TechSpot

Help! 8.26.70.252 kicking my butt

Solved
By amuck
Nov 10, 2012
  1. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    I'd like you to retry my post #5 (FRST).
     
  2. amuck

    amuck TS Rookie Topic Starter Posts: 36

    Hallelijuah:



    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-11-2012 02
    Ran by SYSTEM at 13-11-2012 01:11:41
    Running from F:\
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1535112 2012-09-12] (McAfee, Inc.)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
    HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
    HKU\Betty Anne\...\Run: [SetupWizard] D:\SetupWizard.exe reboot [x]
    HKU\Betty Anne\...\Run: [HP Deskjet 3510 series (NET)] "C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN289142XQ05R7:NW" -scfn "HP Deskjet 3510 series (NET)" -AutoStart 1 [2552168 2012-05-08] (Hewlett-Packard Co.)
    Tcpip\Parameters: [DhcpNameServer] 172.26.38.1 172.26.38.2
    Startup: C:\Users\Betty Anne\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

    ==================== Services (Whitelisted) ===================

    3 McAWFwk; C:\PROGRA~1\mcafee\msc\mcawfwk.exe [220528 2010-08-30] (McAfee, Inc.)
    2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
    2 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
    2 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
    2 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
    3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [383608 2012-09-10] (McAfee, Inc.)
    4 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
    2 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
    2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [237920 2012-07-17] (McAfee, Inc.)
    2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [218320 2012-07-17] (McAfee, Inc.)
    2 mfevtp; "C:\Windows\system32\mfevtps.exe" [177144 2012-07-17] (McAfee, Inc.)
    2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
    3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-15] ()

    ==================== Drivers (Whitelisted) =====================

    3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [69672 2012-07-17] (McAfee, Inc.)
    3 HipShieldK; C:\Windows\System32\Drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
    3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [169320 2012-07-17] (McAfee, Inc.)
    3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [300392 2012-07-17] (McAfee, Inc.)
    3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [513456 2012-07-17] (McAfee, Inc.)
    0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [752672 2012-07-17] (McAfee, Inc.)
    3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [106112 2012-07-17] (McAfee, Inc.)
    0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [335784 2012-07-17] (McAfee, Inc.)
    3 mfeavfk01; [x]

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2012-11-13 01:11 - 2012-11-13 01:11 - 00000000 ____D C:\FRST
    2012-11-11 21:06 - 2012-11-11 21:09 - 00002793 ____A C:\Users\Betty Anne\Desktop\Result.txt
    2012-11-10 23:41 - 2012-11-10 23:41 - 00003479 ____A C:\Users\Betty Anne\Desktop\RKreport[2]_D_11112012_02d0041.txt
    2012-11-10 23:40 - 2012-11-12 22:19 - 00000000 ____D C:\Users\Betty Anne\Desktop\RK_Quarantine
    2012-11-10 23:40 - 2012-11-10 23:40 - 00003489 ____A C:\Users\Betty Anne\Desktop\RKreport[1]_S_11112012_02d0040.txt
    2012-11-10 20:55 - 2012-11-12 22:19 - 00000000 ____D C:\Users\Betty Anne\Desktop\Duck
    2012-11-09 21:13 - 2012-11-12 22:20 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-11-09 17:44 - 2012-11-09 17:41 - 00006176 ____A C:\Users\Betty Anne\Desktop\update.reg
    2012-11-08 21:47 - 2012-11-09 19:55 - 00002120 ____A C:\scu.dat
    2012-11-08 21:33 - 2012-11-08 21:33 - 00000000 ____D C:\Program Files (x86)\ESET
    2012-11-08 20:26 - 2012-11-09 09:38 - 05784274 ____A C:\Users\Betty Anne\Local Settings\census.cache
    2012-11-08 20:26 - 2012-11-09 09:38 - 05784274 ____A C:\Users\Betty Anne\Local Settings\Application Data\census.cache
    2012-11-08 20:26 - 2012-11-09 09:38 - 05784274 ____A C:\Users\Betty Anne\AppData\Local\census.cache
    2012-11-08 20:25 - 2012-11-09 09:30 - 00086470 ____A C:\Users\Betty Anne\Local Settings\ars.cache
    2012-11-08 20:25 - 2012-11-09 09:30 - 00086470 ____A C:\Users\Betty Anne\Local Settings\Application Data\ars.cache
    2012-11-08 20:25 - 2012-11-09 09:30 - 00086470 ____A C:\Users\Betty Anne\AppData\Local\ars.cache
    2012-11-08 20:13 - 2012-11-08 20:13 - 00000036 ____A C:\Users\Betty Anne\Local Settings\housecall.guid.cache
    2012-11-08 20:13 - 2012-11-08 20:13 - 00000036 ____A C:\Users\Betty Anne\Local Settings\Application Data\housecall.guid.cache
    2012-11-08 20:13 - 2012-11-08 20:13 - 00000036 ____A C:\Users\Betty Anne\AppData\Local\housecall.guid.cache
    2012-11-08 20:08 - 2012-11-08 20:06 - 02322184 ____A (ESET) C:\Users\Betty Anne\Desktop\esetsmartinstaller_enu.exe
    2012-11-08 20:08 - 2012-11-08 20:05 - 02406064 ____A (Trend Micro Inc.) C:\Users\Betty Anne\Desktop\HousecallLauncher64.exe
    2012-11-08 18:51 - 2012-11-08 18:51 - 00000000 ____D C:\Users\Betty Anne\Application Data\Malwarebytes
    2012-11-08 18:51 - 2012-11-08 18:51 - 00000000 ____D C:\Users\Betty Anne\AppData\Roaming\Malwarebytes
    2012-11-08 18:48 - 2012-11-12 22:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-11-08 18:48 - 2012-11-08 18:48 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-11-08 18:48 - 2012-11-08 18:48 - 00001111 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2012-11-08 18:48 - 2012-11-08 18:48 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-11-08 18:48 - 2012-11-08 18:48 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
    2012-10-30 18:05 - 2012-10-30 18:05 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-10-30 18:05 - 2012-10-30 18:05 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk
    2012-10-30 18:05 - 2012-08-21 11:01 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
    2012-10-30 18:04 - 2012-11-12 22:23 - 00000000 ____D C:\Users\All Users\Application Data\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-10-30 18:04 - 2012-11-12 22:23 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-10-30 18:04 - 2012-11-12 22:23 - 00000000 ____D C:\Program Files\iTunes
    2012-10-30 18:04 - 2012-11-12 22:22 - 00000000 ____D C:\Program Files (x86)\iTunes
    2012-10-30 18:04 - 2012-10-30 18:04 - 00000000 ____D C:\Program Files\iPod
    2012-10-30 17:59 - 2012-10-30 18:00 - 80521624 ____A (Apple Inc.) C:\Users\Betty Anne\Downloads\iTunes64Setup (1).exe
    2012-10-30 16:06 - 2012-10-30 16:06 - 00000176 ___AH C:\Users\All Users\-IFCQXQjLQXC2XEr
    2012-10-30 16:06 - 2012-10-30 16:06 - 00000176 ___AH C:\Users\All Users\Application Data\-IFCQXQjLQXC2XEr
    2012-10-30 16:06 - 2012-10-30 16:06 - 00000152 ___AH C:\Users\All Users\-IFCQXQjLQXC2XE
    2012-10-30 16:06 - 2012-10-30 16:06 - 00000152 ___AH C:\Users\All Users\Application Data\-IFCQXQjLQXC2XE
    2012-10-30 16:05 - 2012-10-30 16:11 - 00000592 ____A C:\Users\All Users\IFCQXQjLQXC2XE
    2012-10-30 16:05 - 2012-10-30 16:11 - 00000592 ____A C:\Users\All Users\Application Data\IFCQXQjLQXC2XE
    2012-10-30 15:52 - 2012-10-30 15:52 - 00000176 ___AH C:\Users\All Users\-IwLLZ3HEtF0AmVr
    2012-10-30 15:52 - 2012-10-30 15:52 - 00000176 ___AH C:\Users\All Users\Application Data\-IwLLZ3HEtF0AmVr
    2012-10-30 15:52 - 2012-10-30 15:52 - 00000152 ___AH C:\Users\All Users\-IwLLZ3HEtF0AmV
    2012-10-30 15:52 - 2012-10-30 15:52 - 00000152 ___AH C:\Users\All Users\Application Data\-IwLLZ3HEtF0AmV
    2012-10-30 15:51 - 2012-10-30 15:51 - 00000368 ___AH C:\Users\All Users\IwLLZ3HEtF0AmV
    2012-10-30 15:51 - 2012-10-30 15:51 - 00000368 ___AH C:\Users\All Users\Application Data\IwLLZ3HEtF0AmV
    2012-10-30 14:31 - 2012-10-30 14:31 - 00000000 ___HD C:\Users\Betty Anne\Pearson
    2012-10-25 18:46 - 2012-04-20 14:40 - 00196440 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\HipShieldK.sys

