Solved Suspected Virus

[Resolved] Suspected Virus

My wife's laptop is running slowly with some unknown program in the backround that I am unable to find. This is a Dell laptop running Win7 Home Premium.

She runs a lot of casino games that: 1: I don't trust, 2. Seem to be memory hogs, 3. visits some gambling forums I'm familiar with.

The following are the scn logs I have run.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4211

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

6/17/2010 8:28:29 PM
mbam-log-2010-06-17 (20-28-29).txt

Scan type: Quick scan
Objects scanned: 123201
Time elapsed: 5 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-10-29 14:54:47
Windows 6.1.7601 Service Pack 1
Running: GMER.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015007f6c3b
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4c8093092814
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc7737048afc
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015007f6c3b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4c8093092814 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\bc7737048afc (not active ControlSet)

---- EOF - GMER 1.0.15 ----

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-29 14:55:02
-----------------------------
14:55:02.556 OS Version: Windows x64 6.1.7601 Service Pack 1
14:55:02.556 Number of processors: 4 586 0x2A07
14:55:02.556 ComputerName: HAROLD UserName:
14:55:04.100 Initialize success
14:55:28.636 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:55:28.636 Disk 0 Vendor: WDC_WD64 03.0 Size: 610480MB BusType: 3
14:55:28.652 Disk 0 MBR read successfully
14:55:28.652 Disk 0 MBR scan
14:55:28.652 Disk 0 Windows 7 default MBR code
14:55:28.667 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048
14:55:28.683 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848
14:55:28.699 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 595378 MB offset 30926848
14:55:28.730 Disk 0 scanning C:\windows\system32\drivers
14:55:34.034 Service scanning
14:56:07.262 Modules scanning
14:56:07.277 Disk 0 trace - called modules:
14:56:07.293 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
14:56:07.293 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800473c060]
14:56:07.808 3 CLASSPNP.SYS[fffff8800102043f] -> nt!IofCallDriver -> [0xfffffa80040e3630]
14:56:07.808 5 ACPI.sys[fffff88000ec07a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80040ea050]
14:56:07.823 Scan finished successfully
14:56:26.528 Disk 0 MBR has been saved successfully to "C:\Users\Linda G\Desktop\MBR.dat "
14:56:26.575 The log file has been saved successfully to "C:\Users\Linda G\Desktop\aswMBR.txt "

DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421
Run by Linda G at 14:56:49 on 2012-10-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4002.2430 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.dogpile.com/
uDefault_Page_URL = hxxp://www.dell4me.com/myway
mWinlogon: Userinit = userinit.exe
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [WLSync] "C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe" /background
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe "
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{6F7D5BCC-E91C-450F-9EB5-877123739309} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{6F7D5BCC-E91C-450F-9EB5-877123739309}\0716E6466786 : DHCPNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - <orphaned>
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs "
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll ",TrayApp
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - <orphaned>
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2011-11-8 55856]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-11-8 89600]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-8-8 1166848]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-5-19 921664]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-5-19 995392]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-8 13336]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-29 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-29 676936]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456]
R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-11-8 2655768]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-5-19 1335360]
R3 btmaudio;Intel Bluetooth Audio Service;C:\windows\System32\drivers\btmaud.sys [2011-5-19 51712]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\drivers\btmaux.sys [2011-5-19 53248]
R3 btmhsf;btmhsf;C:\windows\System32\drivers\btmhsf.sys [2011-7-19 282624]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\System32\drivers\CtClsFlt.sys [2011-11-8 176096]
R3 iBtFltCoex;iBtFltCoex;C:\windows\System32\drivers\iBtFltCoex.sys [2011-7-19 59904]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-11-8 317440]
R3 iwdbus;IWD Bus Enumerator;C:\windows\System32\drivers\iwdbus.sys [2011-6-21 25496]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2012-2-25 25928]
R3 MEIx64;Intel(R) Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2011-11-8 56344]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-27 340240]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\System32\drivers\NETwNs64.sys [2011-8-3 8604672]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-11-8 406632]
R3 tihub3;TI USB3 Hub Service;C:\windows\System32\drivers\tihub3.sys [2011-7-20 136000]
R3 tixhci;TI XHCI Service;C:\windows\System32\drivers\tixhci.sys [2011-7-20 406336]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\System32\drivers\intelaud.sys [2011-6-21 34200]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-11-8 250984]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-2-20 1255736]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\windows\System32\drivers\WSDPrint.sys [2009-7-13 23040]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-10-29 17:57:47 711240 ----a-w- C:\windows\isRS-000.tmp
2012-10-29 17:52:37 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8F30178B-EB99-4DCA-9018-227B671A731B}\mpengine.dll
2012-10-29 13:01:14 9291768 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-29 12:49:41 -------- d-----w- C:\Users\Linda G\AppData\Local\{C86F10E1-34E4-41C5-9344-8F74E8545C9F}
2012-10-28 22:57:58 -------- d-----w- C:\Users\Linda G\AppData\Local\{B7FF70A0-2B02-4A55-B39F-01DA72F4C4C8}
2012-10-28 09:55:50 -------- d-----w- C:\Users\Linda G\AppData\Local\{309CB932-DBEA-478F-92E8-A7D6C52CF476}
2012-10-27 19:37:50 -------- d-----w- C:\Users\Linda G\AppData\Local\{9AF3CF4F-0A91-4708-BB65-27D0D0E3335F}
2012-10-26 23:03:14 -------- d-----w- C:\Users\Linda G\AppData\Local\{F04217B6-A599-40CE-92AE-BE7407EDCFAB}
2012-10-26 11:02:38 -------- d-----w- C:\Users\Linda G\AppData\Local\{3B59CBD1-F4D0-4DA5-B8C5-D1E2377F402C}
2012-10-25 23:02:13 -------- d-----w- C:\Users\Linda G\AppData\Local\{C1F3CD5C-7709-47E3-9A30-C6DFB45C7938}
2012-10-25 10:48:12 -------- d-----w- C:\Users\Linda G\AppData\Local\{A450AD48-882D-423A-AF0D-FBD847E41D7B}
2012-10-24 22:47:48 -------- d-----w- C:\Users\Linda G\AppData\Local\{E987936E-A847-4576-ABD1-E205C5B8E252}
2012-10-24 09:29:10 -------- d-----w- C:\Users\Linda G\AppData\Local\{04E27E5D-131B-4483-B363-993F8B984FF2}
2012-10-23 09:45:21 -------- d-----w- C:\Users\Linda G\AppData\Local\{62492D1D-B919-42E3-9F57-70D6B1BBB47A}
2012-10-22 16:48:59 -------- d-----w- C:\Users\Linda G\AppData\Local\{2A03CFE5-85E4-41C2-BBD8-4B1A0E6DF62C}
2012-10-22 01:41:11 -------- d-----w- C:\Users\Linda G\AppData\Local\{93AA491B-931B-4F17-8C2C-BA275719823A}
2012-10-21 13:40:46 -------- d-----w- C:\Users\Linda G\AppData\Local\{5BE9E74F-A266-440B-B919-365C7FC4E632}
2012-10-21 01:40:22 -------- d-----w- C:\Users\Linda G\AppData\Local\{3BA41A57-5614-465F-8105-ABE78200FBEF}
2012-10-20 10:58:16 -------- d-----w- C:\Users\Linda G\.FamilySearchIndexing
2012-10-20 10:44:30 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{539B24DA-7059-471E-BAC4-8E57B73147D9}\gapaengine.dll
2012-10-20 10:33:24 -------- d-----w- C:\Users\Linda G\AppData\Local\{C51D2AC1-7259-4EDD-ABF3-D57D4F694361}
2012-10-19 11:57:28 -------- d-----w- C:\Users\Linda G\AppData\Local\{12FE1E00-D950-4FF7-8CE2-7B08A5929BCB}
2012-10-18 23:57:04 -------- d-----w- C:\Users\Linda G\AppData\Local\{AC9FE421-2008-4DD2-BA3F-704C1A3401CC}
2012-10-18 13:46:38 -------- d-----w- C:\Users\Linda G\AppData\Local\{B7FDCFE8-11C8-44D1-A0DC-C83A8DF24929}
2012-10-17 23:51:11 -------- d-----w- C:\Users\Linda G\AppData\Local\{996B45BA-B715-427C-9C49-61245DB1965E}
2012-10-17 11:50:36 -------- d-----w- C:\Users\Linda G\AppData\Local\{447F7B3D-F298-4694-86E2-2AF6E08F1D30}
2012-10-16 23:50:00 -------- d-----w- C:\Users\Linda G\AppData\Local\{F11C1AA9-6215-4337-8D54-10209B7082AB}
2012-10-16 11:49:25 -------- d-----w- C:\Users\Linda G\AppData\Local\{AC6016B1-F6E8-461A-9232-E0A7950FE8DB}
2012-10-15 23:48:49 -------- d-----w- C:\Users\Linda G\AppData\Local\{1E71CD8A-5561-4980-94F1-36449EAE2143}
2012-10-15 11:48:25 -------- d-----w- C:\Users\Linda G\AppData\Local\{8F4A29D2-7808-423D-9526-7446CA9D16A6}
2012-10-14 23:42:20 -------- d-----w- C:\Users\Linda G\AppData\Local\{CC28C317-B2C7-488D-8F65-E74D61A985DB}
2012-10-10 22:40:03 -------- d-----w- C:\Users\Linda G\AppData\Local\{54E71BE9-B3B8-4191-9FC3-26B9424A5E53}
2012-10-10 10:39:28 -------- d-----w- C:\Users\Linda G\AppData\Local\{7154C0B1-A1EC-4EBA-B2B1-926E5D21ADF9}
2012-10-09 22:38:53 -------- d-----w- C:\Users\Linda G\AppData\Local\{EF7B07B2-25EA-47B0-AD94-AC831EF8A2CC}
2012-10-09 10:38:28 -------- d-----w- C:\Users\Linda G\AppData\Local\{7C9976AB-5109-4F8A-86A1-F3682DAE87B0}
2012-10-07 23:54:11 -------- d-----w- C:\Users\Linda G\AppData\Local\{FDE8181D-297B-4552-B042-9818A7C5ABFE}
2012-10-07 11:53:36 -------- d-----w- C:\Users\Linda G\AppData\Local\{0462C1E8-C514-4518-898E-FEA11A52E5EF}
2012-10-06 23:53:11 -------- d-----w- C:\Users\Linda G\AppData\Local\{F092FD70-7018-4E2A-872D-A4C96A0B7BE9}
2012-10-06 01:10:30 -------- d-----w- C:\Users\Linda G\AppData\Local\{EA7EE538-7746-4452-A15C-0399A9482205}
2012-10-05 13:09:54 -------- d-----w- C:\Users\Linda G\AppData\Local\{78E098F8-D65C-430A-BF4D-82EE88C416F0}
2012-10-05 01:09:30 -------- d-----w- C:\Users\Linda G\AppData\Local\{62C5E7C1-3B26-4D93-9342-152794B1956F}
2012-10-04 12:39:25 -------- d-----w- C:\Users\Linda G\AppData\Local\{45C00AB2-3822-46F6-A36F-C1FF57C178DD}
2012-10-04 00:22:06 -------- d-----w- C:\Users\Linda G\AppData\Local\{FC657B08-CEF1-42B8-ADAA-17FF07236A12}
2012-10-03 11:04:03 -------- d-----w- C:\Users\Linda G\AppData\Local\{B1476376-F767-4F5C-8ECB-70320356A3DC}
2012-10-03 09:39:47 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-10-02 23:03:28 -------- d-----w- C:\Users\Linda G\AppData\Local\{D0139DE7-804D-4534-BDA1-83C5F42F81B8}
2012-10-02 11:02:51 -------- d-----w- C:\Users\Linda G\AppData\Local\{C330EADB-EE4B-4E78-938B-4B272DC86968}
2012-10-01 23:02:27 -------- d-----w- C:\Users\Linda G\AppData\Local\{B94E7677-8DC8-454F-856A-66D864E86FF1}
2012-10-01 10:25:59 -------- d-----w- C:\Users\Linda G\AppData\Local\{EB4E7549-ACA7-4970-BB1D-8E174DD50522}
2012-09-30 21:51:29 -------- d-----w- C:\Users\Linda G\AppData\Local\{F4808622-C35F-4152-AAEA-EE0C15347C60}
2012-09-30 09:24:38 -------- d-----w- C:\Users\Linda G\AppData\Local\{0C74D755-953F-4C87-A3D7-45D5AA92BA6D}
.
==================== Find3M ====================
.
2012-09-29 23:54:26 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-09-14 19:19:29 2048 ----a-w- C:\windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2012-08-31 18:19:35 1659760 ----a-w- C:\windows\System32\drivers\ntfs.sys
2012-08-31 02:03:48 228768 ----a-w- C:\windows\System32\drivers\MpFilter.sys
2012-08-31 02:03:48 128456 ----a-w- C:\windows\System32\drivers\NisDrvWFP.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-08-29 00:24:56 477168 ----a-w- C:\windows\SysWow64\npdeployJava1.dll
2012-08-29 00:24:53 473072 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-08-24 18:05:07 220160 ----a-w- C:\windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:00 245760 ----a-w- C:\windows\System32\OxpsConverter.exe
2012-08-20 18:48:44 362496 ----a-w- C:\windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-11 00:56:03 715776 ----a-w- C:\windows\System32\kerberos.dll
2012-08-10 23:56:14 542208 ----a-w- C:\windows\SysWow64\kerberos.dll
2012-08-02 17:58:52 574464 ----a-w- C:\windows\System32\d3d10level9.dll
2012-08-02 16:57:20 490496 ----a-w- C:\windows\SysWow64\d3d10level9.dll
.
============= FINISH: 14:57:12.82 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/13/2012 5:42:32 PM
System Uptime: 10/29/2012 1:59:25 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 09M93P
Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz | CPU 1 | 792/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 581 GiB total, 525.776 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP134: 10/1/2012 8:57:24 PM - Windows Update
RP135: 10/5/2012 9:10:53 AM - Windows Update
RP136: 10/9/2012 6:48:31 AM - Windows Update
RP137: 10/10/2012 9:20:35 AM - Windows Update
RP138: 10/14/2012 7:52:31 PM - Windows Update
RP139: 10/18/2012 9:57:02 AM - Windows Update
RP140: 10/18/2012 7:52:19 PM - Restore Operation
RP141: 10/18/2012 8:06:51 PM - Windows Update
RP142: 10/22/2012 12:59:42 PM - Windows Update
RP143: 10/25/2012 7:13:04 PM - Windows Update
RP144: 10/29/2012 9:00:37 AM - Windows Update
.
==== Installed Programs ======================
.
Accidental Damage Services Agreement
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Advanced Audio FX Engine
Banctec Service Agreement
Bejeweled 2 Deluxe
Build-a-lot 2
CCleaner
Complete Care Business Service Agreement
Consumer In-Home Service Agreement
D3DX10
Dell Edoc Viewer
Dell Getting Started Guide
Dell Home Systems Service Agreement
Dell Touchpad
Dell Webcam Central
Diner Dash 2 Restaurant Rescue
FamilySearch Indexing 3.15.1
HP Officejet Pro 8600 Basic Device Software
IDT Audio
Intel PROSet Wireless
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
Intel(R) PROSet/Wireless WiFi Software
Intel(R) Rapid Storage Technology
Intel(R) Turbo Boost Technology Monitor 2.0
Intel(R) WiDi
Intel(R) Wireless Display
Java Auto Updater
Java(TM) 6 Update 27 (64-bit)
Java(TM) 6 Update 35
Jewel Quest
Jewel Quest Solitaire 2
Junk Mail filter update
Malwarebytes Anti-Malware version 1.65.1.1000
Masque Casino Games
Masque IGT Slots Lil' Lady
Masque IGT Slots Little Green Men
Masque IGT Slots Lucky Larry's Lobstermania
Masque IGT Slots Texas Tea
Masque IGT Slots Wolf Run
Masque Slots
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0
Mozilla Thunderbird (3.1.20)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Penguins!
PlayReady PC Runtime x86
Poker Superstars III
Premium Service Agreement
QualxServ Service Agreement
Quicken 2010
Quickset64
Realtek Ethernet Controller Driver
Realtek USB 2.0 Card Reader
Revo Uninstaller 1.93
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
TI USB 3.0 Host Controller Driver
TI USB3 Host Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
WildTangent Games
WildTangent Games App (Dell Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
WMS Slots Reel 'em in
.
==== Event Viewer Messages From Past Week ========
.
10/29/2012 2:00:56 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================

