Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Possible Spyware problems

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics
View previous topic :: View next topic  
Author Message
mikelutz1
Junior Member


Joined: 02 Jul 2012
Last Visit: 15 Jul 2012
Posts: 13
Location: Florida
PostPosted: Mon Jul 02, 2012 4:10 pm    Post subject: Possible Spyware problems Reply with quote
Win7 Servicepac 1 for x64 (KB976932) fails to install (many attempts), with code 80246007. Lower priority, but possibly related; Microsoft Wireless Router Module also failed to install, with error code 80070002.

Troubleshooting indicates that this is probably due to spywear. . Followed Robear Dyer's option 3. Steps 1&2 found nothing. His step 3 was to contact you.

DDS files follow:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by MikeNew at 18:17:40 on 2012-07-02
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5887.4388 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Users\MikeNew\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Webroot\Washer\WasherSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Webroot\Washer\wwDisp.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Users\MikeNew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NXTR0AT\Windows-KB890830-x64-V4.9.exe
c:\991f4f63997d7a57cf72\mrtstub.exe
C:\Windows\system32\MRT.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Window Washer] C:\Program Files (x86)\Webroot\Washer\wwDisp.exe
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
StartupFolder: C:\Users\MikeNew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\MikeNew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\HPSIMP~1.LNK - C:\Users\MikeNew\AppData\Roaming\HP SimpleSave Application\StartHelper.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Show RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: intuit.com\ttlc
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{964BCDC8-C219-481B-97DB-D0112400C097} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{964BCDC8-C219-481B-97DB-D0112400C097}\2456C6B696E6F5C45747A7 : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO-X64: RoboForm BHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\MikeNew\AppData\Roaming\Mozilla\Firefox\Profiles\fkhe1o4t.default\
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-7-28 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]
R2 BackupService;BackupService;C:\Users\MikeNew\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [2010-10-22 83512]
R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-3-30 151656]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-9-17 2477304]
R2 wwEngineSvc;Window Washer Engine;C:\Program Files (x86)\Webroot\Washer\WasherSvc.exe [2011-6-10 618896]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-6-2 138912]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-3 250056]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-02 02:17:35 -------- d-----w- C:\991f4f63997d7a57cf72
2012-06-30 20:12:35 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{871958F4-9820-4C07-96D5-27B4CB24302B}\offreg.dll
2012-06-29 20:22:19 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{871958F4-9820-4C07-96D5-27B4CB24302B}\mpengine.dll
2012-06-16 03:02:20 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-16 03:02:20 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-16 03:02:20 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-16 03:02:15 208896 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-16 03:02:10 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-16 03:02:09 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-16 03:02:09 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-16 03:02:05 3144192 ----a-w- C:\Windows\System32\win32k.sys
2012-06-16 03:02:02 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-16 03:01:59 3213824 ----a-w- C:\Windows\System32\msi.dll
2012-06-16 03:01:59 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-16 03:00:59 1460224 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-16 03:00:58 182272 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-16 03:00:58 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-16 03:00:58 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-16 03:00:58 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-16 03:00:58 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-11 22:43:09 -------- d-----w- C:\Windows\System32\SPReview
2012-06-08 23:31:56 -------- d-----w- C:\Users\MikeNew\AppData\Local\{7B8FB4B7-A467-40C5-906C-1A7B41011407}
2012-06-08 23:13:26 -------- d-----w- C:\Users\MikeNew\AppData\Local\{FAED4D8D-EB00-4883-ADDA-2653DA229CBE}
2012-06-08 23:12:05 -------- d-----w- C:\Users\MikeNew\AppData\Local\{9F322DFF-5986-453C-ADB8-318A6B008A25}
2012-06-08 23:07:25 -------- d-----w- C:\Users\MikeNew\AppData\Local\{1E661ECD-17CB-4F23-8075-1146FCD339A7}
2012-06-08 23:05:00 -------- d-----w- C:\Users\MikeNew\AppData\Local\{ECEED339-C97E-4EE7-A806-10FBFBD9AAF7}
2012-06-08 22:49:20 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-08 22:49:11 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-08 22:48:59 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-08 22:48:59 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-08 22:39:44 -------- d-----w- C:\Users\MikeNew\AppData\Local\{479A01F2-8508-4090-AA4D-8458C1BDF7B0}
2012-06-08 02:29:04 -------- d-----w- C:\Users\MikeNew\AppData\Local\{3CC6D623-2F83-46C1-8979-529D5BC70F69}
2012-06-08 02:19:06 -------- d-----w- C:\Users\MikeNew\AppData\Local\{7D52CEEE-2E30-4E30-94B1-BDFD4BB16C1A}
2012-06-08 02:14:51 -------- d-----w- C:\Users\MikeNew\AppData\Local\{AF5E175D-F695-4811-B68A-2C47C79CC8EB}
2012-06-08 02:14:39 -------- d-----w- C:\Users\MikeNew\AppData\Local\{A8C4C697-FF47-41A9-887C-0E8D09B8F973}
2012-06-06 02:02:50 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-06-06 02:02:50 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-06-06 02:02:50 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-06-06 02:02:50 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-06-06 02:02:50 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
.
==================== Find3M ====================
.
2012-06-24 20:39:18 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-24 20:39:18 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-24 20:39:09 9815752 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 18:18:04.76 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 10/20/2010 7:33:54 PM
System Uptime: 7/2/2012 6:48:40 AM (12 hours ago)
.
Motherboard: Dell Inc. | | 04GJJT
Processor: AMD Athlon(tm) II X4 630 Processor | CPU 1 | 784/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 690 GiB total, 623.062 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
K: is FIXED (NTFS) - 56 GiB total, 26.983 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Teefer2 Miniport
Device ID: ROOT\SYMC_TEEFER2MP\0005
Manufacturer: Symantec
Name: Teefer2 Miniport #6
PNP Device ID: ROOT\SYMC_TEEFER2MP\0005
Service: Teefer2
.
Class GUID:
Description: NETGEAR WNDR3400v2 N600 Wireless Router
Device ID: UUID:A9C51877-A082-A95F-36F7-7433EED4AFEE\UMB\3&1E72DD&0&UUID:A9C51877-A082-A95F-36F7-7433EED4AFEE
Manufacturer:
Name: NETGEAR WNDR3400v2 N600 Wireless Router
PNP Device ID: UUID:A9C51877-A082-A95F-36F7-7433EED4AFEE\UMB\3&1E72DD&0&UUID:A9C51877-A082-A95F-36F7-7433EED4AFEE
Service:
.
==== System Restore Points ===================
.
RP337: 6/15/2012 10:03:05 PM - Windows Update
RP338: 6/16/2012 8:16:36 PM - Windows Backup
RP339: 6/17/2012 7:00:03 PM - Windows Backup
RP341: 6/19/2012 5:42:11 PM - Windows Update
RP343: 6/24/2012 8:02:00 PM - Windows Backup
RP345: 6/28/2012 8:04:04 PM - Windows Update
RP346: 7/1/2012 7:09:06 PM - Windows Backup
RP348: 7/1/2012 9:01:09 PM - Windows Update
.
==== Installed Programs ======================
.
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.1
AMD VISION Engine Control Center
AnswerWorks 5.0 English Runtime
Bing Desktop
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Dock
Garmin Communicator Plugin
Garmin Lifetime Updater
Garmin USB Drivers
Garmin WebUpdater
GoToAssist 8.0.0.514
HP Product Detection
iSEEK AnswerWorks English Runtime
Java Auto Updater
Java(TM) 6 Update 29
Junk Mail filter update
LiveUpdate 3.3 (Symantec Corporation)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Works
Mozilla Firefox 11.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PowerDVD DX
Quicken 2010
Quicken 2011
Quicken 2012
Realtek High Definition Audio Driver
RoboForm 7-7-8-8 (All Users)
Roxio Burn
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Skins
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 wiliper
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Window Washer
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
7/1/2012 9:02:06 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070002: Microsoft - Other hardware - Microsoft Wireless Router Module.
7/1/2012 9:01:19 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Windows 7 Service Pack 1 for x64-based Systems (KB976932).
.
==== End Of File ===========================
_________________
Mhl1949
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 19 Jun 2013
Posts: 9711
Location: Yorkshire
PostPosted: Tue Jul 03, 2012 7:13 am    Post subject: Reply with quote
Looking over your logs, back soon.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 19 Jun 2013
Posts: 9711
Location: Yorkshire
PostPosted: Tue Jul 03, 2012 7:25 am    Post subject: Reply with quote
Your DDS log shows you have Symantec Endpoint and Webroot installed, however neither are showing in your Installed Programs list.

Can you let me know ....

a. Whether either of those programs is actually installed.
b. If so, which you are using as your anti-virus.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
mikelutz1
Junior Member


Joined: 02 Jul 2012
Last Visit: 15 Jul 2012
Posts: 13
Location: Florida
PostPosted: Tue Jul 03, 2012 4:55 pm    Post subject: Reply with quote
BothWebroot windowwasher and Symantec endpoint are installed.

Symantec is my anti virus. I was using windowwasher as a privacy protector. Didn't even know it was an antivirus.

Thanks in advance for any help you can provide.
_________________
Mhl1949
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 19 Jun 2013
Posts: 9711
Location: Yorkshire
PostPosted: Tue Jul 03, 2012 8:56 pm    Post subject: Reply with quote
WindowWasher sometimes comes as part of other Webroot programs, so since it wasn't listed in your Install Programs list, I just wanted to make sure it wasn't on your computer as part of a suite. More than 1 installed anti-virus program can have all sorts of unexpected consequences.

OK, before we start investigating your problem, let me make quite clear that this forum specialises solely in the removal of Malware, and that is where our expertise lies. Your problem may or may not be as a cause of Malware, it's impossible to say at this point.

We will attempt to remove any Malware we discover, and this may or may not resolve your issues, but updates may fail to load for a number of non-malware related reasons as well, and if that turns out to be the case, I may have to hand you on to forums that specialise in that kind of problem, since it's not my area of expertise.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

I'd also recommend that you create a System Restore Point that we can restore to if necessary.


  • Click Start, and type Create a restore point into the Search programs and files box.
  • Now click on the Create a restore point icon at the top of the find list.
  • This will open a System Properties box, with the System Protection tab open ...

    • Click on the Create button in the lower part of the window.
    • Type Pre Malware Cleanup into the description box, then click Create.
    • Windows will now create a Restore Point and notify you when finished.
    • Exit any open windows.



Please observe these rules while we work:

  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.

If you can do these things, everything should go smoothly.

  • As you're using Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator


Quote:
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


I'd like to run a few more scans, so I can get a better idea about what's on your machine ...

Download OTL by OldTimer to your Desktop.

If you already have a copy of OTL delete it and use this version.


  • Double click OTL.exe to launch the programme.
  • Check the following.

    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.

  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.

    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)

  • Please post me both logs.


Next

Download TDSSKiller.zip and extract it to your Desktop.

  • Double click on TDSSKiller.exe to launch it.

    • If using Vista or Windows7, when prompted by UAC allow the prompt.

  • Click on Change parameters

    • Check Detect TDLFS file system
    • Click OK

  • Click on Start Scan
  • The scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • Post the contents in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT


Next

Please download Farbar Service Scanner ... by Farbar and save it to your Desktop.

  • Double click FSS.exe to run it. (Vista - W7 users: Please right click on FSS.exe and select Run As Administrator).
  • Select the following options ....

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender

  • Press the Scan button.
  • When finished, a text file named FSS.txt will be created on your desktop.
  • Copy/Paste the contents in your reply please.


Summary of the logs I need from you in your next post:

  • OTL.txt
  • Extras.txt
  • TDSSKiller log
  • FSS.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
mikelutz1
Junior Member


Joined: 02 Jul 2012
Last Visit: 15 Jul 2012
Posts: 13
Location: Florida
PostPosted: Wed Jul 04, 2012 10:18 am    Post subject: OTL.txt Reply with quote
OTL logfile created on: 7/4/2012 1:07:13 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\MikeNew\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 3.98 Gb Available Physical Memory | 69.26% Memory free
11.50 Gb Paging File | 9.38 Gb Available in Paging File | 81.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 689.97 Gb Total Space | 623.22 Gb Free Space | 90.32% Space Free | Partition Type: NTFS
Drive K: | 55.93 Gb Total Space | 32.94 Gb Free Space | 58.90% Space Free | Partition Type: NTFS