    ==================== One Month Modified Files and Folders =======

    2012-11-13 01:11 - 2012-11-13 01:11 - 00000000 ____D C:\FRST
    2012-11-12 22:30 - 2012-02-21 18:21 - 00000000 ___HD C:\users\Betty Anne
    2012-11-12 22:30 - 2012-02-12 10:48 - 00000000 ____D C:\Windows\ShellNew
    2012-11-12 22:30 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\System32\WinBioPlugIns
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ___AD C:\Windows\System32\oobe
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\uk-UA
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\th-TH
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\sr-Latn-CS
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\sppui
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\sl-SI
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\sk-SK
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\ro-RO
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\ras
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\manifeststore
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\lv-LV
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\lt-LT
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\InstallShield
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\icsxml
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\hr-HR
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\he-IL
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\et-EE
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\com
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\bg-BG
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\ar-SA
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\zh-HK
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\uk-UA
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\tr-TR
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\th-TH
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\sysprep
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\sr-Latn-CS
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\sppui
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\sl-SI
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\sk-SK
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\Setup
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\ro-RO
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\ras
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\migwiz
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\manifeststore
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\lv-LV
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\lt-LT
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\icsxml
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\ias
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\hr-HR
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\he-IL
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\et-EE
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\Dism
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\com
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\bg-BG
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\ar-SA
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\AdvancedInstallers
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\servicing
    2012-11-12 22:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\PolicyDefinitions
    2012-11-12 22:29 - 2012-02-12 10:48 - 00000000 ____D C:\Program Files\Windows Journal
    2012-11-12 22:29 - 2011-11-16 14:49 - 00000000 ___AD C:\Windows\WisTools
    2012-11-12 22:29 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\addins
    2012-11-12 22:29 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files\Windows Sidebar
    2012-11-12 22:29 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
    2012-11-12 22:29 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
    2012-11-12 22:29 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files\Windows Defender
    2012-11-12 22:29 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files\DVD Maker
    2012-11-12 22:29 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
    2012-11-12 22:29 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
    2012-11-12 22:29 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
    2012-11-12 22:29 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
    2012-11-12 22:29 - 2009-07-13 21:20 - 00000000 __RSD C:\Windows\Media
    2012-11-12 22:29 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\L2Schemas
    2012-11-12 22:29 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\IME
    2012-11-12 22:29 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\Cursors
    2012-11-12 22:29 - 2009-07-13 21:20 - 00000000 ____D C:\Program Files\Common Files\System
    2012-11-12 22:29 - 2009-07-13 21:20 - 00000000 ____D C:\Program Files\Common Files\Services
    2012-11-12 22:25 - 2012-02-12 09:09 - 00000000 ____D C:\Windows\SysWOW64\sda
    2012-11-12 22:25 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\System32\restore
    2012-11-12 22:25 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\TAPI
    2012-11-12 22:25 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\Recovery
    2012-11-12 22:24 - 2012-06-12 16:07 - 00000000 ____D C:\Windows\hpoj4500g510n-z
    2012-11-12 22:24 - 2012-05-16 20:38 - 00000000 ___HD C:\Users\Betty Anne\Local Settings\Xfinity.com
    2012-11-12 22:24 - 2012-05-16 20:38 - 00000000 ___HD C:\Users\Betty Anne\Local Settings\Application Data\Xfinity.com
    2012-11-12 22:24 - 2012-05-16 20:38 - 00000000 ___HD C:\Users\Betty Anne\AppData\Local\Xfinity.com
    2012-11-12 22:24 - 2012-02-24 09:48 - 00000000 ____D C:\Windows\en
    2012-11-12 22:24 - 2012-02-21 18:21 - 00000000 __RHD C:\Users\Betty Anne\Desktop\Play Games
    2012-11-12 22:24 - 2012-02-12 09:21 - 00000000 ___RD C:\Users\Default\Desktop\Play Games
    2012-11-12 22:24 - 2012-02-12 09:21 - 00000000 ___RD C:\Users\Default User\Desktop\Play Games
    2012-11-12 22:24 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\Offline Web Pages
    2012-11-12 22:24 - 2009-07-13 21:20 - 00000000 __RHD C:\Users\Public\Libraries
    2012-11-12 22:24 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
    2012-11-12 22:24 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\AppCompat
    2012-11-12 22:23 - 2012-10-30 18:04 - 00000000 ____D C:\Users\All Users\Application Data\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-11-12 22:23 - 2012-10-30 18:04 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-11-12 22:23 - 2012-10-30 18:04 - 00000000 ____D C:\Program Files\iTunes
    2012-11-12 22:23 - 2012-10-06 16:50 - 00000000 ___HD C:\Users\All Users\HP Photo Creations
    2012-11-12 22:23 - 2012-10-06 16:50 - 00000000 ___HD C:\Users\All Users\Application Data\HP Photo Creations
    2012-11-12 22:23 - 2012-07-13 12:52 - 00000000 ___HD C:\Users\All Users\Application Data\7531CCA9FFA8D4FAC553236AF875F002
    2012-11-12 22:23 - 2012-07-13 12:52 - 00000000 ___HD C:\Users\All Users\7531CCA9FFA8D4FAC553236AF875F002
    2012-11-12 22:23 - 2012-06-13 15:54 - 00000000 ____D C:\Program Files\Bonjour
    2012-11-12 22:23 - 2012-06-12 16:09 - 00000000 ___HD C:\Users\All Users\HP Product Assistant
    2012-11-12 22:23 - 2012-06-12 16:09 - 00000000 ___HD C:\Users\All Users\Application Data\HP Product Assistant
    2012-11-12 22:23 - 2012-04-09 13:34 - 00000000 ____D C:\Program Files\Dell Support Center
    2012-11-12 22:23 - 2012-03-21 13:09 - 00000000 ___RD C:\Program Files (x86)\Skype
    2012-11-12 22:23 - 2012-02-24 10:28 - 00000000 ____D C:\Program Files\CCleaner
    2012-11-12 22:23 - 2012-02-23 15:38 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2012-11-12 22:23 - 2012-02-23 13:47 - 00000000 ___HD C:\Users\Betty Anne\Local Settings\Microsoft Help
    2012-11-12 22:23 - 2012-02-23 13:47 - 00000000 ___HD C:\Users\Betty Anne\Local Settings\Application Data\Microsoft Help
    2012-11-12 22:23 - 2012-02-23 13:47 - 00000000 ___HD C:\Users\Betty Anne\AppData\Local\Microsoft Help
    2012-11-12 22:23 - 2012-02-23 13:47 - 00000000 ____D C:\Users\All Users\Microsoft Help
    2012-11-12 22:23 - 2012-02-23 13:47 - 00000000 ____D C:\Users\All Users\Application Data\Microsoft Help
    2012-11-12 22:23 - 2012-02-12 09:38 - 00000000 ___HD C:\Users\All Users\McAfee
    2012-11-12 22:23 - 2012-02-12 09:38 - 00000000 ___HD C:\Users\All Users\Application Data\McAfee
    2012-11-12 22:23 - 2012-02-12 09:21 - 00000000 ____D C:\Program Files\Dell Games Folder
    2012-11-12 22:23 - 2012-02-12 09:09 - 00000000 ____D C:\Program Files\DellTPad
    2012-11-12 22:23 - 2012-02-12 09:07 - 00000000 ____D C:\Program Files\IDT
    2012-11-12 22:23 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
    2012-11-12 22:22 - 2012-11-08 18:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-11-12 22:22 - 2012-10-30 18:04 - 00000000 ____D C:\Program Files (x86)\iTunes
    2012-11-12 22:22 - 2012-10-06 16:50 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
    2012-11-12 22:22 - 2012-10-06 16:50 - 00000000 ____D C:\Program Files (x86)\Coupons
    2012-11-12 22:22 - 2012-06-13 15:55 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
    2012-11-12 22:22 - 2012-06-13 15:54 - 00000000 ____D C:\Program Files (x86)\Bonjour
    2012-11-12 22:22 - 2012-06-12 16:05 - 00000000 ____D C:\Program Files (x86)\HP
    2012-11-12 22:22 - 2012-02-23 15:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2012-11-12 22:22 - 2012-02-23 13:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
    2012-11-12 22:22 - 2012-02-12 09:43 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
    2012-11-12 22:22 - 2012-02-12 09:10 - 00000000 ____D C:\Program Files (x86)\Cozi Express
    2012-11-12 22:20 - 2012-11-09 21:13 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-11-12 22:19 - 2012-11-10 23:40 - 00000000 ____D C:\Users\Betty Anne\Desktop\RK_Quarantine
    2012-11-12 22:19 - 2012-11-10 20:55 - 00000000 ____D C:\Users\Betty Anne\Desktop\Duck
    2012-11-12 22:19 - 2012-02-12 10:48 - 00000000 __RHD C:\Users\Public\Recorded TV
    2012-11-12 22:12 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
    2012-11-12 21:41 - 2012-02-12 09:38 - 00000000 ____D C:\Program Files (x86)\McAfee
    2012-11-12 21:40 - 2012-02-12 09:05 - 00000000 ____D C:\Program Files (x86)\Java
    2012-11-11 21:11 - 2012-02-12 09:55 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks
    2012-11-11 21:11 - 2012-02-12 09:55 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks
    2012-11-11 21:11 - 2012-02-12 09:55 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
    2012-11-11 21:11 - 2012-02-12 09:55 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks
    2012-11-11 21:11 - 2012-02-12 09:55 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks
    2012-11-11 21:11 - 2012-02-12 09:55 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
    2012-11-11 21:09 - 2012-11-11 21:06 - 00002793 ____A C:\Users\Betty Anne\Desktop\Result.txt
    2012-11-10 23:41 - 2012-11-10 23:41 - 00003479 ____A C:\Users\Betty Anne\Desktop\RKreport[2]_D_11112012_02d0041.txt
    2012-11-10 23:41 - 2012-02-23 15:46 - 00000000 __SHD C:\Users\Betty Anne\Local Settings\Application Data\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}
    2012-11-10 23:41 - 2012-02-23 15:46 - 00000000 __SHD C:\Users\Betty Anne\Local Settings\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}
    2012-11-10 23:41 - 2012-02-23 15:46 - 00000000 __SHD C:\Users\Betty Anne\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}
    2012-11-10 23:40 - 2012-11-10 23:40 - 00003489 ____A C:\Users\Betty Anne\Desktop\RKreport[1]_S_11112012_02d0040.txt
    2012-11-09 21:13 - 2012-02-12 09:24 - 00000000 ___HD C:\Users\All Users\Sonic
    2012-11-09 21:13 - 2012-02-12 09:24 - 00000000 ___HD C:\Users\All Users\Application Data\Sonic
    2012-11-09 19:55 - 2012-11-08 21:47 - 00002120 ____A C:\scu.dat
    2012-11-09 17:58 - 2012-09-09 22:48 - 00000000 ___HD C:\Users\Betty Anne\My Documents\Round LA 2012-2013
    2012-11-09 17:58 - 2012-09-09 22:48 - 00000000 ___HD C:\Users\Betty Anne\Documents\Round LA 2012-2013
    2012-11-09 17:52 - 2009-07-13 23:13 - 00778660 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-11-09 17:49 - 2012-02-12 08:53 - 01403193 ____A C:\Windows\WindowsUpdate.log
    2012-11-09 17:47 - 2012-02-24 11:00 - 00006034 ____A C:\Windows\setupact.log
    2012-11-09 17:47 - 2009-07-13 23:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-11-09 17:41 - 2012-11-09 17:44 - 00006176 ____A C:\Users\Betty Anne\Desktop\update.reg
    2012-11-09 09:38 - 2012-11-08 20:26 - 05784274 ____A C:\Users\Betty Anne\Local Settings\census.cache
    2012-11-09 09:38 - 2012-11-08 20:26 - 05784274 ____A C:\Users\Betty Anne\Local Settings\Application Data\census.cache
    2012-11-09 09:38 - 2012-11-08 20:26 - 05784274 ____A C:\Users\Betty Anne\AppData\Local\census.cache
    2012-11-09 09:30 - 2012-11-08 20:25 - 00086470 ____A C:\Users\Betty Anne\Local Settings\ars.cache
    2012-11-09 09:30 - 2012-11-08 20:25 - 00086470 ____A C:\Users\Betty Anne\Local Settings\Application Data\ars.cache
    2012-11-09 09:30 - 2012-11-08 20:25 - 00086470 ____A C:\Users\Betty Anne\AppData\Local\ars.cache
    2012-11-08 22:51 - 2009-07-13 22:45 - 00020928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-11-08 22:51 - 2009-07-13 22:45 - 00020928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-11-08 22:44 - 2012-03-07 18:52 - 00019182 ____A C:\Windows\PFRO.log
    2012-11-08 21:33 - 2012-11-08 21:33 - 00000000 ____D C:\Program Files (x86)\ESET
    2012-11-08 20:13 - 2012-11-08 20:13 - 00000036 ____A C:\Users\Betty Anne\Local Settings\housecall.guid.cache
    2012-11-08 20:13 - 2012-11-08 20:13 - 00000036 ____A C:\Users\Betty Anne\Local Settings\Application Data\housecall.guid.cache
    2012-11-08 20:13 - 2012-11-08 20:13 - 00000036 ____A C:\Users\Betty Anne\AppData\Local\housecall.guid.cache
    2012-11-08 20:06 - 2012-11-08 20:08 - 02322184 ____A (ESET) C:\Users\Betty Anne\Desktop\esetsmartinstaller_enu.exe
    2012-11-08 20:05 - 2012-11-08 20:08 - 02406064 ____A (Trend Micro Inc.) C:\Users\Betty Anne\Desktop\HousecallLauncher64.exe
    2012-11-08 19:59 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\NDF
    2012-11-08 19:16 - 2012-06-12 01:25 - 00033280 __ASH C:\Users\Betty Anne\My Documents\Thumbs.db
    2012-11-08 19:16 - 2012-06-12 01:25 - 00033280 __ASH C:\Users\Betty Anne\Documents\Thumbs.db
    2012-11-08 18:51 - 2012-11-08 18:51 - 00000000 ____D C:\Users\Betty Anne\Application Data\Malwarebytes
    2012-11-08 18:51 - 2012-11-08 18:51 - 00000000 ____D C:\Users\Betty Anne\AppData\Roaming\Malwarebytes
    2012-11-08 18:48 - 2012-11-08 18:48 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-11-08 18:48 - 2012-11-08 18:48 - 00001111 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2012-11-08 18:48 - 2012-11-08 18:48 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-11-08 18:48 - 2012-11-08 18:48 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
    2012-10-30 18:05 - 2012-10-30 18:05 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-10-30 18:05 - 2012-10-30 18:05 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk
    2012-10-30 18:04 - 2012-10-30 18:04 - 00000000 ____D C:\Program Files\iPod
    2012-10-30 18:00 - 2012-10-30 17:59 - 80521624 ____A (Apple Inc.) C:\Users\Betty Anne\Downloads\iTunes64Setup (1).exe
    2012-10-30 16:11 - 2012-10-30 16:05 - 00000592 ____A C:\Users\All Users\IFCQXQjLQXC2XE
    2012-10-30 16:11 - 2012-10-30 16:05 - 00000592 ____A C:\Users\All Users\Application Data\IFCQXQjLQXC2XE
    2012-10-30 16:06 - 2012-10-30 16:06 - 00000176 ___AH C:\Users\All Users\-IFCQXQjLQXC2XEr
    2012-10-30 16:06 - 2012-10-30 16:06 - 00000176 ___AH C:\Users\All Users\Application Data\-IFCQXQjLQXC2XEr
    2012-10-30 16:06 - 2012-10-30 16:06 - 00000152 ___AH C:\Users\All Users\-IFCQXQjLQXC2XE
    2012-10-30 16:06 - 2012-10-30 16:06 - 00000152 ___AH C:\Users\All Users\Application Data\-IFCQXQjLQXC2XE
    2012-10-30 15:52 - 2012-10-30 15:52 - 00000176 ___AH C:\Users\All Users\-IwLLZ3HEtF0AmVr
    2012-10-30 15:52 - 2012-10-30 15:52 - 00000176 ___AH C:\Users\All Users\Application Data\-IwLLZ3HEtF0AmVr
    2012-10-30 15:52 - 2012-10-30 15:52 - 00000152 ___AH C:\Users\All Users\-IwLLZ3HEtF0AmV
    2012-10-30 15:52 - 2012-10-30 15:52 - 00000152 ___AH C:\Users\All Users\Application Data\-IwLLZ3HEtF0AmV
    2012-10-30 15:51 - 2012-10-30 15:51 - 00000368 ___AH C:\Users\All Users\IwLLZ3HEtF0AmV
    2012-10-30 15:51 - 2012-10-30 15:51 - 00000368 ___AH C:\Users\All Users\Application Data\IwLLZ3HEtF0AmV
    2012-10-30 15:49 - 2012-02-12 09:38 - 00000000 ____D C:\Program Files\Common Files\mcafee
    2012-10-30 14:31 - 2012-10-30 14:31 - 00000000 ___HD C:\Users\Betty Anne\Pearson
    2012-10-25 18:46 - 2012-02-12 09:38 - 00000000 ____D C:\Program Files\mcafee
    2012-10-15 03:08 - 2012-09-10 03:16 - 00000000 ___HD C:\Users\Betty Anne\My Documents\Round Parent Newsletter 2012-2013
    2012-10-15 03:08 - 2012-09-10 03:16 - 00000000 ___HD C:\Users\Betty Anne\Documents\Round Parent Newsletter 2012-2013

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    TDL4: custom:26000022 <===== ATTENTION!

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-09-10 03:42:14
    Restore point made on: 2012-09-28 20:42:32
    Restore point made on: 2012-10-06 17:44:39
    Restore point made on: 2012-10-29 16:21:20
    Restore point made on: 2012-10-30 18:03:25
    Restore point made on: 2012-11-09 14:12:14
    Restore point made on: 2012-11-09 17:53:01

    ==================== Memory info ===========================

    Percentage of memory in use: 17%
    Total physical RAM: 6050.05 MB
    Available physical RAM: 4993.67 MB
    Total Pagefile: 6048.25 MB
    Available Pagefile: 5034.17 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ==================== Partitions =============================

    1 Drive c: (OS) (Fixed) (Total:581.41 GB) (Free:531.78 GB) NTFS
    3 Drive e: (Recovery) (Fixed) (Total:14.65 GB) (Free:7.22 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    ATTENTION: Malware custom entry on BCD on drive e: detected. Check for MBR/Partition infection.
    4 Drive f: (DUCKDRIVE2) (Removable) (Total:0.93 GB) (Free:0.93 GB) FAT
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 596 GB 13 MB
    Disk 1 Online 953 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 100 MB 1024 KB
    Partition 2 Primary 14 GB 101 MB
    Partition 3 Primary 581 GB 14 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : DE
    Hidden: Yes
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 DELLUTILITY FAT Partition 100 MB Healthy Hidden

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 E Recovery NTFS Partition 14 GB Healthy

    =========================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C OS NTFS Partition 581 GB Healthy

    =========================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    * Partition 1 Primary 953 MB 0 B

    ==================================================================================

    Disk: 1
    There is no partition selected.

    There is no partition selected.
    Please select a partition and try again.

    =========================================================

    Last Boot: 2012-11-09 14:04

    ==================== End Of Log =============================

    Farbar Recovery Scan Tool (x64) Version: 10-11-2012 02
    Ran by SYSTEM at 2012-11-13 01:16:53
    Running from F:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 17:19] - [2009-07-13 19:39] - 0328704 ___AH (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 17:19] - [2009-07-13 19:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    ====== End Of Search ======
     
  3. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    See if you can boot normally.
     

    Attached Files:

  4. amuck

    amuck TS Rookie Topic Starter Posts: 36

    I am VERY impressed. Booted into Win7 Home Premium without any manipulation by me. You sir are a Jedi Master. Log file below, as requested:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-11-2012 02
    Ran by SYSTEM at 2012-11-13 19:44:34 Run:1
    Running from F:\

    ==============================================

    HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.

    The operation completed successfully.
    The operation completed successfully.

    ==== End of Fixlog ====

    What next? Should I try Internet Explorer and see if I get redirected again? Should I try MS Update?
     
  5. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    Great news!

    I want you to retry running following tools:
    TDSSKiller
    RogueKiller
    aswMBR

    In that sequence.
     
  6. amuck

    amuck TS Rookie Topic Starter Posts: 36

    Do you want me to fix anything these tools find? Or just post the log results?
     