 

11:21:29.0920 5028 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
11:21:30.0294 5028 ============================================================
11:21:30.0294 5028 Current date / time: 2012/10/30 11:21:30.0294
11:21:30.0294 5028 SystemInfo:
11:21:30.0294 5028
11:21:30.0294 5028 OS Version: 6.1.7601 ServicePack: 1.0
11:21:30.0294 5028 Product type: Workstation
11:21:30.0294 5028 ComputerName: HAROLD
11:21:30.0294 5028 UserName: Linda G
11:21:30.0294 5028 Windows directory: C:\windows
11:21:30.0294 5028 System windows directory: C:\windows
11:21:30.0294 5028 Running under WOW64
11:21:30.0294 5028 Processor architecture: Intel x64
11:21:30.0294 5028 Number of processors: 4
11:21:30.0294 5028 Page size: 0x1000
11:21:30.0294 5028 Boot type: Normal boot
11:21:30.0294 5028 ============================================================
11:21:31.0090 5028 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:21:31.0106 5028 ============================================================
11:21:31.0106 5028 \Device\Harddisk0\DR0:
11:21:31.0106 5028 MBR partitions:
11:21:31.0106 5028 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
11:21:31.0106 5028 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x48AD92B0
11:21:31.0106 5028 ============================================================
11:21:31.0137 5028 C: <-> \Device\Harddisk0\DR0\Partition2
11:21:31.0137 5028 ============================================================
11:21:31.0137 5028 Initialize success
11:21:31.0137 5028 ============================================================
11:21:39.0124 5180 ============================================================
11:21:39.0124 5180 Scan started
11:21:39.0124 5180 Mode: Manual;
11:21:39.0124 5180 ============================================================
11:21:39.0576 5180 ================ Scan system memory ========================
11:21:39.0576 5180 System memory - ok
11:21:39.0576 5180 ================ Scan services =============================
11:21:39.0951 5180 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
11:21:39.0951 5180 1394ohci - ok
11:21:40.0044 5180 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
11:21:40.0044 5180 ACPI - ok
11:21:40.0076 5180 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
11:21:40.0076 5180 AcpiPmi - ok
11:21:40.0122 5180 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
11:21:40.0138 5180 adp94xx - ok
11:21:40.0154 5180 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
11:21:40.0169 5180 adpahci - ok
11:21:40.0185 5180 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
11:21:40.0185 5180 adpu320 - ok
11:21:40.0232 5180 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
11:21:40.0232 5180 AeLookupSvc - ok
11:21:40.0341 5180 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
11:21:40.0356 5180 AESTFilters - ok
11:21:40.0403 5180 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
11:21:40.0419 5180 AFD - ok
11:21:40.0450 5180 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
11:21:40.0450 5180 agp440 - ok
11:21:40.0497 5180 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
11:21:40.0497 5180 ALG - ok
11:21:40.0512 5180 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
11:21:40.0512 5180 aliide - ok
11:21:40.0528 5180 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
11:21:40.0544 5180 amdide - ok
11:21:40.0559 5180 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
11:21:40.0559 5180 AmdK8 - ok
11:21:40.0590 5180 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
11:21:40.0590 5180 AmdPPM - ok
11:21:40.0590 5180 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
11:21:40.0590 5180 amdsata - ok
11:21:40.0653 5180 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
11:21:40.0653 5180 amdsbs - ok
11:21:40.0668 5180 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
11:21:40.0684 5180 amdxata - ok
11:21:40.0715 5180 [ 7D9E301AB3247765702D0B65E2E47E50 ] AMPPAL C:\windows\system32\DRIVERS\AMPPAL.sys
11:21:40.0731 5180 AMPPAL - ok
11:21:40.0746 5180 [ 7D9E301AB3247765702D0B65E2E47E50 ] AMPPALP C:\windows\system32\DRIVERS\amppal.sys
11:21:40.0746 5180 AMPPALP - ok
11:21:40.0934 5180 [ 864C632B999BE1237A3DC46736E71F27 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
11:21:40.0965 5180 AMPPALR3 - ok
11:21:41.0027 5180 [ 24ED0EB2B2558970176ECEE680F8F806 ] ApfiltrService C:\windows\system32\DRIVERS\Apfiltr.sys
11:21:41.0027 5180 ApfiltrService - ok
11:21:41.0058 5180 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
11:21:41.0074 5180 AppID - ok
11:21:41.0090 5180 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
11:21:41.0105 5180 AppIDSvc - ok
11:21:41.0121 5180 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
11:21:41.0121 5180 Appinfo - ok
11:21:41.0152 5180 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
11:21:41.0152 5180 arc - ok
11:21:41.0168 5180 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
11:21:41.0183 5180 arcsas - ok
11:21:41.0386 5180 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:21:41.0386 5180 aspnet_state - ok
11:21:41.0417 5180 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
11:21:41.0417 5180 AsyncMac - ok
11:21:41.0464 5180 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
11:21:41.0464 5180 atapi - ok
11:21:41.0526 5180 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
11:21:41.0542 5180 AudioEndpointBuilder - ok
11:21:41.0558 5180 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
11:21:41.0573 5180 AudioSrv - ok
11:21:41.0604 5180 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
11:21:41.0604 5180 AxInstSV - ok
11:21:41.0651 5180 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
11:21:41.0667 5180 b06bdrv - ok
11:21:41.0698 5180 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
11:21:41.0698 5180 b57nd60a - ok
11:21:41.0776 5180 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
11:21:41.0776 5180 BDESVC - ok
11:21:41.0792 5180 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
11:21:41.0792 5180 Beep - ok
11:21:41.0870 5180 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
11:21:41.0885 5180 BFE - ok
11:21:41.0948 5180 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
11:21:41.0963 5180 BITS - ok
11:21:42.0010 5180 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
11:21:42.0010 5180 blbdrive - ok
11:21:42.0119 5180 [ 5FF7B9916A10E8E69E7C0D16F0B4787A ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
11:21:42.0135 5180 Bluetooth Device Monitor - ok
11:21:42.0338 5180 [ E43D73CAF1023976EFBA1D0F0E69E271 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
11:21:42.0353 5180 Bluetooth Media Service - ok
11:21:42.0400 5180 [ 20427929646784A482DF34EF8C4FED23 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
11:21:42.0416 5180 Bluetooth OBEX Service - ok
11:21:42.0462 5180 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
11:21:42.0462 5180 bowser - ok
11:21:42.0494 5180 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
11:21:42.0494 5180 BrFiltLo - ok
11:21:42.0509 5180 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
11:21:42.0509 5180 BrFiltUp - ok
11:21:42.0540 5180 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
11:21:42.0540 5180 Browser - ok
11:21:42.0556 5180 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
11:21:42.0556 5180 Brserid - ok
11:21:42.0572 5180 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
11:21:42.0572 5180 BrSerWdm - ok
11:21:42.0572 5180 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
11:21:42.0572 5180 BrUsbMdm - ok
11:21:42.0572 5180 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
11:21:42.0587 5180 BrUsbSer - ok
11:21:42.0618 5180 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
11:21:42.0618 5180 BthEnum - ok
11:21:42.0634 5180 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
11:21:42.0650 5180 BTHMODEM - ok
11:21:42.0665 5180 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
11:21:42.0665 5180 BthPan - ok
11:21:42.0743 5180 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
11:21:42.0759 5180 BTHPORT - ok
11:21:42.0790 5180 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
11:21:42.0790 5180 bthserv - ok
11:21:42.0821 5180 [ 9E2AF97302B9F4BF97E952A865EB31AE ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
11:21:42.0821 5180 BTHSSecurityMgr - ok
11:21:42.0852 5180 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
11:21:42.0868 5180 BTHUSB - ok
11:21:42.0884 5180 [ 274E47BD9C1367BDBFA9DF10C2E6C544 ] btmaudio C:\windows\system32\drivers\btmaud.sys
11:21:42.0884 5180 btmaudio - ok
11:21:42.0915 5180 [ 75EAB5AAF6E9F83739249CE60B4B9C39 ] btmaux C:\windows\system32\DRIVERS\btmaux.sys
11:21:42.0915 5180 btmaux - ok
11:21:42.0946 5180 [ 0B1CC2221DC5990E4557A78CE9AFAD4F ] btmhsf C:\windows\system32\DRIVERS\btmhsf.sys
11:21:42.0946 5180 btmhsf - ok
11:21:42.0977 5180 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
11:21:42.0993 5180 cdfs - ok
11:21:43.0040 5180 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
11:21:43.0040 5180 cdrom - ok
11:21:43.0102 5180 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
11:21:43.0102 5180 CertPropSvc - ok
11:21:43.0118 5180 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
11:21:43.0118 5180 circlass - ok
11:21:43.0164 5180 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
11:21:43.0164 5180 CLFS - ok
11:21:43.0242 5180 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:21:43.0242 5180 clr_optimization_v2.0.50727_32 - ok
11:21:43.0289 5180 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:21:43.0305 5180 clr_optimization_v2.0.50727_64 - ok
11:21:43.0383 5180 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:21:43.0383 5180 clr_optimization_v4.0.30319_32 - ok
11:21:43.0398 5180 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:21:43.0398 5180 clr_optimization_v4.0.30319_64 - ok
11:21:43.0445 5180 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
11:21:43.0445 5180 CmBatt - ok
11:21:43.0461 5180 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
11:21:43.0461 5180 cmdide - ok
11:21:43.0508 5180 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
11:21:43.0523 5180 CNG - ok
11:21:43.0554 5180 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
11:21:43.0554 5180 Compbatt - ok
11:21:43.0586 5180 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
11:21:43.0586 5180 CompositeBus - ok
11:21:43.0601 5180 COMSysApp - ok
11:21:43.0617 5180 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
