Solved Help! 8.26.70.252 kicking my butt

Hallelijuah:



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-11-2012 02
Ran by SYSTEM at 13-11-2012 01:11:41
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1535112 2012-09-12] (McAfee, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
HKU\Betty Anne\...\Run: [SetupWizard] D:\SetupWizard.exe reboot [x]
HKU\Betty Anne\...\Run: [HP Deskjet 3510 series (NET)] "C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN289142XQ05R7:NW" -scfn "HP Deskjet 3510 series (NET)" -AutoStart 1 [2552168 2012-05-08] (Hewlett-Packard Co.)
Tcpip\Parameters: [DhcpNameServer] 172.26.38.1 172.26.38.2
Startup: C:\Users\Betty Anne\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ===================

3 McAWFwk; C:\PROGRA~1\mcafee\msc\mcawfwk.exe [220528 2010-08-30] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [383608 2012-09-10] (McAfee, Inc.)
4 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [237920 2012-07-17] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [218320 2012-07-17] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [177144 2012-07-17] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-15] ()

==================== Drivers (Whitelisted) =====================

3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [69672 2012-07-17] (McAfee, Inc.)
3 HipShieldK; C:\Windows\System32\Drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [169320 2012-07-17] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [300392 2012-07-17] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [513456 2012-07-17] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [752672 2012-07-17] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [106112 2012-07-17] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [335784 2012-07-17] (McAfee, Inc.)
3 mfeavfk01; [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-11-13 01:11 - 2012-11-13 01:11 - 00000000 ____D C:\FRST
2012-11-11 21:06 - 2012-11-11 21:09 - 00002793 ____A C:\Users\Betty Anne\Desktop\Result.txt
2012-11-10 23:41 - 2012-11-10 23:41 - 00003479 ____A C:\Users\Betty Anne\Desktop\RKreport[2]_D_11112012_02d0041.txt
2012-11-10 23:40 - 2012-11-12 22:19 - 00000000 ____D C:\Users\Betty Anne\Desktop\RK_Quarantine
2012-11-10 23:40 - 2012-11-10 23:40 - 00003489 ____A C:\Users\Betty Anne\Desktop\RKreport[1]_S_11112012_02d0040.txt
2012-11-10 20:55 - 2012-11-12 22:19 - 00000000 ____D C:\Users\Betty Anne\Desktop\Duck
2012-11-09 21:13 - 2012-11-12 22:20 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-11-09 17:44 - 2012-11-09 17:41 - 00006176 ____A C:\Users\Betty Anne\Desktop\update.reg
2012-11-08 21:47 - 2012-11-09 19:55 - 00002120 ____A C:\scu.dat
2012-11-08 21:33 - 2012-11-08 21:33 - 00000000 ____D C:\Program Files (x86)\ESET
2012-11-08 20:26 - 2012-11-09 09:38 - 05784274 ____A C:\Users\Betty Anne\Local Settings\census.cache
2012-11-08 20:26 - 2012-11-09 09:38 - 05784274 ____A C:\Users\Betty Anne\Local Settings\Application Data\census.cache
2012-11-08 20:26 - 2012-11-09 09:38 - 05784274 ____A C:\Users\Betty Anne\AppData\Local\census.cache
2012-11-08 20:25 - 2012-11-09 09:30 - 00086470 ____A C:\Users\Betty Anne\Local Settings\ars.cache
2012-11-08 20:25 - 2012-11-09 09:30 - 00086470 ____A C:\Users\Betty Anne\Local Settings\Application Data\ars.cache
2012-11-08 20:25 - 2012-11-09 09:30 - 00086470 ____A C:\Users\Betty Anne\AppData\Local\ars.cache
2012-11-08 20:13 - 2012-11-08 20:13 - 00000036 ____A C:\Users\Betty Anne\Local Settings\housecall.guid.cache
2012-11-08 20:13 - 2012-11-08 20:13 - 00000036 ____A C:\Users\Betty Anne\Local Settings\Application Data\housecall.guid.cache
2012-11-08 20:13 - 2012-11-08 20:13 - 00000036 ____A C:\Users\Betty Anne\AppData\Local\housecall.guid.cache
2012-11-08 20:08 - 2012-11-08 20:06 - 02322184 ____A (ESET) C:\Users\Betty Anne\Desktop\esetsmartinstaller_enu.exe
2012-11-08 20:08 - 2012-11-08 20:05 - 02406064 ____A (Trend Micro Inc.) C:\Users\Betty Anne\Desktop\HousecallLauncher64.exe
2012-11-08 18:51 - 2012-11-08 18:51 - 00000000 ____D C:\Users\Betty Anne\Application Data\Malwarebytes
2012-11-08 18:51 - 2012-11-08 18:51 - 00000000 ____D C:\Users\Betty Anne\AppData\Roaming\Malwarebytes
2012-11-08 18:48 - 2012-11-12 22:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-08 18:48 - 2012-11-08 18:48 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-08 18:48 - 2012-11-08 18:48 - 00001111 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-08 18:48 - 2012-11-08 18:48 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-11-08 18:48 - 2012-11-08 18:48 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-10-30 18:05 - 2012-10-30 18:05 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-10-30 18:05 - 2012-10-30 18:05 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk
2012-10-30 18:05 - 2012-08-21 11:01 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-10-30 18:04 - 2012-11-12 22:23 - 00000000 ____D C:\Users\All Users\Application Data\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-10-30 18:04 - 2012-11-12 22:23 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-10-30 18:04 - 2012-11-12 22:23 - 00000000 ____D C:\Program Files\iTunes
2012-10-30 18:04 - 2012-11-12 22:22 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-10-30 18:04 - 2012-10-30 18:04 - 00000000 ____D C:\Program Files\iPod
2012-10-30 17:59 - 2012-10-30 18:00 - 80521624 ____A (Apple Inc.) C:\Users\Betty Anne\Downloads\iTunes64Setup (1).exe
2012-10-30 16:06 - 2012-10-30 16:06 - 00000176 ___AH C:\Users\All Users\-IFCQXQjLQXC2XEr
2012-10-30 16:06 - 2012-10-30 16:06 - 00000176 ___AH C:\Users\All Users\Application Data\-IFCQXQjLQXC2XEr
2012-10-30 16:06 - 2012-10-30 16:06 - 00000152 ___AH C:\Users\All Users\-IFCQXQjLQXC2XE
2012-10-30 16:06 - 2012-10-30 16:06 - 00000152 ___AH C:\Users\All Users\Application Data\-IFCQXQjLQXC2XE
2012-10-30 16:05 - 2012-10-30 16:11 - 00000592 ____A C:\Users\All Users\IFCQXQjLQXC2XE
2012-10-30 16:05 - 2012-10-30 16:11 - 00000592 ____A C:\Users\All Users\Application Data\IFCQXQjLQXC2XE
2012-10-30 15:52 - 2012-10-30 15:52 - 00000176 ___AH C:\Users\All Users\-IwLLZ3HEtF0AmVr
2012-10-30 15:52 - 2012-10-30 15:52 - 00000176 ___AH C:\Users\All Users\Application Data\-IwLLZ3HEtF0AmVr
2012-10-30 15:52 - 2012-10-30 15:52 - 00000152 ___AH C:\Users\All Users\-IwLLZ3HEtF0AmV
2012-10-30 15:52 - 2012-10-30 15:52 - 00000152 ___AH C:\Users\All Users\Application Data\-IwLLZ3HEtF0AmV
2012-10-30 15:51 - 2012-10-30 15:51 - 00000368 ___AH C:\Users\All Users\IwLLZ3HEtF0AmV
2012-10-30 15:51 - 2012-10-30 15:51 - 00000368 ___AH C:\Users\All Users\Application Data\IwLLZ3HEtF0AmV
2012-10-30 14:31 - 2012-10-30 14:31 - 00000000 ___HD C:\Users\Betty Anne\Pearson
2012-10-25 18:46 - 2012-04-20 14:40 - 00196440 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\HipShieldK.sys

