

14:03:11.0508 0x1d0c iScsiPrt - ok

14:03:11.0523 0x1d0c [ 71235F7BAA7E5E79D38157DF7A0F806A ] JRAID C:\Windows\system32\DRIVERS\jraid.sys

14:03:11.0523 0x1d0c JRAID - ok

14:03:11.0555 0x1d0c [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys

14:03:11.0555 0x1d0c kbdclass - ok

14:03:11.0570 0x1d0c [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

14:03:11.0586 0x1d0c kbdhid - ok

14:03:11.0586 0x1d0c [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

14:03:11.0586 0x1d0c KeyIso - ok

14:03:11.0633 0x1d0c [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

14:03:11.0633 0x1d0c KSecDD - ok

14:03:11.0695 0x1d0c [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

14:03:11.0695 0x1d0c KSecPkg - ok

14:03:11.0742 0x1d0c [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

14:03:11.0742 0x1d0c ksthunk - ok

14:03:11.0773 0x1d0c [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

14:03:11.0773 0x1d0c KtmRm - ok

14:03:11.0835 0x1d0c [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll

14:03:11.0835 0x1d0c LanmanServer - ok

14:03:11.0867 0x1d0c [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

14:03:11.0867 0x1d0c LanmanWorkstation - ok

14:03:11.0898 0x1d0c [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

14:03:11.0898 0x1d0c lltdio - ok

14:03:11.0929 0x1d0c [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

14:03:11.0929 0x1d0c lltdsvc - ok

14:03:11.0976 0x1d0c [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

14:03:11.0976 0x1d0c lmhosts - ok

14:03:12.0007 0x1d0c [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

14:03:12.0007 0x1d0c LSI_FC - ok

14:03:12.0007 0x1d0c [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

14:03:12.0007 0x1d0c LSI_SAS - ok

14:03:12.0023 0x1d0c [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

14:03:12.0023 0x1d0c LSI_SAS2 - ok

14:03:12.0038 0x1d0c [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

14:03:12.0038 0x1d0c LSI_SCSI - ok

14:03:12.0038 0x1d0c [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

14:03:12.0054 0x1d0c luafv - ok

14:03:12.0085 0x1d0c [ 31C6AFFFAD7C733A65F888929548BC22 ] mbamchameleon C:\Windows\system32\drivers\mbamchameleon.sys

14:03:12.0085 0x1d0c mbamchameleon - ok

14:03:12.0132 0x1d0c [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

14:03:12.0132 0x1d0c MBAMProtector - ok

14:03:12.0210 0x1d0c [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

14:03:12.0210 0x1d0c MBAMScheduler - ok

14:03:12.0257 0x1d0c [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

14:03:12.0272 0x1d0c MBAMService - ok

14:03:12.0303 0x1d0c [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

14:03:12.0303 0x1d0c Mcx2Svc - ok

14:03:12.0319 0x1d0c [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

14:03:12.0319 0x1d0c megasas - ok

14:03:12.0335 0x1d0c [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

14:03:12.0335 0x1d0c MegaSR - ok

14:03:12.0366 0x1d0c [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

14:03:12.0366 0x1d0c MMCSS - ok

14:03:12.0381 0x1d0c [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

14:03:12.0381 0x1d0c Modem - ok

14:03:12.0413 0x1d0c [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

14:03:12.0413 0x1d0c monitor - ok

14:03:12.0444 0x1d0c [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

14:03:12.0444 0x1d0c mouclass - ok

14:03:12.0459 0x1d0c [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

14:03:12.0459 0x1d0c mouhid - ok

14:03:12.0506 0x1d0c [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

14:03:12.0506 0x1d0c mountmgr - ok

14:03:12.0553 0x1d0c [ FC1D590039EF06A381768710E6C07E75 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys

14:03:12.0569 0x1d0c MpFilter - ok

14:03:12.0600 0x1d0c [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

14:03:12.0600 0x1d0c mpio - ok

14:03:12.0615 0x1d0c [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

14:03:12.0615 0x1d0c mpsdrv - ok

14:03:12.0662 0x1d0c [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

14:03:12.0678 0x1d0c MpsSvc - ok

14:03:12.0709 0x1d0c [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

14:03:12.0709 0x1d0c MRxDAV - ok

14:03:12.0740 0x1d0c [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

14:03:12.0740 0x1d0c mrxsmb - ok

14:03:12.0771 0x1d0c [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

14:03:12.0771 0x1d0c mrxsmb10 - ok

14:03:12.0787 0x1d0c [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

14:03:12.0787 0x1d0c mrxsmb20 - ok

14:03:12.0803 0x1d0c [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

14:03:12.0803 0x1d0c msahci - ok

14:03:12.0818 0x1d0c [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

14:03:12.0818 0x1d0c msdsm - ok

14:03:12.0834 0x1d0c [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

14:03:12.0834 0x1d0c MSDTC - ok

14:03:12.0865 0x1d0c [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

14:03:12.0865 0x1d0c Msfs - ok

14:03:12.0881 0x1d0c [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

14:03:12.0881 0x1d0c mshidkmdf - ok

14:03:12.0912 0x1d0c [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

14:03:12.0912 0x1d0c msisadrv - ok

14:03:12.0927 0x1d0c [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

14:03:12.0943 0x1d0c MSiSCSI - ok

14:03:12.0943 0x1d0c msiserver - ok

14:03:12.0959 0x1d0c [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

14:03:12.0959 0x1d0c MSKSSRV - ok

14:03:13.0052 0x1d0c [ 66238063B53E51ADDA16764BAB9A3F7C ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe

14:03:13.0052 0x1d0c MsMpSvc - ok

14:03:13.0068 0x1d0c [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

14:03:13.0068 0x1d0c MSPCLOCK - ok

14:03:13.0068 0x1d0c [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

14:03:13.0068 0x1d0c MSPQM - ok

14:03:13.0115 0x1d0c [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

14:03:13.0115 0x1d0c MsRPC - ok

14:03:13.0115 0x1d0c [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

14:03:13.0115 0x1d0c mssmbios - ok

14:03:13.0130 0x1d0c [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

14:03:13.0130 0x1d0c MSTEE - ok

14:03:13.0130 0x1d0c [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

14:03:13.0130 0x1d0c MTConfig - ok

14:03:13.0146 0x1d0c [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

14:03:13.0146 0x1d0c Mup - ok

14:03:13.0161 0x1d0c [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

14:03:13.0177 0x1d0c napagent - ok

14:03:13.0208 0x1d0c [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

14:03:13.0224 0x1d0c NativeWifiP - ok

14:03:13.0271 0x1d0c [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

14:03:13.0286 0x1d0c NDIS - ok

14:03:13.0286 0x1d0c [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

14:03:13.0286 0x1d0c NdisCap - ok

14:03:13.0317 0x1d0c [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

14:03:13.0317 0x1d0c NdisTapi - ok

14:03:13.0333 0x1d0c [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

14:03:13.0333 0x1d0c Ndisuio - ok

14:03:13.0380 0x1d0c [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

14:03:13.0380 0x1d0c NdisWan - ok

14:03:13.0411 0x1d0c [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

14:03:13.0411 0x1d0c NDProxy - ok

14:03:13.0427 0x1d0c [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

14:03:13.0427 0x1d0c NetBIOS - ok

14:03:13.0442 0x1d0c [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

14:03:13.0442 0x1d0c NetBT - ok

14:03:13.0442 0x1d0c [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

14:03:13.0458 0x1d0c Netlogon - ok

14:03:13.0473 0x1d0c [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

14:03:13.0473 0x1d0c Netman - ok

14:03:13.0505 0x1d0c [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

14:03:13.0505 0x1d0c netprofm - ok

14:03:13.0536 0x1d0c [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

14:03:13.0536 0x1d0c NetTcpPortSharing - ok

14:03:13.0551 0x1d0c [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

14:03:13.0551 0x1d0c nfrd960 - ok

14:03:13.0583 0x1d0c [ 8FB3C853E886E1E4D57271672486111C ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys

14:03:13.0583 0x1d0c NisDrv - ok

14:03:13.0614 0x1d0c [ 869A808253726EA11939EC4FE76346A4 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe

14:03:13.0614 0x1d0c NisSrv - ok

14:03:13.0661 0x1d0c [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll

14:03:13.0661 0x1d0c NlaSvc - ok

14:03:13.0676 0x1d0c [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

14:03:13.0676 0x1d0c Npfs - ok

14:03:13.0692 0x1d0c [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

14:03:13.0692 0x1d0c nsi - ok

14:03:13.0707 0x1d0c [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

14:03:13.0707 0x1d0c nsiproxy - ok

14:03:13.0770 0x1d0c [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

14:03:13.0785 0x1d0c Ntfs - ok

14:03:13.0801 0x1d0c [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

14:03:13.0801 0x1d0c Null - ok

14:03:13.0817 0x1d0c [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys

14:03:13.0817 0x1d0c NVHDA - ok

14:03:14.0004 0x1d0c [ A5D0603CAE6C334B1386204D94393C04 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

14:03:14.0051 0x1d0c nvlddmkm - ok

14:03:14.0066 0x1d0c [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

14:03:14.0066 0x1d0c nvraid - ok

14:03:14.0097 0x1d0c [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

14:03:14.0097 0x1d0c nvstor - ok

14:03:14.0129 0x1d0c [ 268D382FCC6A8A568AAB7C6DC8C71BB3 ] nvsvc C:\Windows\system32\nvvsvc.exe

14:03:14.0129 0x1d0c nvsvc - ok

14:03:14.0160 0x1d0c [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

14:03:14.0160 0x1d0c nv_agp - ok

14:03:14.0191 0x1d0c [ E52479B03A57DC3D4BABD9C5536C94D6 ] OEM05Afx C:\Windows\system32\Drivers\OEM05Afx.sys

14:03:14.0207 0x1d0c OEM05Afx - ok

14:03:14.0207 0x1d0c [ 766F689564BC30E5A91F8621CE65AD68 ] OEM05Vfx C:\Windows\system32\DRIVERS\OEM05Vfx.sys

14:03:14.0222 0x1d0c OEM05Vfx - ok

14:03:14.0238 0x1d0c [ 859F850A4FD021A66493D18CBA847792 ] OEM05Vid C:\Windows\system32\DRIVERS\OEM05Vid.sys

14:03:14.0238 0x1d0c OEM05Vid - ok

14:03:14.0253 0x1d0c [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

14:03:14.0253 0x1d0c ohci1394 - ok

14:03:14.0300 0x1d0c [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

14:03:14.0300 0x1d0c ose - ok

14:03:14.0425 0x1d0c [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

14:03:14.0456 0x1d0c osppsvc - ok

14:03:14.0565 0x1d0c [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

14:03:14.0565 0x1d0c p2pimsvc - ok

14:03:14.0690 0x1d0c [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

14:03:14.0690 0x1d0c p2psvc - ok

14:03:14.0721 0x1d0c [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

14:03:14.0721 0x1d0c Parport - ok

14:03:14.0753 0x1d0c [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

14:03:14.0753 0x1d0c partmgr - ok

14:03:14.0784 0x1d0c [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

14:03:14.0784 0x1d0c pci - ok

14:03:14.0815 0x1d0c [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

14:03:14.0815 0x1d0c pciide - ok

14:03:14.0831 0x1d0c [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

14:03:14.0831 0x1d0c pcmcia - ok

14:03:14.0846 0x1d0c [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

14:03:14.0846 0x1d0c pcw - ok

14:03:14.0862 0x1d0c [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

14:03:14.0877 0x1d0c PEAUTH - ok

14:03:14.0955 0x1d0c [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

14:03:14.0955 0x1d0c PerfHost - ok

14:03:15.0002 0x1d0c [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

14:03:15.0018 0x1d0c pla - ok

14:03:15.0065 0x1d0c [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

14:03:15.0065 0x1d0c PlugPlay - ok

14:03:15.0096 0x1d0c [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

14:03:15.0096 0x1d0c PNRPAutoReg - ok

14:03:15.0127 0x1d0c [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

14:03:15.0127 0x1d0c PNRPsvc - ok

14:03:15.0143 0x1d0c [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

14:03:15.0158 0x1d0c PolicyAgent - ok

14:03:15.0174 0x1d0c [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

14:03:15.0174 0x1d0c Power - ok

14:03:15.0221 0x1d0c [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

14:03:15.0236 0x1d0c PptpMiniport - ok

14:03:15.0236 0x1d0c [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

14:03:15.0236 0x1d0c Processor - ok

14:03:15.0267 0x1d0c [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

14:03:15.0283 0x1d0c ProfSvc - ok

14:03:15.0283 0x1d0c [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

14:03:15.0299 0x1d0c ProtectedStorage - ok

14:03:15.0345 0x1d0c [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

14:03:15.0345 0x1d0c Psched - ok

14:03:15.0377 0x1d0c [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys

14:03:15.0377 0x1d0c PxHlpa64 - ok

14:03:15.0439 0x1d0c [ C6DF3FF18D6ACB913C78C865DDED17D3 ] QBCFMonitorService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

14:03:15.0455 0x1d0c QBCFMonitorService - ok

14:03:15.0517 0x1d0c [ 6BEE1814470DC12FA20C53DFC3C97EBB ] QBFCService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

14:03:15.0517 0x1d0c QBFCService - ok

14:03:15.0611 0x1d0c [ 78AFB70DBE365BD6140E6740792AC3EA ] QBVSS C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe

14:03:15.0673 0x1d0c QBVSS - ok

14:03:15.0720 0x1d0c [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

14:03:15.0720 0x1d0c ql2300 - ok

14:03:15.0735 0x1d0c [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

14:03:15.0735 0x1d0c ql40xx - ok

14:03:15.0782 0x1d0c QuickBooksDB21 - ok

14:03:15.0798 0x1d0c [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

14:03:15.0813 0x1d0c QWAVE - ok

14:03:15.0813 0x1d0c [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

14:03:15.0813 0x1d0c QWAVEdrv - ok

14:03:15.0860 0x1d0c [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll

14:03:15.0860 0x1d0c RapiMgr - ok

14:03:15.0876 0x1d0c [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

14:03:15.0876 0x1d0c RasAcd - ok

14:03:15.0907 0x1d0c [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

14:03:15.0907 0x1d0c RasAgileVpn - ok

14:03:15.0938 0x1d0c [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

14:03:15.0938 0x1d0c RasAuto - ok

14:03:15.0969 0x1d0c [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

14:03:15.0969 0x1d0c Rasl2tp - ok

14:03:16.0001 0x1d0c [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

14:03:16.0001 0x1d0c RasMan - ok

14:03:16.0016 0x1d0c [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

14:03:16.0016 0x1d0c RasPppoe - ok

14:03:16.0032 0x1d0c [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

14:03:16.0032 0x1d0c RasSstp - ok

14:03:16.0063 0x1d0c [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

14:03:16.0063 0x1d0c rdbss - ok

14:03:16.0079 0x1d0c [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

14:03:16.0079 0x1d0c rdpbus - ok

14:03:16.0094 0x1d0c [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

14:03:16.0094 0x1d0c RDPCDD - ok

14:03:16.0110 0x1d0c [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

14:03:16.0110 0x1d0c RDPENCDD - ok

14:03:16.0125 0x1d0c [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

14:03:16.0125 0x1d0c RDPREFMP - ok

14:03:16.0172 0x1d0c [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys

14:03:16.0188 0x1d0c RdpVideoMiniport - ok

14:03:16.0219 0x1d0c [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

14:03:16.0219 0x1d0c RDPWD - ok

14:03:16.0266 0x1d0c [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

14:03:16.0266 0x1d0c rdyboost - ok

14:03:16.0281 0x1d0c [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

14:03:16.0281 0x1d0c RemoteAccess - ok

14:03:16.0297 0x1d0c [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

14:03:16.0313 0x1d0c RemoteRegistry - ok

14:03:16.0391 0x1d0c [ 05FC44D32A144925EAE45570029FD6E1 ] RoxMediaDB10 c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

14:03:16.0406 0x1d0c RoxMediaDB10 - ok

14:03:16.0422 0x1d0c [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

14:03:16.0422 0x1d0c RpcEptMapper - ok

14:03:16.0422 0x1d0c [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

14:03:16.0422 0x1d0c RpcLocator - ok

14:03:16.0469 0x1d0c [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

14:03:16.0469 0x1d0c RpcSs - ok

14:03:16.0500 0x1d0c [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

14:03:16.0500 0x1d0c rspndr - ok

14:03:16.0515 0x1d0c [ 2DB8116D52B19216812C4E6D5D837810 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys

14:03:16.0515 0x1d0c RSUSBSTOR - ok

14:03:16.0547 0x1d0c [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

14:03:16.0547 0x1d0c RTL8167 - ok

14:03:16.0547 0x1d0c RxFilter - ok

14:03:16.0578 0x1d0c [ 0EECD4B43EB917BD08BBE1738D7ECB11 ] s1018bus C:\Windows\system32\DRIVERS\s1018bus.sys

14:03:16.0578 0x1d0c s1018bus - ok

14:03:16.0609 0x1d0c [ 6F892723F1F694430F86E5FA01763C8A ] s1018mdfl C:\Windows\system32\DRIVERS\s1018mdfl.sys