11:21:43.0617 5180 crcdisk - ok
11:21:43.0664 5180 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
11:21:43.0679 5180 CryptSvc - ok
11:21:43.0742 5180 [ BC3D4F90978CD7C8EABD1BAF3BF7873A ] CtClsFlt C:\windows\system32\DRIVERS\CtClsFlt.sys
11:21:43.0742 5180 CtClsFlt - ok
11:21:43.0788 5180 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
11:21:43.0804 5180 DcomLaunch - ok
11:21:43.0851 5180 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
11:21:43.0866 5180 defragsvc - ok
11:21:43.0898 5180 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
11:21:43.0898 5180 DfsC - ok
11:21:43.0929 5180 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
11:21:43.0929 5180 Dhcp - ok
11:21:43.0976 5180 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
11:21:43.0976 5180 discache - ok
11:21:44.0007 5180 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
11:21:44.0007 5180 Disk - ok
11:21:44.0022 5180 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
11:21:44.0038 5180 Dnscache - ok
11:21:44.0054 5180 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
11:21:44.0069 5180 dot3svc - ok
11:21:44.0069 5180 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
11:21:44.0085 5180 DPS - ok
11:21:44.0132 5180 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
11:21:44.0132 5180 drmkaud - ok
11:21:44.0178 5180 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
11:21:44.0194 5180 DXGKrnl - ok
11:21:44.0241 5180 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
11:21:44.0241 5180 EapHost - ok
11:21:44.0506 5180 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
11:21:44.0615 5180 ebdrv - ok
11:21:44.0678 5180 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
11:21:44.0678 5180 EFS - ok
11:21:44.0740 5180 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
11:21:44.0771 5180 ehRecvr - ok
11:21:44.0802 5180 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
11:21:44.0802 5180 ehSched - ok
11:21:44.0849 5180 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
11:21:44.0865 5180 elxstor - ok
11:21:44.0896 5180 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
11:21:44.0896 5180 ErrDev - ok
11:21:44.0927 5180 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
11:21:44.0943 5180 EventSystem - ok
11:21:45.0114 5180 [ E3A96D5AE6E5C7B5472011BA77353368 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
11:21:45.0130 5180 EvtEng - ok
11:21:45.0224 5180 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
11:21:45.0224 5180 exfat - ok
11:21:45.0255 5180 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
11:21:45.0255 5180 fastfat - ok
11:21:45.0302 5180 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
11:21:45.0333 5180 Fax - ok
11:21:45.0380 5180 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
11:21:45.0395 5180 fdc - ok
11:21:45.0426 5180 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
11:21:45.0426 5180 fdPHost - ok
11:21:45.0426 5180 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
11:21:45.0442 5180 FDResPub - ok
11:21:45.0458 5180 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
11:21:45.0458 5180 FileInfo - ok
11:21:45.0473 5180 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
11:21:45.0473 5180 Filetrace - ok
11:21:45.0489 5180 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
11:21:45.0489 5180 flpydisk - ok
11:21:45.0520 5180 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
11:21:45.0520 5180 FltMgr - ok
11:21:45.0582 5180 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
11:21:45.0614 5180 FontCache - ok
11:21:45.0676 5180 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:21:45.0676 5180 FontCache3.0.0.0 - ok
11:21:45.0692 5180 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
11:21:45.0692 5180 FsDepends - ok
11:21:45.0738 5180 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
11:21:45.0738 5180 Fs_Rec - ok
11:21:45.0770 5180 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
11:21:45.0785 5180 fvevol - ok
11:21:45.0801 5180 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
11:21:45.0816 5180 gagp30kx - ok
11:21:45.0863 5180 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
11:21:45.0879 5180 GamesAppService - ok
11:21:45.0910 5180 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
11:21:45.0926 5180 gpsvc - ok
11:21:45.0941 5180 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
11:21:45.0957 5180 hcw85cir - ok
11:21:45.0988 5180 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
11:21:45.0988 5180 HdAudAddService - ok
11:21:46.0050 5180 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
11:21:46.0050 5180 HDAudBus - ok
11:21:46.0050 5180 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
11:21:46.0066 5180 HidBatt - ok
11:21:46.0066 5180 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
11:21:46.0066 5180 HidBth - ok
11:21:46.0082 5180 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
11:21:46.0082 5180 HidIr - ok
11:21:46.0097 5180 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
11:21:46.0097 5180 hidserv - ok
11:21:46.0128 5180 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
11:21:46.0144 5180 HidUsb - ok
11:21:46.0175 5180 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
11:21:46.0175 5180 hkmsvc - ok
11:21:46.0206 5180 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
11:21:46.0222 5180 HomeGroupListener - ok
11:21:46.0253 5180 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
11:21:46.0253 5180 HomeGroupProvider - ok
11:21:46.0284 5180 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
11:21:46.0284 5180 HpSAMD - ok
11:21:46.0316 5180 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
11:21:46.0347 5180 HTTP - ok
11:21:46.0347 5180 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
11:21:46.0362 5180 hwpolicy - ok
11:21:46.0378 5180 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
11:21:46.0378 5180 i8042prt - ok
11:21:46.0425 5180 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
11:21:46.0440 5180 iaStor - ok
11:21:46.0518 5180 [ 8FFF9083252C16FE3960173722605E9E ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
11:21:46.0518 5180 IAStorDataMgrSvc - ok
11:21:46.0581 5180 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
11:21:46.0596 5180 iaStorV - ok
11:21:46.0628 5180 [ 8A4EC1C3F10385181B1066120C610AE5 ] iBtFltCoex C:\windows\system32\DRIVERS\iBtFltCoex.sys
11:21:46.0643 5180 iBtFltCoex - ok
11:21:46.0737 5180 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:21:46.0753 5180 idsvc - ok
11:21:47.0189 5180 [ 174BCAC474DE13B2650E444CF124828E ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
11:21:47.0377 5180 igfx - ok
11:21:47.0470 5180 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
11:21:47.0470 5180 iirsp - ok
11:21:47.0517 5180 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
11:21:47.0548 5180 IKEEXT - ok
11:21:47.0611 5180 [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\windows\system32\drivers\intelaud.sys
11:21:47.0611 5180 intaud_WaveExtensible - ok
11:21:47.0657 5180 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
11:21:47.0657 5180 IntcDAud - ok
11:21:47.0704 5180 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
11:21:47.0704 5180 intelide - ok
11:21:47.0720 5180 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
11:21:47.0720 5180 intelppm - ok
11:21:47.0735 5180 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
11:21:47.0751 5180 IPBusEnum - ok
11:21:47.0767 5180 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
11:21:47.0767 5180 IpFilterDriver - ok
11:21:47.0782 5180 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
11:21:47.0798 5180 iphlpsvc - ok
11:21:47.0798 5180 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
11:21:47.0798 5180 IPMIDRV - ok
11:21:47.0813 5180 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
11:21:47.0813 5180 IPNAT - ok
11:21:47.0829 5180 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
11:21:47.0829 5180 IRENUM - ok
11:21:47.0829 5180 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
11:21:47.0829 5180 isapnp - ok
11:21:47.0845 5180 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
11:21:47.0845 5180 iScsiPrt - ok
11:21:47.0891 5180 [ 716F66336F10885D935B08174DC54242 ] iwdbus C:\windows\system32\DRIVERS\iwdbus.sys
11:21:47.0891 5180 iwdbus - ok
11:21:47.0923 5180 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
11:21:47.0923 5180 kbdclass - ok
11:21:47.0938 5180 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
11:21:47.0938 5180 kbdhid - ok
11:21:47.0954 5180 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
11:21:47.0954 5180 KeyIso - ok
11:21:47.0969 5180 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
11:21:47.0985 5180 KSecDD - ok
11:21:48.0001 5180 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
11:21:48.0001 5180 KSecPkg - ok
11:21:48.0016 5180 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
11:21:48.0016 5180 ksthunk - ok
11:21:48.0047 5180 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
11:21:48.0047 5180 KtmRm - ok
11:21:48.0110 5180 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
11:21:48.0125 5180 LanmanServer - ok
11:21:48.0157 5180 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
11:21:48.0172 5180 LanmanWorkstation - ok
11:21:48.0219 5180 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
11:21:48.0219 5180 lltdio - ok
11:21:48.0250 5180 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
11:21:48.0266 5180 lltdsvc - ok
11:21:48.0266 5180 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
11:21:48.0281 5180 lmhosts - ok
11:21:48.0344 5180 [ 0803906D607A9B83184447B75B60ECC2 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
11:21:48.0344 5180 LMS - ok
11:21:48.0391 5180 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
11:21:48.0391 5180 LSI_FC - ok
11:21:48.0406 5180 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
11:21:48.0422 5180 LSI_SAS - ok
11:21:48.0422 5180 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
11:21:48.0422 5180 LSI_SAS2 - ok
11:21:48.0437 5180 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
11:21:48.0437 5180 LSI_SCSI - ok
11:21:48.0484 5180 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
11:21:48.0484 5180 luafv - ok
11:21:48.0547 5180 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\windows\system32\drivers\mbam.sys
11:21:48.0547 5180 MBAMProtector - ok
11:21:48.0656 5180 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-