==================== One Month Modified Files and Folders =======

2012-11-13 01:11 - 2012-11-13 01:11 - 00000000 ____D C:\FRST
2012-11-12 22:30 - 2012-02-21 18:21 - 00000000 ___HD C:\users\Betty Anne
2012-11-12 22:30 - 2012-02-12 10:48 - 00000000 ____D C:\Windows\ShellNew
2012-11-12 22:30 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\System32\WinBioPlugIns
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ___AD C:\Windows\System32\oobe
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\uk-UA
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\th-TH
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\sr-Latn-CS
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\sppui
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\sl-SI
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\sk-SK
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\ro-RO
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\ras
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\manifeststore
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\lv-LV
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\lt-LT
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\InstallShield
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\icsxml
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\hr-HR
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\he-IL
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\et-EE
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\com
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\bg-BG
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\ar-SA
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\zh-HK
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\uk-UA
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\tr-TR
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\th-TH
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\sysprep
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\sr-Latn-CS
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\sppui
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\sl-SI
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\sk-SK
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\Setup
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\ro-RO
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\ras
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\migwiz
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\manifeststore
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\lv-LV
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\lt-LT
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\icsxml
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\ias
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\hr-HR
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\he-IL
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\et-EE
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\Dism
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\com
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\bg-BG
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\ar-SA
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\AdvancedInstallers
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\servicing
2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2012-11-12 22:29 - 2012-02-12 10:48 - 00000000 ____D C:\Program Files\Windows Journal
2012-11-12 22:29 - 2011-11-16 14:49 - 00000000 ___AD C:\Windows\WisTools
2012-11-12 22:29 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\addins
2012-11-12 22:29 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2012-11-12 22:29 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2012-11-12 22:29 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2012-11-12 22:29 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files\Windows Defender
2012-11-12 22:29 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files\DVD Maker
2012-11-12 22:29 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-11-12 22:29 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2012-11-12 22:29 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2012-11-12 22:29 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2012-11-12 22:29 - 2009-07-13 21:20 - 00000000 __RSD C:\Windows\Media
2012-11-12 22:29 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\L2Schemas
2012-11-12 22:29 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\IME
2012-11-12 22:29 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\Cursors
2012-11-12 22:29 - 2009-07-13 21:20 - 00000000 ____D C:\Program Files\Common Files\System
2012-11-12 22:29 - 2009-07-13 21:20 - 00000000 ____D C:\Program Files\Common Files\Services
2012-11-12 22:25 - 2012-02-12 09:09 - 00000000 ____D C:\Windows\SysWOW64\sda
2012-11-12 22:25 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\System32\restore
2012-11-12 22:25 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\TAPI
2012-11-12 22:25 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\Recovery
2012-11-12 22:24 - 2012-06-12 16:07 - 00000000 ____D C:\Windows\hpoj4500g510n-z
2012-11-12 22:24 - 2012-05-16 20:38 - 00000000 ___HD C:\Users\Betty Anne\Local Settings\Xfinity.com
2012-11-12 22:24 - 2012-05-16 20:38 - 00000000 ___HD C:\Users\Betty Anne\Local Settings\Application Data\Xfinity.com
2012-11-12 22:24 - 2012-05-16 20:38 - 00000000 ___HD C:\Users\Betty Anne\AppData\Local\Xfinity.com
2012-11-12 22:24 - 2012-02-24 09:48 - 00000000 ____D C:\Windows\en
2012-11-12 22:24 - 2012-02-21 18:21 - 00000000 __RHD C:\Users\Betty Anne\Desktop\Play Games
2012-11-12 22:24 - 2012-02-12 09:21 - 00000000 ___RD C:\Users\Default\Desktop\Play Games
2012-11-12 22:24 - 2012-02-12 09:21 - 00000000 ___RD C:\Users\Default User\Desktop\Play Games
2012-11-12 22:24 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\Offline Web Pages
2012-11-12 22:24 - 2009-07-13 21:20 - 00000000 __RHD C:\Users\Public\Libraries
2012-11-12 22:24 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2012-11-12 22:24 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\AppCompat
2012-11-12 22:23 - 2012-10-30 18:04 - 00000000 ____D C:\Users\All Users\Application Data\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-11-12 22:23 - 2012-10-30 18:04 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-11-12 22:23 - 2012-10-30 18:04 - 00000000 ____D C:\Program Files\iTunes
2012-11-12 22:23 - 2012-10-06 16:50 - 00000000 ___HD C:\Users\All Users\HP Photo Creations
2012-11-12 22:23 - 2012-10-06 16:50 - 00000000 ___HD C:\Users\All Users\Application Data\HP Photo Creations
2012-11-12 22:23 - 2012-07-13 12:52 - 00000000 ___HD C:\Users\All Users\Application Data\7531CCA9FFA8D4FAC553236AF875F002
2012-11-12 22:23 - 2012-07-13 12:52 - 00000000 ___HD C:\Users\All Users\7531CCA9FFA8D4FAC553236AF875F002
2012-11-12 22:23 - 2012-06-13 15:54 - 00000000 ____D C:\Program Files\Bonjour
2012-11-12 22:23 - 2012-06-12 16:09 - 00000000 ___HD C:\Users\All Users\HP Product Assistant
2012-11-12 22:23 - 2012-06-12 16:09 - 00000000 ___HD C:\Users\All Users\Application Data\HP Product Assistant
2012-11-12 22:23 - 2012-04-09 13:34 - 00000000 ____D C:\Program Files\Dell Support Center
2012-11-12 22:23 - 2012-03-21 13:09 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-11-12 22:23 - 2012-02-24 10:28 - 00000000 ____D C:\Program Files\CCleaner
2012-11-12 22:23 - 2012-02-23 15:38 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-11-12 22:23 - 2012-02-23 13:47 - 00000000 ___HD C:\Users\Betty Anne\Local Settings\Microsoft Help
2012-11-12 22:23 - 2012-02-23 13:47 - 00000000 ___HD C:\Users\Betty Anne\Local Settings\Application Data\Microsoft Help
2012-11-12 22:23 - 2012-02-23 13:47 - 00000000 ___HD C:\Users\Betty Anne\AppData\Local\Microsoft Help
2012-11-12 22:23 - 2012-02-23 13:47 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-11-12 22:23 - 2012-02-23 13:47 - 00000000 ____D C:\Users\All Users\Application Data\Microsoft Help
2012-11-12 22:23 - 2012-02-12 09:38 - 00000000 ___HD C:\Users\All Users\McAfee
2012-11-12 22:23 - 2012-02-12 09:38 - 00000000 ___HD C:\Users\All Users\Application Data\McAfee
2012-11-12 22:23 - 2012-02-12 09:21 - 00000000 ____D C:\Program Files\Dell Games Folder
2012-11-12 22:23 - 2012-02-12 09:09 - 00000000 ____D C:\Program Files\DellTPad
2012-11-12 22:23 - 2012-02-12 09:07 - 00000000 ____D C:\Program Files\IDT
2012-11-12 22:23 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2012-11-12 22:22 - 2012-11-08 18:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-12 22:22 - 2012-10-30 18:04 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-11-12 22:22 - 2012-10-06 16:50 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2012-11-12 22:22 - 2012-10-06 16:50 - 00000000 ____D C:\Program Files (x86)\Coupons
2012-11-12 22:22 - 2012-06-13 15:55 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2012-11-12 22:22 - 2012-06-13 15:54 - 00000000 ____D C:\Program Files (x86)\Bonjour
2012-11-12 22:22 - 2012-06-12 16:05 - 00000000 ____D C:\Program Files (x86)\HP
2012-11-12 22:22 - 2012-02-23 15:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-11-12 22:22 - 2012-02-23 13:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2012-11-12 22:22 - 2012-02-12 09:43 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2012-11-12 22:22 - 2012-02-12 09:10 - 00000000 ____D C:\Program Files (x86)\Cozi Express
2012-11-12 22:20 - 2012-11-09 21:13 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-11-12 22:19 - 2012-11-10 23:40 - 00000000 ____D C:\Users\Betty Anne\Desktop\RK_Quarantine
2012-11-12 22:19 - 2012-11-10 20:55 - 00000000 ____D C:\Users\Betty Anne\Desktop\Duck
2012-11-12 22:19 - 2012-02-12 10:48 - 00000000 __RHD C:\Users\Public\Recorded TV
2012-11-12 22:12 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
2012-11-12 21:41 - 2012-02-12 09:38 - 00000000 ____D C:\Program Files (x86)\McAfee
2012-11-12 21:40 - 2012-02-12 09:05 - 00000000 ____D C:\Program Files (x86)\Java
2012-11-11 21:11 - 2012-02-12 09:55 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks
2012-11-11 21:11 - 2012-02-12 09:55 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks
2012-11-11 21:11 - 2012-02-12 09:55 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2012-11-11 21:11 - 2012-02-12 09:55 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks
2012-11-11 21:11 - 2012-02-12 09:55 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks
2012-11-11 21:11 - 2012-02-12 09:55 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2012-11-11 21:09 - 2012-11-11 21:06 - 00002793 ____A C:\Users\Betty Anne\Desktop\Result.txt
2012-11-10 23:41 - 2012-11-10 23:41 - 00003479 ____A C:\Users\Betty Anne\Desktop\RKreport[2]_D_11112012_02d0041.txt
2012-11-10 23:41 - 2012-02-23 15:46 - 00000000 __SHD C:\Users\Betty Anne\Local Settings\Application Data\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}
2012-11-10 23:41 - 2012-02-23 15:46 - 00000000 __SHD C:\Users\Betty Anne\Local Settings\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}
2012-11-10 23:41 - 2012-02-23 15:46 - 00000000 __SHD C:\Users\Betty Anne\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}
2012-11-10 23:40 - 2012-11-10 23:40 - 00003489 ____A C:\Users\Betty Anne\Desktop\RKreport[1]_S_11112012_02d0040.txt
2012-11-09 21:13 - 2012-02-12 09:24 - 00000000 ___HD C:\Users\All Users\Sonic
2012-11-09 21:13 - 2012-02-12 09:24 - 00000000 ___HD C:\Users\All Users\Application Data\Sonic
2012-11-09 19:55 - 2012-11-08 21:47 - 00002120 ____A C:\scu.dat
2012-11-09 17:58 - 2012-09-09 22:48 - 00000000 ___HD C:\Users\Betty Anne\My Documents\Round LA 2012-2013
2012-11-09 17:58 - 2012-09-09 22:48 - 00000000 ___HD C:\Users\Betty Anne\Documents\Round LA 2012-2013
2012-11-09 17:52 - 2009-07-13 23:13 - 00778660 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-09 17:49 - 2012-02-12 08:53 - 01403193 ____A C:\Windows\WindowsUpdate.log
2012-11-09 17:47 - 2012-02-24 11:00 - 00006034 ____A C:\Windows\setupact.log
2012-11-09 17:47 - 2009-07-13 23:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-09 17:41 - 2012-11-09 17:44 - 00006176 ____A C:\Users\Betty Anne\Desktop\update.reg
2012-11-09 09:38 - 2012-11-08 20:26 - 05784274 ____A C:\Users\Betty Anne\Local Settings\census.cache
2012-11-09 09:38 - 2012-11-08 20:26 - 05784274 ____A C:\Users\Betty Anne\Local Settings\Application Data\census.cache
2012-11-09 09:38 - 2012-11-08 20:26 - 05784274 ____A C:\Users\Betty Anne\AppData\Local\census.cache
2012-11-09 09:30 - 2012-11-08 20:25 - 00086470 ____A C:\Users\Betty Anne\Local Settings\ars.cache
2012-11-09 09:30 - 2012-11-08 20:25 - 00086470 ____A C:\Users\Betty Anne\Local Settings\Application Data\ars.cache
2012-11-09 09:30 - 2012-11-08 20:25 - 00086470 ____A C:\Users\Betty Anne\AppData\Local\ars.cache
2012-11-08 22:51 - 2009-07-13 22:45 - 00020928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-08 22:51 - 2009-07-13 22:45 - 00020928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-08 22:44 - 2012-03-07 18:52 - 00019182 ____A C:\Windows\PFRO.log
2012-11-08 21:33 - 2012-11-08 21:33 - 00000000 ____D C:\Program Files (x86)\ESET
2012-11-08 20:13 - 2012-11-08 20:13 - 00000036 ____A C:\Users\Betty Anne\Local Settings\housecall.guid.cache
2012-11-08 20:13 - 2012-11-08 20:13 - 00000036 ____A C:\Users\Betty Anne\Local Settings\Application Data\housecall.guid.cache
2012-11-08 20:13 - 2012-11-08 20:13 - 00000036 ____A C:\Users\Betty Anne\AppData\Local\housecall.guid.cache
2012-11-08 20:06 - 2012-11-08 20:08 - 02322184 ____A (ESET) C:\Users\Betty Anne\Desktop\esetsmartinstaller_enu.exe
2012-11-08 20:05 - 2012-11-08 20:08 - 02406064 ____A (Trend Micro Inc.) C:\Users\Betty Anne\Desktop\HousecallLauncher64.exe
2012-11-08 19:59 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\NDF
2012-11-08 19:16 - 2012-06-12 01:25 - 00033280 __ASH C:\Users\Betty Anne\My Documents\Thumbs.db
2012-11-08 19:16 - 2012-06-12 01:25 - 00033280 __ASH C:\Users\Betty Anne\Documents\Thumbs.db
2012-11-08 18:51 - 2012-11-08 18:51 - 00000000 ____D C:\Users\Betty Anne\Application Data\Malwarebytes
2012-11-08 18:51 - 2012-11-08 18:51 - 00000000 ____D C:\Users\Betty Anne\AppData\Roaming\Malwarebytes
2012-11-08 18:48 - 2012-11-08 18:48 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-08 18:48 - 2012-11-08 18:48 - 00001111 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-08 18:48 - 2012-11-08 18:48 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-11-08 18:48 - 2012-11-08 18:48 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-10-30 18:05 - 2012-10-30 18:05 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-10-30 18:05 - 2012-10-30 18:05 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk
2012-10-30 18:04 - 2012-10-30 18:04 - 00000000 ____D C:\Program Files\iPod
2012-10-30 18:00 - 2012-10-30 17:59 - 80521624 ____A (Apple Inc.) C:\Users\Betty Anne\Downloads\iTunes64Setup (1).exe
2012-10-30 16:11 - 2012-10-30 16:05 - 00000592 ____A C:\Users\All Users\IFCQXQjLQXC2XE
2012-10-30 16:11 - 2012-10-30 16:05 - 00000592 ____A C:\Users\All Users\Application Data\IFCQXQjLQXC2XE
2012-10-30 16:06 - 2012-10-30 16:06 - 00000176 ___AH C:\Users\All Users\-IFCQXQjLQXC2XEr
2012-10-30 16:06 - 2012-10-30 16:06 - 00000176 ___AH C:\Users\All Users\Application Data\-IFCQXQjLQXC2XEr
2012-10-30 16:06 - 2012-10-30 16:06 - 00000152 ___AH C:\Users\All Users\-IFCQXQjLQXC2XE
2012-10-30 16:06 - 2012-10-30 16:06 - 00000152 ___AH C:\Users\All Users\Application Data\-IFCQXQjLQXC2XE
2012-10-30 15:52 - 2012-10-30 15:52 - 00000176 ___AH C:\Users\All Users\-IwLLZ3HEtF0AmVr
2012-10-30 15:52 - 2012-10-30 15:52 - 00000176 ___AH C:\Users\All Users\Application Data\-IwLLZ3HEtF0AmVr
2012-10-30 15:52 - 2012-10-30 15:52 - 00000152 ___AH C:\Users\All Users\-IwLLZ3HEtF0AmV
2012-10-30 15:52 - 2012-10-30 15:52 - 00000152 ___AH C:\Users\All Users\Application Data\-IwLLZ3HEtF0AmV
2012-10-30 15:51 - 2012-10-30 15:51 - 00000368 ___AH C:\Users\All Users\IwLLZ3HEtF0AmV
2012-10-30 15:51 - 2012-10-30 15:51 - 00000368 ___AH C:\Users\All Users\Application Data\IwLLZ3HEtF0AmV
2012-10-30 15:49 - 2012-02-12 09:38 - 00000000 ____D C:\Program Files\Common Files\mcafee
2012-10-30 14:31 - 2012-10-30 14:31 - 00000000 ___HD C:\Users\Betty Anne\Pearson
2012-10-25 18:46 - 2012-02-12 09:38 - 00000000 ____D C:\Program Files\mcafee
2012-10-15 03:08 - 2012-09-10 03:16 - 00000000 ___HD C:\Users\Betty Anne\My Documents\Round Parent Newsletter 2012-2013
2012-10-15 03:08 - 2012-09-10 03:16 - 00000000 ___HD C:\Users\Betty Anne\Documents\Round Parent Newsletter 2012-2013

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

TDL4: custom:26000022 <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-09-10 03:42:14
Restore point made on: 2012-09-28 20:42:32
Restore point made on: 2012-10-06 17:44:39
Restore point made on: 2012-10-29 16:21:20
Restore point made on: 2012-10-30 18:03:25
Restore point made on: 2012-11-09 14:12:14
Restore point made on: 2012-11-09 17:53:01

==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 6050.05 MB
Available physical RAM: 4993.67 MB
Total Pagefile: 6048.25 MB
Available Pagefile: 5034.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:581.41 GB) (Free:531.78 GB) NTFS
3 Drive e: (Recovery) (Fixed) (Total:14.65 GB) (Free:7.22 GB) NTFS ==>[System with boot components (obtained from reading drive)]
ATTENTION: Malware custom entry on BCD on drive e: detected. Check for MBR/Partition infection.
4 Drive f: (DUCKDRIVE2) (Removable) (Total:0.93 GB) (Free:0.93 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 13 MB
Disk 1 Online 953 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 100 MB 1024 KB
Partition 2 Primary 14 GB 101 MB
Partition 3 Primary 581 GB 14 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 DELLUTILITY FAT Partition 100 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 E Recovery NTFS Partition 14 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 581 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 953 MB 0 B

==================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

=========================================================

Last Boot: 2012-11-09 14:04

==================== End Of Log =============================

Farbar Recovery Scan Tool (x64) Version: 10-11-2012 02
Ran by SYSTEM at 2012-11-13 01:16:53
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 17:19] - [2009-07-13 19:39] - 0328704 ___AH (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 17:19] - [2009-07-13 19:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======
 
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if you can boot normally.
 

Attachments

  • fixlist.txt
    67 bytes · Views: 1
I am VERY impressed. Booted into Win7 Home Premium without any manipulation by me. You sir are a Jedi Master. Log file below, as requested:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-11-2012 02
Ran by SYSTEM at 2012-11-13 19:44:34 Run:1
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.

The operation completed successfully.
The operation completed successfully.