14:03:16.0609 0x1d0c s1018mdfl - ok

14:03:16.0625 0x1d0c [ F7CFC8AC6F7F5F34721E6D10098C7AA3 ] s1018mdm C:\Windows\system32\DRIVERS\s1018mdm.sys

14:03:16.0625 0x1d0c s1018mdm - ok

14:03:16.0625 0x1d0c [ 455F361D8D605F059C83AB1016AD0E00 ] s1018mgmt C:\Windows\system32\DRIVERS\s1018mgmt.sys

14:03:16.0625 0x1d0c s1018mgmt - ok

14:03:16.0640 0x1d0c [ 3F69CA63B7157885ABBE8F4D559AEC8A ] s1018nd5 C:\Windows\system32\DRIVERS\s1018nd5.sys

14:03:16.0640 0x1d0c s1018nd5 - ok

14:03:16.0656 0x1d0c [ FD370AF1C196E2B339EA32819BEC1B9A ] s1018obex C:\Windows\system32\DRIVERS\s1018obex.sys

14:03:16.0656 0x1d0c s1018obex - ok

14:03:16.0671 0x1d0c [ 0A46DA0B8B162AF0EFB33BEA11A6EF3A ] s1018unic C:\Windows\system32\DRIVERS\s1018unic.sys

14:03:16.0671 0x1d0c s1018unic - ok

14:03:16.0687 0x1d0c [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

14:03:16.0687 0x1d0c SamSs - ok

14:03:16.0718 0x1d0c [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

14:03:16.0718 0x1d0c sbp2port - ok

14:03:16.0749 0x1d0c [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

14:03:16.0749 0x1d0c SCardSvr - ok

14:03:16.0765 0x1d0c [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

14:03:16.0765 0x1d0c scfilter - ok

14:03:16.0827 0x1d0c [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

14:03:16.0827 0x1d0c Schedule - ok

14:03:16.0859 0x1d0c [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

14:03:16.0859 0x1d0c SCPolicySvc - ok

14:03:16.0890 0x1d0c [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

14:03:16.0890 0x1d0c SDRSVC - ok

14:03:16.0921 0x1d0c [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

14:03:16.0921 0x1d0c secdrv - ok

14:03:16.0937 0x1d0c [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

14:03:16.0937 0x1d0c seclogon - ok

14:03:16.0968 0x1d0c [ EDE7A1D2715AAC2190D51DC07AFD44E3 ] seehcri C:\Windows\system32\DRIVERS\seehcri.sys

14:03:16.0968 0x1d0c seehcri - ok

14:03:16.0999 0x1d0c [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

14:03:16.0999 0x1d0c SENS - ok

14:03:16.0999 0x1d0c [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

14:03:16.0999 0x1d0c SensrSvc - ok

14:03:17.0030 0x1d0c [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

14:03:17.0030 0x1d0c Serenum - ok

14:03:17.0061 0x1d0c [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

14:03:17.0061 0x1d0c Serial - ok

14:03:17.0093 0x1d0c [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

14:03:17.0093 0x1d0c sermouse - ok

14:03:17.0139 0x1d0c [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

14:03:17.0139 0x1d0c SessionEnv - ok

14:03:17.0171 0x1d0c SessionLauncher - ok

14:03:17.0186 0x1d0c [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

14:03:17.0186 0x1d0c sffdisk - ok

14:03:17.0186 0x1d0c [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

14:03:17.0186 0x1d0c sffp_mmc - ok

14:03:17.0202 0x1d0c [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

14:03:17.0202 0x1d0c sffp_sd - ok

14:03:17.0217 0x1d0c [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

14:03:17.0217 0x1d0c sfloppy - ok

14:03:17.0295 0x1d0c [ 74EC60E20516AAA573BE74F31175270F ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

14:03:17.0311 0x1d0c SftService - ok

14:03:17.0342 0x1d0c [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

14:03:17.0342 0x1d0c SharedAccess - ok

14:03:17.0373 0x1d0c [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

14:03:17.0389 0x1d0c ShellHWDetection - ok

14:03:17.0405 0x1d0c [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

14:03:17.0405 0x1d0c SiSRaid2 - ok

14:03:17.0405 0x1d0c [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

14:03:17.0420 0x1d0c SiSRaid4 - ok

14:03:17.0420 0x1d0c [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

14:03:17.0420 0x1d0c Smb - ok

14:03:17.0467 0x1d0c [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

14:03:17.0467 0x1d0c SNMPTRAP - ok

14:03:17.0467 0x1d0c [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

14:03:17.0467 0x1d0c spldr - ok

14:03:17.0514 0x1d0c [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

14:03:17.0514 0x1d0c Spooler - ok

14:03:17.0592 0x1d0c [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

14:03:17.0623 0x1d0c sppsvc - ok

14:03:17.0639 0x1d0c [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

14:03:17.0639 0x1d0c sppuinotify - ok

14:03:17.0670 0x1d0c [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

14:03:17.0685 0x1d0c srv - ok

14:03:17.0701 0x1d0c [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

14:03:17.0701 0x1d0c srv2 - ok

14:03:17.0701 0x1d0c [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

14:03:17.0701 0x1d0c srvnet - ok

14:03:17.0748 0x1d0c [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

14:03:17.0748 0x1d0c SSDPSRV - ok

14:03:17.0763 0x1d0c [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

14:03:17.0763 0x1d0c SstpSvc - ok

14:03:17.0795 0x1d0c StarOpen - ok

14:03:17.0826 0x1d0c [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

14:03:17.0826 0x1d0c stexstor - ok

14:03:17.0873 0x1d0c [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

14:03:17.0873 0x1d0c stisvc - ok

14:03:17.0919 0x1d0c [ FF5EB78AF7DFB68C2FB363537AAF753E ] stllssvr c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

14:03:17.0919 0x1d0c stllssvr - ok

14:03:17.0966 0x1d0c [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

14:03:17.0966 0x1d0c swenum - ok

14:03:17.0982 0x1d0c [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

14:03:17.0982 0x1d0c swprv - ok

14:03:18.0044 0x1d0c [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

14:03:18.0060 0x1d0c SysMain - ok

14:03:18.0107 0x1d0c [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

14:03:18.0107 0x1d0c TabletInputService - ok

14:03:18.0122 0x1d0c [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

14:03:18.0138 0x1d0c TapiSrv - ok

14:03:18.0153 0x1d0c [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

14:03:18.0153 0x1d0c TBS - ok

14:03:18.0200 0x1d0c [ DB74544B75566C974815E79A62433F29 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

14:03:18.0216 0x1d0c Tcpip - ok

14:03:18.0247 0x1d0c [ DB74544B75566C974815E79A62433F29 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

14:03:18.0263 0x1d0c TCPIP6 - ok

14:03:18.0294 0x1d0c [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

14:03:18.0294 0x1d0c tcpipreg - ok

14:03:18.0325 0x1d0c [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

14:03:18.0325 0x1d0c TDPIPE - ok

14:03:18.0356 0x1d0c [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

14:03:18.0356 0x1d0c TDTCP - ok

14:03:18.0387 0x1d0c [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

14:03:18.0387 0x1d0c tdx - ok

14:03:18.0434 0x1d0c [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

14:03:18.0434 0x1d0c TermDD - ok

14:03:18.0481 0x1d0c [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

14:03:18.0481 0x1d0c TermService - ok

14:03:18.0543 0x1d0c [ 48D9D00C2E0E72C3D4F52772C80355F6 ] TFsExDisk C:\Windows\System32\Drivers\TFsExDisk.sys

14:03:18.0543 0x1d0c TFsExDisk - ok

14:03:18.0559 0x1d0c [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

14:03:18.0559 0x1d0c Themes - ok

14:03:18.0575 0x1d0c [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

14:03:18.0590 0x1d0c THREADORDER - ok

14:03:18.0590 0x1d0c [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

14:03:18.0590 0x1d0c TrkWks - ok

14:03:18.0653 0x1d0c [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

14:03:18.0653 0x1d0c TrustedInstaller - ok

14:03:18.0668 0x1d0c [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

14:03:18.0668 0x1d0c tssecsrv - ok

14:03:18.0699 0x1d0c [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

14:03:18.0699 0x1d0c TsUsbFlt - ok

14:03:18.0746 0x1d0c [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

14:03:18.0762 0x1d0c tunnel - ok

14:03:18.0777 0x1d0c [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

14:03:18.0777 0x1d0c uagp35 - ok

14:03:18.0809 0x1d0c [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

14:03:18.0824 0x1d0c udfs - ok

14:03:18.0840 0x1d0c [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

14:03:18.0840 0x1d0c UI0Detect - ok

14:03:18.0871 0x1d0c [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

14:03:18.0887 0x1d0c uliagpkx - ok

14:03:18.0918 0x1d0c [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys

14:03:18.0918 0x1d0c umbus - ok

14:03:18.0949 0x1d0c [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

14:03:18.0949 0x1d0c UmPass - ok

14:03:18.0965 0x1d0c [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

14:03:18.0965 0x1d0c upnphost - ok

14:03:18.0996 0x1d0c [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

14:03:18.0996 0x1d0c USBAAPL64 - ok

14:03:19.0011 0x1d0c [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

14:03:19.0011 0x1d0c usbaudio - ok

14:03:19.0043 0x1d0c [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

14:03:19.0043 0x1d0c usbccgp - ok

14:03:19.0074 0x1d0c [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

14:03:19.0074 0x1d0c usbcir - ok

14:03:19.0089 0x1d0c [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

14:03:19.0089 0x1d0c usbehci - ok

14:03:19.0136 0x1d0c [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

14:03:19.0136 0x1d0c usbhub - ok

14:03:19.0152 0x1d0c [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

14:03:19.0152 0x1d0c usbohci - ok

14:03:19.0167 0x1d0c [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

14:03:19.0167 0x1d0c usbprint - ok

14:03:19.0214 0x1d0c [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

14:03:19.0214 0x1d0c usbscan - ok

14:03:19.0245 0x1d0c [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:03:19.0245 0x1d0c USBSTOR - ok

14:03:19.0245 0x1d0c [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

14:03:19.0245 0x1d0c usbuhci - ok

14:03:19.0261 0x1d0c [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys

14:03:19.0261 0x1d0c usbvideo - ok

14:03:19.0292 0x1d0c [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

14:03:19.0292 0x1d0c UxSms - ok

14:03:19.0292 0x1d0c [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

14:03:19.0292 0x1d0c VaultSvc - ok

14:03:19.0323 0x1d0c [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

14:03:19.0323 0x1d0c vdrvroot - ok

14:03:19.0355 0x1d0c [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

14:03:19.0355 0x1d0c vds - ok

14:03:19.0370 0x1d0c [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

14:03:19.0370 0x1d0c vga - ok

14:03:19.0386 0x1d0c [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

14:03:19.0386 0x1d0c VgaSave - ok

14:03:19.0401 0x1d0c [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

14:03:19.0401 0x1d0c vhdmp - ok

14:03:19.0417 0x1d0c [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

14:03:19.0417 0x1d0c viaide - ok

14:03:19.0433 0x1d0c [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

14:03:19.0433 0x1d0c volmgr - ok

14:03:19.0479 0x1d0c [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

14:03:19.0479 0x1d0c volmgrx - ok

14:03:19.0495 0x1d0c [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

14:03:19.0495 0x1d0c volsnap - ok

14:03:19.0526 0x1d0c [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

14:03:19.0526 0x1d0c vsmraid - ok

14:03:19.0573 0x1d0c [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

14:03:19.0589 0x1d0c VSS - ok

14:03:19.0604 0x1d0c [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

14:03:19.0604 0x1d0c vwifibus - ok

14:03:19.0635 0x1d0c [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

14:03:19.0651 0x1d0c W32Time - ok

14:03:19.0667 0x1d0c [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

14:03:19.0667 0x1d0c WacomPen - ok

14:03:19.0698 0x1d0c [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

14:03:19.0698 0x1d0c WANARP - ok

14:03:19.0713 0x1d0c [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

14:03:19.0713 0x1d0c Wanarpv6 - ok

14:03:19.0854 0x1d0c [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

14:03:19.0854 0x1d0c WatAdminSvc - ok

14:03:19.0885 0x1d0c [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

14:03:19.0901 0x1d0c wbengine - ok

14:03:19.0932 0x1d0c [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

14:03:19.0932 0x1d0c WbioSrvc - ok

14:03:19.0979 0x1d0c [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll

14:03:19.0979 0x1d0c WcesComm - ok

14:03:20.0025 0x1d0c [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

14:03:20.0025 0x1d0c wcncsvc - ok

14:03:20.0041 0x1d0c [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

14:03:20.0041 0x1d0c WcsPlugInService - ok

14:03:20.0057 0x1d0c [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

14:03:20.0057 0x1d0c Wd - ok

14:03:20.0088 0x1d0c [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys

14:03:20.0088 0x1d0c WDC_SAM - ok

14:03:20.0135 0x1d0c [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

14:03:20.0135 0x1d0c Wdf01000 - ok

14:03:20.0150 0x1d0c [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

14:03:20.0166 0x1d0c WdiServiceHost - ok

14:03:20.0166 0x1d0c [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

14:03:20.0166 0x1d0c WdiSystemHost - ok

14:03:20.0197 0x1d0c [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

14:03:20.0197 0x1d0c WebClient - ok

14:03:20.0213 0x1d0c [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

14:03:20.0228 0x1d0c Wecsvc - ok

14:03:20.0228 0x1d0c [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

14:03:20.0228 0x1d0c wercplsupport - ok

14:03:20.0259 0x1d0c [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

14:03:20.0259 0x1d0c WerSvc - ok

14:03:20.0275 0x1d0c [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

14:03:20.0275 0x1d0c WfpLwf - ok

14:03:20.0322 0x1d0c [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys

14:03:20.0322 0x1d0c WimFltr - ok

14:03:20.0322 0x1d0c [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

14:03:20.0322 0x1d0c WIMMount - ok

14:03:20.0353 0x1d0c WinDefend - ok

14:03:20.0369 0x1d0c WinHttpAutoProxySvc - ok

14:03:20.0415 0x1d0c [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

14:03:20.0415 0x1d0c Winmgmt - ok

14:03:20.0462 0x1d0c [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

14:03:20.0478 0x1d0c WinRM - ok

14:03:20.0540 0x1d0c [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

14:03:20.0540 0x1d0c WinUsb - ok

14:03:20.0571 0x1d0c [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

14:03:20.0587 0x1d0c Wlansvc - ok

14:03:20.0634 0x1d0c [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

14:03:20.0634 0x1d0c wlcrasvc - ok

14:03:20.0727 0x1d0c [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

14:03:20.0743 0x1d0c wlidsvc - ok

14:03:20.0774 0x1d0c [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

14:03:20.0774 0x1d0c WmiAcpi - ok

14:03:20.0805 0x1d0c [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

14:03:20.0805 0x1d0c wmiApSrv - ok

14:03:20.0821 0x1d0c WMPNetworkSvc - ok

14:03:20.0852 0x1d0c [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

14:03:20.0852 0x1d0c WPCSvc - ok

14:03:20.0883 0x1d0c [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

14:03:20.0883 0x1d0c WPDBusEnum - ok

14:03:20.0915 0x1d0c [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

14:03:20.0915 0x1d0c ws2ifsl - ok

14:03:20.0946 0x1d0c [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll

14:03:20.0961 0x1d0c wscsvc - ok

14:03:20.0961 0x1d0c WSearch - ok

14:03:21.0039 0x1d0c [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

14:03:21.0071 0x1d0c wuauserv - ok

14:03:21.0086 0x1d0c [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

14:03:21.0086 0x1d0c WudfPf - ok

14:03:21.0117 0x1d0c [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

14:03:21.0117 0x1d0c WUDFRd - ok

14:03:21.0149 0x1d0c [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

14:03:21.0149 0x1d0c wudfsvc - ok

14:03:21.0180 0x1d0c [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll

14:03:21.0180 0x1d0c WwanSvc - ok

14:03:21.0211 0x1d0c ‮etadpug ( Rootkit.Win32.PMax.gen ) - infected

14:03:21.0211 0x1d0c ‮etadpug - detected Rootkit.Win32.PMax.gen (0)

14:03:21.0227 0x1d0c ================ Scan global ===============================

14:03:21.0242 0x1d0c [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

14:03:21.0289 0x1d0c [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

14:03:21.0320 0x1d0c [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

14:03:21.0336 0x1d0c [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

14:03:21.0336 0x1d0c [Global] - ok

14:03:21.0336 0x1d0c ================ Scan MBR ==================================

14:03:21.0351 0x1d0c [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0

14:03:21.0601 0x1d0c \Device\Harddisk0\DR0 - ok

14:03:21.0601 0x1d0c [ 65E858A8A0293BE11A920B0BC99D695E ] \Device\Harddisk1\DR1

14:03:21.0975 0x1d0c \Device\Harddisk1\DR1 - ok

14:03:21.0975 0x1d0c ================ Scan VBR ==================================

14:03:21.0975 0x1d0c [ 750523627AEC4E2098CA69ED4583ECC2 ] \Device\Harddisk0\DR0\Partition1

14:03:21.0975 0x1d0c \Device\Harddisk0\DR0\Partition1 - ok

14:03:21.0991 0x1d0c [ 4526EEF41A657FEE9F9C0A80366C04AE ] \Device\Harddisk0\DR0\Partition2

14:03:21.0991 0x1d0c \Device\Harddisk0\DR0\Partition2 - ok

14:03:21.0991 0x1d0c [ DE8124E5AB3AF82036422EBCB156936B ] \Device\Harddisk1\DR1\Partition1

14:03:21.0991 0x1d0c \Device\Harddisk1\DR1\Partition1 - ok

14:03:21.0991 0x1d0c ============================================================

14:03:21.0991 0x1d0c Scan finished

14:03:21.0991 0x1d0c ============================================================

14:03:22.0007 0x0a40 Detected object count: 1

14:03:22.0007 0x0a40 Actual detected object count: 1

14:03:45.0703 0x0a40 ‮etadpug ( Rootkit.Win32.PMax.gen ) - skipped by user

14:03:45.0703 0x0a40 ‮etadpug ( Rootkit.Win32.PMax.gen ) - User select action: Skip

ScottRT · August 17, 2013

And here are the MBAR files (I haven't been able to successfully clean with MBAR).