 

Malware\mbamscheduler.exe
11:21:48.0687 5180 MBAMScheduler - ok
11:21:48.0718 5180 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:21:48.0718 5180 MBAMService - ok
11:21:48.0765 5180 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
11:21:48.0765 5180 Mcx2Svc - ok
11:21:48.0796 5180 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
11:21:48.0796 5180 megasas - ok
11:21:48.0827 5180 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
11:21:48.0827 5180 MegaSR - ok
11:21:48.0859 5180 [ 1C6E73FC46B509EFF9D0086AA37132DF ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
11:21:48.0859 5180 MEIx64 - ok
11:21:48.0905 5180 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
11:21:48.0905 5180 MMCSS - ok
11:21:48.0921 5180 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
11:21:48.0937 5180 Modem - ok
11:21:48.0952 5180 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
11:21:48.0952 5180 monitor - ok
11:21:48.0968 5180 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
11:21:48.0968 5180 mouclass - ok
11:21:48.0983 5180 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
11:21:48.0983 5180 mouhid - ok
11:21:49.0015 5180 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
11:21:49.0015 5180 mountmgr - ok
11:21:49.0077 5180 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\windows\system32\DRIVERS\MpFilter.sys
11:21:49.0093 5180 MpFilter - ok
11:21:49.0108 5180 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
11:21:49.0108 5180 mpio - ok
11:21:49.0124 5180 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
11:21:49.0124 5180 mpsdrv - ok
11:21:49.0171 5180 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
11:21:49.0186 5180 MpsSvc - ok
11:21:49.0217 5180 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
11:21:49.0217 5180 MRxDAV - ok
11:21:49.0249 5180 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
11:21:49.0264 5180 mrxsmb - ok
11:21:49.0295 5180 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
11:21:49.0295 5180 mrxsmb10 - ok
11:21:49.0327 5180 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
11:21:49.0327 5180 mrxsmb20 - ok
11:21:49.0358 5180 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
11:21:49.0358 5180 msahci - ok
11:21:49.0389 5180 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
11:21:49.0389 5180 msdsm - ok
11:21:49.0405 5180 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
11:21:49.0405 5180 MSDTC - ok
11:21:49.0420 5180 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
11:21:49.0420 5180 Msfs - ok
11:21:49.0436 5180 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
11:21:49.0436 5180 mshidkmdf - ok
11:21:49.0467 5180 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
11:21:49.0467 5180 msisadrv - ok
11:21:49.0483 5180 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
11:21:49.0483 5180 MSiSCSI - ok
11:21:49.0498 5180 msiserver - ok
11:21:49.0529 5180 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
11:21:49.0529 5180 MSKSSRV - ok
11:21:49.0623 5180 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
11:21:49.0623 5180 MsMpSvc - ok
11:21:49.0639 5180 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
11:21:49.0639 5180 MSPCLOCK - ok
11:21:49.0654 5180 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
11:21:49.0654 5180 MSPQM - ok
11:21:49.0670 5180 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
11:21:49.0670 5180 MsRPC - ok
11:21:49.0717 5180 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
11:21:49.0717 5180 mssmbios - ok
11:21:49.0748 5180 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
11:21:49.0748 5180 MSTEE - ok
11:21:49.0763 5180 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
11:21:49.0763 5180 MTConfig - ok
11:21:49.0779 5180 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
11:21:49.0795 5180 Mup - ok
11:21:49.0826 5180 [ 8F57DB74BF5407A4CDA6C8B005DC8DD0 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
11:21:49.0826 5180 MyWiFiDHCPDNS - ok
11:21:49.0919 5180 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
11:21:49.0935 5180 napagent - ok
11:21:49.0966 5180 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
11:21:49.0966 5180 NativeWifiP - ok
11:21:50.0013 5180 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
11:21:50.0044 5180 NDIS - ok
11:21:50.0075 5180 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
11:21:50.0091 5180 NdisCap - ok
11:21:50.0107 5180 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
11:21:50.0107 5180 NdisTapi - ok
11:21:50.0122 5180 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
11:21:50.0138 5180 Ndisuio - ok
11:21:50.0153 5180 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
11:21:50.0169 5180 NdisWan - ok
11:21:50.0185 5180 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
11:21:50.0185 5180 NDProxy - ok
11:21:50.0200 5180 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
11:21:50.0200 5180 NetBIOS - ok
11:21:50.0231 5180 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
11:21:50.0247 5180 NetBT - ok
11:21:50.0263 5180 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
11:21:50.0263 5180 Netlogon - ok
11:21:50.0309 5180 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
11:21:50.0309 5180 Netman - ok
11:21:50.0356 5180 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:21:50.0356 5180 NetMsmqActivator - ok
11:21:50.0372 5180 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:21:50.0372 5180 NetPipeActivator - ok
11:21:50.0403 5180 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
11:21:50.0403 5180 netprofm - ok
11:21:50.0419 5180 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:21:50.0419 5180 NetTcpActivator - ok
11:21:50.0419 5180 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:21:50.0419 5180 NetTcpPortSharing - ok
11:21:50.0809 5180 [ 50AD7F7040C22BB7CAA59A0880875A21 ] NETwNs64 C:\windows\system32\DRIVERS\NETwNs64.sys
11:21:50.0965 5180 NETwNs64 - ok
11:21:51.0011 5180 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
11:21:51.0011 5180 nfrd960 - ok
11:21:51.0058 5180 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\windows\system32\DRIVERS\NisDrvWFP.sys
11:21:51.0074 5180 NisDrv - ok
11:21:51.0121 5180 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
11:21:51.0136 5180 NisSrv - ok
11:21:51.0183 5180 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
11:21:51.0199 5180 NlaSvc - ok
11:21:51.0199 5180 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
11:21:51.0199 5180 Npfs - ok
11:21:51.0214 5180 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
11:21:51.0214 5180 nsi - ok
11:21:51.0230 5180 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
11:21:51.0230 5180 nsiproxy - ok
11:21:51.0323 5180 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
11:21:51.0386 5180 Ntfs - ok
11:21:51.0386 5180 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
11:21:51.0386 5180 Null - ok
11:21:51.0401 5180 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
11:21:51.0401 5180 nvraid - ok
11:21:51.0417 5180 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
11:21:51.0417 5180 nvstor - ok
11:21:51.0433 5180 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
11:21:51.0433 5180 nv_agp - ok
11:21:51.0635 5180 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:21:51.0651 5180 odserv - ok
11:21:51.0667 5180 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
11:21:51.0682 5180 ohci1394 - ok
11:21:51.0729 5180 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:21:51.0729 5180 ose - ok
11:21:51.0776 5180 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
11:21:51.0776 5180 p2pimsvc - ok
11:21:51.0838 5180 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
11:21:51.0854 5180 p2psvc - ok
11:21:51.0885 5180 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
11:21:51.0885 5180 Parport - ok
11:21:51.0916 5180 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
11:21:51.0916 5180 partmgr - ok
11:21:51.0932 5180 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
11:21:51.0947 5180 PcaSvc - ok
11:21:51.0963 5180 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
11:21:51.0963 5180 pci - ok
11:21:51.0979 5180 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
11:21:51.0979 5180 pciide - ok
11:21:51.0994 5180 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
11:21:51.0994 5180 pcmcia - ok
11:21:52.0010 5180 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
11:21:52.0025 5180 pcw - ok
11:21:52.0025 5180 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
11:21:52.0057 5180 PEAUTH - ok
11:21:52.0259 5180 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
11:21:52.0259 5180 PerfHost - ok
11:21:52.0337 5180 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
11:21:52.0384 5180 pla - ok
11:21:52.0525 5180 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
11:21:52.0556 5180 PlugPlay - ok
11:21:52.0618 5180 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
11:21:52.0618 5180 PNRPAutoReg - ok
11:21:52.0634 5180 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
11:21:52.0649 5180 PNRPsvc - ok
11:21:52.0681 5180 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
11:21:52.0681 5180 PolicyAgent - ok
11:21:52.0712 5180 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
11:21:52.0727 5180 Power - ok
11:21:52.0774 5180 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
11:21:52.0774 5180 PptpMiniport - ok
11:21:52.0790 5180 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
11:21:52.0790 5180 Processor - ok
11:21:52.0837 5180 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
11:21:52.0852 5180 ProfSvc - ok
11:21:52.0868 5180 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
11:21:52.0868 5180 ProtectedStorage - ok