Computer Name: MIKENEW-PC | User Name: MikeNew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/04 13:00:17 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\MikeNew\Desktop\OTL.exe
PRC - [2012/06/10 22:37:37 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
PRC - [2012/06/05 17:36:24 | 000,109,336 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012/03/30 14:41:46 | 000,151,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2012/01/06 16:30:00 | 001,446,760 | ---- | M] (Garmin) -- C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
PRC - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/04/20 10:12:18 | 000,618,896 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files (x86)\Webroot\Washer\WasherSvc.exe
PRC - [2011/04/20 10:12:12 | 001,633,680 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files (x86)\Webroot\Washer\wwDisp.exe
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/07/01 10:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) -- C:\Users\MikeNew\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
PRC - [2009/12/29 16:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/12/15 21:14:22 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/09/17 18:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/09/17 18:55:12 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
PRC - [2009/07/08 20:14:40 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/15 22:12:46 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll
MOD - [2012/06/15 22:12:34 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll
MOD - [2012/06/15 22:12:31 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll
MOD - [2012/06/15 22:12:25 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll
MOD - [2012/06/15 22:12:24 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll
MOD - [2012/05/09 18:21:17 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll
MOD - [2012/05/09 18:21:17 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\4837a5c6204d53e7aa4f7dd94b98207c\System.Xml.Linq.ni.dll
MOD - [2012/05/09 17:39:17 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll
MOD - [2012/05/09 17:36:23 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll
MOD - [2012/05/09 17:36:20 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
MOD - [2012/05/09 17:36:18 | 000,736,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\5a3beae8b211b91bfc620c029cf4c2d4\System.Security.ni.dll
MOD - [2012/05/09 17:36:16 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
MOD - [2012/05/09 17:36:11 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2011/04/20 10:12:16 | 000,040,848 | ---- | M] () -- C:\Program Files (x86)\Webroot\Washer\Languages\English.dll
MOD - [2011/04/20 10:11:50 | 000,559,244 | ---- | M] () -- C:\Program Files (x86)\Webroot\Washer\sqlite3.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/12/21 01:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/12/15 21:14:22 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/07/28 17:43:58 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2012/06/24 15:39:18 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/30 14:41:46 | 000,151,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/04/20 10:12:18 | 000,618,896 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\Program Files (x86)\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc)
SRV - [2010/10/14 16:50:12 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/07/01 10:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Users\MikeNew\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe -- (BackupService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/17 18:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/09/17 18:37:56 | 003,197,256 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/09/17 17:22:16 | 000,411,976 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
SRV - [2009/07/13 12:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 01:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/06/24 06:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2011/06/23 16:25:10 | 000,225,328 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wpshelper.sys -- (WpsHelper)
DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/10/20 19:47:05 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2009/10/24 01:49:46 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/10/01 01:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/17 18:37:52 | 000,052,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\WPSDRVnt.sys -- (WPS)
DRV:64bit: - [2009/08/25 20:05:48 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2009/08/25 20:05:46 | 000,481,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2009/08/25 20:05:44 | 000,443,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2009/08/06 07:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/27 14:31:34 | 000,062,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Teefer2.sys -- (Teefer2)
DRV:64bit: - [2009/05/05 13:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2012/06/02 03:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/06/02 03:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/05/15 03:00:00 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120703.017\ex64.sys -- (NAVEX15)
DRV - [2012/05/15 03:00:00 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120703.017\eng64.sys -- (NAVENG)
DRV - [2009/08/25 20:05:48 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2009/08/25 20:05:46 | 000,481,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2009/08/25 20:05:44 | 000,443,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {760544A3-A6FF-4D31-BAF8-24B43E0685C8}
IE:64bit: - HKLM\..\SearchScopes\{760544A3-A6FF-4D31-BAF8-24B43E0685C8}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {7C7B465F-E70E-4001-9731-9F13266797BA}
IE - HKLM\..\SearchScopes\{7C7B465F-E70E-4001-9731-9F13266797BA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1970364552-1508715367-3508970197-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-1970364552-1508715367-3508970197-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1970364552-1508715367-3508970197-1000\..\SearchScopes,DefaultScope = {7C7B465F-E70E-4001-9731-9F13266797BA}
IE - HKU\S-1-5-21-1970364552-1508715367-3508970197-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012/06/05 17:36:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/05 21:02:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/04/14 16:22:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MikeNew\AppData\Roaming\Mozilla\Extensions
[2012/06/05 21:17:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MikeNew\AppData\Roaming\Mozilla\Firefox\Profiles\fkhe1o4t.default\extensions
[2012/06/05 21:02:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/05 21:02:51 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/05 21:02:48 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/05 21:02:48 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1970364552-1508715367-3508970197-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1970364552-1508715367-3508970197-1000\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-1970364552-1508715367-3508970197-1000\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1970364552-1508715367-3508970197-1000..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-1970364552-1508715367-3508970197-1000..\Run: [Window Washer] C:\Program Files (x86)\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\MikeNew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\MikeNew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk = C:\Users\MikeNew\AppData\Roaming\HP SimpleSave Application\StartHelper.exe ()
O4 - Startup: C:\Users\Randi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1970364552-1508715367-3508970197-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{964BCDC8-C219-481B-97DB-D0112400C097}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{62f9d8b9-de16-11df-9520-00262dd1a5c4}\Shell - "" = AutoRun
O33 - MountPoints2\{62f9d8b9-de16-11df-9520-00262dd1a5c4}\Shell\AutoRun\command - "" = I:\HPLauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/04 13:01:01 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\MikeNew\Desktop\OTL.exe
[2012/07/02 18:19:53 | 000,000,000 | ---D | C] -- C:\Users\MikeNew\Desktop\DDS Files
[2012/07/01 21:16:16 | 056,731,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012/07/01 21:01:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing Desktop
[2012/06/15 22:03:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/15 22:03:19 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/15 22:03:19 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/15 22:03:18 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/15 22:03:17 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/15 22:03:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/15 22:03:17 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/06/15 22:03:17 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/15 22:03:16 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/15 22:03:15 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/06/15 22:03:15 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/06/15 22:03:15 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/15 22:03:14 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/15 22:02:20 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/15 22:02:20 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/15 22:02:20 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/15 22:02:10 | 005,505,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/15 22:02:09 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/15 22:02:09 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/15 22:01:59 | 003,213,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/06/15 22:00:59 | 001,460,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/15 22:00:58 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/06/11 17:43:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012/06/08 18:31:56 | 000,000,000 | ---D | C] -- C:\Users\MikeNew\AppData\Local\{7B8FB4B7-A467-40C5-906C-1A7B41011407}
[2012/06/08 18:13:26 | 000,000,000 | ---D | C] -- C:\Users\MikeNew\AppData\Local\{FAED4D8D-EB00-4883-ADDA-2653DA229CBE}
[2012/06/08 18:12:05 | 000,000,000 | ---D | C] -- C:\Users\MikeNew\AppData\Local\{9F322DFF-5986-453C-ADB8-318A6B008A25}
[2012/06/08 18:07:25 | 000,000,000 | ---D | C] -- C:\Users\MikeNew\AppData\Local\{1E661ECD-17CB-4F23-8075-1146FCD339A7}
[2012/06/08 18:05:00 | 000,000,000 | ---D | C] -- C:\Users\MikeNew\AppData\Local\{ECEED339-C97E-4EE7-A806-10FBFBD9AAF7}
[2012/06/08 17:53:59 | 000,000,000 | ---D | C] -- C:\Users\MikeNew\Desktop\Gabe videos
[2012/06/08 17:49:20 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/08 17:49:20 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/08 17:49:20 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/08 17:49:11 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/08 17:49:11 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/08 17:49:11 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/08 17:48:59 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/08 17:48:59 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/08 17:39:44 | 000,000,000 | ---D | C] -- C:\Users\MikeNew\AppData\Local\{479A01F2-8508-4090-AA4D-8458C1BDF7B0}
[2012/06/07 21:29:04 | 000,000,000 | ---D | C] -- C:\Users\MikeNew\AppData\Local\{3CC6D623-2F83-46C1-8979-529D5BC70F69}
[2012/06/07 21:19:06 | 000,000,000 | ---D | C] -- C:\Users\MikeNew\AppData\Local\{7D52CEEE-2E30-4E30-94B1-BDFD4BB16C1A}
[2012/06/07 21:14:51 | 000,000,000 | ---D | C] -- C:\Users\MikeNew\AppData\Local\{AF5E175D-F695-4811-B68A-2C47C79CC8EB}
[2012/06/07 21:14:39 | 000,000,000 | ---D | C] -- C:\Users\MikeNew\AppData\Local\{A8C4C697-FF47-41A9-887C-0E8D09B8F973}
[3 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/04 13:00:17 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\MikeNew\Desktop\OTL.exe
[2012/07/04 12:44:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/04 12:43:58 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/03 22:56:39 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/03 22:56:39 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/03 22:53:31 | 000,732,638 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/03 22:53:31 | 000,628,304 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/03 22:53:31 | 000,108,482 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/03 22:48:30 | 334,737,407 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/24 15:39:18 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/06/24 15:39:18 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/06/24 15:39:09 | 009,815,752 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/06/16 20:02:31 | 000,434,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/08 18:07:55 | 000,002,265 | ---- | M] () -- C:\Users\MikeNew\Documents\Gabe & Box.wlmp
[3 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/08 18:05:37 | 000,002,265 | ---- | C] () -- C:\Users\MikeNew\Documents\Gabe & Box.wlmp
[2012/04/12 18:12:48 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7840N.DAT
[2012/02/20 23:24:22 | 000,000,469 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/07/17 23:54:02 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/04/17 17:12:09 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/04/17 17:12:09 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7840W.DAT
[2011/04/17 16:32:17 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/10/25 18:14:43 | 000,000,183 | ---- | C] () -- C:\ProgramData\LockFilePath.ini
[2010/10/22 11:55:38 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2010/10/20 21:15:39 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2010/10/14 18:41:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== LOP Check ==========

[2012/01/04 19:53:28 | 000,000,000 | ---D | M] -- C:\Users\MikeNew\AppData\Roaming\GARMIN
[2011/06/29 19:16:40 | 000,000,000 | ---D | M] -- C:\Users\MikeNew\AppData\Roaming\GoodSync
[2011/03/13 12:12:05 | 000,000,000 | ---D | M] -- C:\Users\MikeNew\AppData\Roaming\RoboForm
[2012/03/11 14:23:25 | 000,000,000 | ---D | M] -- C:\Users\Randi\AppData\Roaming\Garmin
[2012/04/05 20:29:00 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
_________________
Mhl1949
Back to top
View user's profile Send private message
mikelutz1
Junior Member


Joined: 02 Jul 2012
Last Visit: 15 Jul 2012
Posts: 13
Location: Florida
PostPosted: Wed Jul 04, 2012 10:20 am    Post subject: extras.txt Reply with quote
OTL Extras logfile created on: 7/4/2012 1:07:13 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\MikeNew\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 3.98 Gb Available Physical Memory | 69.26% Memory free
11.50 Gb Paging File | 9.38 Gb Available in Paging File | 81.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 689.97 Gb Total Space | 623.22 Gb Free Space | 90.32% Space Free | Partition Type: NTFS
Drive K: | 55.93 Gb Total Space | 32.94 Gb Free Space | 58.90% Space Free | Partition Type: NTFS

Computer Name: MIKENEW-PC | User Name: MikeNew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1970364552-1508715367-3508970197-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{020B558E-25E2-434E-BEBD-C0BB43CE7BBD}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{021C9C2D-FBF8-4164-A2BB-B050928D5C6E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{040733C5-8A1E-4486-B241-406648EBD625}" = rport=5357 | protocol=6 | dir=out | app=system |
"{09D8CF96-1151-46C0-9F48-CBC5460B5244}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{129EED6D-A4DE-4951-B078-451DA16540B7}" = lport=445 | protocol=6 | dir=in | app=system |
"{13276176-652A-473E-A409-BDD88EB95716}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{15339FCA-07E4-48DD-934A-7F23F243192D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1750DCA3-BFB7-44A5-A2B2-F22089D1548E}" = lport=138 | protocol=17 | dir=in | app=system |
"{1EC9B346-AB42-48CF-838A-CB5601303F49}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{26D70414-B117-45C8-9519-907BF2284A4C}" = lport=139 | protocol=6 | dir=in | app=system |
"{28CF9A2C-6D9E-4552-BEDF-0A1B133F07C9}" = lport=5357 | protocol=6 | dir=in | app=system |
"{2BB7A049-4399-44FA-BBC0-838858E5D6E2}" = rport=138 | protocol=17 | dir=out | app=system |
"{2BFFEBAC-35A1-48B5-89B1-F2BD347DF666}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2DB8D154-11B7-45EB-936A-BD57DEAF0CB7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3562CB0B-9088-45DE-B9A1-E87C26B9B67F}" = lport=137 | protocol=17 | dir=in | app=system |
"{42670C60-90FF-4F76-944E-3327B89C3458}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{43979926-D10A-46BC-9A2C-89629ECA371E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4C92C0B6-D8A3-424C-AD59-2B1CEC60DF80}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4CDC79C2-3993-4433-BD86-7670D7144BD3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4E0D3647-1861-486E-8CA0-BAC250099EAE}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{52E90BD1-07C4-4810-BC76-49B6B89FFC3C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{557E8539-D921-46C5-81FB-1241D9537A7A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5B9D538B-8A72-4A76-9BF3-454A1CE5D1B6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6336B767-FDBF-42B9-A380-0B479463BE0F}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe |
"{6A4D7F99-F82F-4F76-922D-A1D43BFF675C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6EB9378A-01D2-46AC-A270-9200F245E787}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{72C9B084-1BF5-4630-AC18-12E749B8D0CF}" = rport=139 | protocol=6 | dir=out | app=system |
"{7397F912-4BD6-446D-881C-92A847177D43}" = lport=5358 | protocol=6 | dir=in | app=system |
"{8977A534-481F-4650-AB39-E589B60C915F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8B24F9C5-92FF-4065-B3EB-64B61973747C}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdateservice.exe |
"{9B44F6C0-9A27-41E5-88A8-E2B47EDFBE6F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A08CAF21-F71D-41E4-A85A-DBDEBEC30549}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe |
"{AAF8BD7C-40F7-41F0-9EA4-E5E3A63BBFA0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B223F360-6252-4719-A263-A2CB7F26DED9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B383B476-A16A-4D0D-82F4-091A2F943508}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CAC516E6-BE58-49DF-9200-A72FEB6192F0}" = rport=137 | protocol=17 | dir=out | app=system |
"{CBBE0675-19DA-48C5-8DAB-28075252CC61}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D3008E5F-DB38-484A-8F7D-CA0351EC30BB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E1BBBE96-CD8B-4569-8014-EB13340721AB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E2CD9FAA-854B-4200-BD3F-156EEFCE55F7}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdater.exe |
"{E410A5B5-416A-4AA5-94E3-CA15EE1EB0CA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E74B2166-B37A-43AC-8DED-B6F8D9FC1ABD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E91C50D0-E94C-4AC6-8958-CCB49F372E9E}" = rport=445 | protocol=6 | dir=out | app=system |
"{F3414628-C2B7-4B43-AADE-E1AD0356D329}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{F4D836B7-9111-44DE-B8EC-B5EB1EB4A560}" = rport=5358 | protocol=6 | dir=out | app=system |
"{FCF05056-8813-4DEC-AB12-84024E92B663}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04CBC7B6-DD8B-47A9-9171-4D990C459F8C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{05124DD5-60A0-47BD-B924-4CAB2E27FA96}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{0E9B8353-78E5-4858-89D6-BD87EB1EDFD9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1842EE5E-2CF9-4F57-A28C-75F585590AEA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{29194674-F367-4D4E-88AA-24D6F1F40006}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{30094170-5CA4-4CC5-9E9C-B7EF4DB8AC33}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{40F77E53-354A-48AD-93DC-B5225965CAE8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5200E99B-30E6-4563-B3CC-15E434589BF0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5804C69E-A408-4C6C-A3F9-60915630ABED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{64306B61-5856-48A0-9173-23A1058821B5}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{76D7C443-12E1-4AB3-98DC-2504D789F4D7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{7F30753B-27D7-4321-A84E-E4C97CA25E64}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{820EB0D0-33B5-423A-82FA-146AD300A76E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{829B76F7-845C-43D6-9541-64F8FBEF7ACB}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{878AA79B-7938-42B2-A226-1D9A0A03F1B9}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{8D5313B7-FAC4-4537-A443-5208894E57DA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{90B2634D-0FA5-4808-B855-5D21237C961E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{93D3C945-830D-4616-B795-6B3B61BD6A35}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{966E9F60-981D-49F2-A16B-8CC96502DCA5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9888F0FF-5F4E-4705-A9D5-671663B8C5A8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{A2D06CA0-203E-426D-9831-B6B6048F684C}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{A8677778-7117-4CB6-B551-087629EE825E}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{AB9252D5-C2A3-4A45-BA38-3F4FA58A4B15}" = protocol=6 | dir=out | app=system |
"{B0CCA200-2EDF-4AEC-B0B9-F77A47D3EB16}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B168C696-03B1-406F-89AD-6DACBF778FA7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B6B5DD30-DD63-481D-9998-0B1B09FD49F6}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
"{B8006506-1FFA-4982-BAA1-338B1559F425}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{BD1C5E02-7C47-447A-BBFA-A40033600F19}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
"{C013B767-4F1E-4465-8680-107CB271B324}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{C1861B69-634B-4CA9-88C5-63306A28FE49}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{D56C7320-FD5E-4CD0-A556-3F321151761B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D79E2C7D-8987-466A-B2EA-4FEC4B53665E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe |
"{D926C2F2-3BBF-4CA8-8522-AE26EBF068B4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DF86620D-143F-44EC-BDCA-6E075A193973}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F8EE038C-2D4D-406C-AB48-FB0D5BF8DC2C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F902E906-30AC-4417-9896-51FAEADCC62D}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{FB5CB81E-91F6-435A-94F7-5E39B0A951C9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FF9A6E82-78FC-4E5B-AD02-B23BC658B931}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
"{2AF2EABE-CF18-CACB-E57C-A4902A3C36C8}" = AMD Media Foundation Decoders
"{3C9B2770-E66E-D289-56A0-95CFADA8EB26}" = AMD Catalyst Install Manager
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{530992D4-DDBA-4F68-8B0D-FF50AC57531B}" = Symantec Endpoint Protection
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C95F41B-70D9-7EF8-BC80-B1C896B5B747}" = AMD Fuel
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{D77162FE-B7B2-8E1E-D80D-89DE6217DF13}" = AMD Drag and Drop Transcoding
"{D79C2CD4-7BCC-60AC-76C9-834CEEF1CDBE}" = ccc-utility64
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E06357A3-5F44-B1AE-F4BA-9DAC26A209C9}" = ccc-utility64
"{EB418DDD-5365-4381-87F6-D8BBB21CC1CA}" = Garmin Communicator Plugin x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FDD06F32-C9C8-429C-A7B0-915D8A5AD406}" = 64 Bit HP CIO Components Installer
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}" = Quicken 2012
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D29B7E9-CDFF-807D-1D4E-FFB77D809836}" = CCC Help Italian
"{0E13CAA3-B5FC-48C0-AA4A-26F5CD0C371C}" = Garmin Lifetime Updater
"{144D9816-818D-C36E-33A0-889A19C5EDA6}" = CCC Help Portuguese
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17079027-EB8A-42C6-9BF8-825B78889F6A}" = Garmin Communicator Plugin
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{18BED011-2EEF-1148-E90C-D6556565B2EC}" = CCC Help Polish
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20C2435C-5B06-2E12-5087-116D8EF658B8}" = CCC Help Korean
"{26791563-0BDF-1FBE-CC21-994A09559CCE}" = Catalyst Control Center Graphics Previews Common
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{330D5210-3C4F-E632-2714-BE23C7C10B9F}" = Catalyst Control Center Graphics Previews Common
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3A25676C-038C-504A-FA32-F971B36BF7EE}" = Catalyst Control Center Graphics Previews Vista
"{3B8FF075-F41B-89DD-41F7-B90A6A01B8F8}" = Catalyst Control Center Graphics Full New
"{43544FB5-BC1D-939A-7FDA-F7F3E5AEC35B}" = AMD VISION Engine Control Center
"{44453D07-5BDB-45F8-E3DF-20A7F76407D0}" = CCC Help Czech
"{466E1C7A-AEAF-2F55-26E2-A727B761AAB0}" = CCC Help Dutch
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{50ED6ABB-078C-8B17-1181-DC6DDB4E52DC}" = Catalyst Control Center InstallProxy
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{56E55229-CBE7-211E-0CD1-AB3712AF177A}" = CCC Help Danish
"{5CE2D957-59C2-4489-481E-2E38EAE59762}" = CCC Help Spanish
"{5DEB2BA0-0E1F-D5CB-A0C4-F738590BE973}" = Catalyst Control Center Core Implementation
"{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011
"{6346B2AE-0DBB-45A3-9ECA-D23CAC27AB7E}" = TurboTax 2011 wiliper
"{6675371D-22CD-F426-DC4C-9DDF594D0BBE}" = CCC Help Chinese Traditional
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6839108F-BC82-30BC-776F-D635EDA2B3D4}" = CCC Help Russian
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B1ADEE1-1595-82C4-6FB9-97B65F68E9EE}" = CCC Help Swedish
"{6B206787-2964-D9D8-A1F6-7D98B6BCD7F9}" = CCC Help Hungarian
"{73EFFD76-009E-A554-AA1F-106DBE475525}" = CCC Help French
"{775FCAEB-C804-02B9-135F-D9A189A1CCDC}" = CCC Help English
"{77D41B26-31DE-4EBA-F974-26D67B728FDB}" = CCC Help Turkish
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78D2854E-5DBF-11E7-B41F-47D203C8ED66}" = CCC Help English
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{833FE2B0-DCD7-8995-6374-F69F1A84055F}" = CCC Help German
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8D0BED50-BD2B-5EBA-7F04-5513F1B9EC74}" = CCC Help Thai
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{98C7AEBC-350A-52D6-6886-76FB98C6A503}" = Catalyst Control Center Graphics Full Existing
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ABD3F7BD-02E6-9150-2D34-F9F3109FA466}" = Catalyst Control Center InstallProxy
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{BE6F906F-9F86-5CED-E122-8C6A162295B8}" = Skins
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CCB71FF8-DE82-469C-8641-44378F4443EB}" = Garmin WebUpdater
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1E89604-DFBE-2DF8-BE82-A0076107AA32}" = CCC Help Finnish
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E50D9AC2-EB3C-3161-FF97-4E800D106D0E}" = CCC Help Norwegian
"{E65DADC9-D6B1-6706-41DE-FA19149869E5}" = Catalyst Control Center Graphics Light
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBF60699-3D2E-6677-D504-5B4846171C8E}" = ccc-core-static
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4044E58-9707-2918-1DA9-D3E400F0B699}" = CCC Help Japanese
"{F70ACEA1-05C5-6D98-9C0C-F3AD818E1E33}" = CCC Help Chinese Standard
"{F835D378-5073-8C86-70EF-9A3B739F9897}" = CCC Help Greek
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FFD3A1EB-F550-3309-7AFE-17E4BB778423}" = Catalyst Control Center Localization All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AI RoboForm" = RoboForm 7-7-8-8 (All Users)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Dell Dock" = Dell Dock
"GoToAssist" = GoToAssist 8.0.0.514
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"TurboTax 2010" = TurboTax 2010
"TurboTax 2011" = TurboTax 2011
"Window Washer" = Window Washer
"WinLiveSuite" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/20/2012 10:28:30 PM | Computer Name = MikeNew-PC | Source = Application Hang | ID = 1002
Description = The program qwpatch.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 1764 Start Time:
01cd1f660d9b7f3c Termination Time: 0 Application Path: C:\ProgramData\Intuit\Quicken\INET\COMMON\Patch\Update\qwpatch.exe