Also, I get a notification during the cleaning process that says "Turn on Windows Firewall".

Working towards step 3 Combofix.

-----------------------------------------

Malwarebytes Anti-Rootkit BETA 1.06.1.1005
www.malwarebytes.org

Database version: v2013.08.17.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
CVWS :: RIKKI-PC [administrator]

8/17/2013 2:34:33 PM
mbar-log-2013-08-17 (14-34-33).txt

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\‮etadpug (Trojan.Zaccess) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.1.1005

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16660

Java version: 1.6.0_35

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.660000 GHz
Memory total: 8580485120, free: 6696140800

Initializing...
------------ Kernel report ------------
08/17/2013 14:34:27
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\DRIVERS\jraid.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\system32\DRIVERS\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\seehcri.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\RtsUStor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\OEM05Vid.sys
\SystemRoot\system32\DRIVERS\OEM05Vfx.sys
\SystemRoot\system32\drivers\usbaudio.sys
\??\C:\Windows\system32\Drivers\OEM05Afx.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\drivers\usbcir.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\drivers\kbdhid.sys
\SystemRoot\system32\DRIVERS\hidir.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\sechost.dll
\Windows\System32\usp10.dll
\Windows\System32\iertutil.dll
\Windows\System32\Wldap32.dll
\Windows\System32\ole32.dll
\Windows\System32\user32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\setupapi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\kernel32.dll
\Windows\System32\msctf.dll
\Windows\System32\advapi32.dll
\Windows\System32\shell32.dll
\Windows\System32\wininet.dll
\Windows\System32\difxapi.dll
\Windows\System32\psapi.dll
\Windows\System32\imm32.dll
\Windows\System32\urlmon.dll
\Windows\System32\oleaut32.dll
\Windows\System32\lpk.dll
\Windows\System32\msvcrt.dll
\Windows\System32\comdlg32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\ws2_32.dll
\Windows\System32\gdi32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\nsi.dll
\Windows\System32\normaliz.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8009078790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000074\
Lower Device Object: 0xfffffa80092d9b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007dd4790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8007b9a050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007dd4790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007dd42c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007dd4790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007b9a050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 8A427EA7

Partition information:

    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 80262

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 81920 Numsec = 22818816
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 22900736 Numsec = 1227360256

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

Disk Size: 640135028736 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-1250243728-1250263728)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8009078790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8009c18b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8009078790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80092d9b60, DeviceName: \Device\00000074\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0

Partition information:

    Partition 0 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 8064 Numsec = 7862400

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

Disk Size: 4029677568 bytes
Sector size: 512 bytes

Done!
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\‮etadpug --> [Trojan.Zaccess]
Scan finished
Creating System Restore point...
Cleaning up...
Executing an action fixdamage.exe...
Success!
Queuing an action fixdamage.exe
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================

Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_1_81920_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_r.mbam...
Removal finished

ScottRT · August 17, 2013

Hi D-Fred,

Here is the combofix log -

------------------

ComboFix 13-08-16.03 - CVWS 08/17/2013 15:36:29.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8183.6494 [GMT -7:00]
Running from: c:\users\Scott\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\AMMYY
c:\programdata\AMMYY\hr
c:\programdata\AMMYY\hr3
c:\programdata\AMMYY\settings3.bin
c:\programdata\hpeC706.dll
c:\programdata\PCDr\6280\AddOnDownloaded\97b26c73-ba78-4c33-81e8-2f3210990c0e.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-17 to 2013-08-17 )))))))))))))))))))))))))))))))
.
.
2013-08-17 22:41 . 2013-08-17 22:41 -------- d-----w- c:\users\Rikki\AppData\Local\temp
2013-08-17 22:41 . 2013-08-17 22:41 -------- d-----w- c:\users\QBDataServiceUser21\AppData\Local\temp
2013-08-17 22:41 . 2013-08-17 22:41 -------- d-----w- c:\users\QBDataServiceUser18\AppData\Local\temp
2013-08-17 22:41 . 2013-08-17 22:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-17 22:41 . 2013-08-17 22:41 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-08-17 22:01 . 2013-08-17 22:01 -------- d-----w- c:\users\Scott\My Backup Files
2013-08-17 21:34 . 2013-08-17 21:34 36680 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-08-17 20:14 . 2013-08-17 20:14 -------- d-----w- C:\FRST
2013-08-17 14:28 . 2013-07-15 10:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0C438286-D748-440D-A135-21D18E6C7101}\mpengine.dll
2013-08-16 13:48 . 2013-07-15 10:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-14 11:43 . 2013-05-02 15:29 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-08-14 03:23 . 2013-08-17 21:49 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-08-14 01:58 . 2013-07-25 09:25 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-14 01:57 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-13 04:04 . 2013-07-16 12:02 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-08-13 04:04 . 2013-07-16 12:02 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C0FB82F4-9E23-4852-AA37-FBAA25C7AE14}\gapaengine.dll
2013-08-13 04:00 . 2013-08-13 04:00 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-08-13 04:00 . 2013-08-13 04:00 -------- d-----w- c:\program files\Microsoft Security Client
2013-08-13 01:26 . 2013-08-13 01:26 -------- d-s---w- c:\windows\SysWow64\Microsoft
2013-08-13 00:39 . 2013-08-14 02:33 -------- d-----w- c:\users\CVWS
2013-08-08 02:23 . 2013-08-08 02:23 -------- d-----w- c:\users\Scott\AppData\Local\PackageAware
2013-08-08 02:10 . 2012-11-02 09:51 185800 ----a-w- c:\programdata\Microsoft\Windows\Templates\VTechUninstall\ProductExtend.exe
2013-08-08 02:10 . 2012-08-07 10:30 434112 ----a-w- c:\programdata\Microsoft\Windows\Templates\VTechUninstall\UninstallWizard.exe
2013-08-08 02:10 . 2010-07-13 13:07 7826432 ----a-w- c:\programdata\Microsoft\Windows\Templates\VTechUninstall\QtGui4.dll
2013-08-08 02:10 . 2010-06-24 01:16 2150400 ----a-w- c:\programdata\Microsoft\Windows\Templates\VTechUninstall\QtCore4.dll
2013-08-08 02:10 . 2010-06-02 02:58 268800 ----a-w- c:\programdata\Microsoft\Windows\Templates\VTechUninstall\QtSvg4.dll
2013-08-08 02:10 . 2010-06-02 02:29 934912 ----a-w- c:\programdata\Microsoft\Windows\Templates\VTechUninstall\QtNetwork4.dll
2013-08-08 02:10 . 2010-06-02 02:28 335360 ----a-w- c:\programdata\Microsoft\Windows\Templates\VTechUninstall\QtXml4.dll
2013-07-26 21:34 . 2012-08-21 20:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-07-26 21:34 . 2013-08-14 01:56 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-26 21:30 . 2013-07-26 21:30 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-07-26 21:30 . 2013-07-26 21:30 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-07-26 21:30 . 2013-07-26 21:30 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-07-26 21:30 . 2013-07-26 21:30 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-07-26 21:30 . 2013-07-26 21:30 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-07-26 21:30 . 2013-07-26 21:30 -------- d-----w- c:\program files (x86)\QuickTime
2013-07-22 04:26 . 2013-08-14 02:05 -------- d-----w- c:\windows\system32\MRT
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-14 02:04 . 2010-06-16 03:34 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-07-09 04:45 . 2013-08-14 01:58 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-06-19 04:50 . 2013-06-19 04:50 247216 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-19 04:50 . 2013-06-19 04:50 139616 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-06-12 14:25 . 2012-06-12 12:35 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 14:25 . 2011-07-26 11:36 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-05 03:34 . 2013-07-10 15:08 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-10 15:09 624128 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-10 15:09 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-05-21 03:11 . 2013-05-21 03:11 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-05-21 03:11 . 2013-05-21 03:11 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-21 03:11 . 2013-05-21 03:11 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-21 03:11 . 2013-05-21 03:11 81408 ----a-w- c:\windows\system32\icardie.dll
2013-05-21 03:11 . 2013-05-21 03:11 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-05-21 03:11 . 2013-05-21 03:11 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-05-21 03:11 . 2013-05-21 03:11 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-21 03:11 . 2013-05-21 03:11 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-05-21 03:11 . 2013-05-21 03:11 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-05-21 03:11 . 2013-05-21 03:11 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-05-21 03:11 . 2013-05-21 03:11 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-05-21 03:11 . 2013-05-21 03:11 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-05-21 03:11 . 2013-05-21 03:11 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-05-21 03:11 . 2013-05-21 03:11 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-05-21 03:11 . 2013-05-21 03:11 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-05-21 03:11 . 2013-05-21 03:11 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-21 03:11 . 2013-05-21 03:11 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-05-21 03:11 . 2013-05-21 03:11 441856 ----a-w- c:\windows\system32\html.iec
2013-05-21 03:11 . 2013-05-21 03:11 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-05-21 03:11 . 2013-05-21 03:11 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-05-21 03:11 . 2013-05-21 03:11 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-05-21 03:11 . 2013-05-21 03:11 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-21 03:11 . 2013-05-21 03:11 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-05-21 03:11 . 2013-05-21 03:11 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-05-21 03:11 . 2013-05-21 03:11 235008 ----a-w- c:\windows\system32\url.dll
2013-05-21 03:11 . 2013-05-21 03:11 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-05-21 03:11 . 2013-05-21 03:11 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-05-21 03:11 . 2013-05-21 03:11 216064 ----a-w- c:\windows\system32\msls31.dll
2013-05-21 03:11 . 2013-05-21 03:11 197120 ----a-w- c:\windows\system32\msrating.dll
2013-05-21 03:11 . 2013-05-21 03:11 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-05-21 03:11 . 2013-05-21 03:11 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-21 03:11 . 2013-05-21 03:11 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-05-21 03:11 . 2013-05-21 03:11 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-05-21 03:11 . 2013-05-21 03:11 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-21 03:11 . 2013-05-21 03:11 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-05-21 03:11 . 2013-05-21 03:11 149504 ----a-w- c:\windows\system32\occache.dll
2013-05-21 03:11 . 2013-05-21 03:11 144896 ----a-w- c:\windows\system32\wextract.exe
2013-05-21 03:11 . 2013-05-21 03:11 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-05-21 03:11 . 2013-05-21 03:11 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-05-21 03:11 . 2013-05-21 03:11 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-05-21 03:11 . 2013-05-21 03:11 13824 ----a-w- c:\windows\system32\mshta.exe
2013-05-21 03:11 . 2013-05-21 03:11 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-05-21 03:11 . 2013-05-21 03:11 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-05-21 03:11 . 2013-05-21 03:11 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-21 03:11 . 2013-05-21 03:11 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-05-21 03:11 . 2013-05-21 03:11 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-05-21 03:11 . 2013-05-21 03:11 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-05-21 03:11 . 2013-05-21 03:11 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-21 03:11 . 2013-05-21 03:11 102912 ----a-w- c:\windows\system32\inseng.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"OEM05Mon.exe"="c:\windows\OEM05Mon.exe" [2007-05-09 36864]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2013-03-01 2778424]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"(cleanup)"="c:\programdata\Malwarebytes' Anti-Malware (portable)\cleanup.dll" [2013-08-07 1563448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HD Writer.lnk - c:\program files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe [2012-1-8 292240]
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe /Startup [2010-12-2 5828952]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-7-6 1156968]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2008\QBW32.EXE -silent [2011-7-6 1178984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 ?etadpug;Google Update Service (gupdate);c:\program files (x86)\Google\Desktop\Install\{0b5807d3-4b4a-b89b-62a4-4e723dcea304}\   \...\???\{0b5807d3-4b4a-b89b-62a4-4e723dcea304}\GoogleUpdate.exe <;c:\program files (x86)\Google\Desktop\Install\{0b5807d3-4b4a-b89b-62a4-4e723dcea304}\   \...\???\{0b5807d3-4b4a-b89b-62a4-4e723dcea304}\GoogleUpdate.exe < [x]
R2 0098141376356052mcinstcleanup;McAfee Application Installer Cleanup (0098141376356052);c:\users\Scott\AppData\Local\Temp\009814~1.EXE;c:\users\Scott\AppData\Local\Temp\009814~1.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 QuickBooksDB21;QuickBooksDB21;c:\progra~2\Intuit\QUICKB~1\QBDBMgrN.exe;c:\progra~2\Intuit\QUICKB~1\QBDBMgrN.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys;c:\windows\SYSNATIVE\DRIVERS\s1018bus.sys [x]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdfl.sys [x]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdm.sys [x]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mgmt.sys [x]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s1018nd5.sys [x]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys;c:\windows\SYSNATIVE\DRIVERS\s1018obex.sys [x]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys;c:\windows\SYSNATIVE\DRIVERS\s1018unic.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;c:\windows\system32\Drivers\OEM05Afx.sys;c:\windows\SYSNATIVE\Drivers\OEM05Afx.sys [x]
S3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;c:\windows\system32\DRIVERS\OEM05Vfx.sys;c:\windows\SYSNATIVE\DRIVERS\OEM05Vfx.sys [x]
S3 OEM05Vid;Creative Camera OEM005 Driver;c:\windows\system32\DRIVERS\OEM05Vid.sys;c:\windows\SYSNATIVE\DRIVERS\OEM05Vid.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys;c:\windows\SYSNATIVE\DRIVERS\seehcri.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-12 14:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-03 8158240]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-21 1356240]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe
c:\users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun
SafeBoot-04062731.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{C73A3942-84C8-4597-9F9B-EE227DCBA758} - c:\programdata\{D19C2D22-6043-47E7-B400-83A351841204}\delldock.exe
.
.
Binary file temp00 matches
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-08-17 15:44:13
ComboFix-quarantined-files.txt 2013-08-17 22:44
.
Pre-Run: 475,586,560,000 bytes free
Post-Run: 475,881,287,680 bytes free
.
- - End Of File - - 76C9D349425C8468010D3CDE72BF15E1
CDB4DE4BBD714F152979DA2DCBEF57EB

ScottRT · August 17, 2013

And here is the SecurityCheck log -

=============================

Results of screen317's Security Check version 0.99.72

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 10

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Microsoft Security Essentials

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.75.0.1300

Java 6 Update 35

Java version out of Date!

Adobe Flash Player 11.7.700.224

Adobe Reader 10.1.7 Adobe Reader out of Date!