==== End of Fixlog ====

What next? Should I try Internet Explorer and see if I get redirected again? Should I try MS Update?
 
Great news!

I want you to retry running following tools:
TDSSKiller
RogueKiller
aswMBR

In that sequence.
 
20:09:57.0040 4556 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:09:57.0118 4556 ============================================================
20:09:57.0118 4556 Current date / time: 2012/11/13 20:09:57.0118
20:09:57.0118 4556 SystemInfo:
20:09:57.0118 4556
20:09:57.0118 4556 OS Version: 6.1.7601 ServicePack: 1.0
20:09:57.0118 4556 Product type: Workstation
20:09:57.0118 4556 ComputerName: BETTYANNE-PC
20:09:57.0118 4556 UserName: Betty Anne
20:09:57.0118 4556 Windows directory: C:\windows
20:09:57.0118 4556 System windows directory: C:\windows
20:09:57.0118 4556 Running under WOW64
20:09:57.0118 4556 Processor architecture: Intel x64
20:09:57.0118 4556 Number of processors: 4
20:09:57.0118 4556 Page size: 0x1000
20:09:57.0118 4556 Boot type: Normal boot
20:09:57.0118 4556 ============================================================
20:09:57.0773 4556 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:09:57.0789 4556 ============================================================
20:09:57.0789 4556 \Device\Harddisk0\DR0:
20:09:57.0789 4556 MBR partitions:
20:09:57.0789 4556 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
20:09:57.0789 4556 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x48AD22B0
20:09:57.0789 4556 ============================================================
20:09:57.0804 4556 C: <-> \Device\Harddisk0\DR0\Partition2
20:09:57.0804 4556 ============================================================
20:09:57.0804 4556 Initialize success
20:09:57.0804 4556 ============================================================
20:10:00.0051 2992 ============================================================
20:10:00.0051 2992 Scan started
20:10:00.0051 2992 Mode: Manual;
20:10:00.0051 2992 ============================================================
20:10:00.0347 2992 ================ Scan system memory ========================
20:10:00.0347 2992 System memory - ok
20:10:00.0347 2992 ================ Scan services =============================
20:10:00.0597 2992 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
20:10:00.0659 2992 1394ohci - ok
20:10:00.0675 2992 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
20:10:00.0675 2992 ACPI - ok
20:10:00.0690 2992 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
20:10:00.0737 2992 AcpiPmi - ok
20:10:00.0815 2992 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
20:10:00.0831 2992 adp94xx - ok
20:10:00.0846 2992 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
20:10:00.0862 2992 adpahci - ok
20:10:00.0862 2992 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
20:10:00.0878 2992 adpu320 - ok
20:10:00.0893 2992 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
20:10:00.0909 2992 AeLookupSvc - ok
20:10:00.0987 2992 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
20:10:01.0049 2992 AESTFilters - ok
20:10:01.0112 2992 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
20:10:01.0174 2992 AFD - ok
20:10:01.0205 2992 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
20:10:01.0221 2992 agp440 - ok
20:10:01.0252 2992 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
20:10:01.0268 2992 ALG - ok
20:10:01.0314 2992 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
20:10:01.0314 2992 aliide - ok
20:10:01.0330 2992 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
20:10:01.0330 2992 amdide - ok
20:10:01.0361 2992 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
20:10:01.0361 2992 AmdK8 - ok
20:10:01.0377 2992 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
20:10:01.0377 2992 AmdPPM - ok
20:10:01.0408 2992 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
20:10:01.0455 2992 amdsata - ok
20:10:01.0455 2992 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
20:10:01.0455 2992 amdsbs - ok
20:10:01.0470 2992 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
20:10:01.0470 2992 amdxata - ok
20:10:01.0502 2992 [ 3BC90482A834F998C3B7A9C934A20342 ] AMPPAL C:\windows\system32\DRIVERS\AMPPAL.sys
20:10:01.0548 2992 AMPPAL - ok
20:10:01.0564 2992 [ 3BC90482A834F998C3B7A9C934A20342 ] AMPPALP C:\windows\system32\DRIVERS\amppal.sys
20:10:01.0564 2992 AMPPALP - ok
20:10:01.0642 2992 [ A47D7FEBD9381D34DDB4FF38B15A67FE ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
20:10:01.0658 2992 AMPPALR3 - ok
20:10:01.0720 2992 [ 24ED0EB2B2558970176ECEE680F8F806 ] ApfiltrService C:\windows\system32\DRIVERS\Apfiltr.sys
20:10:01.0798 2992 ApfiltrService - ok
20:10:01.0814 2992 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
20:10:01.0876 2992 AppID - ok
20:10:01.0892 2992 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
20:10:01.0892 2992 AppIDSvc - ok
20:10:01.0907 2992 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
20:10:01.0907 2992 Appinfo - ok
20:10:02.0016 2992 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:10:02.0094 2992 Apple Mobile Device - ok
20:10:02.0126 2992 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
20:10:02.0126 2992 arc - ok
20:10:02.0141 2992 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
20:10:02.0157 2992 arcsas - ok
20:10:02.0250 2992 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:10:02.0282 2992 aspnet_state - ok
20:10:02.0328 2992 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
20:10:02.0344 2992 AsyncMac - ok
20:10:02.0360 2992 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
20:10:02.0360 2992 atapi - ok
20:10:02.0406 2992 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
20:10:02.0453 2992 AudioEndpointBuilder - ok
20:10:02.0453 2992 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
20:10:02.0469 2992 AudioSrv - ok
20:10:02.0500 2992 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
20:10:02.0531 2992 AxInstSV - ok
20:10:02.0578 2992 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
20:10:02.0594 2992 b06bdrv - ok
20:10:02.0640 2992 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
20:10:02.0656 2992 b57nd60a - ok
20:10:02.0828 2992 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
20:10:02.0906 2992 BBSvc - ok
20:10:02.0937 2992 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
20:10:02.0937 2992 BBUpdate - ok
20:10:02.0999 2992 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
20:10:02.0999 2992 BDESVC - ok
20:10:03.0046 2992 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
20:10:03.0046 2992 Beep - ok
20:10:03.0077 2992 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
20:10:03.0093 2992 blbdrive - ok
20:10:03.0202 2992 [ 5FF7B9916A10E8E69E7C0D16F0B4787A ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
20:10:03.0218 2992 Bluetooth Device Monitor - ok
20:10:03.0296 2992 [ E43D73CAF1023976EFBA1D0F0E69E271 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
20:10:03.0327 2992 Bluetooth Media Service - ok
20:10:03.0389 2992 [ 20427929646784A482DF34EF8C4FED23 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
20:10:03.0405 2992 Bluetooth OBEX Service - ok
20:10:03.0483 2992 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:10:03.0561 2992 Bonjour Service - ok
20:10:03.0592 2992 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
20:10:03.0592 2992 bowser - ok
20:10:03.0592 2992 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
20:10:03.0608 2992 BrFiltLo - ok
20:10:03.0623 2992 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
20:10:03.0639 2992 BrFiltUp - ok
20:10:03.0654 2992 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\windows\System32\browser.dll
20:10:03.0701 2992 Browser - ok
20:10:03.0717 2992 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
20:10:03.0717 2992 Brserid - ok
20:10:03.0717 2992 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
20:10:03.0732 2992 BrSerWdm - ok
20:10:03.0732 2992 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
20:10:03.0732 2992 BrUsbMdm - ok
20:10:03.0732 2992 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
20:10:03.0732 2992 BrUsbSer - ok
20:10:03.0748 2992 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\DRIVERS\BthEnum.sys
20:10:03.0764 2992 BthEnum - ok
20:10:03.0764 2992 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
20:10:03.0779 2992 BTHMODEM - ok
20:10:03.0779 2992 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
20:10:03.0795 2992 BthPan - ok
20:10:03.0810 2992 [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT C:\windows\system32\Drivers\BTHport.sys
20:10:03.0873 2992 BTHPORT - ok
20:10:03.0888 2992 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
20:10:03.0888 2992 bthserv - ok
20:10:03.0904 2992 [ 9E2AF97302B9F4BF97E952A865EB31AE ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
20:10:03.0904 2992 BTHSSecurityMgr - ok
20:10:03.0920 2992 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\system32\Drivers\BTHUSB.sys
20:10:03.0982 2992 BTHUSB - ok
20:10:03.0982 2992 [ 274E47BD9C1367BDBFA9DF10C2E6C544 ] btmaudio C:\windows\system32\drivers\btmaud.sys
20:10:04.0044 2992 btmaudio - ok
20:10:04.0044 2992 [ 75EAB5AAF6E9F83739249CE60B4B9C39 ] btmaux C:\windows\system32\DRIVERS\btmaux.sys
20:10:04.0091 2992 btmaux - ok
20:10:04.0091 2992 [ 0B1CC2221DC5990E4557A78CE9AFAD4F ] btmhsf C:\windows\system32\DRIVERS\btmhsf.sys
20:10:04.0138 2992 btmhsf - ok
20:10:04.0185 2992 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
20:10:04.0185 2992 cdfs - ok
20:10:04.0216 2992 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
20:10:04.0278 2992 cdrom - ok
20:10:04.0310 2992 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
20:10:04.0356 2992 CertPropSvc - ok
20:10:04.0388 2992 [ 7C6B5BE2696DFD2D0BF6C9EE20326EF8 ] cfwids C:\windows\system32\drivers\cfwids.sys
20:10:04.0466 2992 cfwids - ok
20:10:04.0481 2992 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
20:10:04.0481 2992 circlass - ok
20:10:04.0512 2992 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
20:10:04.0512 2992 CLFS - ok
20:10:04.0575 2992 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:10:04.0575 2992 clr_optimization_v2.0.50727_32 - ok
20:10:04.0637 2992 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:10:04.0653 2992 clr_optimization_v2.0.50727_64 - ok
20:10:04.0778 2992 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:10:04.0856 2992 clr_optimization_v4.0.30319_32 - ok
20:10:04.0887 2992 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:10:04.0949 2992 clr_optimization_v4.0.30319_64 - ok
20:10:04.0980 2992 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
20:10:04.0980 2992 CmBatt - ok
20:10:04.0996 2992 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
20:10:04.0996 2992 cmdide - ok
20:10:05.0027 2992 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
20:10:05.0027 2992 CNG - ok
20:10:05.0043 2992 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
20:10:05.0043 2992 Compbatt - ok
20:10:05.0043 2992 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
20:10:05.0090 2992 CompositeBus - ok
20:10:05.0105 2992 COMSysApp - ok
20:10:05.0121 2992 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
20:10:05.0136 2992 crcdisk - ok
20:10:05.0168 2992 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\windows\system32\cryptsvc.dll
20:10:05.0214 2992 CryptSvc - ok
20:10:05.0261 2992 [ BC3D4F90978CD7C8EABD1BAF3BF7873A ] CtClsFlt C:\windows\system32\DRIVERS\CtClsFlt.sys
20:10:05.0324 2992 CtClsFlt - ok
20:10:05.0370 2992 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
20:10:05.0370 2992 DcomLaunch - ok
20:10:05.0433 2992 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
20:10:05.0448 2992 defragsvc - ok
20:10:05.0480 2992 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
20:10:05.0480 2992 DfsC - ok
20:10:05.0526 2992 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
20:10:05.0589 2992 Dhcp - ok
20:10:05.0589 2992 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
20:10:05.0589 2992 discache - ok
20:10:05.0620 2992 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
20:10:05.0620 2992 Disk - ok
20:10:05.0651 2992 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
20:10:05.0714 2992 Dnscache - ok
20:10:05.0745 2992 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
20:10:05.0807 2992 dot3svc - ok
20:10:05.0823 2992 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
20:10:05.0854 2992 DPS - ok
20:10:05.0885 2992 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
20:10:05.0885 2992 drmkaud - ok
20:10:05.0916 2992 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
20:10:05.0994 2992 DXGKrnl - ok
20:10:06.0041 2992 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
20:10:06.0041 2992 EapHost - ok
20:10:06.0166 2992 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
20:10:06.0197 2992 ebdrv - ok
20:10:06.0228 2992 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
20:10:06.0275 2992 EFS - ok
20:10:06.0353 2992 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
20:10:06.0416 2992 ehRecvr - ok
20:10:06.0431 2992 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
20:10:06.0431 2992 ehSched - ok
20:10:06.0494 2992 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
20:10:06.0509 2992 elxstor - ok
20:10:06.0540 2992 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
20:10:06.0540 2992 ErrDev - ok
20:10:06.0587 2992 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
20:10:06.0587 2992 EventSystem - ok
20:10:06.0712 2992 [ B20A788579E443F768AAB1A24F705D0A ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
20:10:06.0774 2992 EvtEng - ok
20:10:06.0806 2992 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
20:10:06.0821 2992 exfat - ok
20:10:06.0852 2992 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
20:10:06.0852 2992 fastfat - ok
20:10:06.0915 2992 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
20:10:06.0977 2992 Fax - ok
20:10:06.0977 2992 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
20:10:06.0977 2992 fdc - ok
20:10:07.0008 2992 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
20:10:07.0008 2992 fdPHost - ok
20:10:07.0024 2992 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
20:10:07.0024 2992 FDResPub - ok
20:10:07.0040 2992 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
20:10:07.0040 2992 FileInfo - ok
20:10:07.0055 2992 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
20:10:07.0071 2992 Filetrace - ok
20:10:07.0071 2992 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
20:10:07.0071 2992 flpydisk - ok
20:10:07.0071 2992 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
20:10:07.0086 2992 FltMgr - ok
20:10:07.0149 2992 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
20:10:07.0196 2992 FontCache - ok
20:10:07.0242 2992 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:10:07.0305 2992 FontCache3.0.0.0 - ok
20:10:07.0336 2992 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
20:10:07.0336 2992 FsDepends - ok
20:10:07.0352 2992 [ DC0DCE4EC2C5D2CF6472F9FD6AA9A7DC ] fssfltr C:\windows\system32\DRIVERS\fssfltr.sys
20:10:07.0414 2992 fssfltr - ok
20:10:07.0554 2992 [ 40CDFAD174B3D5E80F95DDA003C0B97F ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
 