Report
Id: ab86cf71-8b59-11e1-869b-00262dd1a5c4

Error - 4/23/2012 6:37:03 PM | Computer Name = MikeNew-PC | Source = Symantec AntiVirus | ID = 16711754
Description = TruScan has generated an error: code 14: description: CAL Failure

Error - 5/14/2012 8:36:18 PM | Computer Name = MikeNew-PC | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 5/15/2012 8:45:06 PM | Computer Name = MikeNew-PC | Source = System Restore | ID = 8193
Description =

Error - 5/16/2012 7:03:00 PM | Computer Name = MikeNew-PC | Source = System Restore | ID = 8193
Description =

Error - 5/16/2012 9:58:09 PM | Computer Name = MikeNew-PC | Source = Application Hang | ID = 1002
Description = The program mmc.exe version 6.1.7600.16385 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 13bc Start
Time: 01cd33cea774b250 Termination Time: 0 Application Path: C:\Windows\system32\mmc.exe

Report
Id: bdf0877f-9fc3-11e1-a2e4-00262dd1a5c4

Error - 5/16/2012 10:14:50 PM | Computer Name = MikeNew-PC | Source = Application Hang | ID = 1002
Description = The program DeviceProperties.exe version 6.1.7600.16385 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 6e8 Start
Time: 01cd33d2995bbf1e Termination Time: 16 Application Path: C:\Windows\System32\DeviceProperties.exe

Report
Id: 12df29de-9fc6-11e1-9be4-00262dd1a5c4

Error - 5/20/2012 9:41:53 PM | Computer Name = MikeNew-PC | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 5/22/2012 9:07:06 PM | Computer Name = MikeNew-PC | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 6/3/2012 10:29:39 PM | Computer Name = MikeNew-PC | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

[ Media Center Events ]
Error - 1/26/2012 1:56:52 PM | Computer Name = MikeNew-PC | Source = MCUpdate | ID = 0
Description = 11:56:52 AM - Error connecting to the internet. 11:56:52 AM - Unable
to contact server..

Error - 1/26/2012 1:56:59 PM | Computer Name = MikeNew-PC | Source = MCUpdate | ID = 0
Description = 11:56:57 AM - Error connecting to the internet. 11:56:57 AM - Unable
to contact server..

Error - 1/26/2012 2:59:35 PM | Computer Name = MikeNew-PC | Source = MCUpdate | ID = 0
Description = 12:59:35 PM - Error connecting to the internet. 12:59:35 PM - Unable
to contact server..

Error - 1/26/2012 2:59:42 PM | Computer Name = MikeNew-PC | Source = MCUpdate | ID = 0
Description = 12:59:40 PM - Error connecting to the internet. 12:59:40 PM - Unable
to contact server..

Error - 1/26/2012 4:01:25 PM | Computer Name = MikeNew-PC | Source = MCUpdate | ID = 0
Description = 2:01:25 PM - Error connecting to the internet. 2:01:25 PM - Unable
to contact server..

Error - 1/26/2012 4:01:32 PM | Computer Name = MikeNew-PC | Source = MCUpdate | ID = 0
Description = 2:01:30 PM - Error connecting to the internet. 2:01:30 PM - Unable
to contact server..

Error - 2/19/2012 12:52:14 AM | Computer Name = MikeNew-PC | Source = MCUpdate | ID = 0
Description = 10:52:12 PM - Error connecting to the internet. 10:52:12 PM - Unable
to contact server..

Error - 2/19/2012 1:52:44 AM | Computer Name = MikeNew-PC | Source = MCUpdate | ID = 0
Description = 11:52:42 PM - Error connecting to the internet. 11:52:43 PM - Unable
to contact server..

Error - 2/19/2012 2:57:16 AM | Computer Name = MikeNew-PC | Source = MCUpdate | ID = 0
Description = 12:57:14 AM - Error connecting to the internet. 12:57:14 AM - Unable
to contact server..

Error - 2/19/2012 3:58:56 AM | Computer Name = MikeNew-PC | Source = MCUpdate | ID = 0
Description = 1:58:54 AM - Error connecting to the internet. 1:58:54 AM - Unable
to contact server..

[ System Events ]
Error - 6/24/2012 4:38:44 PM | Computer Name = MikeNew-PC | Source = Service Control Manager | ID = 7034
Description = The LiveUpdate service terminated unexpectedly. It has done this
1 time(s).

Error - 6/24/2012 4:39:14 PM | Computer Name = MikeNew-PC | Source = DCOM | ID = 10010
Description =

Error - 6/24/2012 5:38:45 PM | Computer Name = MikeNew-PC | Source = DCOM | ID = 10010
Description =

Error - 6/24/2012 9:09:38 PM | Computer Name = MikeNew-PC | Source = DCOM | ID = 10010
Description =

Error - 6/28/2012 11:01:14 PM | Computer Name = MikeNew-PC | Source = DCOM | ID = 10010
Description =

Error - 6/29/2012 9:24:03 PM | Computer Name = MikeNew-PC | Source = DCOM | ID = 10010
Description =

Error - 6/29/2012 10:29:25 PM | Computer Name = MikeNew-PC | Source = DCOM | ID = 10010
Description =

Error - 7/1/2012 10:01:19 PM | Computer Name = MikeNew-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80246007: Windows 7 Service Pack 1 for x64-based Systems (KB976932).

Error - 7/1/2012 10:02:06 PM | Computer Name = MikeNew-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070002: Microsoft - Other hardware - Microsoft Wireless Router Module.

Error - 7/3/2012 11:47:34 PM | Computer Name = MikeNew-PC | Source = DCOM | ID = 10010
Description =


< End of report >
_________________
Mhl1949
Back to top
View user's profile Send private message
mikelutz1
Junior Member