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

ScottRT · August 17, 2013

TDSSKiller still has a hit - Rootkit.win32.PMax.gen

log below

Should I delete it using TDSSKiller? Guidance above says to skip (cure is not one of the options)

----------------------------------------------------------------

16:12:39.0371 0x1f78 TDSS rootkit removing tool 2.9.2.0 Aug 15 2013 16:44:29

16:12:39.0932 0x1f78 ============================================================

16:12:39.0932 0x1f78 Current date / time: 2013/08/17 16:12:39.0932

16:12:39.0932 0x1f78 SystemInfo:

16:12:39.0932 0x1f78

16:12:39.0932 0x1f78 OS Version: 6.1.7601 ServicePack: 1.0

16:12:39.0932 0x1f78 Product type: Workstation

16:12:39.0932 0x1f78 ComputerName: RIKKI-PC

16:12:39.0933 0x1f78 UserName: CVWS

16:12:39.0933 0x1f78 Windows directory: C:\Windows

16:12:39.0933 0x1f78 System windows directory: C:\Windows

16:12:39.0933 0x1f78 Running under WOW64

16:12:39.0933 0x1f78 Processor architecture: Intel x64

16:12:39.0933 0x1f78 Number of processors: 8

16:12:39.0933 0x1f78 Page size: 0x1000

16:12:39.0933 0x1f78 Boot type: Normal boot

16:12:39.0933 0x1f78 ============================================================

16:12:40.0900 0x1f78 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

16:12:40.0906 0x1f78 ============================================================

16:12:40.0906 0x1f78 \Device\Harddisk0\DR0:

16:12:40.0906 0x1f78 MBR partitions:

16:12:40.0906 0x1f78 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x15C3000

16:12:40.0906 0x1f78 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x15D7000, BlocksNum 0x49280800

16:12:40.0906 0x1f78 ============================================================

16:12:40.0929 0x1f78 C: <-> \Device\Harddisk0\DR0\Partition2

16:12:40.0929 0x1f78 ============================================================

16:12:40.0929 0x1f78 Initialize success

16:12:40.0929 0x1f78 ============================================================

16:12:55.0148 0x0dec ============================================================

16:12:55.0148 0x0dec Scan started

16:12:55.0148 0x0dec Mode: Manual;

16:12:55.0148 0x0dec ============================================================

16:12:55.0567 0x0dec ================ Scan system memory ========================

16:12:55.0567 0x0dec System memory - ok

16:12:55.0568 0x0dec ================ Scan services =============================

16:12:55.0750 0x0dec 0098141376356052mcinstcleanup - ok

16:12:55.0874 0x0dec [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

16:12:55.0876 0x0dec 1394ohci - ok

16:12:55.0925 0x0dec [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

16:12:55.0927 0x0dec ACPI - ok

16:12:55.0964 0x0dec [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

16:12:55.0965 0x0dec AcpiPmi - ok

16:12:56.0085 0x0dec [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

16:12:56.0086 0x0dec AdobeARMservice - ok

16:12:56.0172 0x0dec [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

16:12:56.0174 0x0dec AdobeFlashPlayerUpdateSvc - ok

16:12:56.0216 0x0dec [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

16:12:56.0220 0x0dec adp94xx - ok

16:12:56.0234 0x0dec [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

16:12:56.0237 0x0dec adpahci - ok

16:12:56.0250 0x0dec [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

16:12:56.0252 0x0dec adpu320 - ok

16:12:56.0271 0x0dec [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

16:12:56.0272 0x0dec AeLookupSvc - ok

16:12:56.0327 0x0dec [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

16:12:56.0331 0x0dec AFD - ok

16:12:56.0374 0x0dec [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

16:12:56.0375 0x0dec agp440 - ok

16:12:56.0388 0x0dec [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

16:12:56.0389 0x0dec ALG - ok

16:12:56.0414 0x0dec [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

16:12:56.0414 0x0dec aliide - ok

16:12:56.0423 0x0dec [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

16:12:56.0424 0x0dec amdide - ok

16:12:56.0435 0x0dec [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

16:12:56.0436 0x0dec AmdK8 - ok

16:12:56.0449 0x0dec [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

16:12:56.0450 0x0dec AmdPPM - ok

16:12:56.0467 0x0dec [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

16:12:56.0468 0x0dec amdsata - ok

16:12:56.0485 0x0dec [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

16:12:56.0486 0x0dec amdsbs - ok

16:12:56.0498 0x0dec [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

16:12:56.0498 0x0dec amdxata - ok

16:12:56.0530 0x0dec [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

16:12:56.0531 0x0dec AppID - ok

16:12:56.0548 0x0dec [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

16:12:56.0549 0x0dec AppIDSvc - ok

16:12:56.0580 0x0dec [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll

16:12:56.0581 0x0dec Appinfo - ok

16:12:56.0606 0x0dec [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

16:12:56.0607 0x0dec arc - ok

16:12:56.0628 0x0dec [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

16:12:56.0629 0x0dec arcsas - ok

16:12:56.0655 0x0dec [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

16:12:56.0655 0x0dec AsyncMac - ok

16:12:56.0664 0x0dec [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

16:12:56.0665 0x0dec atapi - ok

16:12:56.0708 0x0dec [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

16:12:56.0713 0x0dec AudioEndpointBuilder - ok

16:12:56.0724 0x0dec [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

16:12:56.0728 0x0dec AudioSrv - ok

16:12:56.0763 0x0dec [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

16:12:56.0764 0x0dec AxInstSV - ok

16:12:56.0785 0x0dec [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

16:12:56.0788 0x0dec b06bdrv - ok

16:12:56.0806 0x0dec [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

16:12:56.0808 0x0dec b57nd60a - ok

16:12:56.0842 0x0dec [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

16:12:56.0843 0x0dec BDESVC - ok

16:12:56.0849 0x0dec [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

16:12:56.0850 0x0dec Beep - ok

16:12:56.0900 0x0dec [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

16:12:56.0905 0x0dec BFE - ok

16:12:56.0942 0x0dec [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll

16:12:56.0949 0x0dec BITS - ok

16:12:56.0966 0x0dec [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

16:12:56.0967 0x0dec blbdrive - ok

16:12:57.0007 0x0dec [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

16:12:57.0008 0x0dec bowser - ok

16:12:57.0012 0x0dec [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

16:12:57.0012 0x0dec BrFiltLo - ok

16:12:57.0021 0x0dec [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

16:12:57.0022 0x0dec BrFiltUp - ok

16:12:57.0036 0x0dec [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

16:12:57.0037 0x0dec BridgeMP - ok

16:12:57.0073 0x0dec [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

16:12:57.0075 0x0dec Browser - ok

16:12:57.0091 0x0dec [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

16:12:57.0093 0x0dec Brserid - ok

16:12:57.0102 0x0dec [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

16:12:57.0102 0x0dec BrSerWdm - ok

16:12:57.0111 0x0dec [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

16:12:57.0112 0x0dec BrUsbMdm - ok

16:12:57.0116 0x0dec [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

16:12:57.0116 0x0dec BrUsbSer - ok

16:12:57.0136 0x0dec [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

16:12:57.0137 0x0dec BTHMODEM - ok

16:12:57.0153 0x0dec [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

16:12:57.0154 0x0dec bthserv - ok

16:12:57.0172 0x0dec catchme - ok

16:12:57.0183 0x0dec [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

16:12:57.0184 0x0dec cdfs - ok

16:12:57.0222 0x0dec [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

16:12:57.0224 0x0dec cdrom - ok

16:12:57.0263 0x0dec [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

16:12:57.0264 0x0dec CertPropSvc - ok

16:12:57.0286 0x0dec [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

16:12:57.0286 0x0dec circlass - ok

16:12:57.0306 0x0dec [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

16:12:57.0309 0x0dec CLFS - ok

16:12:57.0349 0x0dec [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

16:12:57.0350 0x0dec clr_optimization_v2.0.50727_32 - ok

16:12:57.0380 0x0dec [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

16:12:57.0381 0x0dec clr_optimization_v2.0.50727_64 - ok

16:12:57.0456 0x0dec [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

16:12:57.0457 0x0dec clr_optimization_v4.0.30319_32 - ok

16:12:57.0496 0x0dec [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

16:12:57.0498 0x0dec clr_optimization_v4.0.30319_64 - ok

16:12:57.0529 0x0dec [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

16:12:57.0530 0x0dec CmBatt - ok

16:12:57.0543 0x0dec [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

16:12:57.0544 0x0dec cmdide - ok

16:12:57.0582 0x0dec [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys

16:12:57.0585 0x0dec CNG - ok

16:12:57.0589 0x0dec [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

16:12:57.0590 0x0dec Compbatt - ok

16:12:57.0645 0x0dec [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

16:12:57.0645 0x0dec CompositeBus - ok

16:12:57.0655 0x0dec COMSysApp - ok

16:12:57.0666 0x0dec [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

16:12:57.0667 0x0dec crcdisk - ok

16:12:57.0699 0x0dec [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc C:\Windows\system32\cryptsvc.dll

16:12:57.0735 0x0dec CryptSvc - ok

16:12:57.0771 0x0dec [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

16:12:57.0776 0x0dec DcomLaunch - ok

16:12:57.0796 0x0dec [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

16:12:57.0798 0x0dec defragsvc - ok

16:12:57.0828 0x0dec [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

16:12:57.0829 0x0dec DfsC - ok

16:12:57.0858 0x0dec [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

16:12:57.0861 0x0dec Dhcp - ok

16:12:57.0883 0x0dec [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

16:12:57.0884 0x0dec discache - ok

16:12:57.0911 0x0dec [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

16:12:57.0912 0x0dec Disk - ok

16:12:57.0944 0x0dec [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

16:12:57.0946 0x0dec Dnscache - ok

16:12:57.0982 0x0dec [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

16:12:57.0984 0x0dec dot3svc - ok

16:12:58.0020 0x0dec [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

16:12:58.0021 0x0dec DPS - ok

16:12:58.0068 0x0dec [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

16:12:58.0068 0x0dec drmkaud - ok

16:12:58.0118 0x0dec [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

16:12:58.0125 0x0dec DXGKrnl - ok

16:12:58.0147 0x0dec [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

16:12:58.0149 0x0dec EapHost - ok

16:12:58.0213 0x0dec [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

16:12:58.0235 0x0dec ebdrv - ok

16:12:58.0271 0x0dec [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

16:12:58.0272 0x0dec EFS - ok

16:12:58.0330 0x0dec [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

16:12:58.0335 0x0dec ehRecvr - ok

16:12:58.0356 0x0dec [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

16:12:58.0358 0x0dec ehSched - ok

16:12:58.0386 0x0dec [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

16:12:58.0390 0x0dec elxstor - ok

16:12:58.0422 0x0dec [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

16:12:58.0423 0x0dec ErrDev - ok

16:12:58.0446 0x0dec [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

16:12:58.0450 0x0dec EventSystem - ok

16:12:58.0470 0x0dec [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

16:12:58.0472 0x0dec exfat - ok

16:12:58.0485 0x0dec [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

16:12:58.0487 0x0dec fastfat - ok

16:12:58.0536 0x0dec [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

16:12:58.0541 0x0dec Fax - ok

16:12:58.0549 0x0dec [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

16:12:58.0550 0x0dec fdc - ok

16:12:58.0577 0x0dec [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

16:12:58.0578 0x0dec fdPHost - ok

16:12:58.0585 0x0dec [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

16:12:58.0586 0x0dec FDResPub - ok

16:12:58.0609 0x0dec [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

16:12:58.0610 0x0dec FileInfo - ok

16:12:58.0624 0x0dec [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

16:12:58.0624 0x0dec Filetrace - ok

16:12:58.0635 0x0dec [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

16:12:58.0636 0x0dec flpydisk - ok

16:12:58.0648 0x0dec [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

16:12:58.0650 0x0dec FltMgr - ok

16:12:58.0706 0x0dec [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll

16:12:58.0716 0x0dec FontCache - ok

16:12:58.0758 0x0dec [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

16:12:58.0759 0x0dec FontCache3.0.0.0 - ok

16:12:58.0769 0x0dec [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

16:12:58.0770 0x0dec FsDepends - ok

16:12:58.0818 0x0dec [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys

16:12:58.0819 0x0dec fssfltr - ok

16:12:58.0903 0x0dec [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

16:12:58.0916 0x0dec fsssvc - ok

16:12:58.0947 0x0dec [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

16:12:58.0948 0x0dec Fs_Rec - ok

16:12:58.0981 0x0dec [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

16:12:58.0982 0x0dec fvevol - ok

16:12:59.0021 0x0dec [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

16:12:59.0022 0x0dec gagp30kx - ok

16:12:59.0070 0x0dec [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

16:12:59.0070 0x0dec GEARAspiWDM - ok

16:12:59.0117 0x0dec [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe

16:12:59.0118 0x0dec GoToAssist - ok

16:12:59.0173 0x0dec [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

16:12:59.0179 0x0dec gpsvc - ok

16:12:59.0190 0x0dec [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

16:12:59.0191 0x0dec hcw85cir - ok

16:12:59.0209 0x0dec [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

16:12:59.0211 0x0dec HDAudBus - ok

16:12:59.0222 0x0dec [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

16:12:59.0222 0x0dec HidBatt - ok

16:12:59.0234 0x0dec [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

16:12:59.0235 0x0dec HidBth - ok

16:12:59.0282 0x0dec [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

16:12:59.0283 0x0dec HidIr - ok

16:12:59.0306 0x0dec [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll

16:12:59.0307 0x0dec hidserv - ok

16:12:59.0340 0x0dec [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

16:12:59.0341 0x0dec HidUsb - ok

16:12:59.0373 0x0dec [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

16:12:59.0374 0x0dec hkmsvc - ok

16:12:59.0406 0x0dec [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

16:12:59.0408 0x0dec HomeGroupListener - ok

16:12:59.0446 0x0dec [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

16:12:59.0449 0x0dec HomeGroupProvider - ok

16:12:59.0472 0x0dec [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

16:12:59.0473 0x0dec HpSAMD - ok

16:12:59.0514 0x0dec [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

16:12:59.0519 0x0dec HTTP - ok

16:12:59.0530 0x0dec [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

16:12:59.0531 0x0dec hwpolicy - ok

16:12:59.0559 0x0dec [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

16:12:59.0560 0x0dec i8042prt - ok

16:12:59.0625 0x0dec [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

16:12:59.0628 0x0dec IAANTMON - ok

16:12:59.0655 0x0dec [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

16:12:59.0657 0x0dec iaStor - ok

16:12:59.0707 0x0dec [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

16:12:59.0710 0x0dec iaStorV - ok

16:12:59.0754 0x0dec [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

16:12:59.0760 0x0dec idsvc - ok

16:12:59.0785 0x0dec [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

16:12:59.0786 0x0dec iirsp - ok

16:12:59.0839 0x0dec [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

16:12:59.0845 0x0dec IKEEXT - ok

16:12:59.0898 0x0dec [ 2A7CF87BE453241FE0BAA1C8651E7AA4 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

16:12:59.0911 0x0dec IntcAzAudAddService - ok

16:12:59.0927 0x0dec [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

16:12:59.0928 0x0dec intelide - ok

16:12:59.0950 0x0dec [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

16:12:59.0950 0x0dec intelppm - ok

16:12:59.0977 0x0dec [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

16:12:59.0978 0x0dec IPBusEnum - ok

16:13:00.0019 0x0dec [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

16:13:00.0020 0x0dec IpFilterDriver - ok

16:13:00.0085 0x0dec [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

16:13:00.0089 0x0dec iphlpsvc - ok

16:13:00.0134 0x0dec [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

16:13:00.0135 0x0dec IPMIDRV - ok

16:13:00.0150 0x0dec [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

16:13:00.0152 0x0dec IPNAT - ok

16:13:00.0171 0x0dec [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

16:13:00.0172 0x0dec IRENUM - ok

16:13:00.0206 0x0dec [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

16:13:00.0207 0x0dec isapnp - ok

16:13:00.0225 0x0dec [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

16:13:00.0227 0x0dec iScsiPrt - ok

16:13:00.0247 0x0dec [ 71235F7BAA7E5E79D38157DF7A0F806A ] JRAID C:\Windows\system32\DRIVERS\jraid.sys

16:13:00.0248 0x0dec JRAID - ok

16:13:00.0270 0x0dec [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys

16:13:00.0271 0x0dec kbdclass - ok

16:13:00.0297 0x0dec [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

16:13:00.0298 0x0dec kbdhid - ok

16:13:00.0311 0x0dec [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

16:13:00.0312 0x0dec KeyIso - ok

16:13:00.0348 0x0dec [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

16:13:00.0349 0x0dec KSecDD - ok

16:13:00.0383 0x0dec [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

16:13:00.0384 0x0dec KSecPkg - ok

16:13:00.0396 0x0dec [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

16:13:00.0397 0x0dec ksthunk - ok

16:13:00.0435 0x0dec [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

16:13:00.0438 0x0dec KtmRm - ok

16:13:00.0482 0x0dec [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll

16:13:00.0485 0x0dec LanmanServer - ok

16:13:00.0516 0x0dec [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

16:13:00.0518 0x0dec LanmanWorkstation - ok

16:13:00.0551 0x0dec [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

16:13:00.0552 0x0dec lltdio - ok

16:13:00.0581 0x0dec [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

16:13:00.0584 0x0dec lltdsvc - ok

16:13:00.0607 0x0dec [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

16:13:00.0608 0x0dec lmhosts - ok

16:13:00.0636 0x0dec [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

16:13:00.0637 0x0dec LSI_FC - ok

16:13:00.0641 0x0dec [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

16:13:00.0642 0x0dec LSI_SAS - ok

16:13:00.0651 0x0dec [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

16:13:00.0652 0x0dec LSI_SAS2 - ok

16:13:00.0663 0x0dec [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

16:13:00.0664 0x0dec LSI_SCSI - ok

16:13:00.0674 0x0dec [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

16:13:00.0675 0x0dec luafv - ok

16:13:00.0714 0x0dec [ 31C6AFFFAD7C733A65F888929548BC22 ] mbamchameleon C:\Windows\system32\drivers\mbamchameleon.sys

16:13:00.0716 0x0dec mbamchameleon - ok

16:13:00.0769 0x0dec [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

16:13:00.0770 0x0dec MBAMProtector - ok

16:13:00.0853 0x0dec [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

16:13:00.0856 0x0dec MBAMScheduler - ok

16:13:00.0899 0x0dec [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

16:13:00.0904 0x0dec MBAMService - ok

16:13:00.0933 0x0dec [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

16:13:00.0935 0x0dec Mcx2Svc - ok

16:13:00.0944 0x0dec [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

16:13:00.0945 0x0dec megasas - ok

16:13:00.0973 0x0dec [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

16:13:00.0975 0x0dec MegaSR - ok

16:13:00.0999 0x0dec [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

16:13:01.0000 0x0dec MMCSS - ok

16:13:01.0014 0x0dec [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

16:13:01.0015 0x0dec Modem - ok

16:13:01.0048 0x0dec [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

16:13:01.0048 0x0dec monitor - ok

16:13:01.0080 0x0dec [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

16:13:01.0081 0x0dec mouclass - ok

16:13:01.0098 0x0dec [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

16:13:01.0099 0x0dec mouhid - ok

16:13:01.0143 0x0dec [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

16:13:01.0144 0x0dec mountmgr - ok

16:13:01.0197 0x0dec [ FC1D590039EF06A381768710E6C07E75 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys

16:13:01.0199 0x0dec MpFilter - ok

16:13:01.0237 0x0dec [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

16:13:01.0239 0x0dec mpio - ok

16:13:01.0252 0x0dec [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

16:13:01.0252 0x0dec mpsdrv - ok

16:13:01.0293 0x0dec [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

16:13:01.0299 0x0dec MpsSvc - ok

16:13:01.0333 0x0dec [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

16:13:01.0335 0x0dec MRxDAV - ok

16:13:01.0367 0x0dec [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

16:13:01.0369 0x0dec mrxsmb - ok

16:13:01.0401 0x0dec [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

16:13:01.0403 0x0dec mrxsmb10 - ok

16:13:01.0414 0x0dec [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

16:13:01.0415 0x0dec mrxsmb20 - ok

16:13:01.0425 0x0dec [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

16:13:01.0425 0x0dec msahci - ok

16:13:01.0439 0x0dec [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

16:13:01.0440 0x0dec msdsm - ok

16:13:01.0455 0x0dec [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

16:13:01.0457 0x0dec MSDTC - ok

16:13:01.0488 0x0dec [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

16:13:01.0488 0x0dec Msfs - ok

16:13:01.0506 0x0dec [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

16:13:01.0507 0x0dec mshidkmdf - ok

16:13:01.0541 0x0dec [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

16:13:01.0542 0x0dec msisadrv - ok

16:13:01.0563 0x0dec [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

16:13:01.0565 0x0dec MSiSCSI - ok

16:13:01.0569 0x0dec msiserver - ok

16:13:01.0591 0x0dec [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

16:13:01.0592 0x0dec MSKSSRV - ok

16:13:01.0685 0x0dec [ 66238063B53E51ADDA16764BAB9A3F7C ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe

16:13:01.0685 0x0dec MsMpSvc - ok

16:13:01.0697 0x0dec [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

16:13:01.0697 0x0dec MSPCLOCK - ok

16:13:01.0701 0x0dec [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

16:13:01.0701 0x0dec MSPQM - ok

16:13:01.0742 0x0dec [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

16:13:01.0744 0x0dec MsRPC - ok

16:13:01.0750 0x0dec [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

16:13:01.0751 0x0dec mssmbios - ok

16:13:01.0759 0x0dec [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

16:13:01.0759 0x0dec MSTEE - ok

16:13:01.0765 0x0dec [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

16:13:01.0766 0x0dec MTConfig - ok

16:13:01.0774 0x0dec [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

16:13:01.0775 0x0dec Mup - ok

16:13:01.0796 0x0dec [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

16:13:01.0800 0x0dec napagent - ok

16:13:01.0842 0x0dec [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

16:13:01.0845 0x0dec NativeWifiP - ok

16:13:01.0905 0x0dec [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

16:13:01.0911 0x0dec NDIS - ok

16:13:01.0916 0x0dec [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

16:13:01.0916 0x0dec NdisCap - ok

16:13:01.0949 0x0dec [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

16:13:01.0950 0x0dec NdisTapi - ok

16:13:01.0976 0x0dec [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

16:13:01.0977 0x0dec Ndisuio - ok

16:13:02.0009 0x0dec [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

16:13:02.0011 0x0dec NdisWan - ok

16:13:02.0055 0x0dec [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

16:13:02.0056 0x0dec NDProxy - ok

16:13:02.0078 0x0dec [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

16:13:02.0078 0x0dec NetBIOS - ok

16:13:02.0117 0x0dec [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

16:13:02.0119 0x0dec NetBT - ok

16:13:02.0160 0x0dec [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

16:13:02.0161 0x0dec Netlogon - ok

16:13:02.0186 0x0dec [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

16:13:02.0190 0x0dec Netman - ok

16:13:02.0212 0x0dec [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

16:13:02.0216 0x0dec netprofm - ok

16:13:02.0244 0x0dec [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

16:13:02.0246 0x0dec NetTcpPortSharing - ok

16:13:02.0258 0x0dec [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

16:13:02.0259 0x0dec nfrd960 - ok

16:13:02.0289 0x0dec [ 8FB3C853E886E1E4D57271672486111C ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys

16:13:02.0290 0x0dec NisDrv - ok

16:13:02.0327 0x0dec [ 869A808253726EA11939EC4FE76346A4 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe

16:13:02.0329 0x0dec NisSrv - ok

16:13:02.0369 0x0dec [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll

16:13:02.0373 0x0dec NlaSvc - ok

16:13:02.0382 0x0dec [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

16:13:02.0383 0x0dec Npfs - ok

16:13:02.0408 0x0dec [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

16:13:02.0409 0x0dec nsi - ok

16:13:02.0419 0x0dec [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

16:13:02.0419 0x0dec nsiproxy - ok

16:13:02.0476 0x0dec [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

16:13:02.0490 0x0dec Ntfs - ok

16:13:02.0505 0x0dec [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

16:13:02.0505 0x0dec Null - ok

16:13:02.0529 0x0dec [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys

16:13:02.0531 0x0dec NVHDA - ok

16:13:02.0708 0x0dec [ A5D0603CAE6C334B1386204D94393C04 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

16:13:02.0752 0x0dec nvlddmkm - ok

16:13:02.0767 0x0dec [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

16:13:02.0768 0x0dec nvraid - ok

16:13:02.0799 0x0dec [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

16:13:02.0800 0x0dec nvstor - ok

16:13:02.0829 0x0dec [ 268D382FCC6A8A568AAB7C6DC8C71BB3 ] nvsvc C:\Windows\system32\nvvsvc.exe

16:13:02.0833 0x0dec nvsvc - ok

16:13:02.0859 0x0dec [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

16:13:02.0860 0x0dec nv_agp - ok

16:13:02.0892 0x0dec [ E52479B03A57DC3D4BABD9C5536C94D6 ] OEM05Afx C:\Windows\system32\Drivers\OEM05Afx.sys

16:13:02.0894 0x0dec OEM05Afx - ok

16:13:02.0909 0x0dec [ 766F689564BC30E5A91F8621CE65AD68 ] OEM05Vfx C:\Windows\system32\DRIVERS\OEM05Vfx.sys

16:13:02.0909 0x0dec OEM05Vfx - ok

16:13:02.0928 0x0dec [ 859F850A4FD021A66493D18CBA847792 ] OEM05Vid C:\Windows\system32\DRIVERS\OEM05Vid.sys

16:13:02.0930 0x0dec OEM05Vid - ok

16:13:02.0946 0x0dec [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

16:13:02.0947 0x0dec ohci1394 - ok

16:13:02.0988 0x0dec [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

16:13:02.0989 0x0dec ose - ok

16:13:03.0120 0x0dec [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

16:13:03.0158 0x0dec osppsvc - ok

16:13:03.0198 0x0dec [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

16:13:03.0202 0x0dec p2pimsvc - ok

16:13:03.0218 0x0dec [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

16:13:03.0223 0x0dec p2psvc - ok

16:13:03.0245 0x0dec [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

16:13:03.0246 0x0dec Parport - ok

16:13:03.0282 0x0dec [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

16:13:03.0283 0x0dec partmgr - ok

16:13:03.0319 0x0dec [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

16:13:03.0320 0x0dec pci - ok

16:13:03.0345 0x0dec [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

16:13:03.0346 0x0dec pciide - ok

16:13:03.0362 0x0dec [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

16:13:03.0364 0x0dec pcmcia - ok

16:13:03.0375 0x0dec [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

16:13:03.0376 0x0dec pcw - ok

16:13:03.0396 0x0dec [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

16:13:03.0401 0x0dec PEAUTH - ok

16:13:03.0495 0x0dec [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

16:13:03.0496 0x0dec PerfHost - ok

16:13:03.0554 0x0dec [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

16:13:03.0566 0x0dec pla - ok

16:13:03.0613 0x0dec [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

16:13:03.0617 0x0dec PlugPlay - ok

16:13:03.0634 0x0dec [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

16:13:03.0636 0x0dec PNRPAutoReg - ok

16:13:03.0671 0x0dec [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

16:13:03.0674 0x0dec PNRPsvc - ok

16:13:03.0694 0x0dec [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

16:13:03.0698 0x0dec PolicyAgent - ok

16:13:03.0731 0x0dec [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

16:13:03.0734 0x0dec Power - ok

16:13:03.0781 0x0dec [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

16:13:03.0782 0x0dec PptpMiniport - ok

16:13:03.0796 0x0dec [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

16:13:03.0797 0x0dec Processor - ok

16:13:03.0827 0x0dec [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

16:13:03.0830 0x0dec ProfSvc - ok

16:13:03.0844 0x0dec [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

16:13:03.0845 0x0dec ProtectedStorage - ok

16:13:03.0876 0x0dec [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

16:13:03.0877 0x0dec Psched - ok

16:13:03.0906 0x0dec [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys

16:13:03.0907 0x0dec PxHlpa64 - ok

16:13:03.0970 0x0dec [ C6DF3FF18D6ACB913C78C865DDED17D3 ] QBCFMonitorService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

16:13:03.0984 0x0dec QBCFMonitorService - ok

16:13:04.0041 0x0dec [ 6BEE1814470DC12FA20C53DFC3C97EBB ] QBFCService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

16:13:04.0042 0x0dec QBFCService - ok

16:13:04.0141 0x0dec [ 78AFB70DBE365BD6140E6740792AC3EA ] QBVSS C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe

16:13:04.0210 0x0dec QBVSS - ok

16:13:04.0262 0x0dec [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

16:13:04.0274 0x0dec ql2300 - ok

16:13:04.0284 0x0dec [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

16:13:04.0284 0x0dec ql40xx - ok

16:13:04.0320 0x0dec QuickBooksDB21 - ok

16:13:04.0348 0x0dec [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

16:13:04.0352 0x0dec QWAVE - ok

16:13:04.0364 0x0dec [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

16:13:04.0365 0x0dec QWAVEdrv - ok

16:13:04.0412 0x0dec [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll

16:13:04.0414 0x0dec RapiMgr - ok

16:13:04.0428 0x0dec [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

16:13:04.0429 0x0dec RasAcd - ok

16:13:04.0461 0x0dec [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

16:13:04.0462 0x0dec RasAgileVpn - ok

16:13:04.0490 0x0dec [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

16:13:04.0493 0x0dec RasAuto - ok

16:13:04.0526 0x0dec [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

16:13:04.0527 0x0dec Rasl2tp - ok

16:13:04.0543 0x0dec [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

16:13:04.0547 0x0dec RasMan - ok

16:13:04.0563 0x0dec [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

16:13:04.0564 0x0dec RasPppoe - ok

16:13:04.0571 0x0dec [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

16:13:04.0572 0x0dec RasSstp - ok

16:13:04.0607 0x0dec [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

16:13:04.0609 0x0dec rdbss - ok

16:13:04.0623 0x0dec [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

16:13:04.0624 0x0dec rdpbus - ok

16:13:04.0640 0x0dec [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

16:13:04.0641 0x0dec RDPCDD - ok

16:13:04.0663 0x0dec [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

16:13:04.0664 0x0dec RDPENCDD - ok

16:13:04.0673 0x0dec [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

16:13:04.0674 0x0dec RDPREFMP - ok

16:13:04.0724 0x0dec [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys

16:13:04.0725 0x0dec RdpVideoMiniport - ok

16:13:04.0758 0x0dec [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

16:13:04.0760 0x0dec RDPWD - ok

16:13:04.0804 0x0dec [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

16:13:04.0806 0x0dec rdyboost - ok

16:13:04.0827 0x0dec [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

16:13:04.0829 0x0dec RemoteAccess - ok

16:13:04.0866 0x0dec [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

16:13:04.0869 0x0dec RemoteRegistry - ok

16:13:04.0967 0x0dec [ 05FC44D32A144925EAE45570029FD6E1 ] RoxMediaDB10 c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

16:13:04.0975 0x0dec RoxMediaDB10 - ok

16:13:04.0985 0x0dec [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

16:13:04.0987 0x0dec RpcEptMapper - ok

16:13:04.0996 0x0dec [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

16:13:04.0997 0x0dec RpcLocator - ok

16:13:05.0036 0x0dec [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

16:13:05.0041 0x0dec RpcSs - ok

16:13:05.0068 0x0dec [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

16:13:05.0069 0x0dec rspndr - ok

16:13:05.0091 0x0dec [ 2DB8116D52B19216812C4E6D5D837810 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys

16:13:05.0092 0x0dec RSUSBSTOR - ok

16:13:05.0124 0x0dec [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

16:13:05.0126 0x0dec RTL8167 - ok

16:13:05.0130 0x0dec RxFilter - ok

16:13:05.0159 0x0dec [ 0EECD4B43EB917BD08BBE1738D7ECB11 ] s1018bus C:\Windows\system32\DRIVERS\s1018bus.sys

16:13:05.0161 0x0dec s1018bus - ok

16:13:05.0181 0x0dec [ 6F892723F1F694430F86E5FA01763C8A ] s1018mdfl C:\Windows\system32\DRIVERS\s1018mdfl.sys

16:13:05.0181 0x0dec s1018mdfl - ok

16:13:05.0196 0x0dec [ F7CFC8AC6F7F5F34721E6D10098C7AA3 ] s1018mdm C:\Windows\system32\DRIVERS\s1018mdm.sys

16:13:05.0197 0x0dec s1018mdm - ok

16:13:05.0210 0x0dec [ 455F361D8D605F059C83AB1016AD0E00 ] s1018mgmt C:\Windows\system32\DRIVERS\s1018mgmt.sys

16:13:05.0211 0x0dec s1018mgmt - ok

16:13:05.0221 0x0dec [ 3F69CA63B7157885ABBE8F4D559AEC8A ] s1018nd5 C:\Windows\system32\DRIVERS\s1018nd5.sys

16:13:05.0221 0x0dec s1018nd5 - ok

16:13:05.0234 0x0dec [ FD370AF1C196E2B339EA32819BEC1B9A ] s1018obex C:\Windows\system32\DRIVERS\s1018obex.sys

16:13:05.0236 0x0dec s1018obex - ok

16:13:05.0255 0x0dec [ 0A46DA0B8B162AF0EFB33BEA11A6EF3A ] s1018unic C:\Windows\system32\DRIVERS\s1018unic.sys

16:13:05.0257 0x0dec s1018unic - ok

16:13:05.0270 0x0dec [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

16:13:05.0271 0x0dec SamSs - ok

16:13:05.0309 0x0dec [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

16:13:05.0310 0x0dec sbp2port - ok

16:13:05.0331 0x0dec [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

16:13:05.0333 0x0dec SCardSvr - ok

16:13:05.0358 0x0dec [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

16:13:05.0359 0x0dec scfilter - ok

16:13:05.0415 0x0dec [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

16:13:05.0425 0x0dec Schedule - ok

16:13:05.0456 0x0dec [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

16:13:05.0457 0x0dec SCPolicySvc - ok

16:13:05.0488 0x0dec [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

16:13:05.0490 0x0dec SDRSVC - ok

16:13:05.0514 0x0dec [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

16:13:05.0515 0x0dec secdrv - ok

16:13:05.0524 0x0dec [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

16:13:05.0526 0x0dec seclogon - ok

16:13:05.0547 0x0dec [ EDE7A1D2715AAC2190D51DC07AFD44E3 ] seehcri C:\Windows\system32\DRIVERS\seehcri.sys

16:13:05.0548 0x0dec seehcri - ok

16:13:05.0573 0x0dec [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll

16:13:05.0575 0x0dec SENS - ok

16:13:05.0583 0x0dec [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

16:13:05.0585 0x0dec SensrSvc - ok

16:13:05.0613 0x0dec [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

16:13:05.0614 0x0dec Serenum - ok

16:13:05.0625 0x0dec [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

16:13:05.0626 0x0dec Serial - ok

16:13:05.0659 0x0dec [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

16:13:05.0659 0x0dec sermouse - ok

16:13:05.0700 0x0dec [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

16:13:05.0703 0x0dec SessionEnv - ok

16:13:05.0735 0x0dec SessionLauncher - ok

16:13:05.0747 0x0dec [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

16:13:05.0747 0x0dec sffdisk - ok

16:13:05.0754 0x0dec [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

16:13:05.0754 0x0dec sffp_mmc - ok

16:13:05.0764 0x0dec [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

16:13:05.0764 0x0dec sffp_sd - ok

16:13:05.0773 0x0dec [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

16:13:05.0774 0x0dec sfloppy - ok

16:13:05.0848 0x0dec [ 74EC60E20516AAA573BE74F31175270F ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