  7. amuck

    amuck TS Rookie Topic Starter Posts: 36

    20:09:57.0040 4556 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    20:09:57.0118 4556 ============================================================
    20:09:57.0118 4556 Current date / time: 2012/11/13 20:09:57.0118
    20:09:57.0118 4556 SystemInfo:
    20:09:57.0118 4556
    20:09:57.0118 4556 OS Version: 6.1.7601 ServicePack: 1.0
    20:09:57.0118 4556 Product type: Workstation
    20:09:57.0118 4556 ComputerName: BETTYANNE-PC
    20:09:57.0118 4556 UserName: Betty Anne
    20:09:57.0118 4556 Windows directory: C:\windows
    20:09:57.0118 4556 System windows directory: C:\windows
    20:09:57.0118 4556 Running under WOW64
    20:09:57.0118 4556 Processor architecture: Intel x64
    20:09:57.0118 4556 Number of processors: 4
    20:09:57.0118 4556 Page size: 0x1000
    20:09:57.0118 4556 Boot type: Normal boot
    20:09:57.0118 4556 ============================================================
    20:09:57.0773 4556 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    20:09:57.0789 4556 ============================================================
    20:09:57.0789 4556 \Device\Harddisk0\DR0:
    20:09:57.0789 4556 MBR partitions:
    20:09:57.0789 4556 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
    20:09:57.0789 4556 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x48AD22B0
    20:09:57.0789 4556 ============================================================
    20:09:57.0804 4556 C: <-> \Device\Harddisk0\DR0\Partition2
    20:09:57.0804 4556 ============================================================
    20:09:57.0804 4556 Initialize success
    20:09:57.0804 4556 ============================================================
    20:10:00.0051 2992 ============================================================
    20:10:00.0051 2992 Scan started
    20:10:00.0051 2992 Mode: Manual;
    20:10:00.0051 2992 ============================================================
    20:10:00.0347 2992 ================ Scan system memory ========================
    20:10:00.0347 2992 System memory - ok
    20:10:00.0347 2992 ================ Scan services =============================
    20:10:00.0597 2992 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
    20:10:00.0659 2992 1394ohci - ok
    20:10:00.0675 2992 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
    20:10:00.0675 2992 ACPI - ok
    20:10:00.0690 2992 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
    20:10:00.0737 2992 AcpiPmi - ok
    20:10:00.0815 2992 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
    20:10:00.0831 2992 adp94xx - ok
    20:10:00.0846 2992 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
    20:10:00.0862 2992 adpahci - ok
    20:10:00.0862 2992 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
    20:10:00.0878 2992 adpu320 - ok
    20:10:00.0893 2992 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
    20:10:00.0909 2992 AeLookupSvc - ok
    20:10:00.0987 2992 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
    20:10:01.0049 2992 AESTFilters - ok
    20:10:01.0112 2992 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
    20:10:01.0174 2992 AFD - ok
    20:10:01.0205 2992 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
    20:10:01.0221 2992 agp440 - ok
    20:10:01.0252 2992 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
    20:10:01.0268 2992 ALG - ok
    20:10:01.0314 2992 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
    20:10:01.0314 2992 aliide - ok
    20:10:01.0330 2992 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
    20:10:01.0330 2992 amdide - ok
    20:10:01.0361 2992 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
    20:10:01.0361 2992 AmdK8 - ok
    20:10:01.0377 2992 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
    20:10:01.0377 2992 AmdPPM - ok
    20:10:01.0408 2992 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
    20:10:01.0455 2992 amdsata - ok
    20:10:01.0455 2992 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
    20:10:01.0455 2992 amdsbs - ok
    20:10:01.0470 2992 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
    20:10:01.0470 2992 amdxata - ok
    20:10:01.0502 2992 [ 3BC90482A834F998C3B7A9C934A20342 ] AMPPAL C:\windows\system32\DRIVERS\AMPPAL.sys
    20:10:01.0548 2992 AMPPAL - ok
    20:10:01.0564 2992 [ 3BC90482A834F998C3B7A9C934A20342 ] AMPPALP C:\windows\system32\DRIVERS\amppal.sys
    20:10:01.0564 2992 AMPPALP - ok
    20:10:01.0642 2992 [ A47D7FEBD9381D34DDB4FF38B15A67FE ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    20:10:01.0658 2992 AMPPALR3 - ok
    20:10:01.0720 2992 [ 24ED0EB2B2558970176ECEE680F8F806 ] ApfiltrService C:\windows\system32\DRIVERS\Apfiltr.sys
    20:10:01.0798 2992 ApfiltrService - ok
    20:10:01.0814 2992 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
    20:10:01.0876 2992 AppID - ok
    20:10:01.0892 2992 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
    20:10:01.0892 2992 AppIDSvc - ok
    20:10:01.0907 2992 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
    20:10:01.0907 2992 Appinfo - ok
    20:10:02.0016 2992 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    20:10:02.0094 2992 Apple Mobile Device - ok
    20:10:02.0126 2992 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
    20:10:02.0126 2992 arc - ok
    20:10:02.0141 2992 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
    20:10:02.0157 2992 arcsas - ok
    20:10:02.0250 2992 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    20:10:02.0282 2992 aspnet_state - ok
    20:10:02.0328 2992 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
    20:10:02.0344 2992 AsyncMac - ok
    20:10:02.0360 2992 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
    20:10:02.0360 2992 atapi - ok
    20:10:02.0406 2992 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
    20:10:02.0453 2992 AudioEndpointBuilder - ok
    20:10:02.0453 2992 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
    20:10:02.0469 2992 AudioSrv - ok
    20:10:02.0500 2992 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
    20:10:02.0531 2992 AxInstSV - ok
    20:10:02.0578 2992 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
    20:10:02.0594 2992 b06bdrv - ok
    20:10:02.0640 2992 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
    20:10:02.0656 2992 b57nd60a - ok
    20:10:02.0828 2992 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
    20:10:02.0906 2992 BBSvc - ok
    20:10:02.0937 2992 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
    20:10:02.0937 2992 BBUpdate - ok
    20:10:02.0999 2992 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
    20:10:02.0999 2992 BDESVC - ok
    20:10:03.0046 2992 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
    20:10:03.0046 2992 Beep - ok
    20:10:03.0077 2992 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
    20:10:03.0093 2992 blbdrive - ok
    20:10:03.0202 2992 [ 5FF7B9916A10E8E69E7C0D16F0B4787A ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    20:10:03.0218 2992 Bluetooth Device Monitor - ok
    20:10:03.0296 2992 [ E43D73CAF1023976EFBA1D0F0E69E271 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    20:10:03.0327 2992 Bluetooth Media Service - ok
    20:10:03.0389 2992 [ 20427929646784A482DF34EF8C4FED23 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    20:10:03.0405 2992 Bluetooth OBEX Service - ok
    20:10:03.0483 2992 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    20:10:03.0561 2992 Bonjour Service - ok
    20:10:03.0592 2992 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
    20:10:03.0592 2992 bowser - ok
    20:10:03.0592 2992 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
    20:10:03.0608 2992 BrFiltLo - ok
    20:10:03.0623 2992 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
    20:10:03.0639 2992 BrFiltUp - ok
    20:10:03.0654 2992 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\windows\System32\browser.dll
    20:10:03.0701 2992 Browser - ok
    20:10:03.0717 2992 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
    20:10:03.0717 2992 Brserid - ok
    20:10:03.0717 2992 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
    20:10:03.0732 2992 BrSerWdm - ok
    20:10:03.0732 2992 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
    20:10:03.0732 2992 BrUsbMdm - ok
    20:10:03.0732 2992 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
    20:10:03.0732 2992 BrUsbSer - ok
    20:10:03.0748 2992 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\DRIVERS\BthEnum.sys
    20:10:03.0764 2992 BthEnum - ok
    20:10:03.0764 2992 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
    20:10:03.0779 2992 BTHMODEM - ok
    20:10:03.0779 2992 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
    20:10:03.0795 2992 BthPan - ok
    20:10:03.0810 2992 [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT C:\windows\system32\Drivers\BTHport.sys
    20:10:03.0873 2992 BTHPORT - ok
    20:10:03.0888 2992 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
    20:10:03.0888 2992 bthserv - ok
    20:10:03.0904 2992 [ 9E2AF97302B9F4BF97E952A865EB31AE ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    20:10:03.0904 2992 BTHSSecurityMgr - ok
    20:10:03.0920 2992 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\system32\Drivers\BTHUSB.sys
    20:10:03.0982 2992 BTHUSB - ok
    20:10:03.0982 2992 [ 274E47BD9C1367BDBFA9DF10C2E6C544 ] btmaudio C:\windows\system32\drivers\btmaud.sys
    20:10:04.0044 2992 btmaudio - ok
    20:10:04.0044 2992 [ 75EAB5AAF6E9F83739249CE60B4B9C39 ] btmaux C:\windows\system32\DRIVERS\btmaux.sys
    20:10:04.0091 2992 btmaux - ok
    20:10:04.0091 2992 [ 0B1CC2221DC5990E4557A78CE9AFAD4F ] btmhsf C:\windows\system32\DRIVERS\btmhsf.sys
    20:10:04.0138 2992 btmhsf - ok
    20:10:04.0185 2992 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
    20:10:04.0185 2992 cdfs - ok
    20:10:04.0216 2992 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
    20:10:04.0278 2992 cdrom - ok
    20:10:04.0310 2992 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
    20:10:04.0356 2992 CertPropSvc - ok
    20:10:04.0388 2992 [ 7C6B5BE2696DFD2D0BF6C9EE20326EF8 ] cfwids C:\windows\system32\drivers\cfwids.sys
    20:10:04.0466 2992 cfwids - ok
    20:10:04.0481 2992 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
    20:10:04.0481 2992 circlass - ok
    20:10:04.0512 2992 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
    20:10:04.0512 2992 CLFS - ok
    20:10:04.0575 2992 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    20:10:04.0575 2992 clr_optimization_v2.0.50727_32 - ok
    20:10:04.0637 2992 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    20:10:04.0653 2992 clr_optimization_v2.0.50727_64 - ok
    20:10:04.0778 2992 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    20:10:04.0856 2992 clr_optimization_v4.0.30319_32 - ok
    20:10:04.0887 2992 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    20:10:04.0949 2992 clr_optimization_v4.0.30319_64 - ok
    20:10:04.0980 2992 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
    20:10:04.0980 2992 CmBatt - ok
    20:10:04.0996 2992 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
    20:10:04.0996 2992 cmdide - ok
    20:10:05.0027 2992 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
    20:10:05.0027 2992 CNG - ok
    20:10:05.0043 2992 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
    20:10:05.0043 2992 Compbatt - ok
    20:10:05.0043 2992 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
    20:10:05.0090 2992 CompositeBus - ok
    20:10:05.0105 2992 COMSysApp - ok
    20:10:05.0121 2992 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
    20:10:05.0136 2992 crcdisk - ok
    20:10:05.0168 2992 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\windows\system32\cryptsvc.dll
    20:10:05.0214 2992 CryptSvc - ok
    20:10:05.0261 2992 [ BC3D4F90978CD7C8EABD1BAF3BF7873A ] CtClsFlt C:\windows\system32\DRIVERS\CtClsFlt.sys
    20:10:05.0324 2992 CtClsFlt - ok
    20:10:05.0370 2992 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
    20:10:05.0370 2992 DcomLaunch - ok
    20:10:05.0433 2992 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
    20:10:05.0448 2992 defragsvc - ok
    20:10:05.0480 2992 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
    20:10:05.0480 2992 DfsC - ok
    20:10:05.0526 2992 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
    20:10:05.0589 2992 Dhcp - ok
    20:10:05.0589 2992 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
    20:10:05.0589 2992 discache - ok
    20:10:05.0620 2992 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
    20:10:05.0620 2992 Disk - ok
    20:10:05.0651 2992 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
    20:10:05.0714 2992 Dnscache - ok
    20:10:05.0745 2992 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
    20:10:05.0807 2992 dot3svc - ok
    20:10:05.0823 2992 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
    20:10:05.0854 2992 DPS - ok
    20:10:05.0885 2992 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
    20:10:05.0885 2992 drmkaud - ok
    20:10:05.0916 2992 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
    20:10:05.0994 2992 DXGKrnl - ok
    20:10:06.0041 2992 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
    20:10:06.0041 2992 EapHost - ok
    20:10:06.0166 2992 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
    20:10:06.0197 2992 ebdrv - ok
    20:10:06.0228 2992 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
    20:10:06.0275 2992 EFS - ok
    20:10:06.0353 2992 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
    20:10:06.0416 2992 ehRecvr - ok
    20:10:06.0431 2992 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
    20:10:06.0431 2992 ehSched - ok
    20:10:06.0494 2992 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
    20:10:06.0509 2992 elxstor - ok
    20:10:06.0540 2992 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
    20:10:06.0540 2992 ErrDev - ok
    20:10:06.0587 2992 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
    20:10:06.0587 2992 EventSystem - ok
    20:10:06.0712 2992 [ B20A788579E443F768AAB1A24F705D0A ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    20:10:06.0774 2992 EvtEng - ok
    20:10:06.0806 2992 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
    20:10:06.0821 2992 exfat - ok
    20:10:06.0852 2992 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
    20:10:06.0852 2992 fastfat - ok
    20:10:06.0915 2992 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
    20:10:06.0977 2992 Fax - ok
    20:10:06.0977 2992 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
    20:10:06.0977 2992 fdc - ok
    20:10:07.0008 2992 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
    20:10:07.0008 2992 fdPHost - ok
    20:10:07.0024 2992 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
    20:10:07.0024 2992 FDResPub - ok
    20:10:07.0040 2992 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
    20:10:07.0040 2992 FileInfo - ok
    20:10:07.0055 2992 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
    20:10:07.0071 2992 Filetrace - ok
    20:10:07.0071 2992 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
    20:10:07.0071 2992 flpydisk - ok
    20:10:07.0071 2992 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
    20:10:07.0086 2992 FltMgr - ok
    20:10:07.0149 2992 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
    20:10:07.0196 2992 FontCache - ok
    20:10:07.0242 2992 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    20:10:07.0305 2992 FontCache3.0.0.0 - ok
    20:10:07.0336 2992 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
    20:10:07.0336 2992 FsDepends - ok
    20:10:07.0352 2992 [ DC0DCE4EC2C5D2CF6472F9FD6AA9A7DC ] fssfltr C:\windows\system32\DRIVERS\fssfltr.sys
    20:10:07.0414 2992 fssfltr - ok
    20:10:07.0554 2992 [ 40CDFAD174B3D5E80F95DDA003C0B97F ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
     