20:10:07.0632 2992 fsssvc - ok
20:10:07.0664 2992 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
20:10:07.0726 2992 Fs_Rec - ok
20:10:07.0757 2992 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
20:10:07.0757 2992 fvevol - ok
20:10:07.0788 2992 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
20:10:07.0804 2992 gagp30kx - ok
20:10:07.0804 2992 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
20:10:07.0866 2992 GEARAspiWDM - ok
20:10:07.0913 2992 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
20:10:07.0976 2992 gpsvc - ok
20:10:07.0976 2992 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
20:10:07.0976 2992 hcw85cir - ok
20:10:08.0007 2992 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
20:10:08.0069 2992 HdAudAddService - ok
20:10:08.0069 2992 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
20:10:08.0116 2992 HDAudBus - ok
20:10:08.0147 2992 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
20:10:08.0147 2992 HidBatt - ok
20:10:08.0163 2992 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
20:10:08.0163 2992 HidBth - ok
20:10:08.0178 2992 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
20:10:08.0178 2992 HidIr - ok
20:10:08.0210 2992 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
20:10:08.0210 2992 hidserv - ok
20:10:08.0225 2992 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
20:10:08.0303 2992 HidUsb - ok
20:10:08.0319 2992 [ A894FB2CAE6A29F5D9C8EDA47B074623 ] HipShieldK C:\windows\system32\drivers\HipShieldK.sys
20:10:08.0366 2992 HipShieldK - ok
20:10:08.0381 2992 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
20:10:08.0444 2992 hkmsvc - ok
20:10:08.0459 2992 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
20:10:08.0490 2992 HomeGroupListener - ok
20:10:08.0522 2992 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
20:10:08.0568 2992 HomeGroupProvider - ok
20:10:08.0678 2992 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
20:10:08.0693 2992 hpqcxs08 - ok
20:10:08.0709 2992 [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
20:10:08.0771 2992 hpqddsvc - ok
20:10:08.0802 2992 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
20:10:08.0865 2992 HpSAMD - ok
20:10:08.0880 2992 [ D972F48D0CE396759B788693CD665926 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
20:10:08.0896 2992 HPSLPSVC - ok
20:10:08.0943 2992 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
20:10:09.0021 2992 HTTP - ok
20:10:09.0021 2992 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
20:10:09.0021 2992 hwpolicy - ok
20:10:09.0036 2992 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
20:10:09.0052 2992 i8042prt - ok
20:10:09.0083 2992 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
20:10:09.0099 2992 iaStor - ok
20:10:09.0161 2992 [ 8FFF9083252C16FE3960173722605E9E ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
20:10:09.0239 2992 IAStorDataMgrSvc - ok
20:10:09.0255 2992 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
20:10:09.0302 2992 iaStorV - ok
20:10:09.0317 2992 [ 8A4EC1C3F10385181B1066120C610AE5 ] iBtFltCoex C:\windows\system32\DRIVERS\iBtFltCoex.sys
20:10:09.0364 2992 iBtFltCoex - ok
20:10:09.0426 2992 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:10:09.0504 2992 idsvc - ok
20:10:09.0754 2992 [ 174BCAC474DE13B2650E444CF124828E ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
20:10:09.0848 2992 igfx - ok
20:10:09.0863 2992 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
20:10:09.0863 2992 iirsp - ok
20:10:09.0926 2992 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
20:10:09.0988 2992 IKEEXT - ok
20:10:10.0019 2992 [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\windows\system32\drivers\intelaud.sys
20:10:10.0082 2992 intaud_WaveExtensible - ok
20:10:10.0128 2992 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
20:10:10.0191 2992 IntcDAud - ok
20:10:10.0206 2992 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
20:10:10.0206 2992 intelide - ok
20:10:10.0222 2992 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
20:10:10.0222 2992 intelppm - ok
20:10:10.0269 2992 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
20:10:10.0269 2992 IPBusEnum - ok
20:10:10.0300 2992 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
20:10:10.0362 2992 IpFilterDriver - ok
20:10:10.0362 2992 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
20:10:10.0409 2992 IPMIDRV - ok
20:10:10.0409 2992 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
20:10:10.0425 2992 IPNAT - ok
20:10:10.0503 2992 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:10:10.0581 2992 iPod Service - ok
20:10:10.0612 2992 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
20:10:10.0628 2992 IRENUM - ok
20:10:10.0628 2992 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
20:10:10.0643 2992 isapnp - ok
20:10:10.0659 2992 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
20:10:10.0706 2992 iScsiPrt - ok
20:10:10.0737 2992 [ 716F66336F10885D935B08174DC54242 ] iwdbus C:\windows\system32\DRIVERS\iwdbus.sys
20:10:10.0768 2992 iwdbus - ok
20:10:10.0799 2992 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
20:10:10.0799 2992 kbdclass - ok
20:10:10.0799 2992 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
20:10:10.0862 2992 kbdhid - ok
20:10:10.0893 2992 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
20:10:10.0893 2992 KeyIso - ok
20:10:10.0924 2992 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
20:10:10.0924 2992 KSecDD - ok
20:10:10.0940 2992 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
20:10:10.0940 2992 KSecPkg - ok
20:10:10.0955 2992 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
20:10:10.0955 2992 ksthunk - ok
20:10:11.0018 2992 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
20:10:11.0033 2992 KtmRm - ok
20:10:11.0096 2992 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
20:10:11.0142 2992 LanmanServer - ok
20:10:11.0174 2992 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
20:10:11.0236 2992 LanmanWorkstation - ok
20:10:11.0283 2992 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
20:10:11.0283 2992 lltdio - ok
20:10:11.0345 2992 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
20:10:11.0361 2992 lltdsvc - ok
20:10:11.0361 2992 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
20:10:11.0376 2992 lmhosts - ok
20:10:11.0470 2992 [ 0803906D607A9B83184447B75B60ECC2 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
20:10:11.0579 2992 LMS - ok
20:10:11.0610 2992 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
20:10:11.0626 2992 LSI_FC - ok
20:10:11.0626 2992 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
20:10:11.0642 2992 LSI_SAS - ok
20:10:11.0642 2992 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
20:10:11.0642 2992 LSI_SAS2 - ok
20:10:11.0642 2992 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
20:10:11.0657 2992 LSI_SCSI - ok
20:10:11.0673 2992 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
20:10:11.0673 2992 luafv - ok
20:10:11.0735 2992 [ B6BD99C3E23507A732C474CAA620C0D7 ] McAWFwk c:\PROGRA~1\mcafee\msc\mcawfwk.exe
20:10:11.0829 2992 McAWFwk - ok
20:10:11.0907 2992 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:10:11.0969 2992 McMPFSvc - ok
20:10:11.0985 2992 [ F928E5E72BBA15DD0CE9A26E0413D236 ] mcmscsvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
20:10:11.0985 2992 mcmscsvc - ok
20:10:12.0000 2992 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNaiAnn C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
20:10:12.0000 2992 McNaiAnn - ok
20:10:12.0016 2992 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNASvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
20:10:12.0016 2992 McNASvc - ok
20:10:12.0078 2992 [ BE7C8C3F8FE52D8F7826E14CF11DE949 ] McODS C:\Program Files\mcafee\VirusScan\mcods.exe
20:10:12.0078 2992 McODS - ok
20:10:12.0094 2992 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McOobeSv C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
20:10:12.0094 2992 McOobeSv - ok
20:10:12.0125 2992 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McProxy C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
20:10:12.0125 2992 McProxy - ok
20:10:12.0203 2992 [ D4F9C8CE2D7D5B9A1F739AADEBFFCA6F ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
20:10:12.0266 2992 McShield - ok
20:10:12.0281 2992 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
20:10:12.0328 2992 Mcx2Svc - ok
20:10:12.0328 2992 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
20:10:12.0344 2992 megasas - ok
20:10:12.0375 2992 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
20:10:12.0390 2992 MegaSR - ok
20:10:12.0422 2992 [ 1C6E73FC46B509EFF9D0086AA37132DF ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
20:10:12.0484 2992 MEIx64 - ok
20:10:12.0500 2992 [ C73B93FED17829F11273459DA05E1976 ] mfeapfk C:\windows\system32\drivers\mfeapfk.sys
20:10:12.0546 2992 mfeapfk - ok
20:10:12.0562 2992 [ 298C065BB9E09D5F14CCD9E8244DE4A0 ] mfeavfk C:\windows\system32\drivers\mfeavfk.sys
20:10:12.0609 2992 mfeavfk - ok
20:10:12.0656 2992 mfeavfk01 - ok
20:10:12.0702 2992 [ AB66AF840EF1667AA73DDA6CE987D0E1 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
20:10:12.0749 2992 mfefire - ok
20:10:12.0780 2992 [ 4D604F0B85E98C5AD99B89AF72A4E28A ] mfefirek C:\windows\system32\drivers\mfefirek.sys
20:10:12.0858 2992 mfefirek - ok
20:10:12.0890 2992 [ 85AFDEAD1366BED11A84A5C6FC0A65D2 ] mfehidk C:\windows\system32\drivers\mfehidk.sys
20:10:12.0905 2992 mfehidk - ok
20:10:12.0905 2992 [ 1B08579938FD72626D92F3C2219903EA ] mferkdet C:\windows\system32\drivers\mferkdet.sys
20:10:12.0952 2992 mferkdet - ok
20:10:12.0983 2992 [ 984BBBB9BE02EF838DABDF3F3126A91B ] mfevtp C:\Windows\system32\mfevtps.exe
20:10:13.0030 2992 mfevtp - ok
20:10:13.0061 2992 [ 6251BE428073704FF1002231520C8F16 ] mfewfpk C:\windows\system32\drivers\mfewfpk.sys
20:10:13.0061 2992 mfewfpk - ok
20:10:13.0139 2992 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
20:10:13.0217 2992 Microsoft Office Groove Audit Service - ok
20:10:13.0264 2992 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
20:10:13.0264 2992 MMCSS - ok
20:10:13.0280 2992 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
20:10:13.0295 2992 Modem - ok
20:10:13.0311 2992 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
20:10:13.0326 2992 monitor - ok
20:10:13.0342 2992 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
20:10:13.0342 2992 mouclass - ok
20:10:13.0358 2992 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
20:10:13.0358 2992 mouhid - ok
20:10:13.0373 2992 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
20:10:13.0373 2992 mountmgr - ok
20:10:13.0373 2992 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
20:10:13.0420 2992 mpio - ok
20:10:13.0420 2992 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
20:10:13.0436 2992 mpsdrv - ok
20:10:13.0451 2992 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
20:10:13.0529 2992 MRxDAV - ok
20:10:13.0529 2992 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
20:10:13.0529 2992 mrxsmb - ok
20:10:13.0545 2992 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
20:10:13.0545 2992 mrxsmb10 - ok
20:10:13.0560 2992 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
20:10:13.0560 2992 mrxsmb20 - ok
20:10:13.0560 2992 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
20:10:13.0560 2992 msahci - ok
20:10:13.0576 2992 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
20:10:13.0623 2992 msdsm - ok
20:10:13.0654 2992 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
20:10:13.0670 2992 MSDTC - ok
20:10:13.0701 2992 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
20:10:13.0701 2992 Msfs - ok
20:10:13.0701 2992 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
20:10:13.0701 2992 mshidkmdf - ok
20:10:13.0701 2992 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
20:10:13.0701 2992 msisadrv - ok
20:10:13.0748 2992 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
20:10:13.0748 2992 MSiSCSI - ok
20:10:13.0763 2992 msiserver - ok
20:10:13.0794 2992 [ F928E5E72BBA15DD0CE9A26E0413D236 ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:10:13.0794 2992 MSK80Service - ok
20:10:13.0826 2992 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
20:10:13.0841 2992 MSKSSRV - ok
20:10:13.0857 2992 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
20:10:13.0872 2992 MSPCLOCK - ok
20:10:13.0872 2992 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
20:10:13.0872 2992 MSPQM - ok
20:10:13.0888 2992 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
20:10:13.0888 2992 MsRPC - ok
20:10:13.0888 2992 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
20:10:13.0904 2992 mssmbios - ok
20:10:13.0904 2992 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
20:10:13.0904 2992 MSTEE - ok
20:10:13.0904 2992 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
20:10:13.0919 2992 MTConfig - ok
20:10:13.0919 2992 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
20:10:13.0919 2992 Mup - ok
20:10:13.0950 2992 [ F217D7718FD7577AF331E89910B2D21E ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
20:10:13.0966 2992 MyWiFiDHCPDNS - ok
20:10:14.0013 2992 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
20:10:14.0075 2992 napagent - ok
20:10:14.0122 2992 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
20:10:14.0138 2992 NativeWifiP - ok
20:10:14.0200 2992 [ C38B8AE57F78915905064A9A24DC1586 ] NDIS C:\windows\system32\drivers\ndis.sys
20:10:14.0216 2992 NDIS - ok
20:10:14.0216 2992 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
20:10:14.0216 2992 NdisCap - ok
20:10:14.0231 2992 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
20:10:14.0231 2992 NdisTapi - ok
20:10:14.0262 2992 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
20:10:14.0325 2992 Ndisuio - ok
20:10:14.0325 2992 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
20:10:14.0372 2992 NdisWan - ok
20:10:14.0387 2992 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
20:10:14.0418 2992 NDProxy - ok
20:10:14.0465 2992 [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
20:10:14.0512 2992 Net Driver HPZ12 - ok
20:10:14.0543 2992 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
20:10:14.0543 2992 NetBIOS - ok
20:10:14.0559 2992 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
20:10:14.0652 2992 NetBT - ok
20:10:14.0652 2992 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
20:10:14.0652 2992 Netlogon - ok
20:10:14.0699 2992 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
20:10:14.0715 2992 Netman - ok
20:10:14.0746 2992 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:10:14.0808 2992 NetMsmqActivator - ok
20:10:14.0824 2992 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:10:14.0824 2992 NetPipeActivator - ok
20:10:14.0855 2992 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
20:10:14.0855 2992 netprofm - ok
20:10:14.0855 2992 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:10:14.0855 2992 NetTcpActivator - ok
20:10:14.0871 2992 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:10:14.0871 2992 NetTcpPortSharing - ok
20:10:15.0089 2992 [ 9FD1BE1881446D954FF77244AE58FBCB ] NETwNs64 C:\windows\system32\DRIVERS\NETwNs64.sys
20:10:15.0167 2992 NETwNs64 - ok
20:10:15.0183 2992 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
20:10:15.0198 2992 nfrd960 - ok
 