Joined: 02 Jul 2012
Last Visit: 15 Jul 2012
Posts: 13
Location: Florida
PostPosted: Wed Jul 04, 2012 10:29 am    Post subject: TDDS report Reply with quote
13:25:06.0553 5408 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
13:25:06.0897 5408 ============================================================
13:25:06.0897 5408 Current date / time: 2012/07/04 13:25:06.0897
13:25:06.0897 5408 SystemInfo:
13:25:06.0897 5408
13:25:06.0897 5408 OS Version: 6.1.7600 ServicePack: 0.0
13:25:06.0897 5408 Product type: Workstation
13:25:06.0897 5408 ComputerName: MIKENEW-PC
13:25:06.0897 5408 UserName: MikeNew
13:25:06.0897 5408 Windows directory: C:\Windows
13:25:06.0897 5408 System windows directory: C:\Windows
13:25:06.0897 5408 Running under WOW64
13:25:06.0897 5408 Processor architecture: Intel x64
13:25:06.0897 5408 Number of processors: 4
13:25:06.0897 5408 Page size: 0x1000
13:25:06.0897 5408 Boot type: Normal boot
13:25:06.0897 5408 ============================================================
13:25:08.0129 5408 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:25:08.0145 5408 Drive \Device\Harddisk5\DR5 - Size: 0xDFBDD4000 (55.94 Gb), SectorSize: 0x200, Cylinders: 0x1C85, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:25:08.0581 5408 ============================================================
13:25:08.0581 5408 \Device\Harddisk0\DR0:
13:25:08.0581 5408 MBR partitions:
13:25:08.0581 5408 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1139000
13:25:08.0581 5408 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1154800, BlocksNum 0x563F1000
13:25:08.0581 5408 \Device\Harddisk5\DR5:
13:25:08.0581 5408 MBR partitions:
13:25:08.0581 5408 \Device\Harddisk5\DR5\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FDB606
13:25:08.0581 5408 ============================================================
13:25:08.0597 5408 C: <-> \Device\Harddisk0\DR0\Partition1
13:25:08.0628 5408 K: <-> \Device\Harddisk5\DR5\Partition0
13:25:08.0628 5408 ============================================================
13:25:08.0628 5408 Initialize success
13:25:08.0628 5408 ============================================================
13:25:17.0255 4184 ============================================================
13:25:17.0255 4184 Scan started
13:25:17.0255 4184 Mode: Manual;
13:25:17.0255 4184 ============================================================
13:25:18.0285 4184 1394ohci (969c91060cbb5d17cb8440b5f78b4c51) C:\Windows\system32\DRIVERS\1394ohci.sys
13:25:18.0316 4184 1394ohci - ok
13:25:18.0347 4184 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
13:25:18.0347 4184 ACPI - ok
13:25:18.0363 4184 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
13:25:18.0378 4184 AcpiPmi - ok
13:25:18.0487 4184 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:25:18.0565 4184 AdobeFlashPlayerUpdateSvc - ok
13:25:18.0597 4184 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:25:18.0597 4184 adp94xx - ok
13:25:18.0612 4184 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:25:18.0628 4184 adpahci - ok
13:25:18.0643 4184 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:25:18.0659 4184 adpu320 - ok
13:25:18.0675 4184 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:25:18.0675 4184 AeLookupSvc - ok
13:25:18.0706 4184 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
13:25:18.0706 4184 AFD - ok
13:25:18.0721 4184 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
13:25:18.0737 4184 agp440 - ok
13:25:18.0753 4184 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:25:18.0768 4184 ALG - ok
13:25:18.0784 4184 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
13:25:18.0784 4184 aliide - ok
13:25:18.0831 4184 AMD External Events Utility (a359974eaac83a435497c52f62a2e590) C:\Windows\system32\atiesrxx.exe
13:25:18.0831 4184 AMD External Events Utility - ok
13:25:18.0893 4184 AMD FUEL Service - ok
13:25:18.0909 4184 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
13:25:18.0924 4184 amdide - ok
13:25:18.0955 4184 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:25:18.0955 4184 AmdK8 - ok
13:25:19.0283 4184 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
13:25:19.0439 4184 amdkmdag - ok
13:25:19.0533 4184 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
13:25:19.0533 4184 amdkmdap - ok
13:25:19.0548 4184 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:25:19.0548 4184 AmdPPM - ok
13:25:19.0564 4184 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
13:25:19.0579 4184 amdsata - ok
13:25:19.0595 4184 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:25:19.0611 4184 amdsbs - ok
13:25:19.0611 4184 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
13:25:19.0611 4184 amdxata - ok
13:25:19.0657 4184 AODDriver4.01 (f312fad7dbd49ed21a194ac71b497832) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
13:25:19.0657 4184 AODDriver4.01 - ok
13:25:19.0689 4184 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
13:25:19.0704 4184 AppID - ok
13:25:19.0720 4184 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:25:19.0735 4184 AppIDSvc - ok
13:25:19.0735 4184 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
13:25:19.0735 4184 Appinfo - ok
13:25:19.0751 4184 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:25:19.0767 4184 arc - ok
13:25:19.0767 4184 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:25:19.0782 4184 arcsas - ok
13:25:19.0798 4184 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:25:19.0798 4184 AsyncMac - ok
13:25:19.0813 4184 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
13:25:19.0813 4184 atapi - ok
13:25:19.0891 4184 athr (195786ed7a26e1913a4f9799fdbc2c71) C:\Windows\system32\DRIVERS\athrx.sys
13:25:19.0923 4184 athr - ok
13:25:20.0016 4184 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
13:25:20.0016 4184 AtiHdmiService - ok
13:25:20.0359 4184 atikmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
13:25:20.0406 4184 atikmdag - ok
13:25:20.0453 4184 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
13:25:20.0453 4184 AtiPcie - ok
13:25:20.0500 4184 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
13:25:20.0515 4184 AudioEndpointBuilder - ok
13:25:20.0531 4184 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
13:25:20.0531 4184 AudioSrv - ok
13:25:20.0531 4184 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
13:25:20.0547 4184 AxInstSV - ok
13:25:20.0562 4184 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:25:20.0578 4184 b06bdrv - ok
13:25:20.0593 4184 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:25:20.0609 4184 b57nd60a - ok
13:25:20.0671 4184 BackupService (68b86dd9d455a6a8de6d13c84fb5ce31) C:\Users\MikeNew\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
13:25:20.0671 4184 BackupService - ok
13:25:20.0687 4184 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:25:20.0703 4184 BDESVC - ok
13:25:20.0718 4184 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:25:20.0718 4184 Beep - ok
13:25:20.0765 4184 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
13:25:20.0765 4184 BFE - ok
13:25:20.0827 4184 BingDesktopUpdate (1b63f2b7ca6b5290cc124cdd07520bc9) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
13:25:20.0827 4184 BingDesktopUpdate - ok
13:25:20.0874 4184 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
13:25:20.0874 4184 BITS - ok
13:25:20.0905 4184 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:25:20.0905 4184 blbdrive - ok
13:25:20.0937 4184 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
13:25:20.0952 4184 bowser - ok
13:25:20.0952 4184 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:25:20.0968 4184 BrFiltLo - ok
13:25:20.0968 4184 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:25:20.0983 4184 BrFiltUp - ok
13:25:20.0999 4184 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
13:25:20.0999 4184 Browser - ok
13:25:21.0015 4184 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:25:21.0030 4184 Brserid - ok
13:25:21.0030 4184 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:25:21.0046 4184 BrSerWdm - ok
13:25:21.0061 4184 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:25:21.0061 4184 BrUsbMdm - ok
13:25:21.0077 4184 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:25:21.0077 4184 BrUsbSer - ok
13:25:21.0093 4184 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:25:21.0093 4184 BTHMODEM - ok
13:25:21.0139 4184 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:25:21.0155 4184 bthserv - ok
13:25:21.0217 4184 ccEvtMgr (27d036fb3d22ca8a6662fe960d1a937d) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
13:25:21.0217 4184 ccEvtMgr - ok
13:25:21.0217 4184 ccSetMgr (27d036fb3d22ca8a6662fe960d1a937d) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
13:25:21.0233 4184 ccSetMgr - ok
13:25:21.0249 4184 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:25:21.0264 4184 cdfs - ok
13:25:21.0295 4184 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
13:25:21.0311 4184 cdrom - ok
13:25:21.0327 4184 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
13:25:21.0327 4184 CertPropSvc - ok
13:25:21.0342 4184 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:25:21.0358 4184 circlass - ok
13:25:21.0373 4184 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:25:21.0373 4184 CLFS - ok
13:25:21.0420 4184 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:25:21.0467 4184 clr_optimization_v2.0.50727_32 - ok
13:25:21.0498 4184 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:25:21.0498 4184 clr_optimization_v2.0.50727_64 - ok
13:25:21.0576 4184 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:25:21.0576 4184 clr_optimization_v4.0.30319_32 - ok
13:25:21.0607 4184 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:25:21.0607 4184 clr_optimization_v4.0.30319_64 - ok
13:25:21.0623 4184 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:25:21.0623 4184 CmBatt - ok
13:25:21.0639 4184 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
13:25:21.0639 4184 cmdide - ok
13:25:21.0685 4184 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
13:25:21.0701 4184 CNG - ok
13:25:21.0732 4184 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:25:21.0748 4184 Compbatt - ok
13:25:21.0763 4184 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
13:25:21.0763 4184 CompositeBus - ok
13:25:21.0779 4184 COMSysApp - ok
13:25:21.0795 4184 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:25:21.0795 4184 crcdisk - ok
13:25:21.0826 4184 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
13:25:21.0826 4184 CryptSvc - ok
13:25:21.0873 4184 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
13:25:21.0873 4184 dc3d - ok
13:25:21.0935 4184 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
13:25:21.0935 4184 DcomLaunch - ok
13:25:21.0982 4184 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:25:22.0013 4184 defragsvc - ok
13:25:22.0060 4184 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
13:25:22.0060 4184 DfsC - ok
13:25:22.0091 4184 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
13:25:22.0091 4184 Dhcp - ok
13:25:22.0091 4184 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:25:22.0091 4184 discache - ok
13:25:22.0107 4184 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:25:22.0122 4184 Disk - ok
13:25:22.0138 4184 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
13:25:22.0138 4184 Dnscache - ok
13:25:22.0200 4184 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
13:25:22.0216 4184 DockLoginService - ok
13:25:22.0231 4184 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
13:25:22.0231 4184 dot3svc - ok
13:25:22.0263 4184 dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
13:25:22.0263 4184 dot4 - ok
13:25:22.0278 4184 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
13:25:22.0278 4184 Dot4Print - ok
13:25:22.0294 4184 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
13:25:22.0294 4184 dot4usb - ok
13:25:22.0309 4184 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
13:25:22.0309 4184 DPS - ok
13:25:22.0341 4184 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:25:22.0341 4184 drmkaud - ok
13:25:22.0419 4184 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
13:25:22.0434 4184 DXGKrnl - ok
13:25:22.0450 4184 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:25:22.0450 4184 EapHost - ok
13:25:22.0590 4184 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:25:22.0637 4184 ebdrv - ok
13:25:22.0699 4184 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
13:25:22.0715 4184 eeCtrl - ok
13:25:22.0777 4184 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
13:25:22.0777 4184 EFS - ok
13:25:22.0840 4184 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
13:25:22.0871 4184 ehRecvr - ok
13:25:22.0887 4184 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:25:22.0918 4184 ehSched - ok
13:25:22.0949 4184 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:25:22.0980 4184 elxstor - ok
13:25:23.0027 4184 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
13:25:23.0027 4184 EraserUtilRebootDrv - ok
13:25:23.0043 4184 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
13:25:23.0043 4184 ErrDev - ok
13:25:23.0089 4184 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:25:23.0089 4184 EventSystem - ok
13:25:23.0105 4184 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:25:23.0121 4184 exfat - ok
13:25:23.0136 4184 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:25:23.0136 4184 fastfat - ok
13:25:23.0183 4184 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
13:25:23.0183 4184 Fax - ok
13:25:23.0199 4184 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:25:23.0199 4184 fdc - ok
13:25:23.0230 4184 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:25:23.0230 4184 fdPHost - ok
13:25:23.0261 4184 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:25:23.0261 4184 FDResPub - ok
13:25:23.0277 4184 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:25:23.0277 4184 FileInfo - ok
13:25:23.0292 4184 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:25:23.0292 4184 Filetrace - ok
13:25:23.0308 4184 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:25:23.0308 4184 flpydisk - ok
13:25:23.0323 4184 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
13:25:23.0323 4184 FltMgr - ok
13:25:23.0401 4184 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
13:25:23.0433 4184 FontCache - ok
13:25:23.0479 4184 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:25:23.0511 4184 FontCache3.0.0.0 - ok
13:25:23.0542 4184 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:25:23.0542 4184 FsDepends - ok
13:25:23.0573 4184 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
13:25:23.0573 4184 Fs_Rec - ok
13:25:23.0604 4184 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:25:23.0604 4184 fvevol - ok
13:25:23.0620 4184 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:25:23.0620 4184 gagp30kx - ok
13:25:23.0667 4184 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
13:25:23.0698 4184 GoToAssist - ok
13:25:23.0745 4184 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
13:25:23.0760 4184 gpsvc - ok
13:25:23.0776 4184 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:25:23.0776 4184 hcw85cir - ok
13:25:23.0791 4184 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:25:23.0791 4184 HDAudBus - ok
13:25:23.0823 4184 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:25:23.0838 4184 HidBatt - ok
13:25:23.0854 4184 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:25:23.0854 4184 HidBth - ok
13:25:23.0869 4184 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:25:23.0869 4184 HidIr - ok
13:25:23.0885 4184 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
13:25:23.0885 4184 hidserv - ok
13:25:23.0901 4184 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
13:25:23.0901 4184 HidUsb - ok
13:25:23.0932 4184 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
13:25:23.0932 4184 hkmsvc - ok
13:25:23.0947 4184 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
13:25:23.0963 4184 HomeGroupListener - ok
13:25:23.0979 4184 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
13:25:23.0979 4184 HomeGroupProvider - ok
13:25:23.0994 4184 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
13:25:23.0994 4184 HpSAMD - ok
13:25:24.0041 4184 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
13:25:24.0057 4184 HTTP - ok
13:25:24.0103 4184 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
13:25:24.0103 4184 hwpolicy - ok
13:25:24.0166 4184 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
13:25:24.0181 4184 i8042prt - ok
13:25:24.0197 4184 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
13:25:24.0213 4184 iaStorV - ok
13:25:24.0291 4184 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:25:24.0306 4184 idsvc - ok
13:25:24.0337 4184 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:25:24.0337 4184 iirsp - ok
13:25:24.0369 4184 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
13:25:24.0369 4184 IKEEXT - ok
13:25:24.0462 4184 IntcAzAudAddService (9526f32b8a76f8dc25a1587400e30084) C:\Windows\system32\drivers\RTKVHD64.sys
13:25:24.0462 4184 IntcAzAudAddService - ok
13:25:24.0525 4184 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
13:25:24.0540 4184 intelide - ok
13:25:24.0556 4184 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:25:24.0571 4184 intelppm - ok
13:25:24.0649 4184 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
13:25:24.0649 4184 IntuitUpdateService - ok
13:25:24.0712 4184 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
13:25:24.0712 4184 IntuitUpdateServiceV4 - ok
13:25:24.0727 4184 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:25:24.0727 4184 IPBusEnum - ok
13:25:24.0743 4184 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:25:24.0743 4184 IpFilterDriver - ok
13:25:24.0774 4184 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
13:25:24.0774 4184 iphlpsvc - ok
13:25:24.0790 4184 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
13:25:24.0805 4184 IPMIDRV - ok
13:25:24.0821 4184 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:25:24.0852 4184 IPNAT - ok
13:25:24.0868 4184 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:25:24.0868 4184 IRENUM - ok
13:25:24.0883 4184 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
13:25:24.0899 4184 isapnp - ok
13:25:24.0899 4184 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
13:25:24.0915 4184 iScsiPrt - ok
13:25:24.0946 4184 k57nd60a (d85f3f18e44f7447b5f1ba5c85baeb7c) C:\Windows\system32\DRIVERS\k57nd60a.sys
13:25:24.0946 4184 k57nd60a - ok
13:25:24.0961 4184 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:25:24.0961 4184 kbdclass - ok
13:25:24.0977 4184 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
13:25:24.0977 4184 kbdhid - ok
13:25:24.0993 4184 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
13:25:24.0993 4184 KeyIso - ok
13:25:25.0039 4184 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
13:25:25.0039 4184 KSecDD - ok
13:25:25.0071 4184 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
13:25:25.0086 4184 KSecPkg - ok
13:25:25.0102 4184 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:25:25.0102 4184 ksthunk - ok
13:25:25.0117 4184 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:25:25.0133 4184 KtmRm - ok
13:25:25.0164 4184 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
13:25:25.0164 4184 LanmanServer - ok
13:25:25.0195 4184 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
13:25:25.0195 4184 LanmanWorkstation - ok
13:25:25.0414 4184 LiveUpdate (e34152d03caaaaa81dd66d803f392522) C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
13:25:25.0429 4184 LiveUpdate - ok
13:25:25.0507 4184 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:25:25.0507 4184 lltdio - ok
13:25:25.0539 4184 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:25:25.0539 4184 lltdsvc - ok
13:25:25.0554 4184 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:25:25.0554 4184 lmhosts - ok
13:25:25.0570 4184 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:25:25.0585 4184 LSI_FC - ok
13:25:25.0601 4184 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:25:25.0601 4184 LSI_SAS - ok
13:25:25.0617 4184 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:25:25.0617 4184 LSI_SAS2 - ok
13:25:25.0632 4184 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:25:25.0648 4184 LSI_SCSI - ok
13:25:25.0663 4184 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:25:25.0663 4184 luafv - ok
13:25:25.0679 4184 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
13:25:25.0695 4184 Mcx2Svc - ok
13:25:25.0695 4184 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:25:25.0710 4184 megasas - ok
13:25:25.0726 4184 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:25:25.0726 4184 MegaSR - ok
13:25:25.0804 4184 Microsoft SharePoint Workspace Audit Service - ok
13:25:25.0835 4184 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:25:25.0835 4184 MMCSS - ok
13:25:25.0835 4184 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:25:25.0851 4184 Modem - ok
13:25:25.0866 4184 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:25:25.0866 4184 monitor - ok
13:25:25.0882 4184 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:25:25.0882 4184 mouclass - ok
13:25:25.0897 4184 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:25:25.0897 4184 mouhid - ok
13:25:25.0913 4184 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
13:25:25.0913 4184 mountmgr - ok
13:25:25.0929 4184 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
13:25:25.0929 4184 mpio - ok
13:25:25.0944 4184 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:25:25.0944 4184 mpsdrv - ok
13:25:25.0975 4184 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
13:25:25.0991 4184 MpsSvc - ok
13:25:26.0022 4184 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
13:25:26.0038 4184 MRxDAV - ok
13:25:26.0053 4184 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:25:26.0053 4184 mrxsmb - ok
13:25:26.0085 4184 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:25:26.0100 4184 mrxsmb10 - ok
13:25:26.0116 4184 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:25:26.0116 4184 mrxsmb20 - ok
13:25:26.0163 4184 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys
13:25:26.0163 4184 msahci - ok
13:25:26.0178 4184 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
13:25:26.0194 4184 msdsm - ok
13:25:26.0225 4184 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:25:26.0225 4184 MSDTC - ok
13:25:26.0256 4184 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:25:26.0256 4184 Msfs - ok
13:25:26.0256 4184 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:25:26.0272 4184 mshidkmdf - ok
13:25:26.0272 4184 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
13:25:26.0272 4184 msisadrv - ok
13:25:26.0303 4184 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:25:26.0303 4184 MSiSCSI - ok
13:25:26.0303 4184 msiserver - ok
13:25:26.0334 4184 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:25:26.0334 4184 MSKSSRV - ok
13:25:26.0334 4184 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:25:26.0350 4184 MSPCLOCK - ok
13:25:26.0350 4184 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:25:26.0350 4184 MSPQM - ok
13:25:26.0381 4184 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
13:25:26.0381 4184 MsRPC - ok
13:25:26.0397 4184 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
13:25:26.0397 4184 mssmbios - ok
13:25:26.0397 4184 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:25:26.0397 4184 MSTEE - ok
13:25:26.0412 4184 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:25:26.0412 4184 MTConfig - ok
13:25:26.0428 4184 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:25:26.0428 4184 Mup - ok
13:25:26.0459 4184 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
13:25:26.0475 4184 napagent - ok
13:25:26.0506 4184 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:25:26.0506 4184 NativeWifiP - ok
13:25:26.0615 4184 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120703.017\ENG64.SYS
13:25:26.0615 4184 NAVENG - ok
13:25:26.0693 4184 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120703.017\EX64.SYS
13:25:26.0693 4184 NAVEX15 - ok
13:25:26.0833 4184 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
13:25:26.0849 4184 NDIS - ok
13:25:26.0865 4184 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:25:26.0865 4184 NdisCap - ok
13:25:26.0880 4184 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:25:26.0880 4184 NdisTapi - ok
13:25:26.0896 4184 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
13:25:26.0896 4184 Ndisuio - ok
13:25:26.0896 4184 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:25:26.0911 4184 NdisWan - ok
13:25:26.0911 4184 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