  8. amuck

    amuck TS Rookie Topic Starter Posts: 36

    20:10:07.0632 2992 fsssvc - ok
    20:10:07.0664 2992 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
    20:10:07.0726 2992 Fs_Rec - ok
    20:10:07.0757 2992 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
    20:10:07.0757 2992 fvevol - ok
    20:10:07.0788 2992 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
    20:10:07.0804 2992 gagp30kx - ok
    20:10:07.0804 2992 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
    20:10:07.0866 2992 GEARAspiWDM - ok
    20:10:07.0913 2992 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
    20:10:07.0976 2992 gpsvc - ok
    20:10:07.0976 2992 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
    20:10:07.0976 2992 hcw85cir - ok
    20:10:08.0007 2992 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
    20:10:08.0069 2992 HdAudAddService - ok
    20:10:08.0069 2992 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
    20:10:08.0116 2992 HDAudBus - ok
    20:10:08.0147 2992 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
    20:10:08.0147 2992 HidBatt - ok
    20:10:08.0163 2992 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
    20:10:08.0163 2992 HidBth - ok
    20:10:08.0178 2992 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
    20:10:08.0178 2992 HidIr - ok
    20:10:08.0210 2992 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
    20:10:08.0210 2992 hidserv - ok
    20:10:08.0225 2992 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
    20:10:08.0303 2992 HidUsb - ok
    20:10:08.0319 2992 [ A894FB2CAE6A29F5D9C8EDA47B074623 ] HipShieldK C:\windows\system32\drivers\HipShieldK.sys
    20:10:08.0366 2992 HipShieldK - ok
    20:10:08.0381 2992 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
    20:10:08.0444 2992 hkmsvc - ok
    20:10:08.0459 2992 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
    20:10:08.0490 2992 HomeGroupListener - ok
    20:10:08.0522 2992 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
    20:10:08.0568 2992 HomeGroupProvider - ok
    20:10:08.0678 2992 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
    20:10:08.0693 2992 hpqcxs08 - ok
    20:10:08.0709 2992 [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
    20:10:08.0771 2992 hpqddsvc - ok
    20:10:08.0802 2992 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
    20:10:08.0865 2992 HpSAMD - ok
    20:10:08.0880 2992 [ D972F48D0CE396759B788693CD665926 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
    20:10:08.0896 2992 HPSLPSVC - ok
    20:10:08.0943 2992 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
    20:10:09.0021 2992 HTTP - ok
    20:10:09.0021 2992 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
    20:10:09.0021 2992 hwpolicy - ok
    20:10:09.0036 2992 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
    20:10:09.0052 2992 i8042prt - ok
    20:10:09.0083 2992 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
    20:10:09.0099 2992 iaStor - ok
    20:10:09.0161 2992 [ 8FFF9083252C16FE3960173722605E9E ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    20:10:09.0239 2992 IAStorDataMgrSvc - ok
    20:10:09.0255 2992 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
    20:10:09.0302 2992 iaStorV - ok
    20:10:09.0317 2992 [ 8A4EC1C3F10385181B1066120C610AE5 ] iBtFltCoex C:\windows\system32\DRIVERS\iBtFltCoex.sys
    20:10:09.0364 2992 iBtFltCoex - ok
    20:10:09.0426 2992 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    20:10:09.0504 2992 idsvc - ok
    20:10:09.0754 2992 [ 174BCAC474DE13B2650E444CF124828E ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
    20:10:09.0848 2992 igfx - ok
    20:10:09.0863 2992 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
    20:10:09.0863 2992 iirsp - ok
    20:10:09.0926 2992 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
    20:10:09.0988 2992 IKEEXT - ok
    20:10:10.0019 2992 [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\windows\system32\drivers\intelaud.sys
    20:10:10.0082 2992 intaud_WaveExtensible - ok
    20:10:10.0128 2992 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
    20:10:10.0191 2992 IntcDAud - ok
    20:10:10.0206 2992 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
    20:10:10.0206 2992 intelide - ok
    20:10:10.0222 2992 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
    20:10:10.0222 2992 intelppm - ok
    20:10:10.0269 2992 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
    20:10:10.0269 2992 IPBusEnum - ok
    20:10:10.0300 2992 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
    20:10:10.0362 2992 IpFilterDriver - ok
    20:10:10.0362 2992 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
    20:10:10.0409 2992 IPMIDRV - ok
    20:10:10.0409 2992 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
    20:10:10.0425 2992 IPNAT - ok
    20:10:10.0503 2992 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    20:10:10.0581 2992 iPod Service - ok
    20:10:10.0612 2992 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
    20:10:10.0628 2992 IRENUM - ok
    20:10:10.0628 2992 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
    20:10:10.0643 2992 isapnp - ok
    20:10:10.0659 2992 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
    20:10:10.0706 2992 iScsiPrt - ok
    20:10:10.0737 2992 [ 716F66336F10885D935B08174DC54242 ] iwdbus C:\windows\system32\DRIVERS\iwdbus.sys
    20:10:10.0768 2992 iwdbus - ok
    20:10:10.0799 2992 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
    20:10:10.0799 2992 kbdclass - ok
    20:10:10.0799 2992 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
    20:10:10.0862 2992 kbdhid - ok
    20:10:10.0893 2992 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
    20:10:10.0893 2992 KeyIso - ok
    20:10:10.0924 2992 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
    20:10:10.0924 2992 KSecDD - ok
    20:10:10.0940 2992 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
    20:10:10.0940 2992 KSecPkg - ok
    20:10:10.0955 2992 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
    20:10:10.0955 2992 ksthunk - ok
    20:10:11.0018 2992 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
    20:10:11.0033 2992 KtmRm - ok
    20:10:11.0096 2992 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
    20:10:11.0142 2992 LanmanServer - ok
    20:10:11.0174 2992 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
    20:10:11.0236 2992 LanmanWorkstation - ok
    20:10:11.0283 2992 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
    20:10:11.0283 2992 lltdio - ok
    20:10:11.0345 2992 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
    20:10:11.0361 2992 lltdsvc - ok
    20:10:11.0361 2992 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
    20:10:11.0376 2992 lmhosts - ok
    20:10:11.0470 2992 [ 0803906D607A9B83184447B75B60ECC2 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    20:10:11.0579 2992 LMS - ok
    20:10:11.0610 2992 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
    20:10:11.0626 2992 LSI_FC - ok
    20:10:11.0626 2992 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
    20:10:11.0642 2992 LSI_SAS - ok
    20:10:11.0642 2992 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
    20:10:11.0642 2992 LSI_SAS2 - ok
    20:10:11.0642 2992 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
    20:10:11.0657 2992 LSI_SCSI - ok
    20:10:11.0673 2992 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
    20:10:11.0673 2992 luafv - ok
    20:10:11.0735 2992 [ B6BD99C3E23507A732C474CAA620C0D7 ] McAWFwk c:\PROGRA~1\mcafee\msc\mcawfwk.exe
    20:10:11.0829 2992 McAWFwk - ok
    20:10:11.0907 2992 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    20:10:11.0969 2992 McMPFSvc - ok
    20:10:11.0985 2992 [ F928E5E72BBA15DD0CE9A26E0413D236 ] mcmscsvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    20:10:11.0985 2992 mcmscsvc - ok
    20:10:12.0000 2992 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNaiAnn C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    20:10:12.0000 2992 McNaiAnn - ok
    20:10:12.0016 2992 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNASvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    20:10:12.0016 2992 McNASvc - ok
    20:10:12.0078 2992 [ BE7C8C3F8FE52D8F7826E14CF11DE949 ] McODS C:\Program Files\mcafee\VirusScan\mcods.exe
    20:10:12.0078 2992 McODS - ok
    20:10:12.0094 2992 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McOobeSv C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    20:10:12.0094 2992 McOobeSv - ok
    20:10:12.0125 2992 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McProxy C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    20:10:12.0125 2992 McProxy - ok
    20:10:12.0203 2992 [ D4F9C8CE2D7D5B9A1F739AADEBFFCA6F ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    20:10:12.0266 2992 McShield - ok
    20:10:12.0281 2992 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
    20:10:12.0328 2992 Mcx2Svc - ok
    20:10:12.0328 2992 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
    20:10:12.0344 2992 megasas - ok
    20:10:12.0375 2992 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
    20:10:12.0390 2992 MegaSR - ok
    20:10:12.0422 2992 [ 1C6E73FC46B509EFF9D0086AA37132DF ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
    20:10:12.0484 2992 MEIx64 - ok
    20:10:12.0500 2992 [ C73B93FED17829F11273459DA05E1976 ] mfeapfk C:\windows\system32\drivers\mfeapfk.sys
    20:10:12.0546 2992 mfeapfk - ok
    20:10:12.0562 2992 [ 298C065BB9E09D5F14CCD9E8244DE4A0 ] mfeavfk C:\windows\system32\drivers\mfeavfk.sys
    20:10:12.0609 2992 mfeavfk - ok
    20:10:12.0656 2992 mfeavfk01 - ok
    20:10:12.0702 2992 [ AB66AF840EF1667AA73DDA6CE987D0E1 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    20:10:12.0749 2992 mfefire - ok
    20:10:12.0780 2992 [ 4D604F0B85E98C5AD99B89AF72A4E28A ] mfefirek C:\windows\system32\drivers\mfefirek.sys
    20:10:12.0858 2992 mfefirek - ok
    20:10:12.0890 2992 [ 85AFDEAD1366BED11A84A5C6FC0A65D2 ] mfehidk C:\windows\system32\drivers\mfehidk.sys
    20:10:12.0905 2992 mfehidk - ok
    20:10:12.0905 2992 [ 1B08579938FD72626D92F3C2219903EA ] mferkdet C:\windows\system32\drivers\mferkdet.sys
    20:10:12.0952 2992 mferkdet - ok
    20:10:12.0983 2992 [ 984BBBB9BE02EF838DABDF3F3126A91B ] mfevtp C:\Windows\system32\mfevtps.exe
    20:10:13.0030 2992 mfevtp - ok
    20:10:13.0061 2992 [ 6251BE428073704FF1002231520C8F16 ] mfewfpk C:\windows\system32\drivers\mfewfpk.sys
    20:10:13.0061 2992 mfewfpk - ok
    20:10:13.0139 2992 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
    20:10:13.0217 2992 Microsoft Office Groove Audit Service - ok
    20:10:13.0264 2992 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
    20:10:13.0264 2992 MMCSS - ok
    20:10:13.0280 2992 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
    20:10:13.0295 2992 Modem - ok
    20:10:13.0311 2992 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
    20:10:13.0326 2992 monitor - ok
    20:10:13.0342 2992 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
    20:10:13.0342 2992 mouclass - ok
    20:10:13.0358 2992 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
    20:10:13.0358 2992 mouhid - ok
    20:10:13.0373 2992 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
    20:10:13.0373 2992 mountmgr - ok
    20:10:13.0373 2992 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
    20:10:13.0420 2992 mpio - ok
    20:10:13.0420 2992 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
    20:10:13.0436 2992 mpsdrv - ok
    20:10:13.0451 2992 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
    20:10:13.0529 2992 MRxDAV - ok
    20:10:13.0529 2992 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
    20:10:13.0529 2992 mrxsmb - ok
    20:10:13.0545 2992 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
    20:10:13.0545 2992 mrxsmb10 - ok
    20:10:13.0560 2992 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
    20:10:13.0560 2992 mrxsmb20 - ok
    20:10:13.0560 2992 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
    20:10:13.0560 2992 msahci - ok
    20:10:13.0576 2992 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
    20:10:13.0623 2992 msdsm - ok
    20:10:13.0654 2992 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
    20:10:13.0670 2992 MSDTC - ok
    20:10:13.0701 2992 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
    20:10:13.0701 2992 Msfs - ok
    20:10:13.0701 2992 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
    20:10:13.0701 2992 mshidkmdf - ok
    20:10:13.0701 2992 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
    20:10:13.0701 2992 msisadrv - ok
    20:10:13.0748 2992 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
    20:10:13.0748 2992 MSiSCSI - ok
    20:10:13.0763 2992 msiserver - ok
    20:10:13.0794 2992 [ F928E5E72BBA15DD0CE9A26E0413D236 ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    20:10:13.0794 2992 MSK80Service - ok
    20:10:13.0826 2992 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
    20:10:13.0841 2992 MSKSSRV - ok
    20:10:13.0857 2992 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
    20:10:13.0872 2992 MSPCLOCK - ok
    20:10:13.0872 2992 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
    20:10:13.0872 2992 MSPQM - ok
    20:10:13.0888 2992 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
    20:10:13.0888 2992 MsRPC - ok
    20:10:13.0888 2992 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
    20:10:13.0904 2992 mssmbios - ok
    20:10:13.0904 2992 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
    20:10:13.0904 2992 MSTEE - ok
    20:10:13.0904 2992 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
    20:10:13.0919 2992 MTConfig - ok
    20:10:13.0919 2992 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
    20:10:13.0919 2992 Mup - ok
    20:10:13.0950 2992 [ F217D7718FD7577AF331E89910B2D21E ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    20:10:13.0966 2992 MyWiFiDHCPDNS - ok
    20:10:14.0013 2992 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
    20:10:14.0075 2992 napagent - ok
    20:10:14.0122 2992 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
    20:10:14.0138 2992 NativeWifiP - ok
    20:10:14.0200 2992 [ C38B8AE57F78915905064A9A24DC1586 ] NDIS C:\windows\system32\drivers\ndis.sys
    20:10:14.0216 2992 NDIS - ok
    20:10:14.0216 2992 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
    20:10:14.0216 2992 NdisCap - ok
    20:10:14.0231 2992 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
    20:10:14.0231 2992 NdisTapi - ok
    20:10:14.0262 2992 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
    20:10:14.0325 2992 Ndisuio - ok
    20:10:14.0325 2992 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
    20:10:14.0372 2992 NdisWan - ok
    20:10:14.0387 2992 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
    20:10:14.0418 2992 NDProxy - ok
    20:10:14.0465 2992 [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
    20:10:14.0512 2992 Net Driver HPZ12 - ok
    20:10:14.0543 2992 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
    20:10:14.0543 2992 NetBIOS - ok
    20:10:14.0559 2992 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
    20:10:14.0652 2992 NetBT - ok
    20:10:14.0652 2992 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
    20:10:14.0652 2992 Netlogon - ok
    20:10:14.0699 2992 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
    20:10:14.0715 2992 Netman - ok
    20:10:14.0746 2992 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    20:10:14.0808 2992 NetMsmqActivator - ok
    20:10:14.0824 2992 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    20:10:14.0824 2992 NetPipeActivator - ok
    20:10:14.0855 2992 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
    20:10:14.0855 2992 netprofm - ok
    20:10:14.0855 2992 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    20:10:14.0855 2992 NetTcpActivator - ok
    20:10:14.0871 2992 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    20:10:14.0871 2992 NetTcpPortSharing - ok
    20:10:15.0089 2992 [ 9FD1BE1881446D954FF77244AE58FBCB ] NETwNs64 C:\windows\system32\DRIVERS\NETwNs64.sys
    20:10:15.0167 2992 NETwNs64 - ok
    20:10:15.0183 2992 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
    20:10:15.0198 2992 nfrd960 - ok
     