11:21:52.0899 5180 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
11:21:52.0915 5180 Psched - ok
11:21:52.0946 5180 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\windows\system32\Drivers\PxHlpa64.sys
11:21:52.0961 5180 PxHlpa64 - ok
11:21:53.0071 5180 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
11:21:53.0102 5180 ql2300 - ok
11:21:53.0117 5180 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
11:21:53.0117 5180 ql40xx - ok
11:21:53.0149 5180 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
11:21:53.0149 5180 QWAVE - ok
11:21:53.0180 5180 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
11:21:53.0180 5180 QWAVEdrv - ok
11:21:53.0211 5180 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
11:21:53.0211 5180 RasAcd - ok
11:21:53.0242 5180 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
11:21:53.0242 5180 RasAgileVpn - ok
11:21:53.0258 5180 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
11:21:53.0258 5180 RasAuto - ok
11:21:53.0273 5180 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
11:21:53.0289 5180 Rasl2tp - ok
11:21:53.0305 5180 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
11:21:53.0320 5180 RasMan - ok
11:21:53.0336 5180 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
11:21:53.0336 5180 RasPppoe - ok
11:21:53.0351 5180 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
11:21:53.0351 5180 RasSstp - ok
11:21:53.0367 5180 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
11:21:53.0367 5180 rdbss - ok
11:21:53.0383 5180 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
11:21:53.0398 5180 rdpbus - ok
11:21:53.0398 5180 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
11:21:53.0398 5180 RDPCDD - ok
11:21:53.0414 5180 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
11:21:53.0414 5180 RDPENCDD - ok
11:21:53.0429 5180 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
11:21:53.0429 5180 RDPREFMP - ok
11:21:53.0461 5180 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
11:21:53.0461 5180 RDPWD - ok
11:21:53.0476 5180 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
11:21:53.0476 5180 rdyboost - ok
11:21:53.0648 5180 [ FD11C1287D38A46FB72353E14D50089C ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
11:21:53.0695 5180 RegSrvc - ok
11:21:53.0741 5180 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
11:21:53.0741 5180 RemoteAccess - ok
11:21:53.0788 5180 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
11:21:53.0788 5180 RemoteRegistry - ok
11:21:53.0835 5180 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
11:21:53.0851 5180 RFCOMM - ok
11:21:53.0866 5180 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
11:21:53.0866 5180 RpcEptMapper - ok
11:21:53.0897 5180 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
11:21:53.0897 5180 RpcLocator - ok
11:21:53.0929 5180 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
11:21:53.0929 5180 RpcSs - ok
11:21:53.0944 5180 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
11:21:53.0960 5180 rspndr - ok
11:21:54.0022 5180 [ BE29B0A3AC1E8BD02FFAB8CEE86BADFA ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
11:21:54.0022 5180 RSUSBSTOR - ok
11:21:54.0053 5180 [ 2777226EE8BF50B059D7A7C90177E99C ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
11:21:54.0069 5180 RTL8167 - ok
11:21:54.0116 5180 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
11:21:54.0116 5180 SamSs - ok
11:21:54.0147 5180 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
11:21:54.0147 5180 sbp2port - ok
11:21:54.0178 5180 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
11:21:54.0194 5180 SCardSvr - ok
11:21:54.0209 5180 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
11:21:54.0225 5180 scfilter - ok
11:21:54.0272 5180 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
11:21:54.0303 5180 Schedule - ok
11:21:54.0334 5180 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
11:21:54.0334 5180 SCPolicySvc - ok
11:21:54.0334 5180 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
11:21:54.0350 5180 SDRSVC - ok
11:21:54.0428 5180 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
11:21:54.0443 5180 secdrv - ok
11:21:54.0459 5180 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
11:21:54.0459 5180 seclogon - ok
11:21:54.0490 5180 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
11:21:54.0490 5180 SENS - ok
11:21:54.0521 5180 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
11:21:54.0521 5180 SensrSvc - ok
11:21:54.0553 5180 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
11:21:54.0553 5180 Serenum - ok
11:21:54.0584 5180 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
11:21:54.0584 5180 Serial - ok
11:21:54.0599 5180 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
11:21:54.0615 5180 sermouse - ok
11:21:54.0662 5180 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
11:21:54.0662 5180 SessionEnv - ok
11:21:54.0693 5180 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
11:21:54.0693 5180 sffdisk - ok
11:21:54.0709 5180 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
11:21:54.0709 5180 sffp_mmc - ok
11:21:54.0724 5180 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
11:21:54.0724 5180 sffp_sd - ok
11:21:54.0755 5180 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
11:21:54.0755 5180 sfloppy - ok
11:21:54.0787 5180 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
11:21:54.0802 5180 SharedAccess - ok
11:21:54.0833 5180 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
11:21:54.0849 5180 ShellHWDetection - ok
11:21:54.0865 5180 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
11:21:54.0865 5180 SiSRaid2 - ok
11:21:54.0880 5180 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
11:21:54.0880 5180 SiSRaid4 - ok
11:21:54.0896 5180 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
11:21:54.0896 5180 Smb - ok
11:21:54.0927 5180 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
11:21:54.0943 5180 SNMPTRAP - ok
11:21:54.0958 5180 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
11:21:54.0958 5180 spldr - ok
11:21:55.0036 5180 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
11:21:55.0052 5180 Spooler - ok
11:21:55.0317 5180 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
11:21:55.0411 5180 sppsvc - ok
11:21:55.0411 5180 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
11:21:55.0426 5180 sppuinotify - ok
11:21:55.0457 5180 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
11:21:55.0473 5180 srv - ok
11:21:55.0489 5180 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
11:21:55.0489 5180 srv2 - ok
11:21:55.0520 5180 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
11:21:55.0520 5180 srvnet - ok
11:21:55.0567 5180 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
11:21:55.0567 5180 SSDPSRV - ok
11:21:55.0598 5180 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
11:21:55.0598 5180 SstpSvc - ok
11:21:55.0707 5180 [ B2D8B364A831427A5741F6C408FA8AE3 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
11:21:55.0723 5180 STacSV - ok
11:21:55.0754 5180 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
11:21:55.0754 5180 stexstor - ok
11:21:55.0801 5180 [ EF5ACDE92BA3F691BBFEF781CB063501 ] STHDA C:\windows\system32\DRIVERS\stwrt64.sys
11:21:55.0801 5180 STHDA - ok
11:21:55.0879 5180 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\windows\system32\DRIVERS\serscan.sys
11:21:55.0879 5180 StillCam - ok
11:21:55.0941 5180 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
11:21:55.0957 5180 stisvc - ok
11:21:55.0988 5180 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
11:21:55.0988 5180 swenum - ok
11:21:56.0050 5180 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
11:21:56.0066 5180 swprv - ok
11:21:56.0331 5180 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
11:21:56.0393 5180 SysMain - ok
11:21:56.0409 5180 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
11:21:56.0409 5180 TabletInputService - ok
11:21:56.0425 5180 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
11:21:56.0440 5180 TapiSrv - ok
11:21:56.0456 5180 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
11:21:56.0456 5180 TBS - ok
11:21:56.0549 5180 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\windows\system32\drivers\tcpip.sys
11:21:56.0612 5180 Tcpip - ok
11:21:56.0705 5180 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
11:21:56.0737 5180 TCPIP6 - ok
11:21:56.0783 5180 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
11:21:56.0783 5180 tcpipreg - ok
11:21:56.0815 5180 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
11:21:56.0815 5180 TDPIPE - ok
11:21:56.0846 5180 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
11:21:56.0846 5180 TDTCP - ok
11:21:56.0861 5180 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
11:21:56.0877 5180 tdx - ok
11:21:56.0893 5180 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
11:21:56.0893 5180 TermDD - ok
11:21:56.0971 5180 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
11:21:56.0986 5180 TermService - ok
11:21:57.0017 5180 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
11:21:57.0017 5180 Themes - ok
11:21:57.0033 5180 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
11:21:57.0033 5180 THREADORDER - ok
11:21:57.0080 5180 [ 68FE3D89829E27D4FD5EEA7BD2C41985 ] tihub3 C:\windows\system32\DRIVERS\tihub3.sys
11:21:57.0080 5180 tihub3 - ok
11:21:57.0142 5180 [ 0102C9633CE1F18A6AC021F28B734DB5 ] tixhci C:\windows\system32\DRIVERS\tixhci.sys
11:21:57.0142 5180 tixhci - ok
11:21:57.0158 5180 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
11:21:57.0158 5180 TrkWks - ok
11:21:57.0220 5180 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
11:21:57.0220 5180 TrustedInstaller - ok