13:25:26.0911 4184 NDProxy - ok
13:25:26.0943 4184 Net Driver HPZ12 (b6cba9a0403e2c1a9ea03c33a4932e89) C:\Windows\system32\HPZinw12.dll
13:25:26.0943 4184 Net Driver HPZ12 - ok
13:25:26.0943 4184 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:25:26.0943 4184 NetBIOS - ok
13:25:26.0974 4184 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
13:25:26.0974 4184 NetBT - ok
13:25:26.0989 4184 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
13:25:26.0989 4184 Netlogon - ok
13:25:27.0036 4184 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:25:27.0052 4184 Netman - ok
13:25:27.0083 4184 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:25:27.0083 4184 netprofm - ok
13:25:27.0145 4184 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:25:27.0161 4184 NetTcpPortSharing - ok
13:25:27.0177 4184 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:25:27.0177 4184 nfrd960 - ok
13:25:27.0208 4184 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
13:25:27.0208 4184 NlaSvc - ok
13:25:27.0239 4184 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:25:27.0239 4184 Npfs - ok
13:25:27.0239 4184 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:25:27.0255 4184 nsi - ok
13:25:27.0255 4184 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:25:27.0255 4184 nsiproxy - ok
13:25:27.0348 4184 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
13:25:27.0379 4184 Ntfs - ok
13:25:27.0442 4184 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:25:27.0442 4184 Null - ok
13:25:27.0473 4184 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
13:25:27.0489 4184 nvraid - ok
13:25:27.0504 4184 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
13:25:27.0504 4184 nvstor - ok
13:25:27.0535 4184 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
13:25:27.0551 4184 nv_agp - ok
13:25:27.0582 4184 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
13:25:27.0598 4184 ohci1394 - ok
13:25:27.0645 4184 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:25:27.0723 4184 ose - ok
13:25:27.0941 4184 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:25:28.0050 4184 osppsvc - ok
13:25:28.0128 4184 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:25:28.0128 4184 p2pimsvc - ok
13:25:28.0159 4184 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:25:28.0159 4184 p2psvc - ok
13:25:28.0175 4184 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:25:28.0175 4184 Parport - ok
13:25:28.0206 4184 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
13:25:28.0206 4184 partmgr - ok
13:25:28.0222 4184 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:25:28.0237 4184 PcaSvc - ok
13:25:28.0409 4184 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
13:25:28.0409 4184 pci - ok
13:25:28.0425 4184 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
13:25:28.0456 4184 pciide - ok
13:25:28.0471 4184 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:25:28.0487 4184 pcmcia - ok
13:25:28.0487 4184 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:25:28.0487 4184 pcw - ok
13:25:28.0518 4184 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:25:28.0534 4184 PEAUTH - ok
13:25:28.0612 4184 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:25:28.0643 4184 PerfHost - ok
13:25:28.0705 4184 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
13:25:28.0768 4184 pla - ok
13:25:28.0815 4184 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
13:25:28.0830 4184 PlugPlay - ok
13:25:28.0846 4184 Pml Driver HPZ12 (35ccb20b0d730b7764d049463e4b2ac5) C:\Windows\system32\HPZipm12.dll
13:25:28.0846 4184 Pml Driver HPZ12 - ok
13:25:28.0861 4184 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:25:28.0861 4184 PNRPAutoReg - ok
13:25:28.0877 4184 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:25:28.0893 4184 PNRPsvc - ok
13:25:28.0971 4184 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
13:25:28.0971 4184 Point64 - ok
13:25:29.0002 4184 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
13:25:29.0017 4184 PolicyAgent - ok
13:25:29.0049 4184 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:25:29.0049 4184 Power - ok
13:25:29.0080 4184 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
13:25:29.0080 4184 PptpMiniport - ok
13:25:29.0095 4184 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:25:29.0111 4184 Processor - ok
13:25:29.0127 4184 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
13:25:29.0127 4184 ProfSvc - ok
13:25:29.0158 4184 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
13:25:29.0158 4184 ProtectedStorage - ok
13:25:29.0173 4184 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
13:25:29.0189 4184 Psched - ok
13:25:29.0205 4184 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
13:25:29.0205 4184 PxHlpa64 - ok
13:25:29.0283 4184 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:25:29.0314 4184 ql2300 - ok
13:25:29.0376 4184 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:25:29.0392 4184 ql40xx - ok
13:25:29.0423 4184 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:25:29.0454 4184 QWAVE - ok
13:25:29.0454 4184 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:25:29.0470 4184 QWAVEdrv - ok
13:25:29.0470 4184 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:25:29.0485 4184 RasAcd - ok
13:25:29.0501 4184 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:25:29.0501 4184 RasAgileVpn - ok
13:25:29.0517 4184 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:25:29.0517 4184 RasAuto - ok
13:25:29.0548 4184 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:25:29.0548 4184 Rasl2tp - ok
13:25:29.0563 4184 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
13:25:29.0563 4184 RasMan - ok
13:25:29.0579 4184 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:25:29.0579 4184 RasPppoe - ok
13:25:29.0595 4184 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:25:29.0595 4184 RasSstp - ok
13:25:29.0610 4184 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
13:25:29.0610 4184 rdbss - ok
13:25:29.0626 4184 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:25:29.0626 4184 rdpbus - ok
13:25:29.0641 4184 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:25:29.0641 4184 RDPCDD - ok
13:25:29.0673 4184 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:25:29.0688 4184 RDPENCDD - ok
13:25:29.0704 4184 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:25:29.0704 4184 RDPREFMP - ok
13:25:29.0735 4184 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
13:25:29.0751 4184 RDPWD - ok
13:25:29.0766 4184 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
13:25:29.0766 4184 rdyboost - ok
13:25:29.0782 4184 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:25:29.0782 4184 RemoteAccess - ok
13:25:29.0797 4184 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:25:29.0813 4184 RemoteRegistry - ok
13:25:29.0813 4184 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:25:29.0813 4184 RpcEptMapper - ok
13:25:29.0829 4184 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:25:29.0829 4184 RpcLocator - ok
13:25:29.0860 4184 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
13:25:29.0860 4184 RpcSs - ok
13:25:29.0875 4184 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:25:29.0875 4184 rspndr - ok
13:25:29.0891 4184 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
13:25:29.0891 4184 SamSs - ok
13:25:29.0907 4184 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
13:25:29.0922 4184 sbp2port - ok
13:25:29.0938 4184 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:25:29.0953 4184 SCardSvr - ok
13:25:29.0969 4184 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
13:25:29.0969 4184 scfilter - ok
13:25:30.0047 4184 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
13:25:30.0078 4184 Schedule - ok
13:25:30.0094 4184 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
13:25:30.0094 4184 SCPolicySvc - ok
13:25:30.0109 4184 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
13:25:30.0109 4184 SDRSVC - ok
13:25:30.0187 4184 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
13:25:30.0187 4184 SeaPort - ok
13:25:30.0234 4184 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:25:30.0234 4184 secdrv - ok
13:25:30.0250 4184 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
13:25:30.0250 4184 seclogon - ok
13:25:30.0250 4184 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
13:25:30.0265 4184 SENS - ok
13:25:30.0265 4184 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:25:30.0281 4184 SensrSvc - ok
13:25:30.0281 4184 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:25:30.0297 4184 Serenum - ok
13:25:30.0312 4184 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:25:30.0328 4184 Serial - ok
13:25:30.0343 4184 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:25:30.0359 4184 sermouse - ok
13:25:30.0390 4184 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
13:25:30.0390 4184 SessionEnv - ok
13:25:30.0406 4184 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
13:25:30.0421 4184 sffdisk - ok
13:25:30.0421 4184 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
13:25:30.0437 4184 sffp_mmc - ok
13:25:30.0437 4184 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
13:25:30.0453 4184 sffp_sd - ok
13:25:30.0453 4184 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:25:30.0468 4184 sfloppy - ok
13:25:30.0499 4184 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
13:25:30.0515 4184 SharedAccess - ok
13:25:30.0546 4184 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
13:25:30.0546 4184 ShellHWDetection - ok
13:25:30.0562 4184 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:25:30.0562 4184 SiSRaid2 - ok
13:25:30.0577 4184 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:25:30.0593 4184 SiSRaid4 - ok
13:25:30.0609 4184 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:25:30.0609 4184 Smb - ok
13:25:30.0780 4184 SmcService (ad97b711074cf27da0c00f2c26e1a62c) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
13:25:30.0827 4184 SmcService - ok
13:25:30.0858 4184 SNAC (91bd8e268d93aaf5f59aac9de84a25bb) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
13:25:30.0858 4184 SNAC - ok
13:25:30.0936 4184 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:25:30.0936 4184 SNMPTRAP - ok
13:25:30.0952 4184 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:25:30.0952 4184 spldr - ok
13:25:31.0014 4184 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
13:25:31.0014 4184 Spooler - ok
13:25:31.0170 4184 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
13:25:31.0186 4184 sppsvc - ok
13:25:31.0233 4184 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:25:31.0248 4184 sppuinotify - ok
13:25:31.0279 4184 SRTSP (32900ac9cfdc578531279886ca16a4df) C:\Windows\system32\Drivers\SRTSP64.SYS
13:25:31.0279 4184 SRTSP - ok
13:25:31.0311 4184 SRTSPL (8929566d1f14685fd78eaf25bee3ecc7) C:\Windows\system32\Drivers\SRTSPL64.SYS
13:25:31.0342 4184 SRTSPL - ok
13:25:31.0357 4184 SRTSPX (cb2fdf47ee67f8cca5362ed9b94fe955) C:\Windows\system32\Drivers\SRTSPX64.SYS
13:25:31.0373 4184 SRTSPX - ok
13:25:31.0404 4184 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
13:25:31.0420 4184 srv - ok
13:25:31.0435 4184 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
13:25:31.0435 4184 srv2 - ok
13:25:31.0482 4184 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
13:25:31.0482 4184 srvnet - ok
13:25:31.0513 4184 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:25:31.0529 4184 SSDPSRV - ok
13:25:31.0545 4184 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:25:31.0545 4184 SstpSvc - ok
13:25:31.0560 4184 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:25:31.0576 4184 stexstor - ok
13:25:31.0607 4184 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
13:25:31.0623 4184 stisvc - ok
13:25:31.0623 4184 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
13:25:31.0623 4184 swenum - ok
13:25:31.0638 4184 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:25:31.0654 4184 swprv - ok
13:25:31.0825 4184 Symantec AntiVirus (ba2fb8f8ab24d0279caa98a4c118150e) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
13:25:31.0841 4184 Symantec AntiVirus - ok
13:25:31.0935 4184 SymEvent (7e4d281982e19abd06728c7ee9ac40a8) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
13:25:31.0950 4184 SymEvent - ok
13:25:32.0028 4184 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
13:25:32.0059 4184 SysMain - ok
13:25:32.0106 4184 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
13:25:32.0122 4184 TabletInputService - ok
13:25:32.0153 4184 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
13:25:32.0184 4184 TapiSrv - ok
13:25:32.0215 4184 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:25:32.0215 4184 TBS - ok
13:25:32.0340 4184 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
13:25:32.0340 4184 Tcpip - ok
13:25:32.0496 4184 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
13:25:32.0496 4184 TCPIP6 - ok
13:25:32.0543 4184 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
13:25:32.0543 4184 tcpipreg - ok
13:25:32.0574 4184 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:25:32.0590 4184 TDPIPE - ok
13:25:32.0605 4184 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
13:25:32.0605 4184 TDTCP - ok
13:25:32.0621 4184 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
13:25:32.0621 4184 tdx - ok
13:25:32.0637 4184 Teefer2 (13657dc475de564247745bf4da23207c) C:\Windows\system32\DRIVERS\teefer2.sys
13:25:32.0637 4184 Teefer2 - ok
13:25:32.0637 4184 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
13:25:32.0637 4184 TermDD - ok
13:25:32.0683 4184 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
13:25:32.0699 4184 TermService - ok
13:25:32.0715 4184 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:25:32.0715 4184 Themes - ok
13:25:32.0730 4184 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:25:32.0730 4184 THREADORDER - ok
13:25:32.0746 4184 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:25:32.0746 4184 TrkWks - ok
13:25:32.0761 4184 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
13:25:32.0777 4184 TrustedInstaller - ok
13:25:32.0793 4184 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:25:32.0793 4184 tssecsrv - ok
13:25:32.0839 4184 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
13:25:32.0839 4184 tunnel - ok
13:25:32.0871 4184 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:25:32.0886 4184 uagp35 - ok
13:25:32.0902 4184 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
13:25:32.0917 4184 udfs - ok
13:25:32.0917 4184 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:25:32.0933 4184 UI0Detect - ok
13:25:32.0949 4184 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
13:25:32.0949 4184 uliagpkx - ok
13:25:32.0995 4184 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
13:25:32.0995 4184 umbus - ok
13:25:32.0995 4184 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:25:32.0995 4184 UmPass - ok
13:25:33.0027 4184 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:25:33.0027 4184 upnphost - ok
13:25:33.0058 4184 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
13:25:33.0073 4184 usbccgp - ok
13:25:33.0089 4184 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
13:25:33.0105 4184 usbcir - ok
13:25:33.0120 4184 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys
13:25:33.0120 4184 usbehci - ok
13:25:33.0136 4184 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
13:25:33.0151 4184 usbhub - ok
13:25:33.0167 4184 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\DRIVERS\usbohci.sys
13:25:33.0167 4184 usbohci - ok
13:25:33.0183 4184 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:25:33.0198 4184 usbprint - ok
13:25:33.0229 4184 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
13:25:33.0245 4184 usbscan - ok
13:25:33.0276 4184 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:25:33.0276 4184 USBSTOR - ok
13:25:33.0276 4184 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
13:25:33.0292 4184 usbuhci - ok
13:25:33.0323 4184 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:25:33.0323 4184 UxSms - ok
13:25:33.0339 4184 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
13:25:33.0339 4184 VaultSvc - ok
13:25:33.0354 4184 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
13:25:33.0354 4184 vdrvroot - ok
13:25:33.0385 4184 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
13:25:33.0401 4184 vds - ok
13:25:33.0401 4184 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:25:33.0417 4184 vga - ok
13:25:33.0417 4184 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:25:33.0417 4184 VgaSave - ok
13:25:33.0432 4184 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
13:25:33.0432 4184 vhdmp - ok
13:25:33.0463 4184 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
13:25:33.0463 4184 viaide - ok
13:25:33.0479 4184 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
13:25:33.0479 4184 volmgr - ok
13:25:33.0510 4184 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
13:25:33.0510 4184 volmgrx - ok
13:25:33.0541 4184 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
13:25:33.0541 4184 volsnap - ok
13:25:33.0557 4184 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:25:33.0557 4184 vsmraid - ok
13:25:33.0635 4184 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
13:25:33.0651 4184 VSS - ok
13:25:33.0713 4184 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
13:25:33.0729 4184 vwifibus - ok
13:25:33.0729 4184 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:25:33.0744 4184 vwififlt - ok
13:25:33.0775 4184 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
13:25:33.0775 4184 vwifimp - ok
13:25:33.0791 4184 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:25:33.0822 4184 W32Time - ok
13:25:33.0822 4184 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:25:33.0838 4184 WacomPen - ok
13:25:33.0853 4184 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:25:33.0853 4184 WANARP - ok
13:25:33.0869 4184 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:25:33.0869 4184 Wanarpv6 - ok
13:25:33.0978 4184 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
13:25:33.0994 4184 WatAdminSvc - ok
13:25:34.0087 4184 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
13:25:34.0103 4184 wbengine - ok
13:25:34.0150 4184 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:25:34.0181 4184 WbioSrvc - ok
13:25:34.0197 4184 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
13:25:34.0212 4184 wcncsvc - ok
13:25:34.0228 4184 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:25:34.0228 4184 WcsPlugInService - ok
13:25:34.0243 4184 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:25:34.0259 4184 Wd - ok
13:25:34.0275 4184 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:25:34.0290 4184 Wdf01000 - ok
13:25:34.0306 4184 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:25:34.0306 4184 WdiServiceHost - ok
13:25:34.0306 4184 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:25:34.0306 4184 WdiSystemHost - ok
13:25:34.0337 4184 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
13:25:34.0384 4184 WebClient - ok
13:25:34.0384 4184 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:25:34.0399 4184 Wecsvc - ok
13:25:34.0415 4184 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:25:34.0415 4184 wercplsupport - ok
13:25:34.0431 4184 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:25:34.0431 4184 WerSvc - ok
13:25:34.0446 4184 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:25:34.0446 4184 WfpLwf - ok
13:25:34.0446 4184 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:25:34.0462 4184 WIMMount - ok
13:25:34.0462 4184 WinDefend - ok
13:25:34.0477 4184 WinHttpAutoProxySvc - ok
13:25:34.0524 4184 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:25:34.0524 4184 Winmgmt - ok
13:25:34.0618 4184 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
13:25:34.0649 4184 WinRM - ok
13:25:34.0743 4184 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:25:34.0774 4184 Wlansvc - ok
13:25:34.0930 4184 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:25:34.0977 4184 wlidsvc - ok
13:25:35.0023 4184 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:25:35.0039 4184 WmiAcpi - ok
13:25:35.0070 4184 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:25:35.0086 4184 wmiApSrv - ok
13:25:35.0101 4184 WMPNetworkSvc - ok
13:25:35.0117 4184 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:25:35.0133 4184 WPCSvc - ok
13:25:35.0133 4184 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
13:25:35.0148 4184 WPDBusEnum - ok
13:25:35.0164 4184 WPS (6cab753b203f39b4ce05ff10013de2ef) C:\Windows\system32\drivers\wpsdrvnt.sys
13:25:35.0164 4184 WPS - ok
13:25:35.0211 4184 WpsHelper (d9b5a13804b7d97770c42da484a9d86e) C:\Windows\system32\drivers\WpsHelper.sys
13:25:35.0211 4184 WpsHelper - ok
13:25:35.0226 4184 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:25:35.0242 4184 ws2ifsl - ok
13:25:35.0289 4184 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll
13:25:35.0289 4184 wscsvc - ok
13:25:35.0304 4184 WSearch - ok
13:25:35.0429 4184 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
13:25:35.0491 4184 wuauserv - ok
13:25:35.0554 4184 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
13:25:35.0569 4184 WudfPf - ok
13:25:35.0585 4184 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:25:35.0585 4184 WUDFRd - ok
13:25:35.0601 4184 wudfsvc (27b9bee5aac00139e3a3af5d6227a0dc) C:\Windows\System32\WUDFSvc.dll
13:25:35.0616 4184 wudfsvc - ok
13:25:35.0616 4184 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:25:35.0632 4184 WwanSvc - ok
13:25:35.0725 4184 wwEngineSvc (d42b153cd9ac1237b7fac8ba24e1a7e4) C:\Program Files (x86)\Webroot\Washer\WasherSvc.exe
13:25:35.0725 4184 wwEngineSvc - ok
13:25:35.0772 4184 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:25:35.0959 4184 \Device\Harddisk0\DR0 - ok
13:25:36.0381 4184 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk5\DR5
13:25:36.0412 4184 \Device\Harddisk5\DR5 - ok
13:25:36.0412 4184 Boot (0x1200) (3831559d98abb6ac0f046ac067bbfba7) \Device\Harddisk0\DR0\Partition0
13:25:36.0412 4184 \Device\Harddisk0\DR0\Partition0 - ok
13:25:36.0427 4184 Boot (0x1200) (cacb8d8009d010baa1a130b7f5a43ac6) \Device\Harddisk0\DR0\Partition1
13:25:36.0427 4184 \Device\Harddisk0\DR0\Partition1 - ok
13:25:36.0443 4184 Boot (0x1200) (0779dcdedb265cc345da77e818ea1006) \Device\Harddisk5\DR5\Partition0
13:25:36.0443 4184 \Device\Harddisk5\DR5\Partition0 - ok
13:25:36.0443 4184 ============================================================
13:25:36.0443 4184 Scan finished
13:25:36.0443 4184 ============================================================
13:25:36.0459 3336 Detected object count: 0
13:25:36.0459 3336 Actual detected object count: 0
13:26:46.0503 5100 ============================================================
13:26:46.0503 5100 Scan started
13:26:46.0503 5100 Mode: Manual; TDLFS;
13:26:46.0503 5100 ============================================================
13:26:46.0768 5100 1394ohci (969c91060cbb5d17cb8440b5f78b4c51) C:\Windows\system32\DRIVERS\1394ohci.sys
13:26:46.0768 5100 1394ohci - ok
13:26:46.0815 5100 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
13:26:46.0815 5100 ACPI - ok
13:26:46.0830 5100 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
13:26:46.0830 5100 AcpiPmi - ok
13:26:46.0924 5100 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:26:46.0924 5100 AdobeFlashPlayerUpdateSvc - ok
13:26:46.0955 5100 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:26:46.0955 5100 adp94xx - ok
13:26:46.0971 5100 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:26:46.0971 5100 adpahci - ok
13:26:46.0986 5100 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:26:46.0986 5100 adpu320 - ok
13:26:47.0017 5100 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:26:47.0017 5100 AeLookupSvc - ok
13:26:47.0049 5100 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
13:26:47.0049 5100 AFD - ok
13:26:47.0064 5100 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
13:26:47.0064 5100 agp440 - ok
13:26:47.0080 5100 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:26:47.0080 5100 ALG - ok
13:26:47.0095 5100 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
13:26:47.0095 5100 aliide - ok
13:26:47.0127 5100 AMD External Events Utility (a359974eaac83a435497c52f62a2e590) C:\Windows\system32\atiesrxx.exe
13:26:47.0127 5100 AMD External Events Utility - ok
13:26:47.0173 5100 AMD FUEL Service - ok
13:26:47.0189 5100 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
13:26:47.0205 5100 amdide - ok
13:26:47.0220 5100 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVE
_________________
Mhl1949
Back to top
View user's profile Send private message
mikelutz1
Junior Member