16:13:05.0860 0x0dec SftService - ok

16:13:05.0894 0x0dec [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

16:13:05.0898 0x0dec SharedAccess - ok

16:13:05.0933 0x0dec [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

16:13:05.0937 0x0dec ShellHWDetection - ok

16:13:05.0957 0x0dec [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

16:13:05.0958 0x0dec SiSRaid2 - ok

16:13:05.0965 0x0dec [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

16:13:05.0966 0x0dec SiSRaid4 - ok

16:13:05.0976 0x0dec [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

16:13:05.0977 0x0dec Smb - ok

16:13:06.0014 0x0dec [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

16:13:06.0015 0x0dec SNMPTRAP - ok

16:13:06.0027 0x0dec [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

16:13:06.0028 0x0dec spldr - ok

16:13:06.0066 0x0dec [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

16:13:06.0072 0x0dec Spooler - ok

16:13:06.0151 0x0dec [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

16:13:06.0178 0x0dec sppsvc - ok

16:13:06.0191 0x0dec [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

16:13:06.0193 0x0dec sppuinotify - ok

16:13:06.0228 0x0dec [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

16:13:06.0231 0x0dec srv - ok

16:13:06.0247 0x0dec [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

16:13:06.0250 0x0dec srv2 - ok

16:13:06.0260 0x0dec [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

16:13:06.0261 0x0dec srvnet - ok

16:13:06.0292 0x0dec [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

16:13:06.0295 0x0dec SSDPSRV - ok

16:13:06.0310 0x0dec [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

16:13:06.0312 0x0dec SstpSvc - ok

16:13:06.0346 0x0dec StarOpen - ok

16:13:06.0361 0x0dec [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

16:13:06.0362 0x0dec stexstor - ok

16:13:06.0409 0x0dec [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

16:13:06.0415 0x0dec stisvc - ok

16:13:06.0450 0x0dec [ FF5EB78AF7DFB68C2FB363537AAF753E ] stllssvr c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

16:13:06.0477 0x0dec stllssvr - ok

16:13:06.0508 0x0dec [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

16:13:06.0509 0x0dec swenum - ok

16:13:06.0525 0x0dec [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

16:13:06.0530 0x0dec swprv - ok

16:13:06.0587 0x0dec [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

16:13:06.0603 0x0dec SysMain - ok

16:13:06.0639 0x0dec [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

16:13:06.0641 0x0dec TabletInputService - ok

16:13:06.0655 0x0dec [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

16:13:06.0659 0x0dec TapiSrv - ok

16:13:06.0687 0x0dec [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

16:13:06.0689 0x0dec TBS - ok

16:13:06.0733 0x0dec [ DB74544B75566C974815E79A62433F29 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

16:13:06.0749 0x0dec Tcpip - ok

16:13:06.0785 0x0dec [ DB74544B75566C974815E79A62433F29 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

16:13:06.0795 0x0dec TCPIP6 - ok

16:13:06.0827 0x0dec [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

16:13:06.0828 0x0dec tcpipreg - ok

16:13:06.0857 0x0dec [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

16:13:06.0858 0x0dec TDPIPE - ok

16:13:06.0887 0x0dec [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

16:13:06.0888 0x0dec TDTCP - ok

16:13:06.0921 0x0dec [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

16:13:06.0922 0x0dec tdx - ok

16:13:06.0958 0x0dec [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

16:13:06.0959 0x0dec TermDD - ok

16:13:07.0004 0x0dec [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

16:13:07.0010 0x0dec TermService - ok

16:13:07.0066 0x0dec [ 48D9D00C2E0E72C3D4F52772C80355F6 ] TFsExDisk C:\Windows\System32\Drivers\TFsExDisk.sys

16:13:07.0077 0x0dec TFsExDisk - ok

16:13:07.0092 0x0dec [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

16:13:07.0094 0x0dec Themes - ok

16:13:07.0119 0x0dec [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

16:13:07.0120 0x0dec THREADORDER - ok

16:13:07.0131 0x0dec [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

16:13:07.0134 0x0dec TrkWks - ok

16:13:07.0177 0x0dec [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

16:13:07.0179 0x0dec TrustedInstaller - ok

16:13:07.0201 0x0dec [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

16:13:07.0211 0x0dec tssecsrv - ok

16:13:07.0241 0x0dec [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

16:13:07.0242 0x0dec TsUsbFlt - ok

16:13:07.0291 0x0dec [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

16:13:07.0292 0x0dec tunnel - ok

16:13:07.0318 0x0dec [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

16:13:07.0319 0x0dec uagp35 - ok

16:13:07.0353 0x0dec [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

16:13:07.0355 0x0dec udfs - ok

16:13:07.0382 0x0dec [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

16:13:07.0384 0x0dec UI0Detect - ok

16:13:07.0415 0x0dec [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

16:13:07.0416 0x0dec uliagpkx - ok

16:13:07.0457 0x0dec [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys

16:13:07.0458 0x0dec umbus - ok

16:13:07.0484 0x0dec [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

16:13:07.0484 0x0dec UmPass - ok

16:13:07.0500 0x0dec [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

16:13:07.0504 0x0dec upnphost - ok

16:13:07.0526 0x0dec [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

16:13:07.0527 0x0dec USBAAPL64 - ok

16:13:07.0549 0x0dec [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

16:13:07.0551 0x0dec usbaudio - ok

16:13:07.0581 0x0dec [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

16:13:07.0582 0x0dec usbccgp - ok

16:13:07.0608 0x0dec [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

16:13:07.0609 0x0dec usbcir - ok

16:13:07.0626 0x0dec [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

16:13:07.0626 0x0dec usbehci - ok

16:13:07.0666 0x0dec [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

16:13:07.0669 0x0dec usbhub - ok

16:13:07.0681 0x0dec [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

16:13:07.0682 0x0dec usbohci - ok

16:13:07.0701 0x0dec [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

16:13:07.0702 0x0dec usbprint - ok

16:13:07.0738 0x0dec [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

16:13:07.0739 0x0dec usbscan - ok

16:13:07.0766 0x0dec [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

16:13:07.0767 0x0dec USBSTOR - ok

16:13:07.0777 0x0dec [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

16:13:07.0778 0x0dec usbuhci - ok

16:13:07.0792 0x0dec [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys

16:13:07.0794 0x0dec usbvideo - ok

16:13:07.0816 0x0dec [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

16:13:07.0818 0x0dec UxSms - ok

16:13:07.0824 0x0dec [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

16:13:07.0825 0x0dec VaultSvc - ok

16:13:07.0847 0x0dec [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

16:13:07.0847 0x0dec vdrvroot - ok

16:13:07.0883 0x0dec [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

16:13:07.0888 0x0dec vds - ok

16:13:07.0900 0x0dec [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

16:13:07.0901 0x0dec vga - ok

16:13:07.0912 0x0dec [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

16:13:07.0912 0x0dec VgaSave - ok

16:13:07.0931 0x0dec [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

16:13:07.0933 0x0dec vhdmp - ok

16:13:07.0953 0x0dec [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

16:13:07.0954 0x0dec viaide - ok

16:13:07.0976 0x0dec [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

16:13:07.0977 0x0dec volmgr - ok

16:13:08.0006 0x0dec [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

16:13:08.0009 0x0dec volmgrx - ok

16:13:08.0020 0x0dec [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

16:13:08.0023 0x0dec volsnap - ok

16:13:08.0048 0x0dec [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

16:13:08.0050 0x0dec vsmraid - ok

16:13:08.0107 0x0dec [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

16:13:08.0122 0x0dec VSS - ok

16:13:08.0134 0x0dec [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

16:13:08.0135 0x0dec vwifibus - ok

16:13:08.0171 0x0dec [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

16:13:08.0176 0x0dec W32Time - ok

16:13:08.0188 0x0dec [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

16:13:08.0189 0x0dec WacomPen - ok

16:13:08.0214 0x0dec [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

16:13:08.0215 0x0dec WANARP - ok

16:13:08.0219 0x0dec [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

16:13:08.0220 0x0dec Wanarpv6 - ok

16:13:08.0278 0x0dec [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

16:13:08.0288 0x0dec WatAdminSvc - ok

16:13:08.0320 0x0dec [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

16:13:08.0334 0x0dec wbengine - ok

16:13:08.0358 0x0dec [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

16:13:08.0361 0x0dec WbioSrvc - ok

16:13:08.0404 0x0dec [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll

16:13:08.0407 0x0dec WcesComm - ok

16:13:08.0441 0x0dec [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

16:13:08.0445 0x0dec wcncsvc - ok

16:13:08.0460 0x0dec [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

16:13:08.0462 0x0dec WcsPlugInService - ok

16:13:08.0483 0x0dec [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

16:13:08.0484 0x0dec Wd - ok

16:13:08.0510 0x0dec [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys

16:13:08.0511 0x0dec WDC_SAM - ok

16:13:08.0557 0x0dec [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

16:13:08.0562 0x0dec Wdf01000 - ok

16:13:08.0577 0x0dec [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

16:13:08.0580 0x0dec WdiServiceHost - ok

16:13:08.0583 0x0dec [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

16:13:08.0585 0x0dec WdiSystemHost - ok

16:13:08.0619 0x0dec [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

16:13:08.0623 0x0dec WebClient - ok

16:13:08.0640 0x0dec [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

16:13:08.0644 0x0dec Wecsvc - ok

16:13:08.0652 0x0dec [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

16:13:08.0655 0x0dec wercplsupport - ok

16:13:08.0676 0x0dec [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

16:13:08.0678 0x0dec WerSvc - ok

16:13:08.0701 0x0dec [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

16:13:08.0702 0x0dec WfpLwf - ok

16:13:08.0735 0x0dec [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys

16:13:08.0736 0x0dec WimFltr - ok

16:13:08.0749 0x0dec [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

16:13:08.0749 0x0dec WIMMount - ok

16:13:08.0780 0x0dec WinDefend - ok

16:13:08.0785 0x0dec WinHttpAutoProxySvc - ok

16:13:08.0834 0x0dec [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

16:13:08.0836 0x0dec Winmgmt - ok

16:13:08.0884 0x0dec [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

16:13:08.0899 0x0dec WinRM - ok

16:13:09.0015 0x0dec [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

16:13:09.0016 0x0dec WinUsb - ok

16:13:09.0107 0x0dec [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

16:13:09.0115 0x0dec Wlansvc - ok

16:13:09.0168 0x0dec [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

16:13:09.0169 0x0dec wlcrasvc - ok

16:13:09.0263 0x0dec [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

16:13:09.0283 0x0dec wlidsvc - ok

16:13:09.0325 0x0dec [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

16:13:09.0326 0x0dec WmiAcpi - ok

16:13:09.0350 0x0dec [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

16:13:09.0352 0x0dec wmiApSrv - ok

16:13:09.0368 0x0dec WMPNetworkSvc - ok

16:13:09.0402 0x0dec [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

16:13:09.0404 0x0dec WPCSvc - ok

16:13:09.0438 0x0dec [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

16:13:09.0441 0x0dec WPDBusEnum - ok

16:13:09.0463 0x0dec [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

16:13:09.0464 0x0dec ws2ifsl - ok

16:13:09.0515 0x0dec [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll

16:13:09.0518 0x0dec wscsvc - ok

16:13:09.0522 0x0dec WSearch - ok

16:13:09.0603 0x0dec [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

16:13:09.0621 0x0dec wuauserv - ok

16:13:09.0647 0x0dec [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

16:13:09.0647 0x0dec WudfPf - ok

16:13:09.0657 0x0dec [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

16:13:09.0658 0x0dec WUDFRd - ok

16:13:09.0687 0x0dec [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

16:13:09.0690 0x0dec wudfsvc - ok

16:13:09.0718 0x0dec [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll

16:13:09.0722 0x0dec WwanSvc - ok

16:13:09.0762 0x0dec ‮etadpug ( Rootkit.Win32.PMax.gen ) - infected

16:13:09.0762 0x0dec ‮etadpug - detected Rootkit.Win32.PMax.gen (0)

16:13:09.0772 0x0dec ================ Scan global ===============================

16:13:09.0790 0x0dec [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

16:13:09.0827 0x0dec [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

16:13:09.0834 0x0dec [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

16:13:09.0861 0x0dec [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

16:13:09.0879 0x0dec [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

16:13:09.0883 0x0dec [Global] - ok

16:13:09.0883 0x0dec ================ Scan MBR ==================================

16:13:09.0893 0x0dec [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0

16:13:10.0128 0x0dec \Device\Harddisk0\DR0 - ok

16:13:10.0128 0x0dec ================ Scan VBR ==================================

16:13:10.0131 0x0dec [ 750523627AEC4E2098CA69ED4583ECC2 ] \Device\Harddisk0\DR0\Partition1

16:13:10.0133 0x0dec \Device\Harddisk0\DR0\Partition1 - ok

16:13:10.0148 0x0dec [ 4526EEF41A657FEE9F9C0A80366C04AE ] \Device\Harddisk0\DR0\Partition2

16:13:10.0150 0x0dec \Device\Harddisk0\DR0\Partition2 - ok

16:13:10.0150 0x0dec ============================================================

16:13:10.0150 0x0dec Scan finished

16:13:10.0150 0x0dec ============================================================

16:13:10.0160 0x0478 Detected object count: 1

16:13:10.0160 0x0478 Actual detected object count: 1

16:14:50.0655 0x0478 ‮etadpug ( Rootkit.Win32.PMax.gen ) - skipped by user

16:14:50.0655 0x0478 ‮etadpug ( Rootkit.Win32.PMax.gen ) - User select action: Skip

16:14:57.0237 0x0a34 Deinitialize success

D-FRED-BROWN · August 18, 2013

My apologies for the delay,

Please download RogueKiller to your desktop

Quit all running programs
For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
When prompted, type 1 and validate
The RKreport.txt shall be generated next to the executable.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

ScottRT · August 18, 2013

Here is the first run...going to reboot and run again.

==================

RogueKiller V8.6.5 _x64_ [Aug 5 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : CVWS [Admin rights]

Mode : Remove -- Date : 08/17/2013 20:15:40

| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤

[sUSP PATH] IntuitSyncManager.exe -- C:\Users\Scott\AppData\Local\Intuit\SyncManager\Current\IntuitSyncManager.exe [7] -> KILLED [TermProc]

[ZeroAccess][sERVICE] ???etadpug -- "C:\Program Files (x86)\Google\Desktop\Install\{0b5807d3-4b4a-b89b-62a4-4e723dcea304}\ \...\???ﯹ๛\{0b5807d3-4b4a-b89b-62a4-4e723dcea304}\GoogleUpdate.exe" < [x] -> STOPPED

¤¤¤ Registry Entries : 13 ¤¤¤

[RUN][ZeroAccess] HKUS\S-1-5-21-598081582-2854634212-1293884500-1003\[...]\Run : Google Update ("C:\Users\Scott\AppData\Local\Google\Desktop\Install\{0b5807d3-4b4a-b89b-62a4-4e723dcea304}\?��?��?��\?��?��?��\???ﯹ๛\{0b5807d3-4b4a-b89b-62a4-4e723dcea304}\GoogleUpdate.exe" >) -> DELETED

[RUN][sUSP PATH] HKUS\S-1-5-21-598081582-2854634212-1293884500-1003\[...]\RunOnce : Del475147 (cmd.exe /Q /D /c del "C:\Users\Scott\AppData\Local\Temp\0.del" [x][x]) -> DELETED

[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : (cleanup) (rundll32.exe "C:\ProgramData\Malwarebytes' Anti-Malware (portable)\cleanup.dll",ProcessCleanupScript "C:\ProgramData\Malwarebytes' Anti-Malware (portable)" [x][7][x][-]) -> DELETED

[sERVICE][ZeroAccess] HKLM\[...]\CCSet\[...]\Services : ???etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{0b5807d3-4b4a-b89b-62a4-4e723dcea304}\ \...\???ﯹ๛\{0b5807d3-4b4a-b89b-62a4-4e723dcea304}\GoogleUpdate.exe" < [x]) -> DELETED

[sERVICE][ZeroAccess] HKLM\[...]\CS001\[...]\Services : ???etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{0b5807d3-4b4a-b89b-62a4-4e723dcea304}\ \...\???ﯹ๛\{0b5807d3-4b4a-b89b-62a4-4e723dcea304}\GoogleUpdate.exe" < [x]) -> [0x57] The parameter is incorrect.

[sERVICE][ZeroAccess] HKLM\[...]\CS002\[...]\Services : ???etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{0b5807d3-4b4a-b89b-62a4-4e723dcea304}\ \...\???ﯹ๛\{0b5807d3-4b4a-b89b-62a4-4e723dcea304}\GoogleUpdate.exe" < [x]) -> DELETED

[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified.

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

[HID SVC][Hidden from API] HKLM\[...]\CCSet\[...]\Services : . e () -> [0x3] The system cannot find the path specified.

[HID SVC][Hidden from API] HKLM\[...]\CS001\[...]\Services : . e () -> [0x3] The system cannot find the path specified.

[HID SVC][Hidden from API] HKLM\[...]\CS002\[...]\Services : . e () -> [0x3] The system cannot find the path specified.

¤¤¤ Scheduled tasks : 2 ¤¤¤

[V1][sUSP PATH] DSite.job : C:\Users\Scott\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE - /Check [-] -> DELETED

[V2][sUSP PATH] DSite : C:\Users\Scott\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE - /Check [-] -> DELETED

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD642JJ +++++

--- User ---

[MBR] 1f981fab9a27807b9d68b986b74c8ada

[bSP] b70017239a24bcc9c4980ea39ca71343 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 11142 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 22900736 | Size: 599297 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: SAMSUNG HD642JJ +++++

--- User ---

[MBR] 81a87908c65f2ee42faf9faaef20c589

[bSP] ef3177ea6997481f5647d45aa222b26f : Empty MBR Code

Partition table:

0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 3839 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[0]_D_08172013_201540.txt >>

RKreport[0]_S_08172013_201247.txt

ScottRT · August 18, 2013

Looking a lot better!