11:21:57.0251 5180 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
11:21:57.0251 5180 tssecsrv - ok
11:21:57.0267 5180 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
11:21:57.0283 5180 TsUsbFlt - ok
11:21:57.0298 5180 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
11:21:57.0298 5180 TsUsbGD - ok
11:21:57.0329 5180 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
11:21:57.0329 5180 tunnel - ok
11:21:57.0376 5180 [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB C:\windows\system32\DRIVERS\TurboB.sys
11:21:57.0407 5180 TurboB - ok
11:21:57.0439 5180 [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
11:21:57.0501 5180 TurboBoost - ok
11:21:57.0517 5180 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
11:21:57.0517 5180 uagp35 - ok
11:21:57.0548 5180 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
11:21:57.0548 5180 udfs - ok
11:21:57.0579 5180 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
11:21:57.0579 5180 UI0Detect - ok
11:21:57.0610 5180 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
11:21:57.0610 5180 uliagpkx - ok
11:21:57.0657 5180 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
11:21:57.0657 5180 umbus - ok
11:21:57.0688 5180 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
11:21:57.0688 5180 UmPass - ok
11:21:57.0829 5180 [ EB79C6C91A99930015EF29AE7FA802D1 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
11:21:57.0844 5180 UNS - ok
11:21:57.0875 5180 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
11:21:57.0875 5180 upnphost - ok
11:21:57.0907 5180 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
11:21:57.0907 5180 usbccgp - ok
11:21:57.0938 5180 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
11:21:57.0938 5180 usbcir - ok
11:21:57.0953 5180 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
11:21:57.0969 5180 usbehci - ok
11:21:58.0000 5180 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
11:21:58.0000 5180 usbhub - ok
11:21:58.0063 5180 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
11:21:58.0063 5180 usbohci - ok
11:21:58.0078 5180 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\drivers\usbprint.sys
11:21:58.0078 5180 usbprint - ok
11:21:58.0109 5180 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
11:21:58.0109 5180 USBSTOR - ok
11:21:58.0125 5180 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
11:21:58.0125 5180 usbuhci - ok
11:21:58.0156 5180 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
11:21:58.0156 5180 usbvideo - ok
11:21:58.0187 5180 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
11:21:58.0187 5180 UxSms - ok
11:21:58.0203 5180 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
11:21:58.0203 5180 VaultSvc - ok
11:21:58.0219 5180 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
11:21:58.0219 5180 vdrvroot - ok
11:21:58.0265 5180 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
11:21:58.0281 5180 vds - ok
11:21:58.0312 5180 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
11:21:58.0312 5180 vga - ok
11:21:58.0328 5180 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
11:21:58.0328 5180 VgaSave - ok
11:21:58.0359 5180 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
11:21:58.0359 5180 vhdmp - ok
11:21:58.0390 5180 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
11:21:58.0390 5180 viaide - ok
11:21:58.0390 5180 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
11:21:58.0390 5180 volmgr - ok
11:21:58.0421 5180 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
11:21:58.0437 5180 volmgrx - ok
11:21:58.0468 5180 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
11:21:58.0468 5180 volsnap - ok
11:21:58.0499 5180 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
11:21:58.0515 5180 vsmraid - ok
11:21:58.0593 5180 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
11:21:58.0671 5180 VSS - ok
11:21:58.0687 5180 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
11:21:58.0687 5180 vwifibus - ok
11:21:58.0702 5180 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
11:21:58.0702 5180 vwififlt - ok
11:21:58.0733 5180 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
11:21:58.0733 5180 vwifimp - ok
11:21:58.0780 5180 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
11:21:58.0780 5180 W32Time - ok
11:21:58.0827 5180 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
11:21:58.0827 5180 WacomPen - ok
11:21:58.0843 5180 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
11:21:58.0843 5180 WANARP - ok
11:21:58.0858 5180 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
11:21:58.0858 5180 Wanarpv6 - ok
11:21:59.0014 5180 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
11:21:59.0030 5180 WatAdminSvc - ok
11:21:59.0108 5180 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
11:21:59.0186 5180 wbengine - ok
11:21:59.0201 5180 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
11:21:59.0201 5180 WbioSrvc - ok
11:21:59.0233 5180 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
11:21:59.0233 5180 wcncsvc - ok
11:21:59.0248 5180 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
11:21:59.0248 5180 WcsPlugInService - ok
11:21:59.0279 5180 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
11:21:59.0279 5180 Wd - ok
11:21:59.0295 5180 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
11:21:59.0295 5180 Wdf01000 - ok
11:21:59.0357 5180 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
11:21:59.0373 5180 WdiServiceHost - ok
11:21:59.0373 5180 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
11:21:59.0389 5180 WdiSystemHost - ok
11:21:59.0404 5180 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
11:21:59.0420 5180 WebClient - ok
11:21:59.0435 5180 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
11:21:59.0435 5180 Wecsvc - ok
11:21:59.0467 5180 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
11:21:59.0467 5180 wercplsupport - ok
11:21:59.0498 5180 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
11:21:59.0498 5180 WerSvc - ok
11:21:59.0513 5180 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
11:21:59.0513 5180 WfpLwf - ok
11:21:59.0560 5180 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\windows\system32\DRIVERS\wimfltr.sys
11:21:59.0576 5180 WimFltr - ok
11:21:59.0591 5180 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
11:21:59.0591 5180 WIMMount - ok
11:21:59.0623 5180 WinDefend - ok
11:21:59.0623 5180 WinHttpAutoProxySvc - ok
11:21:59.0716 5180 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
11:21:59.0732 5180 Winmgmt - ok
11:21:59.0825 5180 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
11:21:59.0857 5180 WinRM - ok
11:21:59.0935 5180 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
11:21:59.0966 5180 Wlansvc - ok
11:21:59.0997 5180 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:21:59.0997 5180 wlcrasvc - ok
11:22:00.0122 5180 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:22:00.0215 5180 wlidsvc - ok
11:22:00.0278 5180 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
11:22:00.0278 5180 WmiAcpi - ok
11:22:00.0340 5180 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
11:22:00.0371 5180 wmiApSrv - ok
11:22:00.0403 5180 WMPNetworkSvc - ok
11:22:00.0434 5180 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
11:22:00.0449 5180 WPCSvc - ok
11:22:00.0465 5180 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
11:22:00.0465 5180 WPDBusEnum - ok
11:22:00.0481 5180 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
11:22:00.0481 5180 ws2ifsl - ok
11:22:00.0496 5180 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
11:22:00.0512 5180 wscsvc - ok
11:22:00.0543 5180 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\windows\system32\DRIVERS\WSDPrint.sys
11:22:00.0543 5180 WSDPrintDevice - ok
11:22:00.0543 5180 WSearch - ok
11:22:00.0637 5180 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
11:22:00.0730 5180 wuauserv - ok
11:22:00.0746 5180 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
11:22:00.0746 5180 WudfPf - ok
11:22:00.0808 5180 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
11:22:00.0808 5180 WUDFRd - ok
11:22:00.0824 5180 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
11:22:00.0871 5180 wudfsvc - ok
11:22:00.0886 5180 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
11:22:00.0886 5180 WwanSvc - ok
11:22:00.0933 5180 ================ Scan global ===============================
11:22:00.0964 5180 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
11:22:00.0995 5180 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
11:22:01.0011 5180 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
11:22:01.0042 5180 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
11:22:01.0073 5180 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
11:22:01.0073 5180 [Global] - ok
11:22:01.0073 5180 ================ Scan MBR ==================================
11:22:01.0089 5180 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:22:01.0463 5180 \Device\Harddisk0\DR0 - ok
11:22:01.0463 5180 ================ Scan VBR ==================================
11:22:01.0479 5180 [ 17E6064B18AA88ED8319B3238FE06A25 ] \Device\Harddisk0\DR0\Partition1
11:22:01.0479 5180 \Device\Harddisk0\DR0\Partition1 - ok
11:22:01.0495 5180 [ 723FFEBDE086355CE5F5C8E20D4FDB4A ] \Device\Harddisk0\DR0\Partition2
11:22:01.0495 5180 \Device\Harddisk0\DR0\Partition2 - ok
11:22:01.0495 5180 ============================================================
11:22:01.0495 5180 Scan finished
11:22:01.0495 5180 ============================================================
11:22:01.0510 0744 Detected object count: 0
11:22:01.0510 0744 Actual detected object count: 0
11:26:19.0607 2036 Deinitialize success