  9. amuck

    amuck TS Rookie Topic Starter Posts: 36

    20:10:15.0230 2992 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
    20:10:15.0276 2992 NlaSvc - ok
    20:10:15.0417 2992 [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] NOBU C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
    20:10:15.0448 2992 NOBU - ok
    20:10:15.0479 2992 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
    20:10:15.0479 2992 Npfs - ok
    20:10:15.0510 2992 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
    20:10:15.0510 2992 nsi - ok
    20:10:15.0526 2992 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
    20:10:15.0526 2992 nsiproxy - ok
    20:10:15.0573 2992 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
    20:10:15.0604 2992 Ntfs - ok
    20:10:15.0620 2992 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
    20:10:15.0620 2992 Null - ok
    20:10:15.0651 2992 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
    20:10:15.0729 2992 nvraid - ok
    20:10:15.0729 2992 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
    20:10:15.0791 2992 nvstor - ok
    20:10:15.0791 2992 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
    20:10:15.0791 2992 nv_agp - ok
    20:10:15.0885 2992 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    20:10:15.0947 2992 odserv - ok
    20:10:15.0978 2992 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
    20:10:15.0994 2992 ohci1394 - ok
    20:10:16.0041 2992 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    20:10:16.0119 2992 ose - ok
    20:10:16.0166 2992 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
    20:10:16.0181 2992 p2pimsvc - ok
    20:10:16.0212 2992 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
    20:10:16.0212 2992 p2psvc - ok
    20:10:16.0244 2992 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
    20:10:16.0244 2992 Parport - ok
    20:10:16.0275 2992 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
    20:10:16.0275 2992 partmgr - ok
    20:10:16.0290 2992 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
    20:10:16.0306 2992 PcaSvc - ok
    20:10:16.0306 2992 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
    20:10:16.0306 2992 pci - ok
    20:10:16.0306 2992 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
    20:10:16.0322 2992 pciide - ok
    20:10:16.0322 2992 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
    20:10:16.0337 2992 pcmcia - ok
    20:10:16.0337 2992 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
    20:10:16.0337 2992 pcw - ok
    20:10:16.0353 2992 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
    20:10:16.0368 2992 PEAUTH - ok
    20:10:16.0446 2992 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
    20:10:16.0462 2992 PerfHost - ok
    20:10:16.0540 2992 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
    20:10:16.0587 2992 pla - ok
    20:10:16.0634 2992 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
    20:10:16.0712 2992 PlugPlay - ok
    20:10:16.0727 2992 [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
    20:10:16.0774 2992 Pml Driver HPZ12 - ok
    20:10:16.0790 2992 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
    20:10:16.0805 2992 PNRPAutoReg - ok
    20:10:16.0805 2992 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
    20:10:16.0805 2992 PNRPsvc - ok
    20:10:16.0852 2992 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
    20:10:16.0914 2992 PolicyAgent - ok
    20:10:16.0930 2992 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\windows\system32\umpo.dll
    20:10:16.0946 2992 Power - ok
    20:10:16.0977 2992 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
    20:10:17.0039 2992 PptpMiniport - ok
    20:10:17.0055 2992 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
    20:10:17.0055 2992 Processor - ok
    20:10:17.0086 2992 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
    20:10:17.0133 2992 ProfSvc - ok
    20:10:17.0164 2992 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
    20:10:17.0164 2992 ProtectedStorage - ok
    20:10:17.0211 2992 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
    20:10:17.0211 2992 Psched - ok
    20:10:17.0273 2992 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\windows\system32\Drivers\PxHlpa64.sys
    20:10:17.0273 2992 PxHlpa64 - ok
    20:10:17.0336 2992 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
    20:10:17.0398 2992 ql2300 - ok
    20:10:17.0398 2992 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
    20:10:17.0414 2992 ql40xx - ok
    20:10:17.0445 2992 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
    20:10:17.0460 2992 QWAVE - ok
    20:10:17.0476 2992 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
    20:10:17.0492 2992 QWAVEdrv - ok
    20:10:17.0492 2992 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
    20:10:17.0492 2992 RasAcd - ok
    20:10:17.0523 2992 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
    20:10:17.0523 2992 RasAgileVpn - ok
    20:10:17.0538 2992 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
    20:10:17.0554 2992 RasAuto - ok
    20:10:17.0570 2992 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
    20:10:17.0616 2992 Rasl2tp - ok
    20:10:17.0648 2992 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
    20:10:17.0694 2992 RasMan - ok
    20:10:17.0710 2992 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
    20:10:17.0710 2992 RasPppoe - ok
    20:10:17.0710 2992 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
    20:10:17.0726 2992 RasSstp - ok
    20:10:17.0741 2992 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
    20:10:17.0741 2992 rdbss - ok
    20:10:17.0757 2992 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
    20:10:17.0772 2992 rdpbus - ok
    20:10:17.0772 2992 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
    20:10:17.0788 2992 RDPCDD - ok
    20:10:17.0788 2992 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
    20:10:17.0788 2992 RDPENCDD - ok
    20:10:17.0788 2992 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
    20:10:17.0804 2992 RDPREFMP - ok
    20:10:17.0804 2992 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
    20:10:17.0850 2992 RDPWD - ok
    20:10:17.0866 2992 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
    20:10:17.0866 2992 rdyboost - ok
    20:10:17.0944 2992 [ B9A0810D16EA7935B10A5499ABA61DC3 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    20:10:18.0022 2992 RegSrvc - ok
    20:10:18.0069 2992 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
    20:10:18.0084 2992 RemoteAccess - ok
    20:10:18.0116 2992 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
    20:10:18.0131 2992 RemoteRegistry - ok
    20:10:18.0162 2992 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
    20:10:18.0178 2992 RFCOMM - ok
    20:10:18.0303 2992 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
    20:10:18.0396 2992 RoxMediaDB12OEM - ok
    20:10:18.0412 2992 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
    20:10:18.0474 2992 RoxWatch12 - ok
    20:10:18.0490 2992 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
    20:10:18.0506 2992 RpcEptMapper - ok
    20:10:18.0552 2992 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
    20:10:18.0552 2992 RpcLocator - ok
    20:10:18.0568 2992 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
    20:10:18.0584 2992 RpcSs - ok
    20:10:18.0615 2992 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
    20:10:18.0630 2992 rspndr - ok
    20:10:18.0662 2992 [ BE29B0A3AC1E8BD02FFAB8CEE86BADFA ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
    20:10:18.0708 2992 RSUSBSTOR - ok
    20:10:18.0755 2992 [ 2777226EE8BF50B059D7A7C90177E99C ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
    20:10:18.0802 2992 RTL8167 - ok
    20:10:18.0818 2992 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
    20:10:18.0833 2992 SamSs - ok
    20:10:18.0833 2992 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
    20:10:18.0880 2992 sbp2port - ok
    20:10:18.0911 2992 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
    20:10:18.0911 2992 SCardSvr - ok
    20:10:18.0911 2992 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
    20:10:18.0989 2992 scfilter - ok
    20:10:19.0020 2992 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
    20:10:19.0083 2992 Schedule - ok
    20:10:19.0083 2992 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
    20:10:19.0083 2992 SCPolicySvc - ok
    20:10:19.0098 2992 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
    20:10:19.0130 2992 SDRSVC - ok
    20:10:19.0161 2992 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
    20:10:19.0161 2992 secdrv - ok
    20:10:19.0192 2992 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
    20:10:19.0239 2992 seclogon - ok
    20:10:19.0254 2992 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
    20:10:19.0254 2992 SENS - ok
    20:10:19.0286 2992 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
    20:10:19.0286 2992 SensrSvc - ok
    20:10:19.0301 2992 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
    20:10:19.0301 2992 Serenum - ok
    20:10:19.0348 2992 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
    20:10:19.0348 2992 Serial - ok
    20:10:19.0379 2992 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
    20:10:19.0379 2992 sermouse - ok
    20:10:19.0410 2992 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
    20:10:19.0473 2992 SessionEnv - ok
    20:10:19.0473 2992 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
    20:10:19.0488 2992 sffdisk - ok
    20:10:19.0488 2992 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
    20:10:19.0488 2992 sffp_mmc - ok
    20:10:19.0488 2992 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
    20:10:19.0535 2992 sffp_sd - ok
    20:10:19.0535 2992 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
    20:10:19.0535 2992 sfloppy - ok
    20:10:19.0644 2992 [ 74EC60E20516AAA573BE74F31175270F ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    20:10:19.0722 2992 SftService - ok
    20:10:19.0769 2992 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
    20:10:19.0832 2992 ShellHWDetection - ok
    20:10:19.0847 2992 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
    20:10:19.0863 2992 SiSRaid2 - ok
    20:10:19.0863 2992 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
    20:10:19.0863 2992 SiSRaid4 - ok
    20:10:19.0941 2992 [ C70AEBD3608ED9FCEA2A1BAE83567FFC ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    20:10:19.0941 2992 SkypeUpdate - ok
    20:10:19.0988 2992 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
    20:10:20.0003 2992 Smb - ok
    20:10:20.0066 2992 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
    20:10:20.0081 2992 SNMPTRAP - ok
    20:10:20.0097 2992 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
    20:10:20.0097 2992 spldr - ok
    20:10:20.0144 2992 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\windows\System32\spoolsv.exe
    20:10:20.0206 2992 Spooler - ok
    20:10:20.0331 2992 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
    20:10:20.0346 2992 sppsvc - ok
    20:10:20.0362 2992 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
    20:10:20.0378 2992 sppuinotify - ok
    20:10:20.0409 2992 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
    20:10:20.0409 2992 srv - ok
    20:10:20.0424 2992 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
    20:10:20.0440 2992 srv2 - ok
    20:10:20.0456 2992 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
    20:10:20.0456 2992 srvnet - ok
    20:10:20.0487 2992 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
    20:10:20.0502 2992 SSDPSRV - ok
    20:10:20.0518 2992 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
    20:10:20.0518 2992 SstpSvc - ok
    20:10:20.0580 2992 [ B2D8B364A831427A5741F6C408FA8AE3 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
    20:10:20.0690 2992 STacSV - ok
    20:10:20.0705 2992 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
    20:10:20.0705 2992 stexstor - ok
    20:10:20.0768 2992 [ EF5ACDE92BA3F691BBFEF781CB063501 ] STHDA C:\windows\system32\DRIVERS\stwrt64.sys
    20:10:20.0830 2992 STHDA - ok
    20:10:20.0861 2992 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\windows\system32\DRIVERS\serscan.sys
    20:10:20.0861 2992 StillCam - ok
    20:10:20.0939 2992 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
    20:10:21.0002 2992 stisvc - ok
    20:10:21.0048 2992 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
    20:10:21.0111 2992 stllssvr - ok
    20:10:21.0126 2992 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
    20:10:21.0126 2992 swenum - ok
    20:10:21.0189 2992 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
    20:10:21.0204 2992 swprv - ok
    20:10:21.0251 2992 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
    20:10:21.0282 2992 SysMain - ok
    20:10:21.0298 2992 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
    20:10:21.0360 2992 TabletInputService - ok
    20:10:21.0392 2992 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
    20:10:21.0423 2992 TapiSrv - ok
    20:10:21.0438 2992 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
    20:10:21.0438 2992 TBS - ok
    20:10:21.0532 2992 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\windows\system32\drivers\tcpip.sys
    20:10:21.0563 2992 Tcpip - ok
    20:10:21.0610 2992 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
    20:10:21.0626 2992 TCPIP6 - ok
    20:10:21.0626 2992 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
    20:10:21.0672 2992 tcpipreg - ok
    20:10:21.0672 2992 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
    20:10:21.0688 2992 TDPIPE - ok
    20:10:21.0688 2992 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
    20:10:21.0735 2992 TDTCP - ok
    20:10:21.0735 2992 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
    20:10:21.0782 2992 tdx - ok
    20:10:21.0782 2992 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
    20:10:21.0813 2992 TermDD - ok
    20:10:21.0875 2992 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
    20:10:21.0938 2992 TermService - ok
    20:10:21.0938 2992 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
    20:10:21.0953 2992 Themes - ok
    20:10:21.0984 2992 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
    20:10:21.0984 2992 THREADORDER - ok
    20:10:22.0031 2992 [ 68FE3D89829E27D4FD5EEA7BD2C41985 ] tihub3 C:\windows\system32\DRIVERS\tihub3.sys
    20:10:22.0109 2992 tihub3 - ok
    20:10:22.0140 2992 [ 0102C9633CE1F18A6AC021F28B734DB5 ] tixhci C:\windows\system32\DRIVERS\tixhci.sys
    20:10:22.0203 2992 tixhci - ok
    20:10:22.0234 2992 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
    20:10:22.0234 2992 TrkWks - ok
    20:10:22.0296 2992 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
    20:10:22.0359 2992 TrustedInstaller - ok
    20:10:22.0359 2992 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
    20:10:22.0406 2992 tssecsrv - ok
    20:10:22.0452 2992 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
    20:10:22.0499 2992 TsUsbFlt - ok
    20:10:22.0515 2992 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
    20:10:22.0546 2992 TsUsbGD - ok
    20:10:22.0593 2992 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
    20:10:22.0624 2992 tunnel - ok
    20:10:22.0624 2992 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
    20:10:22.0640 2992 uagp35 - ok
    20:10:22.0640 2992 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
    20:10:22.0640 2992 udfs - ok
    20:10:22.0671 2992 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
    20:10:22.0686 2992 UI0Detect - ok
    20:10:22.0733 2992 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
    20:10:22.0749 2992 uliagpkx - ok
    20:10:22.0764 2992 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
    20:10:22.0827 2992 umbus - ok
    20:10:22.0842 2992 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
    20:10:22.0842 2992 UmPass - ok
    20:10:22.0983 2992 [ EB79C6C91A99930015EF29AE7FA802D1 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    20:10:23.0092 2992 UNS - ok
    20:10:23.0139 2992 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
    20:10:23.0139 2992 upnphost - ok
    20:10:23.0186 2992 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
    20:10:23.0264 2992 USBAAPL64 - ok
    20:10:23.0279 2992 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
    20:10:23.0326 2992 usbccgp - ok
    20:10:23.0342 2992 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
    20:10:23.0357 2992 usbcir - ok
    20:10:23.0357 2992 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
    20:10:23.0420 2992 usbehci - ok
    20:10:23.0451 2992 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
    20:10:23.0513 2992 usbhub - ok
    20:10:23.0513 2992 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
    20:10:23.0560 2992 usbohci - ok
    20:10:23.0576 2992 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
    20:10:23.0576 2992 usbprint - ok
    20:10:23.0591 2992 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
    20:10:23.0607 2992 usbscan - ok
    20:10:23.0622 2992 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
    20:10:23.0669 2992 USBSTOR - ok
    20:10:23.0685 2992 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
    20:10:23.0732 2992 usbuhci - ok
    20:10:23.0763 2992 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
    20:10:23.0794 2992 usbvideo - ok
    20:10:23.0825 2992 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
    20:10:23.0825 2992 UxSms - ok
    20:10:23.0841 2992 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
    20:10:23.0856 2992 VaultSvc - ok
    20:10:23.0872 2992 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
    20:10:23.0872 2992 vdrvroot - ok
    20:10:23.0903 2992 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
    20:10:23.0950 2992 vds - ok
    20:10:23.0981 2992 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
    20:10:23.0981 2992 vga - ok
    20:10:23.0997 2992 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
    20:10:23.0997 2992 VgaSave - ok
    20:10:23.0997 2992 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
    20:10:24.0044 2992 vhdmp - ok
    20:10:24.0044 2992 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
    20:10:24.0059 2992 viaide - ok
    20:10:24.0059 2992 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
    20:10:24.0059 2992 volmgr - ok
    20:10:24.0059 2992 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
    20:10:24.0075 2992 volmgrx - ok
    20:10:24.0075 2992 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
    20:10:24.0075 2992 volsnap - ok
    20:10:24.0090 2992 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
    20:10:24.0106 2992 vsmraid - ok
    20:10:24.0168 2992 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
    20:10:24.0200 2992 VSS - ok
    20:10:24.0200 2992 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
    20:10:24.0200 2992 vwifibus - ok
    20:10:24.0231 2992 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
    20:10:24.0231 2992 vwififlt - ok
    20:10:24.0246 2992 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
    20:10:24.0246 2992 vwifimp - ok
    20:10:24.0293 2992 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
    20:10:24.0309 2992 W32Time - ok
    20:10:24.0324 2992 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
    20:10:24.0324 2992 WacomPen - ok
    20:10:24.0340 2992 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
    20:10:24.0387 2992 WANARP - ok
    20:10:24.0387 2992 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
    20:10:24.0387 2992 Wanarpv6 - ok
    20:10:24.0465 2992 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
    20:10:24.0527 2992 WatAdminSvc - ok
    20:10:24.0590 2992 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
    20:10:24.0652 2992 wbengine - ok
    20:10:24.0652 2992 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
    20:10:24.0668 2992 WbioSrvc - ok
    20:10:24.0683 2992 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
    20:10:24.0730 2992 wcncsvc - ok
    20:10:24.0746 2992 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
    20:10:24.0746 2992 WcsPlugInService - ok
    20:10:24.0761 2992 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
    20:10:24.0777 2992 Wd - ok
    20:10:24.0824 2992 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
    20:10:24.0824 2992 Wdf01000 - ok
    20:10:24.0855 2992 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
    20:10:24.0855 2992 WdiServiceHost - ok
    20:10:24.0855 2992 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
    20:10:24.0870 2992 WdiSystemHost - ok
    20:10:24.0902 2992 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
    20:10:24.0948 2992 WebClient - ok
    20:10:24.0964 2992 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
    20:10:24.0980 2992 Wecsvc - ok
    20:10:24.0995 2992 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
    20:10:24.0995 2992 wercplsupport - ok
    20:10:25.0011 2992 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
    20:10:25.0011 2992 WerSvc - ok
    20:10:25.0042 2992 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
    20:10:25.0058 2992 WfpLwf - ok
    20:10:25.0058 2992 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\windows\system32\DRIVERS\wimfltr.sys
    20:10:25.0120 2992 WimFltr - ok
    20:10:25.0120 2992 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
    20:10:25.0136 2992 WIMMount - ok
    20:10:25.0151 2992 WinHttpAutoProxySvc - ok
    20:10:25.0229 2992 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
    20:10:25.0245 2992 Winmgmt - ok
    20:10:25.0338 2992 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
    20:10:25.0401 2992 WinRM - ok
    20:10:25.0463 2992 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
    20:10:25.0526 2992 WinUsb - ok
    20:10:25.0557 2992 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
    20:10:25.0588 2992 Wlansvc - ok
    20:10:25.0650 2992 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    20:10:25.0728 2992 wlcrasvc - ok
    20:10:25.0853 2992 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    20:10:25.0916 2992 wlidsvc - ok
    20:10:25.0947 2992 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
    20:10:25.0947 2992 WmiAcpi - ok
    20:10:25.0994 2992 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
    20:10:25.0994 2992 wmiApSrv - ok
    20:10:26.0025 2992 WMPNetworkSvc - ok
    20:10:26.0072 2992 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
    20:10:26.0072 2992 WPCSvc - ok
    20:10:26.0103 2992 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
    20:10:26.0165 2992 WPDBusEnum - ok
    20:10:26.0181 2992 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
    20:10:26.0181 2992 ws2ifsl - ok
    20:10:26.0181 2992 WSearch - ok
    20:10:26.0321 2992 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
    20:10:26.0337 2992 wuauserv - ok
    20:10:26.0368 2992 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
    20:10:26.0399 2992 WudfPf - ok
    20:10:26.0430 2992 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
    20:10:26.0493 2992 WUDFRd - ok
    20:10:26.0524 2992 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
    20:10:26.0571 2992 wudfsvc - ok
    20:10:26.0586 2992 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
    20:10:26.0602 2992 WwanSvc - ok
    20:10:26.0649 2992 ================ Scan global ===============================
    20:10:26.0664 2992 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
    20:10:26.0711 2992 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
    20:10:26.0789 2992 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
    20:10:26.0805 2992 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
    20:10:26.0852 2992 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
    20:10:26.0867 2992 [Global] - ok
    20:10:26.0867 2992 ================ Scan MBR ==================================
    20:10:26.0883 2992 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    20:10:27.0054 2992 \Device\Harddisk0\DR0 - ok
    20:10:27.0070 2992 ================ Scan VBR ==================================
    20:10:27.0070 2992 [ B4A651EA79A9998884DA67ECFFB5E2E7 ] \Device\Harddisk0\DR0\Partition1
    20:10:27.0070 2992 \Device\Harddisk0\DR0\Partition1 - ok
    20:10:27.0086 2992 [ 0B798598A6F493B551BA93EB11F847DD ] \Device\Harddisk0\DR0\Partition2
    20:10:27.0086 2992 \Device\Harddisk0\DR0\Partition2 - ok
    20:10:27.0086 2992 ============================================================
    20:10:27.0086 2992 Scan finished
    20:10:27.0086 2992 ============================================================
    20:10:27.0101 2228 Detected object count: 0
    20:10:27.0101 2228 Actual detected object count: 0
     