Joined: 02 Jul 2012
Last Visit: 15 Jul 2012
Posts: 13
Location: Florida
PostPosted: Wed Jul 04, 2012 10:35 am    Post subject: FSS.txt Reply with quote
Farbar Service Scanner Version: 02-07-2012
Ran by MikeNew (administrator) on 04-07-2012 at 13:34:28
Running from "C:\Users\MikeNew\Desktop\Spywear stuff"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-14 17:33] - [2011-12-27 22:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-09 17:27] - [2012-03-30 06:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 19:09] - [2009-07-13 20:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 18:36] - [2009-07-13 20:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-06-15 22:00] - [2012-04-24 00:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
_________________
Mhl1949
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 19 Jun 2013
Posts: 9711
Location: Yorkshire
PostPosted: Wed Jul 04, 2012 11:44 am    Post subject: Reply with quote
No real signs of infection on your computer, however there are a couple of things that need investigating further, and a few minor issues that need dealing with.

I'd like you to check some files for Viruses.

Quote:
C:\Windows\System32\cryptsvc.dll
C:\Windows\System32\drivers\afd.sys
C:\Windows\System32\Drivers\tcpip.sys


  • Browse to the first file in the quote box above.
  • Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
  • After a while, a window will open, with details of what the scans found.
  • Note details of any viruses found.
  • Repeat for all files on the list, and post me the details please.


Next

Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

Quote:
Java(TM) 6 Update 20 (64-bit)
Java(TM) 6 Update 29


When they're both uninstalled reboot the computer

Now download and install JDK 7 Update 5 (JDK or JRE).

Next


  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.

Code:
:OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1970364552-1508715367-3508970197-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O33 - MountPoints2\{62f9d8b9-de16-11df-9520-00262dd1a5c4}\Shell - "" = AutoRun
O33 - MountPoints2\{62f9d8b9-de16-11df-9520-00262dd1a5c4}\Shell\AutoRun\command - "" = I:\HPLauncher.exe
[2012/06/08 18:31:56 | 000,000,000 | ---D | C] -- C:\Users\MikeNew\AppData\Local\{7B8FB4B7-A467-40C5-906C-1A7B41011407}
[2012/06/08 18:13:26 | 000,000,000 | ---D | C] -- C:\Users\MikeNew\AppData\Local\{FAED4D8D-EB00-4883-ADDA-2653DA229CBE}
[2012/06/08 18:12:05 | 000,000,000 | ---D | C] -- C:\Users\MikeNew\AppData\Local\{9F322DFF-5986-453C-ADB8-318A6B008A25}
[2012/06/08 18:07:25 | 000,000,000 | ---D | C] -- C:\Users\MikeNew\AppData\Local\{1E661ECD-17CB-4F23-8075-1146FCD339A7}
[2012/06/08 18:05:00 | 000,000,000 | ---D | C] -- C:\Users\MikeNew\AppData\Local\{ECEED339-C97E-4EE7-A806-10FBFBD9AAF7}
[2012/06/08 17:39:44 | 000,000,000 | ---D | C] -- C:\Users\MikeNew\AppData\Local\{479A01F2-8508-4090-AA4D-8458C1BDF7B0}
[2012/06/07 21:29:04 | 000,000,000 | ---D | C] -- C:\Users\MikeNew\AppData\Local\{3CC6D623-2F83-46C1-8979-529D5BC70F69}
[2012/06/07 21:19:06 | 000,000,000 | ---D | C] -- C:\Users\MikeNew\AppData\Local\{7D52CEEE-2E30-4E30-94B1-BDFD4BB16C1A}
[2012/06/07 21:14:51 | 000,000,000 | ---D | C] -- C:\Users\MikeNew\AppData\Local\{AF5E175D-F695-4811-B68A-2C47C79CC8EB}
[2012/06/07 21:14:39 | 000,000,000 | ---D | C] -- C:\Users\MikeNew\AppData\Local\{A8C4C697-FF47-41A9-887C-0E8D09B8F973}
[3 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

:Commands
[emptytemp]
[resethosts]


  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.


Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next

Please download SystemLook from one of the links below and save it to your Desktop.

For 64 bit Systems
Download Mirror #1
Download Mirror #2


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

Code:
:Service
Bits


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Next

Your TDSSKiller log was a long one, and the end of the log got cut off by the forum post size limiter.

Can you please post me just the last 20-30 lines of the log.

Summary of the logs I need from you in your next post:

  • Results from VirusTotal or Jotti's
  • OTL fix log
  • SystemLook.txt
  • Last 20-30 lines of your TDSSKiller log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
mikelutz1
Junior Member


Joined: 02 Jul 2012
Last Visit: 15 Jul 2012
Posts: 13
Location: Florida
PostPosted: Thu Jul 05, 2012 3:59 pm    Post subject: Reply with quote
!!Could not find C:Windows\system32\drivers\(AFD.sys or tcpip.sys)!!