20:10:15.0230 2992 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
20:10:15.0276 2992 NlaSvc - ok
20:10:15.0417 2992 [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] NOBU C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
20:10:15.0448 2992 NOBU - ok
20:10:15.0479 2992 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
20:10:15.0479 2992 Npfs - ok
20:10:15.0510 2992 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
20:10:15.0510 2992 nsi - ok
20:10:15.0526 2992 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
20:10:15.0526 2992 nsiproxy - ok
20:10:15.0573 2992 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
20:10:15.0604 2992 Ntfs - ok
20:10:15.0620 2992 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
20:10:15.0620 2992 Null - ok
20:10:15.0651 2992 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
20:10:15.0729 2992 nvraid - ok
20:10:15.0729 2992 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
20:10:15.0791 2992 nvstor - ok
20:10:15.0791 2992 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
20:10:15.0791 2992 nv_agp - ok
20:10:15.0885 2992 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:10:15.0947 2992 odserv - ok
20:10:15.0978 2992 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
20:10:15.0994 2992 ohci1394 - ok
20:10:16.0041 2992 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:10:16.0119 2992 ose - ok
20:10:16.0166 2992 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
20:10:16.0181 2992 p2pimsvc - ok
20:10:16.0212 2992 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
20:10:16.0212 2992 p2psvc - ok
20:10:16.0244 2992 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
20:10:16.0244 2992 Parport - ok
20:10:16.0275 2992 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
20:10:16.0275 2992 partmgr - ok
20:10:16.0290 2992 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
20:10:16.0306 2992 PcaSvc - ok
20:10:16.0306 2992 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
20:10:16.0306 2992 pci - ok
20:10:16.0306 2992 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
20:10:16.0322 2992 pciide - ok
20:10:16.0322 2992 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
20:10:16.0337 2992 pcmcia - ok
20:10:16.0337 2992 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
20:10:16.0337 2992 pcw - ok
20:10:16.0353 2992 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
20:10:16.0368 2992 PEAUTH - ok
20:10:16.0446 2992 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
20:10:16.0462 2992 PerfHost - ok
20:10:16.0540 2992 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
20:10:16.0587 2992 pla - ok
20:10:16.0634 2992 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
20:10:16.0712 2992 PlugPlay - ok
20:10:16.0727 2992 [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
20:10:16.0774 2992 Pml Driver HPZ12 - ok
20:10:16.0790 2992 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
20:10:16.0805 2992 PNRPAutoReg - ok
20:10:16.0805 2992 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
20:10:16.0805 2992 PNRPsvc - ok
20:10:16.0852 2992 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
20:10:16.0914 2992 PolicyAgent - ok
20:10:16.0930 2992 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\windows\system32\umpo.dll
20:10:16.0946 2992 Power - ok
20:10:16.0977 2992 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
20:10:17.0039 2992 PptpMiniport - ok
20:10:17.0055 2992 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
20:10:17.0055 2992 Processor - ok
20:10:17.0086 2992 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
20:10:17.0133 2992 ProfSvc - ok
20:10:17.0164 2992 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
20:10:17.0164 2992 ProtectedStorage - ok
20:10:17.0211 2992 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
20:10:17.0211 2992 Psched - ok
20:10:17.0273 2992 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\windows\system32\Drivers\PxHlpa64.sys
20:10:17.0273 2992 PxHlpa64 - ok
20:10:17.0336 2992 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
20:10:17.0398 2992 ql2300 - ok
20:10:17.0398 2992 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
20:10:17.0414 2992 ql40xx - ok
20:10:17.0445 2992 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
20:10:17.0460 2992 QWAVE - ok
20:10:17.0476 2992 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
20:10:17.0492 2992 QWAVEdrv - ok
20:10:17.0492 2992 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
20:10:17.0492 2992 RasAcd - ok
20:10:17.0523 2992 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
20:10:17.0523 2992 RasAgileVpn - ok
20:10:17.0538 2992 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
20:10:17.0554 2992 RasAuto - ok
20:10:17.0570 2992 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
20:10:17.0616 2992 Rasl2tp - ok
20:10:17.0648 2992 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
20:10:17.0694 2992 RasMan - ok
20:10:17.0710 2992 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
20:10:17.0710 2992 RasPppoe - ok
20:10:17.0710 2992 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
20:10:17.0726 2992 RasSstp - ok
20:10:17.0741 2992 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
20:10:17.0741 2992 rdbss - ok
20:10:17.0757 2992 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
20:10:17.0772 2992 rdpbus - ok
20:10:17.0772 2992 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
20:10:17.0788 2992 RDPCDD - ok
20:10:17.0788 2992 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
20:10:17.0788 2992 RDPENCDD - ok
20:10:17.0788 2992 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
20:10:17.0804 2992 RDPREFMP - ok
20:10:17.0804 2992 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
20:10:17.0850 2992 RDPWD - ok
20:10:17.0866 2992 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
20:10:17.0866 2992 rdyboost - ok
20:10:17.0944 2992 [ B9A0810D16EA7935B10A5499ABA61DC3 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
20:10:18.0022 2992 RegSrvc - ok
20:10:18.0069 2992 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
20:10:18.0084 2992 RemoteAccess - ok
20:10:18.0116 2992 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
20:10:18.0131 2992 RemoteRegistry - ok
20:10:18.0162 2992 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
20:10:18.0178 2992 RFCOMM - ok
20:10:18.0303 2992 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
20:10:18.0396 2992 RoxMediaDB12OEM - ok
20:10:18.0412 2992 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
20:10:18.0474 2992 RoxWatch12 - ok
20:10:18.0490 2992 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
20:10:18.0506 2992 RpcEptMapper - ok
20:10:18.0552 2992 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
20:10:18.0552 2992 RpcLocator - ok
20:10:18.0568 2992 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
20:10:18.0584 2992 RpcSs - ok
20:10:18.0615 2992 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
20:10:18.0630 2992 rspndr - ok
20:10:18.0662 2992 [ BE29B0A3AC1E8BD02FFAB8CEE86BADFA ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
20:10:18.0708 2992 RSUSBSTOR - ok
20:10:18.0755 2992 [ 2777226EE8BF50B059D7A7C90177E99C ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
20:10:18.0802 2992 RTL8167 - ok
20:10:18.0818 2992 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
20:10:18.0833 2992 SamSs - ok
20:10:18.0833 2992 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
20:10:18.0880 2992 sbp2port - ok
20:10:18.0911 2992 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
20:10:18.0911 2992 SCardSvr - ok
20:10:18.0911 2992 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
20:10:18.0989 2992 scfilter - ok
20:10:19.0020 2992 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
20:10:19.0083 2992 Schedule - ok
20:10:19.0083 2992 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
20:10:19.0083 2992 SCPolicySvc - ok
20:10:19.0098 2992 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
20:10:19.0130 2992 SDRSVC - ok
20:10:19.0161 2992 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
20:10:19.0161 2992 secdrv - ok
20:10:19.0192 2992 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
20:10:19.0239 2992 seclogon - ok
20:10:19.0254 2992 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
20:10:19.0254 2992 SENS - ok
20:10:19.0286 2992 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
20:10:19.0286 2992 SensrSvc - ok
20:10:19.0301 2992 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
20:10:19.0301 2992 Serenum - ok
20:10:19.0348 2992 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
20:10:19.0348 2992 Serial - ok
20:10:19.0379 2992 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
20:10:19.0379 2992 sermouse - ok
20:10:19.0410 2992 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
20:10:19.0473 2992 SessionEnv - ok
20:10:19.0473 2992 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
20:10:19.0488 2992 sffdisk - ok
20:10:19.0488 2992 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
20:10:19.0488 2992 sffp_mmc - ok
20:10:19.0488 2992 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
20:10:19.0535 2992 sffp_sd - ok
20:10:19.0535 2992 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
20:10:19.0535 2992 sfloppy - ok
20:10:19.0644 2992 [ 74EC60E20516AAA573BE74F31175270F ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
20:10:19.0722 2992 SftService - ok
20:10:19.0769 2992 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
20:10:19.0832 2992 ShellHWDetection - ok
20:10:19.0847 2992 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
20:10:19.0863 2992 SiSRaid2 - ok
20:10:19.0863 2992 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
20:10:19.0863 2992 SiSRaid4 - ok
20:10:19.0941 2992 [ C70AEBD3608ED9FCEA2A1BAE83567FFC ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
20:10:19.0941 2992 SkypeUpdate - ok
20:10:19.0988 2992 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
20:10:20.0003 2992 Smb - ok
20:10:20.0066 2992 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
20:10:20.0081 2992 SNMPTRAP - ok
20:10:20.0097 2992 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
20:10:20.0097 2992 spldr - ok
20:10:20.0144 2992 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\windows\System32\spoolsv.exe
20:10:20.0206 2992 Spooler - ok
20:10:20.0331 2992 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
20:10:20.0346 2992 sppsvc - ok
20:10:20.0362 2992 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
20:10:20.0378 2992 sppuinotify - ok
20:10:20.0409 2992 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
20:10:20.0409 2992 srv - ok
20:10:20.0424 2992 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
20:10:20.0440 2992 srv2 - ok
20:10:20.0456 2992 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
20:10:20.0456 2992 srvnet - ok
20:10:20.0487 2992 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
20:10:20.0502 2992 SSDPSRV - ok
20:10:20.0518 2992 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
20:10:20.0518 2992 SstpSvc - ok
20:10:20.0580 2992 [ B2D8B364A831427A5741F6C408FA8AE3 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
20:10:20.0690 2992 STacSV - ok
20:10:20.0705 2992 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
20:10:20.0705 2992 stexstor - ok
20:10:20.0768 2992 [ EF5ACDE92BA3F691BBFEF781CB063501 ] STHDA C:\windows\system32\DRIVERS\stwrt64.sys
20:10:20.0830 2992 STHDA - ok
20:10:20.0861 2992 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\windows\system32\DRIVERS\serscan.sys
20:10:20.0861 2992 StillCam - ok
20:10:20.0939 2992 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
20:10:21.0002 2992 stisvc - ok
20:10:21.0048 2992 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
20:10:21.0111 2992 stllssvr - ok
20:10:21.0126 2992 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
20:10:21.0126 2992 swenum - ok
20:10:21.0189 2992 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
20:10:21.0204 2992 swprv - ok
20:10:21.0251 2992 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
20:10:21.0282 2992 SysMain - ok
20:10:21.0298 2992 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
20:10:21.0360 2992 TabletInputService - ok
20:10:21.0392 2992 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
20:10:21.0423 2992 TapiSrv - ok
20:10:21.0438 2992 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
20:10:21.0438 2992 TBS - ok
20:10:21.0532 2992 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\windows\system32\drivers\tcpip.sys
20:10:21.0563 2992 Tcpip - ok
20:10:21.0610 2992 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
20:10:21.0626 2992 TCPIP6 - ok
20:10:21.0626 2992 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
20:10:21.0672 2992 tcpipreg - ok
20:10:21.0672 2992 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
20:10:21.0688 2992 TDPIPE - ok
20:10:21.0688 2992 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
20:10:21.0735 2992 TDTCP - ok
20:10:21.0735 2992 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
20:10:21.0782 2992 tdx - ok
20:10:21.0782 2992 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
20:10:21.0813 2992 TermDD - ok
20:10:21.0875 2992 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
20:10:21.0938 2992 TermService - ok
20:10:21.0938 2992 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
20:10:21.0953 2992 Themes - ok
20:10:21.0984 2992 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
20:10:21.0984 2992 THREADORDER - ok
20:10:22.0031 2992 [ 68FE3D89829E27D4FD5EEA7BD2C41985 ] tihub3 C:\windows\system32\DRIVERS\tihub3.sys
20:10:22.0109 2992 tihub3 - ok
20:10:22.0140 2992 [ 0102C9633CE1F18A6AC021F28B734DB5 ] tixhci C:\windows\system32\DRIVERS\tixhci.sys
20:10:22.0203 2992 tixhci - ok
20:10:22.0234 2992 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
20:10:22.0234 2992 TrkWks - ok
20:10:22.0296 2992 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
20:10:22.0359 2992 TrustedInstaller - ok
20:10:22.0359 2992 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
20:10:22.0406 2992 tssecsrv - ok
20:10:22.0452 2992 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
20:10:22.0499 2992 TsUsbFlt - ok
20:10:22.0515 2992 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
20:10:22.0546 2992 TsUsbGD - ok
20:10:22.0593 2992 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
20:10:22.0624 2992 tunnel - ok
20:10:22.0624 2992 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
20:10:22.0640 2992 uagp35 - ok
20:10:22.0640 2992 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
20:10:22.0640 2992 udfs - ok
20:10:22.0671 2992 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
20:10:22.0686 2992 UI0Detect - ok
20:10:22.0733 2992 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
20:10:22.0749 2992 uliagpkx - ok
20:10:22.0764 2992 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
20:10:22.0827 2992 umbus - ok
20:10:22.0842 2992 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
20:10:22.0842 2992 UmPass - ok
20:10:22.0983 2992 [ EB79C6C91A99930015EF29AE7FA802D1 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
20:10:23.0092 2992 UNS - ok
20:10:23.0139 2992 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
20:10:23.0139 2992 upnphost - ok
20:10:23.0186 2992 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
20:10:23.0264 2992 USBAAPL64 - ok
20:10:23.0279 2992 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
20:10:23.0326 2992 usbccgp - ok
20:10:23.0342 2992 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
20:10:23.0357 2992 usbcir - ok
20:10:23.0357 2992 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
20:10:23.0420 2992 usbehci - ok
20:10:23.0451 2992 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
20:10:23.0513 2992 usbhub - ok
20:10:23.0513 2992 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
20:10:23.0560 2992 usbohci - ok
20:10:23.0576 2992 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
20:10:23.0576 2992 usbprint - ok
20:10:23.0591 2992 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
20:10:23.0607 2992 usbscan - ok
20:10:23.0622 2992 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
20:10:23.0669 2992 USBSTOR - ok
20:10:23.0685 2992 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
20:10:23.0732 2992 usbuhci - ok
20:10:23.0763 2992 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
20:10:23.0794 2992 usbvideo - ok
20:10:23.0825 2992 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
20:10:23.0825 2992 UxSms - ok
20:10:23.0841 2992 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
20:10:23.0856 2992 VaultSvc - ok
20:10:23.0872 2992 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
20:10:23.0872 2992 vdrvroot - ok
20:10:23.0903 2992 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
20:10:23.0950 2992 vds - ok
20:10:23.0981 2992 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
20:10:23.0981 2992 vga - ok
20:10:23.0997 2992 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
20:10:23.0997 2992 VgaSave - ok
20:10:23.0997 2992 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
20:10:24.0044 2992 vhdmp - ok
20:10:24.0044 2992 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
20:10:24.0059 2992 viaide - ok
20:10:24.0059 2992 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
20:10:24.0059 2992 volmgr - ok
20:10:24.0059 2992 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
20:10:24.0075 2992 volmgrx - ok
20:10:24.0075 2992 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
20:10:24.0075 2992 volsnap - ok
20:10:24.0090 2992 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
20:10:24.0106 2992 vsmraid - ok
20:10:24.0168 2992 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
20:10:24.0200 2992 VSS - ok
20:10:24.0200 2992 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
20:10:24.0200 2992 vwifibus - ok
20:10:24.0231 2992 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
20:10:24.0231 2992 vwififlt - ok
20:10:24.0246 2992 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
20:10:24.0246 2992 vwifimp - ok
20:10:24.0293 2992 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
20:10:24.0309 2992 W32Time - ok
20:10:24.0324 2992 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
20:10:24.0324 2992 WacomPen - ok
20:10:24.0340 2992 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
20:10:24.0387 2992 WANARP - ok
20:10:24.0387 2992 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
20:10:24.0387 2992 Wanarpv6 - ok
20:10:24.0465 2992 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
20:10:24.0527 2992 WatAdminSvc - ok
20:10:24.0590 2992 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
20:10:24.0652 2992 wbengine - ok
20:10:24.0652 2992 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
20:10:24.0668 2992 WbioSrvc - ok
20:10:24.0683 2992 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
20:10:24.0730 2992 wcncsvc - ok
20:10:24.0746 2992 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
20:10:24.0746 2992 WcsPlugInService - ok
20:10:24.0761 2992 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
20:10:24.0777 2992 Wd - ok
20:10:24.0824 2992 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
20:10:24.0824 2992 Wdf01000 - ok
20:10:24.0855 2992 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
20:10:24.0855 2992 WdiServiceHost - ok
20:10:24.0855 2992 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
20:10:24.0870 2992 WdiSystemHost - ok
20:10:24.0902 2992 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
20:10:24.0948 2992 WebClient - ok
20:10:24.0964 2992 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
20:10:24.0980 2992 Wecsvc - ok
20:10:24.0995 2992 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
20:10:24.0995 2992 wercplsupport - ok
20:10:25.0011 2992 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
20:10:25.0011 2992 WerSvc - ok
20:10:25.0042 2992 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
20:10:25.0058 2992 WfpLwf - ok
20:10:25.0058 2992 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\windows\system32\DRIVERS\wimfltr.sys
20:10:25.0120 2992 WimFltr - ok
20:10:25.0120 2992 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
20:10:25.0136 2992 WIMMount - ok
20:10:25.0151 2992 WinHttpAutoProxySvc - ok
20:10:25.0229 2992 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
20:10:25.0245 2992 Winmgmt - ok
20:10:25.0338 2992 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
20:10:25.0401 2992 WinRM - ok
20:10:25.0463 2992 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
20:10:25.0526 2992 WinUsb - ok
20:10:25.0557 2992 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
20:10:25.0588 2992 Wlansvc - ok
20:10:25.0650 2992 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:10:25.0728 2992 wlcrasvc - ok
20:10:25.0853 2992 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:10:25.0916 2992 wlidsvc - ok
20:10:25.0947 2992 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
20:10:25.0947 2992 WmiAcpi - ok
20:10:25.0994 2992 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
20:10:25.0994 2992 wmiApSrv - ok
20:10:26.0025 2992 WMPNetworkSvc - ok
20:10:26.0072 2992 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
20:10:26.0072 2992 WPCSvc - ok
20:10:26.0103 2992 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
20:10:26.0165 2992 WPDBusEnum - ok
20:10:26.0181 2992 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
20:10:26.0181 2992 ws2ifsl - ok
20:10:26.0181 2992 WSearch - ok
20:10:26.0321 2992 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
20:10:26.0337 2992 wuauserv - ok
20:10:26.0368 2992 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
20:10:26.0399 2992 WudfPf - ok
20:10:26.0430 2992 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
20:10:26.0493 2992 WUDFRd - ok
20:10:26.0524 2992 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
20:10:26.0571 2992 wudfsvc - ok
20:10:26.0586 2992 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
20:10:26.0602 2992 WwanSvc - ok
20:10:26.0649 2992 ================ Scan global ===============================
20:10:26.0664 2992 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
20:10:26.0711 2992 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
20:10:26.0789 2992 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
20:10:26.0805 2992 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
20:10:26.0852 2992 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
20:10:26.0867 2992 [Global] - ok
20:10:26.0867 2992 ================ Scan MBR ==================================
20:10:26.0883 2992 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:10:27.0054 2992 \Device\Harddisk0\DR0 - ok
20:10:27.0070 2992 ================ Scan VBR ==================================
20:10:27.0070 2992 [ B4A651EA79A9998884DA67ECFFB5E2E7 ] \Device\Harddisk0\DR0\Partition1
20:10:27.0070 2992 \Device\Harddisk0\DR0\Partition1 - ok
20:10:27.0086 2992 [ 0B798598A6F493B551BA93EB11F847DD ] \Device\Harddisk0\DR0\Partition2
20:10:27.0086 2992 \Device\Harddisk0\DR0\Partition2 - ok
20:10:27.0086 2992 ============================================================
20:10:27.0086 2992 Scan finished
20:10:27.0086 2992 ============================================================
20:10:27.0101 2228 Detected object count: 0
20:10:27.0101 2228 Actual detected object count: 0
 
RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Betty Anne [Admin rights]
Mode : Scan -- Date : 11/13/2012 20:11:58
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 10 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Betty Anne\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\n.) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : Rans.Gendarm ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK6475GSX +++++
--- User ---
[MBR] a2111a8ed72be82719f761f51d90dbe5
[BSP] c8cda3a0ea2a6defe307a70b0ca03225 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 595364 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_11132012_02d2011.txt >>
RKreport[1]_S_11132012_02d2011.txt
 
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-13 20:13:52
-----------------------------
20:13:52.560 OS Version: Windows x64 6.1.7601 Service Pack 1
20:13:52.560 Number of processors: 4 586 0x2A07
20:13:52.560 ComputerName: BETTYANNE-PC UserName: Betty Anne
20:13:53.871 Initialize success
20:14:08.562 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:14:08.562 Disk 0 Vendor: TOSHIBA_ GT00 Size: 610480MB BusType: 3
20:14:08.609 Disk 0 MBR read successfully
20:14:08.609 Disk 0 MBR scan
20:14:08.624 Disk 0 Windows 7 default MBR code
20:14:08.640 Disk 0 Partition 1 00 DE Dell Utility DELL 8.0 100 MB offset 2048
20:14:08.656 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848
20:14:08.671 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 595364 MB offset 30926848
20:14:08.702 Disk 0 scanning C:\windows\system32\drivers
20:14:11.760 Service scanning
20:14:34.988 Modules scanning
20:14:35.004 Disk 0 trace - called modules:
20:14:35.051 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
20:14:35.051 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007879060]
20:14:35.066 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> [0xfffffa8005944660]
20:14:35.082 5 ACPI.sys[fffff88000f107a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005948050]
20:14:35.082 Scan finished successfully
20:15:14.940 Disk 0 MBR has been saved successfully to "C:\Users\Betty Anne\Desktop\MBR.dat"
20:15:14.940 The log file has been saved successfully to "C:\Users\Betty Anne\Desktop\aswMBR.txt"
 
Two logs, I figured out I missed a few tabs (realized what I was doing) after creating the first log...I am posting both just in case.


RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Betty Anne [Admin rights]
Mode : Remove -- Date : 11/13/2012 20:56:03
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK6475GSX +++++
--- User ---
[MBR] a2111a8ed72be82719f761f51d90dbe5
[BSP] c8cda3a0ea2a6defe307a70b0ca03225 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 595364 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[8]_D_11132012_02d2056.txt >>
RKreport[1]_S_11132012_02d2011.txt ; RKreport[2]_H_11132012_02d2053.txt ; RKreport[3]_PR_11132012_02d2053.txt ; RKreport[4]_DN_11132012_02d2053.txt ; RKreport[5]_SC_11132012_02d2054.txt ;
RKreport[6]_S_11132012_02d2054.txt ; RKreport[7]_D_11132012_02d2055.txt ; RKreport[8]_D_11132012_02d2056.txt

==============================

RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Betty Anne [Admin rights]
Mode : Scan -- Date : 11/13/2012 20:56:12
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK6475GSX +++++
--- User ---
[MBR] a2111a8ed72be82719f761f51d90dbe5
[BSP] c8cda3a0ea2a6defe307a70b0ca03225 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 595364 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[9]_S_11132012_02d2056.txt >>
RKreport[1]_S_11132012_02d2011.txt ; RKreport[2]_H_11132012_02d2053.txt ; RKreport[3]_PR_11132012_02d2053.txt ; RKreport[4]_DN_11132012_02d2053.txt ; RKreport[5]_SC_11132012_02d2054.txt ;
RKreport[6]_S_11132012_02d2054.txt ; RKreport[7]_D_11132012_02d2055.txt ; RKreport[8]_D_11132012_02d2056.txt ; RKreport[9]_S_11132012_02d2056.txt



What do you think?
 