  10. amuck

    amuck TS Rookie Topic Starter Posts: 36

    RogueKiller V8.2.3 [11/07/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Betty Anne [Admin rights]
    Mode : Scan -- Date : 11/13/2012 20:11:58
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 10 ¤¤¤
    [HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND
    [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Betty Anne\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\n.) -> FOUND
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ Infection : Rans.Gendarm ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\windows\system32\drivers\etc\hosts

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: TOSHIBA MK6475GSX +++++
    --- User ---
    [MBR] a2111a8ed72be82719f761f51d90dbe5
    [BSP] c8cda3a0ea2a6defe307a70b0ca03225 : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 595364 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[1]_S_11132012_02d2011.txt >>
    RKreport[1]_S_11132012_02d2011.txt
     
  11. amuck

    amuck TS Rookie Topic Starter Posts: 36

    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2012-11-13 20:13:52
    -----------------------------
    20:13:52.560 OS Version: Windows x64 6.1.7601 Service Pack 1
    20:13:52.560 Number of processors: 4 586 0x2A07
    20:13:52.560 ComputerName: BETTYANNE-PC UserName: Betty Anne
    20:13:53.871 Initialize success
    20:14:08.562 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    20:14:08.562 Disk 0 Vendor: TOSHIBA_ GT00 Size: 610480MB BusType: 3
    20:14:08.609 Disk 0 MBR read successfully
    20:14:08.609 Disk 0 MBR scan
    20:14:08.624 Disk 0 Windows 7 default MBR code
    20:14:08.640 Disk 0 Partition 1 00 DE Dell Utility DELL 8.0 100 MB offset 2048
    20:14:08.656 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848
    20:14:08.671 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 595364 MB offset 30926848
    20:14:08.702 Disk 0 scanning C:\windows\system32\drivers
    20:14:11.760 Service scanning
    20:14:34.988 Modules scanning
    20:14:35.004 Disk 0 trace - called modules:
    20:14:35.051 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
    20:14:35.051 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007879060]
    20:14:35.066 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> [0xfffffa8005944660]
    20:14:35.082 5 ACPI.sys[fffff88000f107a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005948050]
    20:14:35.082 Scan finished successfully
    20:15:14.940 Disk 0 MBR has been saved successfully to "C:\Users\Betty Anne\Desktop\MBR.dat"
    20:15:14.940 The log file has been saved successfully to "C:\Users\Betty Anne\Desktop\aswMBR.txt"
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    Go ahead and fix all items found by RogueKiller.
    Post new log.
     
  13. amuck

    amuck TS Rookie Topic Starter Posts: 36

    Two logs, I figured out I missed a few tabs (realized what I was doing) after creating the first log...I am posting both just in case.


    RogueKiller V8.2.3 [11/07/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Betty Anne [Admin rights]
    Mode : Remove -- Date : 11/13/2012 20:56:03
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 0 ¤¤¤
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\windows\system32\drivers\etc\hosts

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: TOSHIBA MK6475GSX +++++
    --- User ---
    [MBR] a2111a8ed72be82719f761f51d90dbe5
    [BSP] c8cda3a0ea2a6defe307a70b0ca03225 : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 595364 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[8]_D_11132012_02d2056.txt >>
    RKreport[1]_S_11132012_02d2011.txt ; RKreport[2]_H_11132012_02d2053.txt ; RKreport[3]_PR_11132012_02d2053.txt ; RKreport[4]_DN_11132012_02d2053.txt ; RKreport[5]_SC_11132012_02d2054.txt ;
    RKreport[6]_S_11132012_02d2054.txt ; RKreport[7]_D_11132012_02d2055.txt ; RKreport[8]_D_11132012_02d2056.txt

    ==============================

    RogueKiller V8.2.3 [11/07/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Betty Anne [Admin rights]
    Mode : Scan -- Date : 11/13/2012 20:56:12
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 0 ¤¤¤
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\windows\system32\drivers\etc\hosts

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: TOSHIBA MK6475GSX +++++
    --- User ---
    [MBR] a2111a8ed72be82719f761f51d90dbe5
    [BSP] c8cda3a0ea2a6defe307a70b0ca03225 : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 595364 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[9]_S_11132012_02d2056.txt >>
    RKreport[1]_S_11132012_02d2011.txt ; RKreport[2]_H_11132012_02d2053.txt ; RKreport[3]_PR_11132012_02d2053.txt ; RKreport[4]_DN_11132012_02d2053.txt ; RKreport[5]_SC_11132012_02d2054.txt ;
    RKreport[6]_S_11132012_02d2054.txt ; RKreport[7]_D_11132012_02d2055.txt ; RKreport[8]_D_11132012_02d2056.txt ; RKreport[9]_S_11132012_02d2056.txt



    What do you think?
     
  14. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    Good :)

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ==============================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  15. amuck

    amuck TS Rookie Topic Starter Posts: 36

    Okay, what now? :)

    ComboFix 12-11-13.02 - Betty Anne 11/13/2012 21:37:35.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6050.4292 [GMT -5:00]
    Running from: c:\users\Betty Anne\Desktop\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\IFCQXQjLQXC2XE
    c:\programdata\IwLLZ3HEtF0AmV
    c:\programdata\PCDr\6032\AddOnDownloaded\087abda5-3ca9-433a-8a4e-6b9fc9285607.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\305a1406-381f-449d-9486-32504a38e5b0.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\3b429c4f-8ba9-4a7d-bbb4-4548bb6d2539.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\3c49c05a-0eb3-4044-a0f8-d4ea2a439295.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\4704833a-6508-40cc-b98b-5ebd235e52ca.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\5cd81d7c-326c-42d2-8929-1ee85c69dc1d.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\5f169f6e-cfce-411e-b266-aa53ac35ce83.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\8c199aef-9eca-4ab6-863d-c9136ebec654.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\a7201707-7895-43cf-9119-8a0279b75d4c.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\a875f6ee-9729-4447-8d2c-63bd2e6396c1.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\af728edb-0984-4c06-9a4b-0878bcfa9a26.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\b510dd11-341c-4dfa-9f1e-dd5ddcc444f4.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\cf9bce06-e765-4c6f-afa9-0d82a3adc417.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\e1ce76af-328a-41dc-b2c4-0dd9771f6aa1.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\e3e252fe-80ab-4f89-82a9-b607007220bd.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\eb115e4d-8592-4082-bffa-e65ae6b21e95.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\ed26c1b3-d9f9-42e8-80e0-cd62e65fd901.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\f28ef68b-8cc4-4c00-891d-473fb67bd0b0.dll
    c:\programdata\Roaming
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-10-14 to 2012-11-14 )))))))))))))))))))))))))))))))
    .
    .
    2012-11-14 02:42 . 2012-11-14 02:42 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-11-13 07:11 . 2012-11-13 07:11 -------- d-----w- C:\FRST
    2012-11-10 03:13 . 2012-11-13 04:20 -------- d-----w- c:\program files\Microsoft Security Client
    2012-11-09 03:33 . 2012-11-09 03:33 -------- d-----w- c:\program files (x86)\ESET
    2012-11-09 00:51 . 2012-11-09 00:51 -------- d-----w- c:\users\Betty Anne\AppData\Roaming\Malwarebytes
    2012-11-09 00:48 . 2012-11-09 00:48 -------- d-----w- c:\programdata\Malwarebytes
    2012-11-09 00:48 . 2012-11-13 04:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-10-31 00:05 . 2012-08-21 17:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-10-31 00:04 . 2012-10-31 00:04 -------- d-----w- c:\program files\iPod
    2012-10-31 00:04 . 2012-11-13 04:23 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-10-31 00:04 . 2012-11-13 04:23 -------- d-----w- c:\program files\iTunes
    2012-10-31 00:04 . 2012-11-13 04:22 -------- d-----w- c:\program files (x86)\iTunes
    2012-10-30 20:31 . 2012-10-30 20:31 -------- d-----w- c:\users\Betty Anne\Pearson
    2012-10-26 00:46 . 2012-04-20 20:40 196440 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-21 17:01 . 2012-06-13 21:57 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
    2012-08-21 17:01 . 2012-06-13 21:57 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HP Deskjet 3510 series (NET)"="c:\program files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe" [2012-05-08 2552168]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
    .
    c:\users\Betty Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer4"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
    R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-09-15 299008]
    R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
    R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-05-19 1335360]
    R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]
    R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-06-21 34200]
    R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2010-08-30 220528]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-07-17 106112]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-09-16 340240]
    R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-24 1255736]
    R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-07-17 335784]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
    S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-09-15 1166848]
    S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
    S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-05-19 921664]
    S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-05-19 995392]
    S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-07-17 218320]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-07-17 177144]
    S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
    S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-09-15 299008]
    S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2011-05-19 51712]
    S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-05-19 53248]
    S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-07-19 282624]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-07-17 69672]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
    S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-07-20 59904]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
    S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-06-21 25496]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-07-17 513456]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-10-26 406632]
    S3 tihub3;TI USB3 Hub Service;c:\windows\system32\DRIVERS\tihub3.sys [2011-07-20 136000]
    S3 tixhci;TI XHCI Service;c:\windows\system32\DRIVERS\tixhci.sys [2011-07-20 406336]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    *Deregistered* - mfeavfk01
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    .
    --------- X64 Entries -----------
    .
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 172.26.38.1 172.26.38.2
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-SetupWizard - D:\SetupWizard.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-254926280-3890057060-2601077060-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:4e,ef,bb,11,7c,e2,a1,db,81,0f,32,f8,04,4f,66,62,65,31,e6,8b,4f,a2,93,
    90,48,32,90,ba,6a,0b,b7,b1,80,90,c8,1d,65,52,63,90,95,33,34,b2,5a,8f,1e,08,\
    "??"=hex:51,c6,06,9a,50,8d,ac,fd,70,92,a6,2c,c3,37,23,b3
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
    c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2012-11-13 21:50:43 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-11-14 02:50
    .
    Pre-Run: 570,388,316,160 bytes free
    Post-Run: 571,688,288,256 bytes free
    .
    - - End Of File - - 62D8EF19DF025ECA9D61B2AC464E5797
     
  16. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    Looks good :)

    Any current issues?