SHA256:

934c38d985497537f1dcbc0befac777b0d832a81fea8185465de3ede899d69c7



SHA1:

8729b4903b9a58a199b1736b86ede15fe42ade56



MD5:

520a108a2657f4bca7fced9ca7d885de



File size:

136.0 KB ( 139264 bytes )



File name:

cryptsvc.dll



File type:

Win32 DLL



Detection ratio:

0 / 42



Analysis date:

2012-07-05 23:40:43 UTC ( 0 minutes ago )


SHA256:

934c38d985497537f1dcbc0befac777b0d832a81fea8185465de3ede899d69c7





















File name:

cryptsvc.dll









Detection ratio:

0 / 42



Analysis date:

2012-07-05 23:40:43 UTC ( 0 minutes ago )







0



0


More details





Antivirus

Result

Update




AhnLab-V3

-

20120705



AntiVir

-

20120705



Antiy-AVL

-

20120705



Avast

-

20120705



AVG

-

20120705



BitDefender

-

20120705



ByteHero

-

20120704



CAT-QuickHeal

-

20120705



ClamAV

-

20120705



Commtouch

-

20120705



Comodo

-

20120705



DrWeb

-

20120706



Emsisoft

-

20120706



eSafe

-

20120705



F-Prot

-

20120705



F-Secure

-

20120706



Fortinet

-

20120705



GData

-

20120705



Ikarus

-

20120705



Jiangmin

-

20120705



K7AntiVirus

-

20120705



Kaspersky

-

20120705



McAfee

-

20120706



McAfee-GW-Edition

-

20120705



Microsoft

-

20120705



NOD32

-

20120705



Norman

-

20120705



nProtect

-

20120706



Panda

-

20120705



PCTools

-

20120706



Rising

-

20120705



Sophos

-

20120705



SUPERAntiSpyware

-

20120705



Symantec

-

20120706



TheHacker

-

20120704



TotalDefense

-

20120705



TrendMicro

-

20120706



TrendMicro-HouseCall

-

20120705



VBA32

-

20120705



VIPRE

-

20120705



ViRobot

-

20120706



VirusBuster

-

20120705

Comments
Votes
Additional information



No comments
_________________
Mhl1949
Back to top
View user's profile Send private message
mikelutz1
Junior Member


Joined: 02 Jul 2012
Last Visit: 15 Jul 2012
Posts: 13
Location: Florida
PostPosted: Thu Jul 05, 2012 5:03 pm    Post subject: Reply with quote
I didn't save the previous TDSKiller log. The following is from a new run. Also, per your instructions, I did not include all the TDSKiller log that was not included last time (approx 200-300 lines), only the last 30 or so:
19:43:29.0759 3964 WPCSvc - ok
19:43:29.0759 3964 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
19:43:29.0759 3964 WPDBusEnum - ok
19:43:29.0790 3964 WPS (6cab753b203f39b4ce05ff10013de2ef) C:\Windows\system32\drivers\wpsdrvnt.sys
19:43:29.0790 3964 WPS - ok
19:43:29.0837 3964 WpsHelper (d9b5a13804b7d97770c42da484a9d86e) C:\Windows\system32\drivers\WpsHelper.sys
19:43:29.0837 3964 WpsHelper - ok
19:43:29.0852 3964 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:43:29.0852 3964 ws2ifsl - ok
19:43:29.0883 3964 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll
19:43:29.0883 3964 wscsvc - ok
19:43:29.0883 3964 WSearch - ok
19:43:30.0008 3964 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
19:43:30.0024 3964 wuauserv - ok
19:43:30.0071 3964 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
19:43:30.0086 3964 WudfPf - ok
19:43:30.0102 3964 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:43:30.0102 3964 WUDFRd - ok
19:43:30.0117 3964 wudfsvc (27b9bee5aac00139e3a3af5d6227a0dc) C:\Windows\System32\WUDFSvc.dll
19:43:30.0117 3964 wudfsvc - ok
19:43:30.0133 3964 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:43:30.0133 3964 WwanSvc - ok
19:43:30.0227 3964 wwEngineSvc (d42b153cd9ac1237b7fac8ba24e1a7e4) C:\Program Files (x86)\Webroot\Washer\WasherSvc.exe
19:43:30.0242 3964 wwEngineSvc - ok
19:43:30.0258 3964 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:43:30.0492 3964 \Device\Harddisk0\DR0 - ok
19:43:30.0913 3964 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk5\DR5
19:43:31.0100 3964 \Device\Harddisk5\DR5 - ok
19:43:31.0100 3964 Boot (0x1200) (3831559d98abb6ac0f046ac067bbfba7) \Device\Harddisk0\DR0\Partition0
19:43:31.0100 3964 \Device\Harddisk0\DR0\Partition0 - ok
19:43:31.0116 3964 Boot (0x1200) (cacb8d8009d010baa1a130b7f5a43ac6) \Device\Harddisk0\DR0\Partition1
19:43:31.0116 3964 \Device\Harddisk0\DR0\Partition1 - ok
19:43:31.0116 3964 Boot (0x1200) (0779dcdedb265cc345da77e818ea1006) \Device\Harddisk5\DR5\Partition0
19:43:31.0116 3964 \Device\Harddisk5\DR5\Partition0 - ok
19:43:31.0131 3964 ============================================================
19:43:31.0131 3964 Scan finished
19:43:31.0131 3964 ============================================================
19:43:31.0131 5324 Detected object count: 0
19:43:31.0131 5324 Actual detected object count: 0

SYSTEMLOOK:::
SystemLook 30.07.11 by jpshortstuff
Log created at 19:58 on 05/07/2012 by MikeNew
Administrator - Elevation successful

No Context: Code:

========== Service ==========

Bits
Background Intelligent Transfer Service
"Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information."
Current Status: Started
Startup Type: Automatic
Error Control: Severe
Binary: C:\Windows\System32\svchost.exe -k netsvcs
Group: (none)
SafeBoot:
Dependencies:
->RpcSs
->EventSystem
Dependant Services:
(none)

-= EOF =-


OTL output:::

All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1970364552-1508715367-3508970197-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{62f9d8b9-de16-11df-9520-00262dd1a5c4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62f9d8b9-de16-11df-9520-00262dd1a5c4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{62f9d8b9-de16-11df-9520-00262dd1a5c4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62f9d8b9-de16-11df-9520-00262dd1a5c4}\ not found.
File I:\HPLauncher.exe not found.
C:\Users\MikeNew\AppData\Local\{7B8FB4B7-A467-40C5-906C-1A7B41011407} folder moved successfully.
C:\Users\MikeNew\AppData\Local\{FAED4D8D-EB00-4883-ADDA-2653DA229CBE} folder moved successfully.
C:\Users\MikeNew\AppData\Local\{9F322DFF-5986-453C-ADB8-318A6B008A25} folder moved successfully.
C:\Users\MikeNew\AppData\Local\{1E661ECD-17CB-4F23-8075-1146FCD339A7} folder moved successfully.
C:\Users\MikeNew\AppData\Local\{ECEED339-C97E-4EE7-A806-10FBFBD9AAF7} folder moved successfully.
C:\Users\MikeNew\AppData\Local\{479A01F2-8508-4090-AA4D-8458C1BDF7B0} folder moved successfully.
C:\Users\MikeNew\AppData\Local\{3CC6D623-2F83-46C1-8979-529D5BC70F69} folder moved successfully.
C:\Users\MikeNew\AppData\Local\{7D52CEEE-2E30-4E30-94B1-BDFD4BB16C1A} folder moved successfully.
C:\Users\MikeNew\AppData\Local\{AF5E175D-F695-4811-B68A-2C47C79CC8EB} folder moved successfully.
C:\Users\MikeNew\AppData\Local\{A8C4C697-FF47-41A9-887C-0E8D09B8F973} folder moved successfully.
C:\Qui3AFD.tmp\Snap\cir_ss.DAT deleted successfully.
C:\Qui3AFD.tmp\Snap\cir_ss.dll deleted successfully.
C:\Qui3AFD.tmp\Snap\qsetup_ss.DAT deleted successfully.
C:\Qui3AFD.tmp\Snap\qsetup_ss.dll deleted successfully.
C:\Qui3AFD.tmp\Snap\qwplan_ss.DAT deleted successfully.
C:\Qui3AFD.tmp\Snap\qwplan_ss.dll deleted successfully.
C:\Qui3AFD.tmp\Snap\qw_accts_ss.DAT deleted successfully.
C:\Qui3AFD.tmp\Snap\qw_accts_ss.dll deleted successfully.
C:\Qui3AFD.tmp\Snap\qw_actpg_ss.DAT deleted successfully.
C:\Qui3AFD.tmp\Snap\qw_actpg_ss.dll deleted successfully.
C:\Qui3AFD.tmp\Snap\qw_ouss_ss.DAT deleted successfully.
C:\Qui3AFD.tmp\Snap\qw_ouss_ss.dll deleted successfully.
C:\Qui3AFD.tmp\Snap\qw_pay_ss.DAT deleted successfully.
C:\Qui3AFD.tmp\Snap\qw_pay_ss.dll deleted successfully.
C:\Qui3AFD.tmp\Snap\qw_weblinks_ss.DAT deleted successfully.
C:\Qui3AFD.tmp\Snap\qw_weblinks_ss.dll deleted successfully.
C:\Qui3AFD.tmp\Snap folder deleted successfully.
C:\Qui3AFD.tmp\RPMMigration\afdb.dll deleted successfully.
C:\Qui3AFD.tmp\RPMMigration\afutil.dll deleted successfully.
C:\Qui3AFD.tmp\RPMMigration\afwin.dll deleted successfully.
C:\Qui3AFD.tmp\RPMMigration\datamodel.dll deleted successfully.
C:\Qui3AFD.tmp\RPMMigration\MigrationTool.exe deleted successfully.
C:\Qui3AFD.tmp\RPMMigration\rpmUtil.dll deleted successfully.
C:\Qui3AFD.tmp\RPMMigration\xmlparse.dll deleted successfully.
C:\Qui3AFD.tmp\RPMMigration\xmlparse_tok.dll deleted successfully.
C:\Qui3AFD.tmp\RPMMigration folder deleted successfully.
C:\Qui3AFD.tmp\Qsapi\qsapi_plan.DAT deleted successfully.
C:\Qui3AFD.tmp\Qsapi\qsapi_plan.dll deleted successfully.
C:\Qui3AFD.tmp\Qsapi\qsapi_xsel.DAT deleted successfully.
C:\Qui3AFD.tmp\Qsapi\qsapi_xsel.dll deleted successfully.
C:\Qui3AFD.tmp\Qsapi folder deleted successfully.
C:\Qui3AFD.tmp\PDFDrv\acfpdfu.dll deleted successfully.
C:\Qui3AFD.tmp\PDFDrv\acfpdfuamd64.dll deleted successfully.
C:\Qui3AFD.tmp\PDFDrv\acfpdfui.dll deleted successfully.
C:\Qui3AFD.tmp\PDFDrv\acfpdfuiamd64.dll deleted successfully.
C:\Qui3AFD.tmp\PDFDrv\acXMLParser.dll deleted successfully.
C:\Qui3AFD.tmp\PDFDrv\cdintf.dll deleted successfully.
C:\Qui3AFD.tmp\PDFDrv\Install.exe deleted successfully.
C:\Qui3AFD.tmp\PDFDrv\xmllite.dll deleted successfully.
C:\Qui3AFD.tmp\PDFDrv folder deleted successfully.
C:\Qui3AFD.tmp\Convert03\iprof32.dll deleted successfully.
C:\Qui3AFD.tmp\Convert03\mfc42.dll deleted successfully.
C:\Qui3AFD.tmp\Convert03\msvcp60.dll deleted successfully.
C:\Qui3AFD.tmp\Convert03\msvcrt.dll deleted successfully.
C:\Qui3AFD.tmp\Convert03\qcomutl3.dll deleted successfully.
C:\Qui3AFD.tmp\Convert03\qd3.dll deleted successfully.
C:\Qui3AFD.tmp\Convert03\qdbbase.dll deleted successfully.
C:\Qui3AFD.tmp\Convert03\qfil3.dll deleted successfully.
C:\Qui3AFD.tmp\Convert03\qversion.dll deleted successfully.
C:\Qui3AFD.tmp\Convert03\qwenc.dll deleted successfully.
C:\Qui3AFD.tmp\Convert03\qwutil7.dll deleted successfully.
C:\Qui3AFD.tmp\Convert03\q_encutl.dll deleted successfully.
C:\Qui3AFD.tmp\Convert03 folder deleted successfully.
C:\Qui3AFD.tmp\alert.dll deleted successfully.
C:\Qui3AFD.tmp\atwork.dll deleted successfully.
C:\Qui3AFD.tmp\atwork_xprint.dll deleted successfully.
C:\Qui3AFD.tmp\bagent.exe deleted successfully.
C:\Qui3AFD.tmp\bgt.dll deleted successfully.
C:\Qui3AFD.tmp\bgt_pnf.dll deleted successfully.
C:\Qui3AFD.tmp\billmind.exe deleted successfully.
C:\Qui3AFD.tmp\billmind_alrtpkg.dll deleted successfully.
C:\Qui3AFD.tmp\billmind_qwrmnd.dll deleted successfully.
C:\Qui3AFD.tmp\BindContent.exe deleted successfully.
C:\Qui3AFD.tmp\CalendarSync.dll deleted successfully.
C:\Qui3AFD.tmp\calnote.dll deleted successfully.
C:\Qui3AFD.tmp\cashflow.dll deleted successfully.
C:\Qui3AFD.tmp\cashgen.dll deleted successfully.
C:\Qui3AFD.tmp\convert_stub.dat deleted successfully.
C:\Qui3AFD.tmp\convert_stub.dll deleted successfully.
C:\Qui3AFD.tmp\custprof.dll deleted successfully.
C:\Qui3AFD.tmp\dbghelp.dll deleted successfully.
C:\Qui3AFD.tmp\decapi.dll deleted successfully.
C:\Qui3AFD.tmp\dellid.dll deleted successfully.
C:\Qui3AFD.tmp\dllapps_dbtred.dll deleted successfully.
C:\Qui3AFD.tmp\dllapps_dedfnd.dll deleted successfully.
C:\Qui3AFD.tmp\dllapps_frcast.dll deleted successfully.
C:\Qui3AFD.tmp\dllapps_plan.dll deleted successfully.
C:\Qui3AFD.tmp\dllapps_savgol.dll deleted successfully.
C:\Qui3AFD.tmp\EmergencyRecordsOrganizer.exe deleted successfully.
C:\Qui3AFD.tmp\gdipapi.dll deleted successfully.
C:\Qui3AFD.tmp\graphs.dll deleted successfully.
C:\Qui3AFD.tmp\InetTools.dll deleted successfully.
C:\Qui3AFD.tmp\lbt.dll deleted successfully.
C:\Qui3AFD.tmp\lbtmngr.dll deleted successfully.
C:\Qui3AFD.tmp\lbt_Auto1Way.dll deleted successfully.
C:\Qui3AFD.tmp\lbt_customerCentral.dll deleted successfully.
C:\Qui3AFD.tmp\lbt_decompression.dll deleted successfully.
C:\Qui3AFD.tmp\lbt_excite.dll deleted successfully.
C:\Qui3AFD.tmp\lbt_ph.dll deleted successfully.
C:\Qui3AFD.tmp\lbt_pvsync.dll deleted successfully.
C:\Qui3AFD.tmp\lbt_qplus.dll deleted successfully.
C:\Qui3AFD.tmp\lbt_qupddir.dll deleted successfully.
C:\Qui3AFD.tmp\lbt_rte.dll deleted successfully.
C:\Qui3AFD.tmp\lbt_ux.dll deleted successfully.
C:\Qui3AFD.tmp\lbt_webrequest.dll deleted successfully.
C:\Qui3AFD.tmp\MoneyFileConverter.dll deleted successfully.
C:\Qui3AFD.tmp\MoneyFileReader.dll deleted successfully.
C:\Qui3AFD.tmp\mvbk14n.dll deleted successfully.
C:\Qui3AFD.tmp\mvcl14n.dll deleted successfully.
C:\Qui3AFD.tmp\mvfs14n.dll deleted successfully.
C:\Qui3AFD.tmp\mvix14n.dll deleted successfully.
C:\Qui3AFD.tmp\mvmc14n.dll deleted successfully.
C:\Qui3AFD.tmp\mvmg14n.dll deleted successfully.
C:\Qui3AFD.tmp\mvsr14n.dll deleted successfully.
C:\Qui3AFD.tmp\mvtl14n.dll deleted successfully.
C:\Qui3AFD.tmp\ofxsdk_qw.dll deleted successfully.
C:\Qui3AFD.tmp\olbservice.dll deleted successfully.
C:\Qui3AFD.tmp\online.dll deleted successfully.
C:\Qui3AFD.tmp\onlncall.dll deleted successfully.
C:\Qui3AFD.tmp\PhoneHomeMgr.dll deleted successfully.
C:\Qui3AFD.tmp\printenv.exe deleted successfully.
C:\Qui3AFD.tmp\qaccess.dll deleted successfully.
C:\Qui3AFD.tmp\qcomutil.dll deleted successfully.
C:\Qui3AFD.tmp\qcon32.dll deleted successfully.
C:\Qui3AFD.tmp\QCONNECT.DLL deleted successfully.
C:\Qui3AFD.tmp\QCustomAction.dll deleted successfully.
C:\Qui3AFD.tmp\qdapp.dll deleted successfully.
C:\Qui3AFD.tmp\qdappui.dll deleted successfully.
C:\Qui3AFD.tmp\qdb.dll deleted successfully.
C:\Qui3AFD.tmp\qindex.dll deleted successfully.
C:\Qui3AFD.tmp\qnet.dll deleted successfully.
C:\Qui3AFD.tmp\qrep.dll deleted successfully.
C:\Qui3AFD.tmp\qreports.dll deleted successfully.
C:\Qui3AFD.tmp\qsac.dll deleted successfully.
C:\Qui3AFD.tmp\qsapi.dll deleted successfully.
C:\Qui3AFD.tmp\qsapi_eng.dll deleted successfully.
C:\Qui3AFD.tmp\Qsetup.dll deleted successfully.
C:\Qui3AFD.tmp\QShowHelp.dll deleted successfully.
C:\Qui3AFD.tmp\qtax.dll deleted successfully.
C:\Qui3AFD.tmp\QuickenHomeInventory.exe deleted successfully.
C:\Qui3AFD.tmp\QuickenOLBackupLauncher.exe deleted successfully.
C:\Qui3AFD.tmp\qvault.dll deleted successfully.
C:\Qui3AFD.tmp\qw.exe deleted successfully.
C:\Qui3AFD.tmp\qwapp.dll deleted successfully.
C:\Qui3AFD.tmp\qwcntr.dll deleted successfully.
C:\Qui3AFD.tmp\qwinet.dll deleted successfully.
C:\Qui3AFD.tmp\qwinver.dll deleted successfully.
C:\Qui3AFD.tmp\qwipa.dll deleted successfully.
C:\Qui3AFD.tmp\qwmain.dll deleted successfully.
C:\Qui3AFD.tmp\qwonline.dll deleted successfully.
C:\Qui3AFD.tmp\qwonlineFeatures.dll deleted successfully.
C:\Qui3AFD.tmp\qwplan.dll deleted successfully.
C:\Qui3AFD.tmp\qwpr.dll deleted successfully.
C:\Qui3AFD.tmp\qwsnap.dll deleted successfully.
C:\Qui3AFD.tmp\qwsync.dll deleted successfully.
C:\Qui3AFD.tmp\qwutil.dll deleted successfully.
C:\Qui3AFD.tmp\qwutilnet.dll deleted successfully.
C:\Qui3AFD.tmp\QWVER.DLL deleted successfully.
C:\Qui3AFD.tmp\qwwin.dll deleted successfully.
C:\Qui3AFD.tmp\qwxmlparse.dll deleted successfully.
C:\Qui3AFD.tmp\qwxmlparse_tok.dll deleted successfully.
C:\Qui3AFD.tmp\Release.txt deleted successfully.
C:\Qui3AFD.tmp\RestartExe.exe deleted successfully.
C:\Qui3AFD.tmp\SendError.dll deleted successfully.
C:\Qui3AFD.tmp\sport.dll deleted successfully.
C:\Qui3AFD.tmp\techhelp.exe deleted successfully.
C:\Qui3AFD.tmp\ttaximp.dll deleted successfully.
C:\Qui3AFD.tmp\txstuff.dll deleted successfully.
C:\Qui3AFD.tmp\UpdateContent.dll deleted successfully.
C:\Qui3AFD.tmp\xmlparse.dll deleted successfully.
C:\Qui3AFD.tmp\xmlparse_tok.dll deleted successfully.
C:\Qui3AFD.tmp\xport.dll deleted successfully.
C:\Qui3AFD.tmp\xsell.dll deleted successfully.
C:\Qui3AFD.tmp folder deleted successfully.
C:\Qui3B0D.tmp folder deleted successfully.
C:\Qui3B0E.tmp folder deleted successfully.
C:\Windows\SysNative\SET6191.tmp deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: MikeNew
->Temp folder emptied: 789345052 bytes
->Temporary Internet Files folder emptied: 982621885 bytes
->Java cache emptied: 1587377 bytes
->FireFox cache emptied: 186845533 bytes
->Flash cache emptied: 56139 bytes