Good :)

Create new restore point before proceeding with the next step....
How to:
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

==============================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
Okay, what now? :)

ComboFix 12-11-13.02 - Betty Anne 11/13/2012 21:37:35.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6050.4292 [GMT -5:00]
Running from: c:\users\Betty Anne\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\IFCQXQjLQXC2XE
c:\programdata\IwLLZ3HEtF0AmV
c:\programdata\PCDr\6032\AddOnDownloaded\087abda5-3ca9-433a-8a4e-6b9fc9285607.dll
c:\programdata\PCDr\6032\AddOnDownloaded\305a1406-381f-449d-9486-32504a38e5b0.dll
c:\programdata\PCDr\6032\AddOnDownloaded\3b429c4f-8ba9-4a7d-bbb4-4548bb6d2539.dll
c:\programdata\PCDr\6032\AddOnDownloaded\3c49c05a-0eb3-4044-a0f8-d4ea2a439295.dll
c:\programdata\PCDr\6032\AddOnDownloaded\4704833a-6508-40cc-b98b-5ebd235e52ca.dll
c:\programdata\PCDr\6032\AddOnDownloaded\5cd81d7c-326c-42d2-8929-1ee85c69dc1d.dll
c:\programdata\PCDr\6032\AddOnDownloaded\5f169f6e-cfce-411e-b266-aa53ac35ce83.dll
c:\programdata\PCDr\6032\AddOnDownloaded\8c199aef-9eca-4ab6-863d-c9136ebec654.dll
c:\programdata\PCDr\6032\AddOnDownloaded\a7201707-7895-43cf-9119-8a0279b75d4c.dll
c:\programdata\PCDr\6032\AddOnDownloaded\a875f6ee-9729-4447-8d2c-63bd2e6396c1.dll
c:\programdata\PCDr\6032\AddOnDownloaded\af728edb-0984-4c06-9a4b-0878bcfa9a26.dll
c:\programdata\PCDr\6032\AddOnDownloaded\b510dd11-341c-4dfa-9f1e-dd5ddcc444f4.dll
c:\programdata\PCDr\6032\AddOnDownloaded\cf9bce06-e765-4c6f-afa9-0d82a3adc417.dll
c:\programdata\PCDr\6032\AddOnDownloaded\e1ce76af-328a-41dc-b2c4-0dd9771f6aa1.dll
c:\programdata\PCDr\6032\AddOnDownloaded\e3e252fe-80ab-4f89-82a9-b607007220bd.dll
c:\programdata\PCDr\6032\AddOnDownloaded\eb115e4d-8592-4082-bffa-e65ae6b21e95.dll
c:\programdata\PCDr\6032\AddOnDownloaded\ed26c1b3-d9f9-42e8-80e0-cd62e65fd901.dll
c:\programdata\PCDr\6032\AddOnDownloaded\f28ef68b-8cc4-4c00-891d-473fb67bd0b0.dll
c:\programdata\Roaming
.
.
((((((((((((((((((((((((( Files Created from 2012-10-14 to 2012-11-14 )))))))))))))))))))))))))))))))
.
.
2012-11-14 02:42 . 2012-11-14 02:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-13 07:11 . 2012-11-13 07:11 -------- d-----w- C:\FRST
2012-11-10 03:13 . 2012-11-13 04:20 -------- d-----w- c:\program files\Microsoft Security Client
2012-11-09 03:33 . 2012-11-09 03:33 -------- d-----w- c:\program files (x86)\ESET
2012-11-09 00:51 . 2012-11-09 00:51 -------- d-----w- c:\users\Betty Anne\AppData\Roaming\Malwarebytes
2012-11-09 00:48 . 2012-11-09 00:48 -------- d-----w- c:\programdata\Malwarebytes
2012-11-09 00:48 . 2012-11-13 04:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-31 00:05 . 2012-08-21 17:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-10-31 00:04 . 2012-10-31 00:04 -------- d-----w- c:\program files\iPod
2012-10-31 00:04 . 2012-11-13 04:23 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-10-31 00:04 . 2012-11-13 04:23 -------- d-----w- c:\program files\iTunes
2012-10-31 00:04 . 2012-11-13 04:22 -------- d-----w- c:\program files (x86)\iTunes
2012-10-30 20:31 . 2012-10-30 20:31 -------- d-----w- c:\users\Betty Anne\Pearson
2012-10-26 00:46 . 2012-04-20 20:40 196440 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-21 17:01 . 2012-06-13 21:57 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 17:01 . 2012-06-13 21:57 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Deskjet 3510 series (NET)"="c:\program files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe" [2012-05-08 2552168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
c:\users\Betty Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-09-15 299008]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-05-19 1335360]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-06-21 34200]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2010-08-30 220528]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-07-17 106112]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-09-16 340240]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-24 1255736]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-07-17 335784]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-09-15 1166848]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-05-19 921664]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-05-19 995392]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-07-17 218320]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-07-17 177144]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-09-15 299008]
S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2011-05-19 51712]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-05-19 53248]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-07-19 282624]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-07-17 69672]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-07-20 59904]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-06-21 25496]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-07-17 513456]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-10-26 406632]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\DRIVERS\tihub3.sys [2011-07-20 136000]
S3 tixhci;TI XHCI Service;c:\windows\system32\DRIVERS\tixhci.sys [2011-07-20 406336]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 172.26.38.1 172.26.38.2
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-SetupWizard - D:\SetupWizard.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-254926280-3890057060-2601077060-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:4e,ef,bb,11,7c,e2,a1,db,81,0f,32,f8,04,4f,66,62,65,31,e6,8b,4f,a2,93,
90,48,32,90,ba,6a,0b,b7,b1,80,90,c8,1d,65,52,63,90,95,33,34,b2,5a,8f,1e,08,\
"??"=hex:51,c6,06,9a,50,8d,ac,fd,70,92,a6,2c,c3,37,23,b3
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-11-13 21:50:43 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-14 02:50
.
Pre-Run: 570,388,316,160 bytes free
Post-Run: 571,688,288,256 bytes free
.
- - End Of File - - 62D8EF19DF025ECA9D61B2AC464E5797
 
Looks good :)

Any current issues?

=========================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL logfile created on: 11/13/2012 10:23:22 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Betty Anne\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.91 Gb Total Physical Memory | 4.73 Gb Available Physical Memory | 80.02% Memory free
11.81 Gb Paging File | 10.21 Gb Available in Paging File | 86.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.41 Gb Total Space | 532.49 Gb Free Space | 91.59% Space Free | Partition Type: NTFS
Drive D: | 5.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: BETTYANNE-PC | User Name: Betty Anne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/13 22:21:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Betty Anne\Desktop\OTL.exe
PRC - [2012/06/11 15:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE
PRC - [2011/09/06 13:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 11:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 11:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/05/19 02:16:48 | 000,995,392 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011/05/19 02:16:36 | 000,921,664 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2010/11/06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/10/05 22:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/10/05 22:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/14 20:30:50 | 014,340,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/14 20:30:35 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 20:30:28 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/14 20:30:21 | 012,237,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/05/30 19:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 19:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/05/12 02:39:46 | 002,297,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012/05/12 02:36:04 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/12 02:35:02 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/12 02:34:57 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/12 02:34:53 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/12 02:34:52 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/12 02:34:45 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/08/18 11:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/10 16:47:50 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS)
SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2012/07/17 13:52:28 | 000,177,144 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012/07/17 13:49:24 | 000,218,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012/07/17 13:47:42 | 000,237,920 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/09/15 19:41:28 | 001,518,352 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/09/15 19:28:06 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/09/15 19:24:52 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/09/15 10:54:46 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/06/03 13:51:38 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2011/01/25 04:57:18 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/30 15:42:00 | 000,220,528 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\mcafee\msc\McAWFwk.exe -- (McAWFwk)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/03 05:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012/06/11 15:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/06/11 15:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2012/06/05 14:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/08/18 11:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/05/19 02:16:48 | 000,995,392 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/05/19 02:16:46 | 001,335,360 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/05/19 02:16:36 | 000,921,664 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2010/11/25 06:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 06:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/11/06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/10/05 22:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/10/05 22:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/08/25 21:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/21 20:35:32 | 000,923,136 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/17 13:55:40 | 000,069,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2012/07/17 13:52:38 | 000,335,784 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012/07/17 13:51:16 | 000,106,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012/07/17 13:50:36 | 000,752,672 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012/07/17 13:49:36 | 000,513,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012/07/17 13:48:54 | 000,300,392 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012/07/17 13:48:34 | 000,169,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/04/25 11:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/04/20 15:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/18 03:26:52 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/09/15 10:48:24 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011/09/15 10:48:24 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/07/20 17:21:50 | 000,406,336 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci)
DRV:64bit: - [2011/07/20 17:21:50 | 000,136,000 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3)
DRV:64bit: - [2011/07/19 19:54:06 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/07/19 16:13:42 | 000,282,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/06/21 16:19:14 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/06/21 16:19:12 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/05/19 02:17:04 | 000,053,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011/05/19 02:17:02 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaud.sys -- (btmaudio)
DRV:64bit: - [2011/05/13 15:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/05/13 03:28:46 | 000,363,856 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/04/10 14:51:06 | 012,223,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/25 04:57:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/01/20 12:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/06 18:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/29 19:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/10/26 14:08:08 | 000,406,632 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/10/15 04:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/21 10:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-254926280-3890057060-2601077060-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-254926280-3890057060-2601077060-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-254926280-3890057060-2601077060-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-254926280-3890057060-2601077060-1000\..\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}: "URL" = http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
IE - HKU\S-1-5-21-254926280-3890057060-2601077060-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-254926280-3890057060-2601077060-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/06/12 17:10:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/11/12 23:22:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012/10/06 17:50:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2012/11/12 23:23:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/06/12 17:10:53 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/11/13 21:43:17 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20120726144436.dll (McAfee, Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\mcafee\msk\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120726144436.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKU\S-1-5-21-254926280-3890057060-2601077060-1000..\Run: [HP Deskjet 3510 series (NET)] C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-254926280-3890057060-2601077060-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-254926280-3890057060-2601077060-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.26.38.1 172.26.38.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F401738-A93E-48D9-A7BD-57EB16A69529}: DhcpNameServer = 172.26.38.1 172.26.38.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CDFB0639-BA97-473F-BFD8-95029808745F}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/13 22:21:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Betty Anne\Desktop\OTL.exe
[2012/11/13 22:00:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/11/13 21:44:54 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/11/13 21:36:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/11/13 21:36:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/11/13 21:36:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/11/13 21:30:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/13 21:30:00 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/11/13 21:29:38 | 005,000,873 | R--- | C] (Swearware) -- C:\Users\Betty Anne\Desktop\ComboFix.exe
[2012/11/13 20:11:41 | 000,000,000 | ---D | C] -- C:\Users\Betty Anne\Desktop\RK_Quarantine
[2012/11/13 20:09:49 | 000,000,000 | ---D | C] -- C:\Users\Betty Anne\Desktop\tdsskiller
[2012/11/13 20:09:15 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Betty Anne\Desktop\aswMBR.exe
[2012/11/13 02:11:33 | 000,000,000 | ---D | C] -- C:\FRST
[2012/11/10 21:55:20 | 000,000,000 | ---D | C] -- C:\Users\Betty Anne\Desktop\Duck
[2012/11/09 22:13:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/11/08 22:33:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/11/08 21:08:48 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Betty Anne\Desktop\esetsmartinstaller_enu.exe
[2012/11/08 21:08:47 | 002,406,064 | ---- | C] (Trend Micro Inc.) -- C:\Users\Betty Anne\Desktop\HousecallLauncher64.exe
[2012/11/08 19:51:12 | 000,000,000 | ---D | C] -- C:\Users\Betty Anne\AppData\Roaming\Malwarebytes
[2012/11/08 19:48:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/08 19:48:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/08 19:48:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/10/30 19:05:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/10/30 19:04:54 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/10/30 19:04:53 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/10/30 19:04:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/10/30 19:04:53 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/10/30 16:51:15 | 000,000,000 | ---D | C] -- C:\Users\Betty Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Restore
[2012/10/30 15:31:53 | 000,000,000 | ---D | C] -- C:\Users\Betty Anne\Pearson
[2012/10/25 19:46:22 | 000,196,440 | ---- | C] (McAfee, Inc.) -- C:\windows\SysNative\drivers\HipShieldK.sys

========== Files - Modified Within 30 Days ==========

[2012/11/13 22:21:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Betty Anne\Desktop\OTL.exe
[2012/11/13 22:03:27 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/13 22:03:27 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/13 22:00:28 | 000,778,660 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/11/13 22:00:28 | 000,660,318 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/11/13 22:00:28 | 000,121,214 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/11/13 21:55:56 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/11/13 21:55:45 | 462,987,263 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/13 21:43:17 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/11/13 21:11:41 | 005,000,873 | R--- | M] (Swearware) -- C:\Users\Betty Anne\Desktop\ComboFix.exe
[2012/11/13 20:15:14 | 000,000,512 | ---- | M] () -- C:\Users\Betty Anne\Desktop\MBR.dat
[2012/11/10 22:02:46 | 000,666,112 | ---- | M] () -- C:\Users\Betty Anne\Desktop\RogueKiller.exe
[2012/11/10 22:02:41 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Betty Anne\Desktop\aswMBR.exe
[2012/11/10 22:02:34 | 002,195,061 | ---- | M] () -- C:\Users\Betty Anne\Desktop\tdsskiller.zip
[2012/11/09 20:55:44 | 000,002,120 | ---- | M] () -- C:\scu.dat
[2012/11/09 10:38:00 | 005,784,274 | ---- | M] () -- C:\Users\Betty Anne\AppData\Local\census.cache
[2012/11/09 10:30:15 | 000,086,470 | ---- | M] () -- C:\Users\Betty Anne\AppData\Local\ars.cache
[2012/11/08 21:13:59 | 000,000,036 | ---- | M] () -- C:\Users\Betty Anne\AppData\Local\housecall.guid.cache
[2012/11/08 21:06:04 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Betty Anne\Desktop\esetsmartinstaller_enu.exe
[2012/11/08 21:05:14 | 002,406,064 | ---- | M] (Trend Micro Inc.) -- C:\Users\Betty Anne\Desktop\HousecallLauncher64.exe
[2012/11/08 19:48:55 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/06 21:16:41 | 000,001,135 | ---- | M] () -- C:\Users\Betty Anne\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/10/30 19:05:33 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/10/30 17:06:33 | 000,000,176 | ---- | M] () -- C:\ProgramData\-IFCQXQjLQXC2XEr
[2012/10/30 17:06:33 | 000,000,152 | ---- | M] () -- C:\ProgramData\-IFCQXQjLQXC2XE
[2012/10/30 16:52:16 | 000,000,176 | ---- | M] () -- C:\ProgramData\-IwLLZ3HEtF0AmVr
[2012/10/30 16:52:16 | 000,000,152 | ---- | M] () -- C:\ProgramData\-IwLLZ3HEtF0AmV
[2012/10/30 16:51:15 | 000,000,679 | ---- | M] () -- C:\Users\Betty Anne\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Restore.lnk