    =========================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  17. amuck

    amuck TS Rookie Topic Starter Posts: 36

    OTL logfile created on: 11/13/2012 10:23:22 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Betty Anne\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.91 Gb Total Physical Memory | 4.73 Gb Available Physical Memory | 80.02% Memory free
    11.81 Gb Paging File | 10.21 Gb Available in Paging File | 86.40% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 581.41 Gb Total Space | 532.49 Gb Free Space | 91.59% Space Free | Partition Type: NTFS
    Drive D: | 5.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: BETTYANNE-PC | User Name: Betty Anne | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/11/13 22:21:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Betty Anne\Desktop\OTL.exe
    PRC - [2012/06/11 15:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE
    PRC - [2011/09/06 13:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    PRC - [2011/08/18 11:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    PRC - [2011/08/18 11:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
    PRC - [2011/05/19 02:16:48 | 000,995,392 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    PRC - [2011/05/19 02:16:36 | 000,921,664 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    PRC - [2010/11/06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2010/10/05 22:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/10/05 22:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/06/14 20:30:50 | 014,340,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
    MOD - [2012/06/14 20:30:35 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
    MOD - [2012/06/14 20:30:28 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
    MOD - [2012/06/14 20:30:21 | 012,237,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
    MOD - [2012/05/30 19:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2012/05/30 19:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2012/05/12 02:39:46 | 002,297,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
    MOD - [2012/05/12 02:36:04 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
    MOD - [2012/05/12 02:35:02 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
    MOD - [2012/05/12 02:34:57 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
    MOD - [2012/05/12 02:34:53 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
    MOD - [2012/05/12 02:34:52 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
    MOD - [2012/05/12 02:34:45 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
    MOD - [2011/08/18 11:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/09/10 16:47:50 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS)
    SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
    SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
    SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
    SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
    SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
    SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
    SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
    SRV:64bit: - [2012/07/17 13:52:28 | 000,177,144 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
    SRV:64bit: - [2012/07/17 13:49:24 | 000,218,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
    SRV:64bit: - [2012/07/17 13:47:42 | 000,237,920 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
    SRV:64bit: - [2011/09/15 19:41:28 | 001,518,352 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
    SRV:64bit: - [2011/09/15 19:28:06 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
    SRV:64bit: - [2011/09/15 19:24:52 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
    SRV:64bit: - [2011/09/15 10:54:46 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
    SRV:64bit: - [2011/06/03 13:51:38 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
    SRV:64bit: - [2011/01/25 04:57:18 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/08/30 15:42:00 | 000,220,528 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\mcafee\msc\McAWFwk.exe -- (McAWFwk)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/03/03 05:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
    SRV - [2012/06/11 15:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
    SRV - [2012/06/11 15:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
    SRV - [2012/06/05 14:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2011/08/18 11:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
    SRV - [2011/05/19 02:16:48 | 000,995,392 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
    SRV - [2011/05/19 02:16:46 | 001,335,360 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
    SRV - [2011/05/19 02:16:36 | 000,921,664 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
    SRV - [2010/11/25 06:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
    SRV - [2010/11/25 06:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
    SRV - [2010/11/06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
    SRV - [2010/10/05 22:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2010/10/05 22:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2010/08/25 21:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/05/21 20:35:32 | 000,923,136 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/07/17 13:55:40 | 000,069,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
    DRV:64bit: - [2012/07/17 13:52:38 | 000,335,784 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
    DRV:64bit: - [2012/07/17 13:51:16 | 000,106,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
    DRV:64bit: - [2012/07/17 13:50:36 | 000,752,672 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
    DRV:64bit: - [2012/07/17 13:49:36 | 000,513,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
    DRV:64bit: - [2012/07/17 13:48:54 | 000,300,392 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
    DRV:64bit: - [2012/07/17 13:48:34 | 000,169,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
    DRV:64bit: - [2012/04/25 11:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/04/20 15:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
    DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/09/18 03:26:52 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
    DRV:64bit: - [2011/09/15 10:48:24 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
    DRV:64bit: - [2011/09/15 10:48:24 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
    DRV:64bit: - [2011/07/20 17:21:50 | 000,406,336 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci)
    DRV:64bit: - [2011/07/20 17:21:50 | 000,136,000 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3)
    DRV:64bit: - [2011/07/19 19:54:06 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
    DRV:64bit: - [2011/07/19 16:13:42 | 000,282,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
    DRV:64bit: - [2011/06/21 16:19:14 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
    DRV:64bit: - [2011/06/21 16:19:12 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
    DRV:64bit: - [2011/05/19 02:17:04 | 000,053,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
    DRV:64bit: - [2011/05/19 02:17:02 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaud.sys -- (btmaudio)
    DRV:64bit: - [2011/05/13 15:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2011/05/13 03:28:46 | 000,363,856 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV:64bit: - [2011/04/10 14:51:06 | 012,223,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/01/25 04:57:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2011/01/20 12:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
    DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/11/06 18:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/10/29 19:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2010/10/26 14:08:08 | 000,406,632 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/10/15 04:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2010/09/21 10:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-254926280-3890057060-2601077060-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-254926280-3890057060-2601077060-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    IE - HKU\S-1-5-21-254926280-3890057060-2601077060-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-254926280-3890057060-2601077060-1000\..\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}: "URL" = http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
    IE - HKU\S-1-5-21-254926280-3890057060-2601077060-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-254926280-3890057060-2601077060-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/06/12 17:10:53 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/11/12 23:22:07 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012/10/06 17:50:56 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2012/11/12 23:23:34 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/06/12 17:10:53 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2012/11/13 21:43:17 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
    O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20120726144436.dll (McAfee, Inc.)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\mcafee\msk\mskapbho.dll ()
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120726144436.dll (McAfee, Inc.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKU\S-1-5-21-254926280-3890057060-2601077060-1000..\Run: [HP Deskjet 3510 series (NET)] C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-254926280-3890057060-2601077060-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-254926280-3890057060-2601077060-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
    O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
    O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
    O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.26.38.1 172.26.38.2
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F401738-A93E-48D9-A7BD-57EB16A69529}: DhcpNameServer = 172.26.38.1 172.26.38.2
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CDFB0639-BA97-473F-BFD8-95029808745F}: DhcpNameServer = 75.75.75.75 75.75.76.76
    O18:64bit: - Protocol\Handler\cozi - No CLSID value found
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
    O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/11/13 22:21:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Betty Anne\Desktop\OTL.exe
    [2012/11/13 22:00:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    [2012/11/13 21:44:54 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/11/13 21:36:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
    [2012/11/13 21:36:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
    [2012/11/13 21:36:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
    [2012/11/13 21:30:12 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/11/13 21:30:00 | 000,000,000 | ---D | C] -- C:\windows\erdnt
    [2012/11/13 21:29:38 | 005,000,873 | R--- | C] (Swearware) -- C:\Users\Betty Anne\Desktop\ComboFix.exe
    [2012/11/13 20:11:41 | 000,000,000 | ---D | C] -- C:\Users\Betty Anne\Desktop\RK_Quarantine
    [2012/11/13 20:09:49 | 000,000,000 | ---D | C] -- C:\Users\Betty Anne\Desktop\tdsskiller
    [2012/11/13 20:09:15 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Betty Anne\Desktop\aswMBR.exe
    [2012/11/13 02:11:33 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/11/10 21:55:20 | 000,000,000 | ---D | C] -- C:\Users\Betty Anne\Desktop\Duck
    [2012/11/09 22:13:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/11/08 22:33:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
    [2012/11/08 21:08:48 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Betty Anne\Desktop\esetsmartinstaller_enu.exe
    [2012/11/08 21:08:47 | 002,406,064 | ---- | C] (Trend Micro Inc.) -- C:\Users\Betty Anne\Desktop\HousecallLauncher64.exe
    [2012/11/08 19:51:12 | 000,000,000 | ---D | C] -- C:\Users\Betty Anne\AppData\Roaming\Malwarebytes
    [2012/11/08 19:48:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/11/08 19:48:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/11/08 19:48:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/10/30 19:05:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012/10/30 19:04:54 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012/10/30 19:04:53 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2012/10/30 19:04:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2012/10/30 19:04:53 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    [2012/10/30 16:51:15 | 000,000,000 | ---D | C] -- C:\Users\Betty Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Restore
    [2012/10/30 15:31:53 | 000,000,000 | ---D | C] -- C:\Users\Betty Anne\Pearson
    [2012/10/25 19:46:22 | 000,196,440 | ---- | C] (McAfee, Inc.) -- C:\windows\SysNative\drivers\HipShieldK.sys

    ========== Files - Modified Within 30 Days ==========

    [2012/11/13 22:21:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Betty Anne\Desktop\OTL.exe
    [2012/11/13 22:03:27 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/11/13 22:03:27 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/11/13 22:00:28 | 000,778,660 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
    [2012/11/13 22:00:28 | 000,660,318 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
    [2012/11/13 22:00:28 | 000,121,214 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
    [2012/11/13 21:55:56 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2012/11/13 21:55:45 | 462,987,263 | -HS- | M] () -- C:\hiberfil.sys
    [2012/11/13 21:43:17 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
    [2012/11/13 21:11:41 | 005,000,873 | R--- | M] (Swearware) -- C:\Users\Betty Anne\Desktop\ComboFix.exe
    [2012/11/13 20:15:14 | 000,000,512 | ---- | M] () -- C:\Users\Betty Anne\Desktop\MBR.dat
    [2012/11/10 22:02:46 | 000,666,112 | ---- | M] () -- C:\Users\Betty Anne\Desktop\RogueKiller.exe
    [2012/11/10 22:02:41 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Betty Anne\Desktop\aswMBR.exe
    [2012/11/10 22:02:34 | 002,195,061 | ---- | M] () -- C:\Users\Betty Anne\Desktop\tdsskiller.zip
    [2012/11/09 20:55:44 | 000,002,120 | ---- | M] () -- C:\scu.dat
    [2012/11/09 10:38:00 | 005,784,274 | ---- | M] () -- C:\Users\Betty Anne\AppData\Local\census.cache
    [2012/11/09 10:30:15 | 000,086,470 | ---- | M] () -- C:\Users\Betty Anne\AppData\Local\ars.cache
    [2012/11/08 21:13:59 | 000,000,036 | ---- | M] () -- C:\Users\Betty Anne\AppData\Local\housecall.guid.cache
    [2012/11/08 21:06:04 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Betty Anne\Desktop\esetsmartinstaller_enu.exe
    [2012/11/08 21:05:14 | 002,406,064 | ---- | M] (Trend Micro Inc.) -- C:\Users\Betty Anne\Desktop\HousecallLauncher64.exe
    [2012/11/08 19:48:55 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/11/06 21:16:41 | 000,001,135 | ---- | M] () -- C:\Users\Betty Anne\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
    [2012/10/30 19:05:33 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/10/30 17:06:33 | 000,000,176 | ---- | M] () -- C:\ProgramData\-IFCQXQjLQXC2XEr
    [2012/10/30 17:06:33 | 000,000,152 | ---- | M] () -- C:\ProgramData\-IFCQXQjLQXC2XE
    [2012/10/30 16:52:16 | 000,000,176 | ---- | M] () -- C:\ProgramData\-IwLLZ3HEtF0AmVr
    [2012/10/30 16:52:16 | 000,000,152 | ---- | M] () -- C:\ProgramData\-IwLLZ3HEtF0AmV
    [2012/10/30 16:51:15 | 000,000,679 | ---- | M] () -- C:\Users\Betty Anne\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Restore.lnk