See what you think of the RogueKiller report

-----------------------------------------------------------

RogueKiller V8.6.5 _x64_ [Aug 5 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : CVWS [Admin rights]

Mode : Scan -- Date : 08/17/2013 20:22:47

| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤

[sUSP PATH] IntuitSyncManager.exe -- C:\Users\Scott\AppData\Local\Intuit\SyncManager\Current\IntuitSyncManager.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD642JJ +++++

--- User ---

[MBR] 1f981fab9a27807b9d68b986b74c8ada

[bSP] b70017239a24bcc9c4980ea39ca71343 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 11142 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 22900736 | Size: 599297 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: SAMSUNG HD642JJ +++++

--- User ---

[MBR] 81a87908c65f2ee42faf9faaef20c589

[bSP] ef3177ea6997481f5647d45aa222b26f : Empty MBR Code

Partition table:

0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 3839 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[0]_S_08172013_202247.txt >>

RKreport[0]_D_08172013_201540.txt;RKreport[0]_S_08172013_201247.txt

D-FRED-BROWN · August 18, 2013

Indeed, we're making progress. Let's see what remnants are still there so we can get rid of those as well :

----------Step 1----------------
Please download AdwCleaner by Xplode onto your desktop.

Double click on AdwCleaner.exe to run the tool.
Click on Search.
A logfile will automatically open after the scan has finished.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[R1].txt as well.

----------Step 2----------------
Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

----------Step 3----------------
We need to create a New FULL OTL Report

Please download OTL from here if you have not done so already:
- Main Mirror
Save it to your desktop.
Double click on the OTL icon on your desktop.
Click the "Scan All Users" checkbox.
Change the "Extra Registry" option to "SafeList"
Push the Run Scan button.
Two reports will open, copy and paste them in a reply here:
- OTL.txt <-- Will be opened
- Extra.txt <-- Will be minimized

----------Step 4 (note: this scan may take a little time)----------------I'd like us to scan your machine with ESET OnlineScan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Push the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

----------Step 5----------------
Please post the AdwCleaner logfile, the JRT.txt, the OTL.txt and Extras.txt, and the ESET online scan log in your next reply.

Let me know how things go.

ScottRT · August 18, 2013

I ran adware, jrt and OLT (but the cleanup deleted the files!)

adware (before and after) and jrt text files follow.

--------------------------------------------------------------

adware before

# AdwCleaner v2.306 - Logfile created 08/17/2013 at 20:43:22

# Updated 19/07/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : CVWS - RIKKI-PC

# Boot Mode : Normal

# Running from : C:\Users\Scott\Desktop\AdwCleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\Users\Rikki\AppData\LocalLow\SiteRanker

Folder Found : C:\Users\Scott\AppData\Local\PackageAware

Folder Found : C:\Users\Scott\AppData\Roaming\DSite

***** [Registry] *****

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B6}

Key Found : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}

Key Found : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16660

[OK] Registry is clean.

*************************

adware after

===================

AdwCleaner[R1].txt - [1220 octets] - [17/08/2013 20:43:22]

########## EOF - \AdwCleaner[R1].txt - [1280 octets] ##########

# AdwCleaner v2.306 - Logfile created 08/17/2013 at 20:48:22

# Updated 19/07/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : CVWS - RIKKI-PC

# Boot Mode : Normal

# Running from : C:\Users\Scott\Desktop\AdwCleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16660

[OK] Registry is clean.

*************************

AdwCleaner[R2].txt - [1343 octets] - [17/08/2013 20:45:20]

AdwCleaner[R3].txt - [575 octets] - [17/08/2013 20:48:22]

AdwCleaner[s1].txt - [1419 octets] - [17/08/2013 20:45:33]

########## EOF - \AdwCleaner[R3].txt - [694 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 5.4.9 (08.17.2013:3)

OS: Windows 7 Home Premium x64

Ran by CVWS on Sat 08/17/2013 at 20:55:00.37

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sat 08/17/2013 at 20:58:12.15

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

D-FRED-BROWN · August 18, 2013

Looks better! post the ESET log whenever possible (I imagine it'll take all night to run). I will call it a day and check back here tomorrow

ScottRT · August 18, 2013

Hi Fred,

Not sure where to find the log for ESET, but at the completion it indicated that no threats were found!

I'm running a Malware bytes quick scan this morning (no malicious items detected).

So what is the best firewall/malware/antivirus setup to be running? I have Microsoft Security essentials on that computer. Defender is there but not running, and I have Malware Bytes active. I have seen the warnings of running to AV programs together; not sure how MSE and Malware get along?

Another question; do all the logs I have posted provide any sort of quick access for hackers?

Lastly, is that computer ripe for future backdoor vulnerabilities? Should the hard drive be wiped? It didn't come with software disks, so I built a recovery set of disks (while the virus was still on the computer). Should I build another set of disks?

Thanks a bunch for your help and sorry for all the noob questions!

ScottRT

D-FRED-BROWN · August 19, 2013

So what is the best firewall/malware/antivirus setup to be running? I have Microsoft Security essentials on that computer. Defender is there but not running, and I have Malware Bytes active. I have seen the warnings of running to AV programs together; not sure how MSE and Malware get along?

As we wrap things up, I'll provide you with some suggestions for security software.

Another question; do all the logs I have posted provide any sort of quick access for hackers?

No, I've never heard of that happening. If you'd like us to remove all of these logs from the forum after we finish up, I can let an Administrator know.

Lastly, is that computer ripe for future backdoor vulnerabilities? Should the hard drive be wiped? It didn't come with software disks, so I built a recovery set of disks (while the virus was still on the computer). Should I build another set of disks?

I believe the drive is safe, but there is no way to be 100% completely certain. The disks you have created so far should be fine .

-----

Please re-run OTL this time but don't select "Cleanup". I suggest you re-read my instructions. Let me know if you have any problems.

ScottRT · August 20, 2013

Here are the OTL reports - thanks

OTL logfile created on: 8/19/2013 6:10:03 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Scott\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16660)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 5.87 Gb Available Physical Memory | 73.48% Memory free

15.98 Gb Paging File | 13.34 Gb Available in Paging File | 83.51% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 585.25 Gb Total Space | 439.65 Gb Free Space | 75.12% Space Free | Partition Type: NTFS

Drive E: | 3.75 Gb Total Space | 2.35 Gb Free Space | 62.63% Space Free | Partition Type: FAT32

Computer Name: RIKKI-PC | User Name: CVWS | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/19 18:07:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Scott\Desktop\OTL.exe

PRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2011/08/18 08:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe

PRC - [2011/07/06 10:47:16 | 001,156,968 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

PRC - [2011/07/06 10:45:32 | 001,178,984 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2008\QBW32.EXE

PRC - [2011/07/06 09:39:58 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

PRC - [2011/06/30 13:25:52 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe

PRC - [2010/12/15 19:53:44 | 000,292,240 | ---- | M] (Panasonic Corporation) -- C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe

PRC - [2010/04/28 00:36:44 | 000,679,936 | ---- | M] (Intuit, Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2008\QBDBMgrN.exe

PRC - [2009/12/29 14:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

PRC - [2009/06/04 17:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2009/06/04 17:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2007/05/09 01:00:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM05Mon.exe

========== Modules (No Company Name) ==========

MOD - [2013/08/13 20:05:44 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\e043ad64456256a8ee5b934e227d9782\System.Runtime.Serialization.ni.dll

MOD - [2013/08/13 20:05:44 | 001,084,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c8ebe1bcee19f2a9ae9331eb860a3748\System.IdentityModel.ni.dll

MOD - [2013/08/13 20:05:42 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\1327ad2637aab17189c5461fbf30dc19\SMDiagnostics.ni.dll

MOD - [2013/08/13 20:05:41 | 017,477,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\7325e254b75c1bc559633857d1ff867f\System.ServiceModel.ni.dll

MOD - [2013/08/13 20:05:04 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\9e38ddbb3a90cc3e782a0640788b1fcb\System.Core.ni.dll

MOD - [2013/08/13 19:19:41 | 011,914,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8dc1c182cd1f10cd2abcfecd01fe9eeb\System.Web.ni.dll

MOD - [2013/08/13 19:19:12 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll

MOD - [2013/08/13 19:19:06 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll

MOD - [2013/08/13 19:18:51 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll

MOD - [2013/08/13 19:18:48 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dll

MOD - [2013/08/13 19:18:46 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll

MOD - [2013/07/11 07:13:56 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\8c20095bd7d46cdfa7933eb258a07daa\Accessibility.ni.dll

MOD - [2013/07/11 07:13:24 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll

MOD - [2011/07/06 10:46:14 | 000,125,288 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2008\QBMAPILibrary.dll

MOD - [2011/07/06 10:46:12 | 000,020,840 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2008\QBCompressor.DLL

MOD - [2011/07/06 10:45:56 | 000,042,344 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2008\mbpopup.dll

MOD - [2011/07/06 10:45:38 | 000,268,648 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2008\boost_regex-vc90-mt-p-1_33.dll

MOD - [2011/07/06 10:45:38 | 000,176,488 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2008\boost_serialization-vc90-mt-p-1_33.dll

MOD - [2011/07/06 10:45:36 | 000,346,984 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2008\BackupLib.dll

MOD - [2011/04/30 08:23:12 | 000,024,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Interop.QBInstanceFinder\21.0.0.0__5b3f47ba29970ccb\Interop.QBInstanceFinder.dll

MOD - [2010/12/14 21:53:20 | 000,210,944 | ---- | M] () -- C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\MSResource\MSTextResource.dll

MOD - [2005/07/20 00:18:00 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2008\zlib1.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013/06/20 20:33:08 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2013/06/20 20:33:08 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV - [2013/06/12 07:25:09 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2011/08/18 08:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)

SRV - [2011/07/06 09:39:58 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)

SRV - [2011/06/30 13:25:52 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)

SRV - [2010/06/09 23:56:32 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)

SRV - [2010/04/28 00:36:44 | 000,679,936 | ---- | M] (Intuit, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Intuit\QuickBooks 2008\QBDBMgrN.exe -- (QuickBooksDB21)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/07/23 22:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)

SRV - [2009/06/26 09:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe -- (RoxMediaDB10)

SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/06/04 17:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)

SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/17 14:34:22 | 000,036,680 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)

DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2013/02/18 09:22:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/05/13 15:10:04 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)

DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2009/07/24 19:58:56 | 000,100,776 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)

DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/06/04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/06/04 17:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2009/05/22 23:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2008/11/04 10:52:36 | 000,145,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018unic.sys -- (s1018unic)

DRV:64bit: - [2008/11/04 10:52:36 | 000,132,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mgmt.sys -- (s1018mgmt)

DRV:64bit: - [2008/11/04 10:52:36 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018obex.sys -- (s1018obex)

DRV:64bit: - [2008/11/04 10:52:36 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018nd5.sys -- (s1018nd5)

DRV:64bit: - [2008/11/04 10:52:32 | 000,152,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdm.sys -- (s1018mdm)

DRV:64bit: - [2008/11/04 10:52:32 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdfl.sys -- (s1018mdfl)

DRV:64bit: - [2008/11/04 10:52:30 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018bus.sys -- (s1018bus)

DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)

DRV:64bit: - [2008/01/09 12:28:20 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\seehcri.sys -- (seehcri)

DRV:64bit: - [2007/07/20 01:00:00 | 000,266,720 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OEM05Vid.sys -- (OEM05Vid)

DRV:64bit: - [2007/06/08 01:00:02 | 000,212,864 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OEM05Afx.sys -- (OEM05Afx)

DRV:64bit: - [2007/03/05 18:55:48 | 000,012,288 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OEM05Vfx.sys -- (OEM05Vfx)

DRV:64bit: - [2006/11/01 09:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)

DRV - [2010/07/07 18:38:50 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)

DRV - [2010/05/13 15:10:04 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)

DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2009/06/26 08:27:28 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE:64bit: - HKLM\..\SearchScopes\{B254A2CA-0663-45FF-A441-9C5C79DAC981}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{603F92DC-8A1E-4478-87D6-0825C0DFE151}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-598081582-2854634212-1293884500-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1

IE - HKU\S-1-5-21-598081582-2854634212-1293884500-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-598081582-2854634212-1293884500-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-21-598081582-2854634212-1293884500-1003\..\SearchScopes\{603F92DC-8A1E-4478-87D6-0825C0DFE151}: "URL" = http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox

IE - HKU\S-1-5-21-598081582-2854634212-1293884500-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_enUS435

IE - HKU\S-1-5-21-598081582-2854634212-1293884500-1003\..\SearchScopes\{6A539A22-0CD3-4D09-B31A-AC4D67876F52}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}

IE - HKU\S-1-5-21-598081582-2854634212-1293884500-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-598081582-2854634212-1293884500-1006\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-598081582-2854634212-1293884500-1009\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-598081582-2854634212-1293884500-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

O1 HOSTS File: ([2013/08/17 15:42:10 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-598081582-2854634212-1293884500-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKU\S-1-5-21-598081582-2854634212-1293884500-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\S-1-5-21-598081582-2854634212-1293884500-1003\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.

O4:64bit: - HKLM..\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)

O4 - HKLM..\Run: [OEM05Mon.exe] C:\Windows\OEM05Mon.exe (Creative Technology Ltd.)

O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

O4 - HKU\S-1-5-21-598081582-2854634212-1293884500-1003..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found

O4 - HKU\S-1-5-21-598081582-2854634212-1293884500-1006..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-598081582-2854634212-1293884500-1003..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe -update activex File not found

O4 - HKU\S-1-5-21-598081582-2854634212-1293884500-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\QBDataServiceUser18\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found

O4 - Startup: C:\Users\QBDataServiceUser21\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found

O4 - Startup: C:\Users\Rikki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-598081582-2854634212-1293884500-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-598081582-2854634212-1293884500-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-598081582-2854634212-1293884500-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKU\S-1-5-21-598081582-2854634212-1293884500-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O7 - HKU\S-1-5-21-598081582-2854634212-1293884500-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-598081582-2854634212-1293884500-1009\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-598081582-2854634212-1293884500-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-598081582-2854634212-1293884500-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-598081582-2854634212-1293884500-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKU\S-1-5-21-598081582-2854634212-1293884500-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)

O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06A868B5-B0B4-40C8-9A0D-5AAB485034EA}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\intu-help-qb4 - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\qbwc - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/17 20:54:58 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2013/08/17 15:56:46 | 000,000,000 | ---D | C] -- C:\Users\CVWS\AppData\Roaming\Malwarebytes

[2013/08/17 15:44:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013/08/17 15:44:15 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2013/08/17 15:44:15 | 000,000,000 | ---D | C] -- C:\Users\CVWS\AppData\Local\temp

[2013/08/17 15:33:35 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013/08/13 20:23:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)

[2013/08/13 19:54:54 | 000,000,000 | ---D | C] -- C:\Users\CVWS\Desktop\mbar

[2013/08/13 19:49:06 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2013/08/13 19:09:35 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2013/08/13 19:09:34 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2013/08/13 19:09:33 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll

[2013/08/13 19:09:33 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2013/08/13 19:09:33 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe

[2013/08/13 19:09:33 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe

[2013/08/13 19:09:33 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2013/08/13 19:09:33 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2013/08/13 19:09:33 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2013/08/13 19:09:33 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2013/08/13 19:09:33 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2013/08/13 19:09:31 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2013/08/13 19:09:31 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013/08/13 19:09:31 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2013/08/13 19:09:30 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2013/08/13 18:58:56 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL

[2013/08/13 18:58:56 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL

[2013/08/13 18:58:43 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll

[2013/08/13 18:58:43 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll

[2013/08/13 18:58:42 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll

[2013/08/13 18:58:09 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll

[2013/08/13 18:58:08 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2013/08/13 18:58:07 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2013/08/13 18:58:07 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2013/08/13 18:58:07 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll

[2013/08/13 18:58:07 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll

[2013/08/13 18:58:06 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe

[2013/08/13 18:58:06 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll

[2013/08/13 18:58:06 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe

[2013/08/13 18:58:06 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll

[2013/08/13 18:58:06 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe

[2013/08/13 18:53:45 | 000,000,000 | ---D | C] -- C:\Users\CVWS\AppData\Local\Apple Computer

[2013/08/12 21:07:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll

[2013/08/12 21:07:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe

[2013/08/12 21:07:10 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll

[2013/08/12 21:07:09 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys

[2013/08/12 21:07:09 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys

[2013/08/12 21:07:08 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe

[2013/08/12 21:07:08 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll

[2013/08/12 21:07:08 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll

[2013/08/12 21:07:08 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll

[2013/08/12 21:07:08 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll

[2013/08/12 21:07:08 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll

[2013/08/12 21:07:08 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe

[2013/08/12 21:07:08 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll

[2013/08/12 21:07:08 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll

[2013/08/12 21:07:08 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll

[2013/08/12 21:07:08 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll

[2013/08/12 21:07:08 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll

[2013/08/12 21:07:08 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll

[2013/08/12 21:07:08 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll

[2013/08/12 21:07:07 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll

[2013/08/12 21:07:07 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll

[2013/08/12 21:07:07 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll

[2013/08/12 21:07:07 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe

[2013/08/12 21:07:07 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe

[2013/08/12 21:00:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client

[2013/08/12 21:00:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2013/08/12 18:37:54 | 000,000,000 | ---D | C] -- C:\Windows\softwaredistribution