User: Public

User: Randi
->Temp folder emptied: 548570 bytes
->Temporary Internet Files folder emptied: 1783756 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 57064 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 173746030 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 4797939180 bytes

Total Files Cleaned = 6,613.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.53.1 log created on 07052012_191853

Files\Folders moved on Reboot...
C:\Users\MikeNew\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\MikeNew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...
File C:\Users\MikeNew\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\MikeNew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT not found!

Registry entries deleted on Reboot...
_________________
Mhl1949
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 19 Jun 2013
Posts: 9711
Location: Yorkshire
PostPosted: Thu Jul 05, 2012 8:48 pm    Post subject: Reply with quote
Can't see any problems with the service set up for your Updates so far, however the fact that you couldn't find 2 of the files I asked you to scan is of concern ....

Please run another scan with SystemLook using the following instructions ....


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

Code:
:Filefind
afd.sys
tcpip.sys


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
mikelutz1
Junior Member


Joined: 02 Jul 2012
Last Visit: 15 Jul 2012
Posts: 13
Location: Florida
PostPosted: Fri Jul 06, 2012 1:06 pm    Post subject: systemlook64 log file Reply with quote
SystemLook 30.07.11 by jpshortstuff
Log created at 16:03 on 06/07/2012 by MikeNew
Administrator - Elevation successful

========== Filefind ==========

Searching for "afd.sys "
C:\Windows\System32\drivers\afd.sys --a---- 499200 bytes [22:33 14/02/2012] [03:59 28/12/2011] DB9D6C6B2CD95A9CA414D045B627422E
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys --a---- 500224 bytes [23:21 13/07/2009] [23:21 13/07/2009] B9384E03479D2506BC924C16A3DB87BC
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys --a---- 499712 bytes [22:10 16/06/2011] [02:44 25/04/2011] 6EF20DDF3172E97D69F596FB90602F29
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys --a---- 499200 bytes [22:33 14/02/2012] [03:59 28/12/2011] DB9D6C6B2CD95A9CA414D045B627422E
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys --a---- 499712 bytes [22:10 16/06/2011] [02:44 25/04/2011] FBFF8B7C9D116229E9208A0D1CAEB49B
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.21115_none_34b263fe91032456\afd.sys --a---- 499200 bytes [22:33 14/02/2012] [04:01 28/12/2011] CCA39961E76B491DDF44B1E90FC8971D
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys --a---- 499712 bytes [22:13 01/07/2011] [09:23 20/11/2010] D31DC7A16DEA4A9BAF179F3D6FBDB38C
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys --a---- 499200 bytes [22:10 16/06/2011] [02:34 25/04/2011] D5B031C308A409A0A576BFF4CF083D30
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys --a---- 498688 bytes [22:33 14/02/2012] [03:59 28/12/2011] 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys --a---- 499200 bytes [22:10 16/06/2011] [03:09 25/04/2011] F4AD06143EAC303F55D0E86C40802976
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys --a---- 498176 bytes [22:33 14/02/2012] [04:01 28/12/2011] 36A14FD1A23F57046361733B792CA8DB

Searching for "tcpip.sys"
C:\Windows\System32\drivers\tcpip.sys --a---- 1895280 bytes [22:27 09/05/2012] [11:09 30/03/2012] 624C5B3AA4C99B3184BB922D9ECE3FF0
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys --a---- 1898576 bytes [23:25 13/07/2009] [01:45 14/07/2009] 912107716BAB424C7870E8E6AF5E07E1
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys --a---- 1896832 bytes [00:56 22/10/2010] [06:37 14/06/2010] 90A2D722CF64D911879D6C4A4F802A4D
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys --a---- 1896832 bytes [22:10 16/06/2011] [05:32 25/04/2011] 61DC720BB065D607D5823F13D2A64321
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_0f4d1e3b7feb1307\tcpip.sys --a---- 1896832 bytes [00:13 10/08/2011] [06:27 21/06/2011] B9D87C7707F058AC652A398CD28DE14B
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_0f170e9f80139ebc\tcpip.sys --a---- 1897328 bytes [20:02 11/11/2011] [16:24 29/09/2011] F18F56EFC0BFB9C87BA01C37B27F4DA5
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_0f140fa780164fde\tcpip.sys --a---- 1895280 bytes [22:27 09/05/2012] [11:09 30/03/2012] 624C5B3AA4C99B3184BB922D9ECE3FF0
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys --a---- 1889152 bytes [00:56 22/10/2010] [06:39 14/06/2010] 542C6767C68C9D6AAACA59436B0D15C2
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys --a---- 1893248 bytes [22:10 16/06/2011] [05:28 25/04/2011] 1F748D5439B65E0BEBD92F65048F030D
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_0f8ed978993fa916\tcpip.sys --a---- 1888128 bytes [00:13 10/08/2011] [06:16 21/06/2011] 5279D4DD69C7C71524B8E7A5746D15CC
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_0fad20ca992955d7\tcpip.sys --a---- 1886064 bytes [20:02 11/11/2011] [16:17 29/09/2011] AC3E29880DB5659532A1AA3439304A43
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_0faa5514992a39a7\tcpip.sys --a---- 1877872 bytes [22:27 09/05/2012] [10:19 30/03/2012] 5EFD096DEF47F8B88EF591DA92143440
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys --a---- 1924480 bytes [22:14 01/07/2011] [13:33 20/11/2010] 509383E505C973ED7534A06B3D19688D
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys --a---- 1923968 bytes [22:10 16/06/2011] [05:33 25/04/2011] 92CE29D95AC9DD2D0EE9061D551BA250
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_11327af77d12659c\tcpip.sys --a---- 1923968 bytes [00:13 10/08/2011] [06:34 21/06/2011] F0E98C00A09FDF791525829A1D14240F
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys --a---- 1923952 bytes [20:02 11/11/2011] [16:29 29/09/2011] FC62769E7BFF2896035AEED399108162
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys --a---- 1918320 bytes [22:27 09/05/2012] [11:35 30/03/2012] ACB82BDA8F46C84F465C1AFA517DC4B9
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys --a---- 1927552 bytes [22:10 16/06/2011] [06:16 25/04/2011] B77977AEB2FF159D01DB08A309989C5F
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_11a276c29643d7ec\tcpip.sys --a---- 1914752 bytes [00:13 10/08/2011] [06:20 21/06/2011] A0EB71E0DC047C7CC95CD6AB4036296E
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys --a---- 1912176 bytes [20:02 11/11/2011] [17:41 29/09/2011] 3810F06A4D74A7D62641EE73D6B3C660
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys --a---- 1901424 bytes [22:27 09/05/2012] [10:26 30/03/2012] 885B202006EE17AE99B9FBCEC9AF88C9

-= EOF =-
_________________
Mhl1949
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 19 Jun 2013
Posts: 9711
Location: Yorkshire
PostPosted: Fri Jul 06, 2012 9:00 pm    Post subject: Reply with quote
The 2 drivers I asked you to check are present, so they must be hidden.


  • Click Start > Control Panel > Appearance and Personalisation > Folder Options > Show Hidden Files and Folders
  • Check the Show hidden files, folders and drives button.
  • Scroll down and uncheck hide protected operating system files (Recommended) then click yes when prompted.
  • Click OK


Next


Quote:
C:\Windows\System32\drivers\afd.sys
C:\Windows\System32\Drivers\tcpip.sys


  • Browse to the first file in the quote box above.
  • Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
  • After a while, a window will open, with details of what the scans found.
  • Note details of any viruses found.
  • Repeat for all files on the list, and post me the details please.

_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
mikelutz1
Junior Member


Joined: 02 Jul 2012
Last Visit: 15 Jul 2012
Posts: 13
Location: Florida
PostPosted: Sun Jul 08, 2012 9:41 am    Post subject: Permissions Problem? Reply with quote
Followed instructions to 'show hidden files. and 'uncheck hide protected operating...'

Can view 'afd.sys' & 'tcpip.sys' in windows explorer, but not in the browse window of either 'Virus Total' or 'Jotti's'

There must be some other permission issues. What's next?
_________________
Mhl1949
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 19 Jun 2013
Posts: 9711
Location: Yorkshire
PostPosted: Sun Jul 08, 2012 10:36 am    Post subject: Reply with quote
OK, if we can't look at them directly, lets run an online scan and see if that flags them. The scan takes ages, but it's very thorough. I'm just being cautious here, because I'm not sure these files are anything to do with your problem, it's just that their MD5 check numbers don't look right to me, so I'd like to make sure the files are legit before we go any further.

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go HERE then click on:

Quote:
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.


  • Select the option YES, I accept the Terms of Use then click on:
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:



    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


  • Now click on:
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log in your next reply please.
  • Now click on: (Selecting Uninstall application on close if you so wish)

_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
mikelutz1
Junior Member


Joined: 02 Jul 2012
Last Visit: 15 Jul 2012
Posts: 13
Location: Florida
PostPosted: Sun Jul 08, 2012 1:46 pm    Post subject: ESET log Reply with quote
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK


I know your forte is virus removal, but you obviously kow more about this stuff that I do. Do you think that the (probably) permissions issues that prevented VirusTotal and Jotti's access to these (and many other files in the same directory may relate to my problem in installing Windows updates?
_________________
Mhl1949
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 19 Jun 2013
Posts: 9711
Location: Yorkshire
PostPosted: Sun Jul 08, 2012 10:11 pm    Post subject: Reply with quote
OK, as far as I can see, there does not appear to be a malware related reason for your problems. Also, as far as I can see, the necessary update services are in place and configured correctly.

Permission problems are certainly a possibility, whether they're the solution I couldn't say.

At this point we're coming towards the limits of my own personal expertise, and there's a couple of things we can do ....


  • There is a tool we can use to set your computer's permissions Update settings and files to default condition, and this may resolve your problems. It may also make your existing problems worse, which is the problem when trying to fix things about which you have limited information and experience. The tool in question does make backups we can restore to if things go wrong, however running any tool is never without some risk.

  • I can direct you to a forum with more expertise in this kind of issue, and they may be able to help you resolve your problems. The helpers at the forums I would recommend are generally very good, though obviously I can't give any guarantees.


Please let me know which you'd prefer to do.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
mikelutz1
Junior Member


Joined: 02 Jul 2012
Last Visit: 15 Jul 2012
Posts: 13
Location: Florida
PostPosted: Mon Jul 09, 2012 1:49 pm    Post subject: Reply with quote
I think I will take the referral option...and I appreciate your help.

Thanks-

Mike Lutz
_________________
Mhl1949
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 19 Jun 2013
Posts: 9711
Location: Yorkshire
PostPosted: Mon Jul 09, 2012 9:13 pm    Post subject: Reply with quote
You're welcome. Smile

OK, the following help sites all give good quality help with these kind of issues ....

http://www.bleepingcomputer.com/forums/forum167.html
http://www.geekstogo.com/forum/forum/79-windows-vista-and-windows-7/
http://www.techsupportforum.com/forums/f217/
http://forums.whatthetech.com/index.php?showforum=119

.... if anyone asks you if you've checked for malware, please feel free to refer them to this topic.

Good luck getting your problems resolved.

Gary
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 19 Jun 2013
Posts: 9711
Location: Yorkshire
PostPosted: Tue Jul 10, 2012 12:34 pm    Post subject: Reply with quote
Quote:
This topic is now closed.

If you are the originator of this topic, and you need it re-opened please pm a moderator, including a link to this topic.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Spyware Warrior Donations

Gary R

_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group