    ========== Files Created - No Company Name ==========

    [2012/11/13 21:36:40 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
    [2012/11/13 21:36:40 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
    [2012/11/13 21:36:40 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
    [2012/11/13 21:36:40 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
    [2012/11/13 21:36:40 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
    [2012/11/13 20:53:38 | 000,002,777 | ---- | C] () -- C:\Users\Public\Desktop\Greeting Card Factory Silver.lnk
    [2012/11/13 20:53:38 | 000,002,488 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
    [2012/11/13 20:53:38 | 000,002,214 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 3510 series.lnk
    [2012/11/13 20:53:38 | 000,002,101 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    [2012/11/13 20:53:38 | 000,002,054 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) WiDi.lnk
    [2012/11/13 20:53:38 | 000,001,993 | ---- | C] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
    [2012/11/13 20:53:38 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    [2012/11/13 20:53:38 | 000,001,376 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
    [2012/11/13 20:53:38 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
    [2012/11/13 20:53:38 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
    [2012/11/13 20:53:38 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
    [2012/11/13 20:53:38 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
    [2012/11/13 20:53:38 | 000,001,317 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
    [2012/11/13 20:53:38 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
    [2012/11/13 20:53:38 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
    [2012/11/13 20:53:38 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
    [2012/11/13 20:53:38 | 000,001,161 | ---- | C] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 3510 series.lnk
    [2012/11/13 20:53:38 | 000,001,054 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
    [2012/11/13 20:53:38 | 000,001,039 | ---- | C] () -- C:\Users\Public\Desktop\Hoyle Casino 2008.lnk
    [2012/11/13 20:53:38 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2012/11/13 20:53:37 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    [2012/11/13 20:53:37 | 000,002,477 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cozi Family Calendar.lnk
    [2012/11/13 20:53:37 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    [2012/11/13 20:53:37 | 000,001,975 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
    [2012/11/13 20:15:14 | 000,000,512 | ---- | C] () -- C:\Users\Betty Anne\Desktop\MBR.dat
    [2012/11/13 20:09:15 | 000,666,112 | ---- | C] () -- C:\Users\Betty Anne\Desktop\RogueKiller.exe
    [2012/11/13 20:09:13 | 002,195,061 | ---- | C] () -- C:\Users\Betty Anne\Desktop\tdsskiller.zip
    [2012/11/08 22:47:12 | 000,002,120 | ---- | C] () -- C:\scu.dat
    [2012/11/08 21:26:27 | 005,784,274 | ---- | C] () -- C:\Users\Betty Anne\AppData\Local\census.cache
    [2012/11/08 21:25:46 | 000,086,470 | ---- | C] () -- C:\Users\Betty Anne\AppData\Local\ars.cache
    [2012/11/08 21:13:59 | 000,000,036 | ---- | C] () -- C:\Users\Betty Anne\AppData\Local\housecall.guid.cache
    [2012/11/08 19:48:55 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/11/06 21:16:41 | 000,001,135 | ---- | C] () -- C:\Users\Betty Anne\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
    [2012/10/30 19:05:33 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/10/30 17:06:33 | 000,000,176 | ---- | C] () -- C:\ProgramData\-IFCQXQjLQXC2XEr
    [2012/10/30 17:06:33 | 000,000,152 | ---- | C] () -- C:\ProgramData\-IFCQXQjLQXC2XE
    [2012/10/30 16:52:16 | 000,000,176 | ---- | C] () -- C:\ProgramData\-IwLLZ3HEtF0AmVr
    [2012/10/30 16:52:16 | 000,000,152 | ---- | C] () -- C:\ProgramData\-IwLLZ3HEtF0AmV
    [2012/10/30 16:51:15 | 000,000,679 | ---- | C] () -- C:\Users\Betty Anne\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Restore.lnk
    [2012/10/06 17:49:35 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
    [2012/08/26 15:14:51 | 000,005,392 | ---- | C] () -- C:\windows\dhstatus.dat
    [2012/08/26 15:08:09 | 000,005,525 | ---- | C] () -- C:\windows\checkip.dat
    [2012/06/13 13:50:54 | 000,000,418 | ---- | C] () -- C:\windows\hpwmdl28.dat.temp
    [2012/06/12 17:04:48 | 000,207,601 | ---- | C] () -- C:\windows\hpwins28.dat
    [2012/02/12 11:32:15 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
    [2012/02/12 11:32:15 | 000,218,304 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
    [2012/02/12 11:32:15 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
    [2012/02/12 11:32:15 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
    [2012/02/12 11:32:14 | 013,356,032 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
    [2012/02/12 10:09:19 | 000,017,776 | ---- | C] () -- C:\windows\EvtMessage.dll
    [2012/02/12 10:04:15 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll
    [2011/11/16 15:49:04 | 000,000,096 | ---- | C] () -- C:\windows\LaunApp.ini
    [2011/11/16 15:49:01 | 000,000,325 | ---- | C] () -- C:\windows\Prelaunch.ini
    [2011/11/16 15:49:01 | 000,000,271 | ---- | C] () -- C:\windows\WisPriority.ini
    [2011/11/16 15:49:01 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini
    [2011/11/16 15:49:01 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini
    [2011/11/16 15:49:01 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini
    [2011/11/16 15:49:01 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini
    [2011/11/16 15:49:01 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini
    [2011/11/16 14:25:01 | 000,773,050 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

    ========== ZeroAccess Check ==========

    [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "ThreadingModel" = Both
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/02/21 19:25:04 | 000,000,000 | ---D | M] -- C:\Users\Betty Anne\AppData\Roaming\Fingertapps
    [2012/02/24 12:02:25 | 000,000,000 | ---D | M] -- C:\Users\Betty Anne\AppData\Roaming\PCDr

    ========== Purity Check ==========


    < End of report >
     
  18. amuck

    amuck TS Rookie Topic Starter Posts: 36

    OTL Extras logfile created on: 11/13/2012 10:23:22 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Betty Anne\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.91 Gb Total Physical Memory | 4.73 Gb Available Physical Memory | 80.02% Memory free
    11.81 Gb Paging File | 10.21 Gb Available in Paging File | 86.40% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 581.41 Gb Total Space | 532.49 Gb Free Space | 91.59% Space Free | Partition Type: NTFS
    Drive D: | 5.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: BETTYANNE-PC | User Name: Betty Anne | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0AB0989D-2EBF-4772-830A-B370E0D7ED71}" = HP Deskjet 3510 series Basic Device Software
    "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
    "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
    "{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java(TM) 7 Update 1 (64-bit)
    "{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
    "{295AEB79-B53A-4F1B-860F-7800BB7E3681}" = Intel(R) PROSet/Wireless WiFi Software
    "{2CFC157D-6224-4072-9732-54DD8C07F334}" = HP Deskjet 3510 series Product Improvement Study
    "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
    "{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
    "{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64
    "{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
    "CCleaner" = CCleaner
    "HP Document Manager" = HP Document Manager 2.0
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Smart Web Printing" = HP Smart Web Printing 4.5
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 13.0
    "HPOCR" = OCR Software by I.R.I.S. 13.0
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "PC-Doctor for Windows" = Dell Support Center
    "ProInst" = Intel PROSet Wireless
    "Shop for HP Supplies" = Shop for HP Supplies

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
    "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
    "{26A24AE4-039D-4CA4-87B4-2F83217001FF}" = Java(TM) 7 Update 1
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{3F99D180-34C3-4151-8C6C-86FC5D7BDFBD}" = Hoyle Casino
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{55D6B4DA-50E9-47AF-99C1-9A8E3A234763}" = Greeting Card Factory Silver
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
    "{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
    "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
    "{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
    "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
    "{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
    "{781A93CD-1608-427D-B7F0-D05C07795B25}" = Intel(R) WiDi
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}" = Dell MusicStage
    "{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{97C1C98D-6AE5-4C71-9B00-EBBD9E014450}" = HP Deskjet 3510 series Help
    "{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}" = Dell Home Systems Service Agreement
    "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
    "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
    "{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
    "{B1EB7FFF-6E44-43D8-869D-B78E44CD3E0F}" = TI USB3 Host Driver
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{C16A92EF-017B-4839-9C75-FBADB5A1FA27}" = TrustedID
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
    "{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}" = Dell Stage
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}" = Cozi
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
    "{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
    "{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
    "Dell Webcam Central" = Dell Webcam Central
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "ESET Online Scanner" = ESET Online Scanner v3
    "HP Photo Creations" = HP Photo Creations
    "InstallShield_{B1EB7FFF-6E44-43D8-869D-B78E44CD3E0F}" = TI USB 3.0 Host Controller Driver
    "InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
    "MSC" = McAfee SecurityCenter
    "ProInst" = Intel PROSet Wireless
    "WinLiveSuite" = Windows Live Essentials
    "Yahoo! Companion" = Yahoo! Toolbar

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 11/10/2012 6:26:31 AM | Computer Name = BettyAnne-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 1918656

    Error - 11/10/2012 6:26:47 AM | Computer Name = BettyAnne-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 11/10/2012 6:26:47 AM | Computer Name = BettyAnne-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 1934256

    Error - 11/10/2012 6:26:47 AM | Computer Name = BettyAnne-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 1934256

    Error - 11/10/2012 6:27:03 AM | Computer Name = BettyAnne-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 11/10/2012 6:27:03 AM | Computer Name = BettyAnne-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 1949856

    Error - 11/10/2012 6:27:03 AM | Computer Name = BettyAnne-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 1949856

    Error - 11/10/2012 6:27:18 AM | Computer Name = BettyAnne-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 11/10/2012 6:27:18 AM | Computer Name = BettyAnne-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 1965456

    Error - 11/10/2012 6:27:18 AM | Computer Name = BettyAnne-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 1965456

    [ Dell Events ]
    Error - 2/23/2012 3:42:57 PM | Computer Name = BettyAnne-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 2/23/2012 3:42:57 PM | Computer Name = BettyAnne-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    [ OSession Events ]
    Error - 10/15/2012 3:11:05 AM | Computer Name = BettyAnne-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 540092
    seconds with 7140 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 11/1/2012 8:26:15 PM | Computer Name = BettyAnne-PC | Source = Service Control Manager | ID = 7003
    Description = The McAfee Personal Firewall Service service depends the following
    service: MpsSvc. This service might not be installed.

    Error - 11/1/2012 8:26:15 PM | Computer Name = BettyAnne-PC | Source = Service Control Manager | ID = 7003
    Description = The McAfee Personal Firewall Service service depends the following
    service: MpsSvc. This service might not be installed.

    Error - 11/1/2012 10:40:45 PM | Computer Name = BettyAnne-PC | Source = Service Control Manager | ID = 7023
    Description = The Function Discovery Resource Publication service terminated with
    the following error: %%-2147024891

    Error - 11/1/2012 10:40:45 PM | Computer Name = BettyAnne-PC | Source = Service Control Manager | ID = 7001
    Description = The HomeGroup Provider service depends on the Function Discovery Resource
    Publication service which failed to start because of the following error: %%-2147024891

    Error - 11/1/2012 10:41:16 PM | Computer Name = BettyAnne-PC | Source = Service Control Manager | ID = 7003
    Description = The McAfee Personal Firewall Service service depends the following
    service: MpsSvc. This service might not be installed.

    Error - 11/1/2012 10:41:16 PM | Computer Name = BettyAnne-PC | Source = Service Control Manager | ID = 7003
    Description = The McAfee Personal Firewall Service service depends the following
    service: MpsSvc. This service might not be installed.

    Error - 11/1/2012 10:41:22 PM | Computer Name = BettyAnne-PC | Source = Service Control Manager | ID = 7003
    Description = The McAfee Personal Firewall Service service depends the following
    service: MpsSvc. This service might not be installed.

    Error - 11/1/2012 10:41:22 PM | Computer Name = BettyAnne-PC | Source = Service Control Manager | ID = 7003
    Description = The McAfee Personal Firewall Service service depends the following
    service: MpsSvc. This service might not be installed.

    Error - 11/2/2012 12:56:00 AM | Computer Name = BettyAnne-PC | Source = Service Control Manager | ID = 7001
    Description = The HomeGroup Provider service depends on the Function Discovery Resource
    Publication service which failed to start because of the following error: %%-2147024891

    Error - 11/2/2012 12:56:00 AM | Computer Name = BettyAnne-PC | Source = Service Control Manager | ID = 7023
    Description = The Function Discovery Resource Publication service terminated with
    the following error: %%-2147024891


    < End of report >
     
  19. amuck

    amuck TS Rookie Topic Starter Posts: 36

    Seems to be running okay, except when posting here from that machine; keeps getting hung up on a script.

    Should I update Windows, Java, etc now?
     
  20. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    Not yet...

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      [2012/10/30 17:06:33 | 000,000,176 | ---- | C] () -- C:\ProgramData\-IFCQXQjLQXC2XEr
      [2012/10/30 17:06:33 | 000,000,152 | ---- | C] () -- C:\ProgramData\-IFCQXQjLQXC2XE
      [2012/10/30 16:52:16 | 000,000,176 | ---- | C] () -- C:\ProgramData\-IwLLZ3HEtF0AmVr
      [2012/10/30 16:52:16 | 000,000,152 | ---- | C] () -- C:\ProgramData\-IwLLZ3HEtF0AmV
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.


    =====================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  21. amuck

    amuck TS Rookie Topic Starter Posts: 36

    All processes killed
    ========== OTL ==========
    C:\ProgramData\-IFCQXQjLQXC2XEr moved successfully.
    C:\ProgramData\-IFCQXQjLQXC2XE moved successfully.
    C:\ProgramData\-IwLLZ3HEtF0AmVr moved successfully.
    C:\ProgramData\-IwLLZ3HEtF0AmV moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Betty Anne
    ->Temp folder emptied: 32878 bytes
    ->Temporary Internet Files folder emptied: 13113736 bytes
    ->Java cache emptied: 2342370 bytes
    ->Flash cache emptied: 29698 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 18739 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 55184512 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 67.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Betty Anne
    ->Java cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Betty Anne
    ->Flash cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 11132012_225152
    Files\Folders moved on Reboot...
    C:\Users\Betty Anne\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Betty Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...

    Downloading/running other tools now, stand by.
     
  22. amuck

    amuck TS Rookie Topic Starter Posts: 36

    Results of screen317's Security Check version 0.99.54
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    McAfee Anti-Virus and Anti-Spyware
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.65.1.1000
    Java(TM) 7 Update 1
    Java version out of Date!
    ````````Process Check: objlist.exe by Laurent````````
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
     
  23. amuck

    amuck TS Rookie Topic Starter Posts: 36

    Farbar Service Scanner Version: 09-11-2012
    Ran by Betty Anne (administrator) on 13-11-2012 at 23:05:39
    Running from "C:\Users\Betty Anne\Desktop"
    Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Action Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.

    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1

    Other Services:
    ==============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit

    **** End of log ****
     
  24. amuck

    amuck TS Rookie Topic Starter Posts: 36

    # AdwCleaner v2.007 - Logfile created 11/13/2012 at 23:10:53
    # Updated 06/11/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Betty Anne - BETTYANNE-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Betty Anne\Desktop\adwcleaner.exe
    # Option [Delete]

    ***** [Services] *****

    ***** [Files / Folders] *****

    ***** [Registry] *****

    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16421
    [OK] Registry is clean.
    *************************
    AdwCleaner[R1].txt - [656 octets] - [13/11/2012 23:10:30]
    AdwCleaner[S1].txt - [588 octets] - [13/11/2012 23:10:53]
    ########## EOF - C:\AdwCleaner[S1].txt - [647 octets] ##########
     
  25. amuck

    amuck TS Rookie Topic Starter Posts: 36

    ESET running...could be a while. I may be asleep before it finishes. If so, I will post first thing in the AM and then be back on tomorrow evening around 6 or 7 PM EST. Broni, thanks for all your help.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.