[2013/08/12 18:26:07 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft

[2013/08/12 17:40:39 | 000,000,000 | ---D | C] -- C:\Users\CVWS\AppData\Roaming\Real

[2013/08/12 17:40:39 | 000,000,000 | ---D | C] -- C:\Users\CVWS\AppData\Local\Intuit

[2013/08/12 17:40:39 | 000,000,000 | ---D | C] -- C:\Users\CVWS\AppData\Roaming\Apple Computer

[2013/08/12 17:39:51 | 000,000,000 | ---D | C] -- C:\Users\CVWS\AppData\Roaming\Adobe

[2013/08/12 17:39:48 | 000,000,000 | R--D | C] -- C:\Users\CVWS\Searches

[2013/08/12 17:39:48 | 000,000,000 | R--D | C] -- C:\Users\CVWS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

[2013/08/12 17:39:48 | 000,000,000 | -H-D | C] -- C:\Users\CVWS\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned

[2013/08/12 17:39:43 | 000,000,000 | ---D | C] -- C:\Users\CVWS\AppData\Roaming\Identities

[2013/08/12 17:39:41 | 000,000,000 | R--D | C] -- C:\Users\CVWS\Contacts

[2013/08/12 17:39:40 | 000,000,000 | ---D | C] -- C:\Users\CVWS\AppData\Local\VirtualStore

[2013/08/12 17:39:08 | 000,000,000 | -HSD | C] -- C:\Users\CVWS\AppData\Local\Temporary Internet Files

[2013/08/12 17:39:08 | 000,000,000 | -HSD | C] -- C:\Users\CVWS\Templates

[2013/08/12 17:39:08 | 000,000,000 | -HSD | C] -- C:\Users\CVWS\Start Menu

[2013/08/12 17:39:08 | 000,000,000 | -HSD | C] -- C:\Users\CVWS\SendTo

[2013/08/12 17:39:08 | 000,000,000 | -HSD | C] -- C:\Users\CVWS\Recent

[2013/08/12 17:39:08 | 000,000,000 | -HSD | C] -- C:\Users\CVWS\PrintHood

[2013/08/12 17:39:08 | 000,000,000 | -HSD | C] -- C:\Users\CVWS\NetHood

[2013/08/12 17:39:08 | 000,000,000 | -HSD | C] -- C:\Users\CVWS\Documents\My Videos

[2013/08/12 17:39:08 | 000,000,000 | -HSD | C] -- C:\Users\CVWS\Documents\My Pictures

[2013/08/12 17:39:08 | 000,000,000 | -HSD | C] -- C:\Users\CVWS\Documents\My Music

[2013/08/12 17:39:08 | 000,000,000 | -HSD | C] -- C:\Users\CVWS\My Documents

[2013/08/12 17:39:08 | 000,000,000 | -HSD | C] -- C:\Users\CVWS\Local Settings

[2013/08/12 17:39:08 | 000,000,000 | -HSD | C] -- C:\Users\CVWS\AppData\Local\History

[2013/08/12 17:39:08 | 000,000,000 | -HSD | C] -- C:\Users\CVWS\Cookies

[2013/08/12 17:39:08 | 000,000,000 | -HSD | C] -- C:\Users\CVWS\Application Data

[2013/08/12 17:39:08 | 000,000,000 | -HSD | C] -- C:\Users\CVWS\AppData\Local\Application Data

[2013/08/12 17:39:07 | 000,000,000 | --SD | C] -- C:\Users\CVWS\AppData\Roaming\Microsoft

[2013/08/12 17:39:07 | 000,000,000 | R--D | C] -- C:\Users\CVWS\Videos

[2013/08/12 17:39:07 | 000,000,000 | R--D | C] -- C:\Users\CVWS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

[2013/08/12 17:39:07 | 000,000,000 | R--D | C] -- C:\Users\CVWS\Saved Games

[2013/08/12 17:39:07 | 000,000,000 | R--D | C] -- C:\Users\CVWS\Pictures

[2013/08/12 17:39:07 | 000,000,000 | R--D | C] -- C:\Users\CVWS\Music

[2013/08/12 17:39:07 | 000,000,000 | R--D | C] -- C:\Users\CVWS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

[2013/08/12 17:39:07 | 000,000,000 | R--D | C] -- C:\Users\CVWS\Links

[2013/08/12 17:39:07 | 000,000,000 | R--D | C] -- C:\Users\CVWS\Favorites

[2013/08/12 17:39:07 | 000,000,000 | R--D | C] -- C:\Users\CVWS\Downloads

[2013/08/12 17:39:07 | 000,000,000 | R--D | C] -- C:\Users\CVWS\Documents

[2013/08/12 17:39:07 | 000,000,000 | R--D | C] -- C:\Users\CVWS\Desktop

[2013/08/12 17:39:07 | 000,000,000 | R--D | C] -- C:\Users\CVWS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

[2013/08/12 17:39:07 | 000,000,000 | -H-D | C] -- C:\Users\CVWS\AppData

[2013/08/12 17:39:07 | 000,000,000 | ---D | C] -- C:\Users\CVWS\AppData\Local\SoftThinks

[2013/08/12 17:39:07 | 000,000,000 | ---D | C] -- C:\Users\CVWS\AppData\Local\Microsoft Help

[2013/08/12 17:39:07 | 000,000,000 | ---D | C] -- C:\Users\CVWS\AppData\Local\Microsoft

[2013/08/12 17:39:07 | 000,000,000 | ---D | C] -- C:\Users\CVWS\AppData\Roaming\Media Center Programs

[2013/08/12 17:39:07 | 000,000,000 | ---D | C] -- C:\Users\CVWS\AppData\Roaming\Macromedia

[2013/07/26 14:34:37 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys

[2013/07/26 14:34:11 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

[2013/07/26 14:30:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2013/07/26 14:30:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime

[2013/07/21 21:26:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT

========== Files - Modified Within 30 Days ==========

[2013/08/19 17:25:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/08/19 16:17:33 | 000,730,338 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/08/19 16:17:33 | 000,627,066 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/08/19 16:17:33 | 000,107,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/08/19 05:42:40 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/08/19 05:42:40 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/08/19 05:35:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/08/19 05:35:06 | 2140,393,471 | -HS- | M] () -- C:\hiberfil.sys

[2013/08/17 20:07:47 | 000,001,123 | ---- | M] () -- C:\Users\CVWS\Desktop\Continue Zip Opener Installation.lnk

[2013/08/17 15:42:10 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2013/08/17 14:34:22 | 000,036,680 | ---- | M] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys

[2013/08/13 19:54:00 | 000,190,024 | ---- | M] () -- C:\Users\CVWS\Documents\cc_20130813_195337.reg

[2013/08/13 19:39:48 | 000,001,409 | ---- | M] () -- C:\Users\CVWS\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2013/08/13 19:37:31 | 000,002,515 | ---- | M] () -- C:\Users\CVWS\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

[2013/08/13 19:37:31 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk

[2013/08/13 19:33:03 | 000,000,632 | RHS- | M] () -- C:\Users\CVWS\ntuser.pol

[2013/08/12 21:06:55 | 000,002,057 | ---- | M] () -- C:\Windows\epplauncher.mif

[2013/07/31 15:30:13 | 003,231,744 | ---- | M] () -- C:\ThorenOakenshield.ezb

[2013/07/26 14:30:36 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2013/07/25 22:13:58 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2013/07/25 22:12:27 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2013/07/25 22:12:08 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2013/07/25 22:12:08 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2013/07/25 22:12:04 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2013/07/25 22:12:04 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll

[2013/07/25 22:12:03 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2013/07/25 22:12:03 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2013/07/25 20:12:04 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013/07/25 20:12:00 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2013/07/25 20:12:00 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2013/07/25 20:12:00 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2013/07/25 20:11:59 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2013/07/25 19:39:38 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe

[2013/07/25 18:59:38 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe

[2013/07/25 02:25:54 | 001,888,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL

[2013/07/25 01:57:27 | 001,620,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL

========== Files Created - No Company Name ==========

[2013/08/17 20:07:47 | 000,001,123 | ---- | C] () -- C:\Users\CVWS\Desktop\Continue Zip Opener Installation.lnk

[2013/08/17 14:34:22 | 000,036,680 | ---- | C] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys

[2013/08/13 19:53:50 | 000,190,024 | ---- | C] () -- C:\Users\CVWS\Documents\cc_20130813_195337.reg

[2013/08/13 19:39:48 | 000,001,409 | ---- | C] () -- C:\Users\CVWS\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2013/08/13 19:37:31 | 000,002,515 | ---- | C] () -- C:\Users\CVWS\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

[2013/08/12 21:01:06 | 000,002,057 | ---- | C] () -- C:\Windows\epplauncher.mif

[2013/08/12 21:00:51 | 000,002,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2013/08/12 17:39:51 | 000,001,415 | ---- | C] () -- C:\Users\CVWS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

[2013/08/12 17:39:09 | 000,000,632 | RHS- | C] () -- C:\Users\CVWS\ntuser.pol

[2013/08/12 17:39:07 | 000,000,290 | ---- | C] () -- C:\Users\CVWS\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

[2013/08/12 17:39:07 | 000,000,272 | ---- | C] () -- C:\Users\CVWS\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

[2013/07/26 14:30:36 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2011/12/30 19:32:40 | 000,013,042 | -HS- | C] () -- C:\ProgramData\kja31hu26sc3cxaxsplg387601l8ryf753e50jlstv8

[2011/11/22 19:58:57 | 000,216,412 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2010/07/07 18:49:29 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:C22674B6

< End of report >

OTL Extras logfile created on: 8/19/2013 6:10:03 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Scott\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16660)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 5.87 Gb Available Physical Memory | 73.48% Memory free

15.98 Gb Paging File | 13.34 Gb Available in Paging File | 83.51% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 585.25 Gb Total Space | 439.65 Gb Free Space | 75.12% Space Free | Partition Type: NTFS

Drive E: | 3.75 Gb Total Space | 2.35 Gb Free Space | 62.63% Space Free | Partition Type: FAT32

Computer Name: RIKKI-PC | User Name: CVWS | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{1350F595-8DAE-4171-9721-0F5ED3A24D5E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{38F6E513-22A3-4E80-86F7-54C7F71EFEC1}" = lport=445 | protocol=6 | dir=in | app=system |

"{3FB56C4D-5177-47A6-8856-CF717F6BC6DD}" = rport=139 | protocol=6 | dir=out | app=system |

"{436766A1-FDB2-4F46-B4CB-7D2E540FF693}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{50523116-196F-42DF-9366-C67C49FAA526}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{51630AD8-4F4D-41A1-8C29-B2F37110E0D9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{62B4B8AF-A62C-40F0-963E-7635D27DD42F}" = rport=445 | protocol=6 | dir=out | app=system |

"{6E2C62AE-9C11-4939-9BFA-8C5BB86A9984}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{9A5A863C-47FF-4B53-9CEA-2136D9F331E2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{A91175CE-F9EA-4D9F-8452-78908B8B9B61}" = lport=139 | protocol=6 | dir=in | app=system |

"{BA30717D-569E-47D6-9019-AA89A9FFA2BC}" = rport=137 | protocol=17 | dir=out | app=system |

"{BAB5CB69-70AC-47FC-A4C6-8A417491B0E4}" = lport=137 | protocol=17 | dir=in | app=system |

"{BDF15A16-03CB-433C-9454-0304D793E8E9}" = rport=138 | protocol=17 | dir=out | app=system |

"{CADF61D0-28A1-4CBB-8894-E013DE23780F}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{1BAABB30-5E70-475A-848B-2A80C361B9AA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{830A41CF-1158-4952-B5F1-530FC34CE6E5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{C424F444-25DF-41E7-98E3-113A1AA28611}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{E29D4D17-0F37-4CD6-BA89-33F3F8BCFCBA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"TCP Query User{0A9F62F8-D13C-4029-963B-A1E2B2FEC8E8}C:\users\scott\appdata\local\temp\showmypc\smpc3152\smpcph.exe" = protocol=6 | dir=in | app=c:\users\scott\appdata\local\temp\showmypc\smpc3152\smpcph.exe |

"UDP Query User{ED3827E5-48F2-4F00-A085-120DC6051D27}C:\users\scott\appdata\local\temp\showmypc\smpc3152\smpcph.exe" = protocol=17 | dir=in | app=c:\users\scott\appdata\local\temp\showmypc\smpc3152\smpcph.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector

"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety

"{02AD9D20-03D2-4DE0-8793-E8253026AD86}" = EMCGadgets64

"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{26A24AE4-039D-4CA4-87B4-2F86416018FF}" = Java 6 Update 18 (64-bit)

"{27726449-83B8-428D-92DE-101346C1E15C}" = Microsoft Security Client

"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup

"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B93A5C71-1F05-47c6-A9CD-DB6183CC8B30}" = Canon MF4360-4390

"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"CCleaner" = CCleaner

"Creative OEM005" = Monitor Webcam (SP2208WFP) Driver (1.00.08.0720)

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft Security Client" = Microsoft Security Essentials

"NVIDIA Drivers" = NVIDIA Drivers

"PC-Doctor for Windows" = My Dell

"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data

"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0E14FFF4-927F-45B4-8D67-7D3709BB1E1B}" = EZWrapper

"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup

"{11E0AC7D-6822-4F67-865F-EE1C13D28C38}" = QuickBooks Pro 2011

"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1D70AABC-CB59-4700-A708-EA56D1CA07B0}" = QuickBooks

"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{22318EFC-9FF8-4A16-BB57-AA9B73014470}" = SDWrapper

"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java 6 Update 35

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU

"{40C4903E-EDFB-4CAE-A611-41FEBA585921}" = VTech Download Agent Library

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion

"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy CD and DVD Burning

"{5678B15A-504C-4A79-8554-05488A206E41}" = HD Writer AE 3.0

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack

"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service

"{5B1CE354-AF56-45EF-B0F2-9DC729122413}" = SDIComplete

"{612B5D2E-8084-4102-91DE-24281E4EFB2C}" = Roxio Easy CD and DVD Burning

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{66B4C110-8BEB-49B5-824E-C70AEEB20ECD}" = ScanSoft OmniPage SE 4

"{6767DFEE-8909-453A-B553-C7693912B2EB}" = Canon MF Toolbox 4.9.1.1.mf07

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio

"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{7C05EEDD-E565-4E2B-ADE4-0C784C17311C}" = Crystal Reports for .NET Framework 2.0 (x86)

"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)

"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR

"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime

"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D7BF69AF-BB0B-4813-A321-75DE2B779DA7}" = EZReader6

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module

"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari

"{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"GoToAssist" = GoToAssist 8.0.0.514

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

"Office14.SingleImage" = Microsoft Office Home and Business 2010

"QB Connection Diagnostic Tool" = QB Connection Diagnostic Tool

"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-598081582-2854634212-1293884500-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"DSite" = Update for Zip Opener

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-598081582-2854634212-1293884500-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 8/18/2013 2:09:35 PM | Computer Name = Rikki-PC | Source = QuickBooks | ID = 4

Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance

Hand

Error - 8/18/2013 2:09:35 PM | Computer Name = Rikki-PC | Source = QuickBooks | ID = 4

Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance

Hand

Error - 8/18/2013 3:26:26 PM | Computer Name = Rikki-PC | Source = QuickBooks | ID = 4

Description = An unexpected error has occured in "QuickBooks Pro 2011": Failed to

send mail message:

Error - 8/18/2013 3:26:26 PM | Computer Name = Rikki-PC | Source = QuickBooks | ID = 4

Description = An unexpected error has occured in "QuickBooks Pro 2011": The user

canceled one of the dialog boxes. No message was sen

Error - 8/19/2013 12:24:46 AM | Computer Name = Rikki-PC | Source = QuickBooks | ID = 4

Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance

Hand

Error - 8/19/2013 12:24:46 AM | Computer Name = Rikki-PC | Source = QuickBooks | ID = 4

Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance

Hand

Error - 8/19/2013 12:24:46 AM | Computer Name = Rikki-PC | Source = QuickBooks | ID = 4

Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance

Hand

Error - 8/19/2013 9:11:35 AM | Computer Name = Rikki-PC | Source = QuickBooks | ID = 4

Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance

Hand

Error - 8/19/2013 9:11:35 AM | Computer Name = Rikki-PC | Source = QuickBooks | ID = 4

Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance

Hand

Error - 8/19/2013 9:11:35 AM | Computer Name = Rikki-PC | Source = QuickBooks | ID = 4

Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance

Hand

[ Dell Events ]

Error - 4/9/2011 6:47:56 PM | Computer Name = Rikki-PC | Source = DataSafe | ID = 17