========== Files Created - No Company Name ==========

[2012/11/13 21:36:40 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/11/13 21:36:40 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/11/13 21:36:40 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/11/13 21:36:40 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/11/13 21:36:40 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/11/13 20:53:38 | 000,002,777 | ---- | C] () -- C:\Users\Public\Desktop\Greeting Card Factory Silver.lnk
[2012/11/13 20:53:38 | 000,002,488 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/11/13 20:53:38 | 000,002,214 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 3510 series.lnk
[2012/11/13 20:53:38 | 000,002,101 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/11/13 20:53:38 | 000,002,054 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) WiDi.lnk
[2012/11/13 20:53:38 | 000,001,993 | ---- | C] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2012/11/13 20:53:38 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/11/13 20:53:38 | 000,001,376 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/11/13 20:53:38 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012/11/13 20:53:38 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/11/13 20:53:38 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012/11/13 20:53:38 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/11/13 20:53:38 | 000,001,317 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2012/11/13 20:53:38 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012/11/13 20:53:38 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012/11/13 20:53:38 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012/11/13 20:53:38 | 000,001,161 | ---- | C] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 3510 series.lnk
[2012/11/13 20:53:38 | 000,001,054 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2012/11/13 20:53:38 | 000,001,039 | ---- | C] () -- C:\Users\Public\Desktop\Hoyle Casino 2008.lnk
[2012/11/13 20:53:38 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/11/13 20:53:37 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/11/13 20:53:37 | 000,002,477 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cozi Family Calendar.lnk
[2012/11/13 20:53:37 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/11/13 20:53:37 | 000,001,975 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
[2012/11/13 20:15:14 | 000,000,512 | ---- | C] () -- C:\Users\Betty Anne\Desktop\MBR.dat
[2012/11/13 20:09:15 | 000,666,112 | ---- | C] () -- C:\Users\Betty Anne\Desktop\RogueKiller.exe
[2012/11/13 20:09:13 | 002,195,061 | ---- | C] () -- C:\Users\Betty Anne\Desktop\tdsskiller.zip
[2012/11/08 22:47:12 | 000,002,120 | ---- | C] () -- C:\scu.dat
[2012/11/08 21:26:27 | 005,784,274 | ---- | C] () -- C:\Users\Betty Anne\AppData\Local\census.cache
[2012/11/08 21:25:46 | 000,086,470 | ---- | C] () -- C:\Users\Betty Anne\AppData\Local\ars.cache
[2012/11/08 21:13:59 | 000,000,036 | ---- | C] () -- C:\Users\Betty Anne\AppData\Local\housecall.guid.cache
[2012/11/08 19:48:55 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/06 21:16:41 | 000,001,135 | ---- | C] () -- C:\Users\Betty Anne\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/10/30 19:05:33 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/10/30 17:06:33 | 000,000,176 | ---- | C] () -- C:\ProgramData\-IFCQXQjLQXC2XEr
[2012/10/30 17:06:33 | 000,000,152 | ---- | C] () -- C:\ProgramData\-IFCQXQjLQXC2XE
[2012/10/30 16:52:16 | 000,000,176 | ---- | C] () -- C:\ProgramData\-IwLLZ3HEtF0AmVr
[2012/10/30 16:52:16 | 000,000,152 | ---- | C] () -- C:\ProgramData\-IwLLZ3HEtF0AmV
[2012/10/30 16:51:15 | 000,000,679 | ---- | C] () -- C:\Users\Betty Anne\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Restore.lnk
[2012/10/06 17:49:35 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/08/26 15:14:51 | 000,005,392 | ---- | C] () -- C:\windows\dhstatus.dat
[2012/08/26 15:08:09 | 000,005,525 | ---- | C] () -- C:\windows\checkip.dat
[2012/06/13 13:50:54 | 000,000,418 | ---- | C] () -- C:\windows\hpwmdl28.dat.temp
[2012/06/12 17:04:48 | 000,207,601 | ---- | C] () -- C:\windows\hpwins28.dat
[2012/02/12 11:32:15 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2012/02/12 11:32:15 | 000,218,304 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2012/02/12 11:32:15 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2012/02/12 11:32:15 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012/02/12 11:32:14 | 013,356,032 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2012/02/12 10:09:19 | 000,017,776 | ---- | C] () -- C:\windows\EvtMessage.dll
[2012/02/12 10:04:15 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll
[2011/11/16 15:49:04 | 000,000,096 | ---- | C] () -- C:\windows\LaunApp.ini
[2011/11/16 15:49:01 | 000,000,325 | ---- | C] () -- C:\windows\Prelaunch.ini
[2011/11/16 15:49:01 | 000,000,271 | ---- | C] () -- C:\windows\WisPriority.ini
[2011/11/16 15:49:01 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini
[2011/11/16 15:49:01 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini
[2011/11/16 15:49:01 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini
[2011/11/16 15:49:01 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini
[2011/11/16 15:49:01 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini
[2011/11/16 14:25:01 | 000,773,050 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/02/21 19:25:04 | 000,000,000 | ---D | M] -- C:\Users\Betty Anne\AppData\Roaming\Fingertapps
[2012/02/24 12:02:25 | 000,000,000 | ---D | M] -- C:\Users\Betty Anne\AppData\Roaming\PCDr

========== Purity Check ==========


< End of report >
 
OTL Extras logfile created on: 11/13/2012 10:23:22 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Betty Anne\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.91 Gb Total Physical Memory | 4.73 Gb Available Physical Memory | 80.02% Memory free
11.81 Gb Paging File | 10.21 Gb Available in Paging File | 86.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.41 Gb Total Space | 532.49 Gb Free Space | 91.59% Space Free | Partition Type: NTFS
Drive D: | 5.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: BETTYANNE-PC | User Name: Betty Anne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0AB0989D-2EBF-4772-830A-B370E0D7ED71}" = HP Deskjet 3510 series Basic Device Software
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java(TM) 7 Update 1 (64-bit)
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{295AEB79-B53A-4F1B-860F-7800BB7E3681}" = Intel(R) PROSet/Wireless WiFi Software
"{2CFC157D-6224-4072-9732-54DD8C07F334}" = HP Deskjet 3510 series Product Improvement Study
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PC-Doctor for Windows" = Dell Support Center
"ProInst" = Intel PROSet Wireless
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83217001FF}" = Java(TM) 7 Update 1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F99D180-34C3-4151-8C6C-86FC5D7BDFBD}" = Hoyle Casino
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{55D6B4DA-50E9-47AF-99C1-9A8E3A234763}" = Greeting Card Factory Silver
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{781A93CD-1608-427D-B7F0-D05C07795B25}" = Intel(R) WiDi
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}" = Dell MusicStage
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97C1C98D-6AE5-4C71-9B00-EBBD9E014450}" = HP Deskjet 3510 series Help
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}" = Dell Home Systems Service Agreement
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B1EB7FFF-6E44-43D8-869D-B78E44CD3E0F}" = TI USB3 Host Driver
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C16A92EF-017B-4839-9C75-FBADB5A1FA27}" = TrustedID
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}" = Dell Stage
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}" = Cozi
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Dell Webcam Central" = Dell Webcam Central
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"HP Photo Creations" = HP Photo Creations
"InstallShield_{B1EB7FFF-6E44-43D8-869D-B78E44CD3E0F}" = TI USB 3.0 Host Controller Driver
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"MSC" = McAfee SecurityCenter
"ProInst" = Intel PROSet Wireless
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/10/2012 6:26:31 AM | Computer Name = BettyAnne-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1918656

Error - 11/10/2012 6:26:47 AM | Computer Name = BettyAnne-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/10/2012 6:26:47 AM | Computer Name = BettyAnne-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1934256

Error - 11/10/2012 6:26:47 AM | Computer Name = BettyAnne-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1934256

Error - 11/10/2012 6:27:03 AM | Computer Name = BettyAnne-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/10/2012 6:27:03 AM | Computer Name = BettyAnne-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1949856

Error - 11/10/2012 6:27:03 AM | Computer Name = BettyAnne-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1949856

Error - 11/10/2012 6:27:18 AM | Computer Name = BettyAnne-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/10/2012 6:27:18 AM | Computer Name = BettyAnne-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1965456

Error - 11/10/2012 6:27:18 AM | Computer Name = BettyAnne-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1965456

[ Dell Events ]
Error - 2/23/2012 3:42:57 PM | Computer Name = BettyAnne-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 2/23/2012 3:42:57 PM | Computer Name = BettyAnne-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ OSession Events ]
Error - 10/15/2012 3:11:05 AM | Computer Name = BettyAnne-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 540092
seconds with 7140 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/1/2012 8:26:15 PM | Computer Name = BettyAnne-PC | Source = Service Control Manager | ID = 7003
Description = The McAfee Personal Firewall Service service depends the following
service: MpsSvc. This service might not be installed.

Error - 11/1/2012 8:26:15 PM | Computer Name = BettyAnne-PC | Source = Service Control Manager | ID = 7003
Description = The McAfee Personal Firewall Service service depends the following
service: MpsSvc. This service might not be installed.

Error - 11/1/2012 10:40:45 PM | Computer Name = BettyAnne-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 11/1/2012 10:40:45 PM | Computer Name = BettyAnne-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 11/1/2012 10:41:16 PM | Computer Name = BettyAnne-PC | Source = Service Control Manager | ID = 7003
Description = The McAfee Personal Firewall Service service depends the following
service: MpsSvc. This service might not be installed.

Error - 11/1/2012 10:41:16 PM | Computer Name = BettyAnne-PC | Source = Service Control Manager | ID = 7003
Description = The McAfee Personal Firewall Service service depends the following
service: MpsSvc. This service might not be installed.

Error - 11/1/2012 10:41:22 PM | Computer Name = BettyAnne-PC | Source = Service Control Manager | ID = 7003
Description = The McAfee Personal Firewall Service service depends the following
service: MpsSvc. This service might not be installed.

Error - 11/1/2012 10:41:22 PM | Computer Name = BettyAnne-PC | Source = Service Control Manager | ID = 7003
Description = The McAfee Personal Firewall Service service depends the following
service: MpsSvc. This service might not be installed.

Error - 11/2/2012 12:56:00 AM | Computer Name = BettyAnne-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 11/2/2012 12:56:00 AM | Computer Name = BettyAnne-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891


< End of report >
 
Seems to be running okay, except when posting here from that machine; keeps getting hung up on a script.

Should I update Windows, Java, etc now?
 
Not yet...

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    [2012/10/30 17:06:33 | 000,000,176 | ---- | C] () -- C:\ProgramData\-IFCQXQjLQXC2XEr
    [2012/10/30 17:06:33 | 000,000,152 | ---- | C] () -- C:\ProgramData\-IFCQXQjLQXC2XE
    [2012/10/30 16:52:16 | 000,000,176 | ---- | C] () -- C:\ProgramData\-IwLLZ3HEtF0AmVr
    [2012/10/30 16:52:16 | 000,000,152 | ---- | C] () -- C:\ProgramData\-IwLLZ3HEtF0AmV
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.


=====================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

3. Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.

4. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

5. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
All processes killed
========== OTL ==========
C:\ProgramData\-IFCQXQjLQXC2XEr moved successfully.
C:\ProgramData\-IFCQXQjLQXC2XE moved successfully.
C:\ProgramData\-IwLLZ3HEtF0AmVr moved successfully.
C:\ProgramData\-IwLLZ3HEtF0AmV moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Betty Anne
->Temp folder emptied: 32878 bytes
->Temporary Internet Files folder emptied: 13113736 bytes
->Java cache emptied: 2342370 bytes
->Flash cache emptied: 29698 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18739 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 55184512 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 67.00 mb


[EMPTYJAVA]

User: All Users

User: Betty Anne
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Betty Anne
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11132012_225152
Files\Folders moved on Reboot...
C:\Users\Betty Anne\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Betty Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...

Downloading/running other tools now, stand by.
 
Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java(TM) 7 Update 1
Java version out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 09-11-2012
Ran by Betty Anne (administrator) on 13-11-2012 at 23:05:39
Running from "C:\Users\Betty Anne\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****
 
# AdwCleaner v2.007 - Logfile created 11/13/2012 at 23:10:53
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Betty Anne - BETTYANNE-PC
# Boot Mode : Normal
# Running from : C:\Users\Betty Anne\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
*************************
AdwCleaner[R1].txt - [656 octets] - [13/11/2012 23:10:30]
AdwCleaner[S1].txt - [588 octets] - [13/11/2012 23:10:53]
########## EOF - C:\AdwCleaner[S1].txt - [647 octets] ##########
 
ESET running...could be a while. I may be asleep before it finishes. If so, I will post first thing in the AM and then be back on tomorrow evening around 6 or 7 PM EST. Broni, thanks for all your help.
 
Back