 

RogueKiller V8.2.1 [10/29/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Linda G [Admin rights]
Mode : Scan -- Date : 10/30/2012 11:35:03

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD6400BPVT-75HXZT3 +++++
--- User ---
[MBR] 4977eac23a81edf6970f23e9c3081796
[BSP] ec91177ccbd898511568c5b5fd4d9fcf : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 595378 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

 

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.30.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Linda G :: HAROLD [administrator]

10/30/2012 11:37:02 AM
mbam-log-2012-10-30 (11-37-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211333
Time elapsed: 4 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

ComboFix 12-10-30.03 - Linda G 10/30/2012 21:12:07.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4002.2340 [GMT -4:00]
Running from: c:\users\Linda G\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Linda G\AppData\Roaming\Microsoft\Windows\Cookies\index (1).dat
c:\users\Linda G\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2012-09-28 to 2012-10-31 )))))))))))))))))))))))))))))))
.
.
2012-10-31 01:15 . 2012-10-31 01:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-30 22:44 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{741E01A6-653E-4282-9DF1-B491F335020A}\mpengine.dll
2012-10-29 17:52 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-20 10:58 . 2012-10-20 11:00 -------- d-----w- c:\users\Linda G\.FamilySearchIndexing
2012-10-20 10:44 . 2012-10-03 09:39 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{539B24DA-7059-471E-BAC4-8E57B73147D9}\gapaengine.dll
2012-10-03 09:39 . 2012-10-03 09:39 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 13:22 . 2012-02-14 12:51 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-29 23:54 . 2012-02-25 14:17 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-31 02:03 . 2012-08-31 02:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 02:03 . 2012-03-21 00:44 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-29 00:24 . 2012-07-18 13:03 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-08-29 00:24 . 2011-11-08 10:26 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-24 11:15 . 2012-09-26 10:53 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-26 10:53 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-26 10:53 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-26 10:53 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-26 10:53 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-26 10:53 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-26 10:53 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-26 10:53 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-26 10:53 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-26 10:53 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-26 10:53 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-26 10:53 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-26 10:53 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-26 10:53 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-26 10:53 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-26 10:53 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-26 10:53 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-26 10:53 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-26 10:53 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-26 10:53 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-26 10:53 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-26 10:53 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 10:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 10:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 10:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 10:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-26 10:55 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 17:38 . 2012-10-10 10:35 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-12 10:12 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 10:12 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"WLSync "= "c:\program files (x86)\Windows Live\Mesh\WLSync.exe" [2012-03-08 1449824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central "= "c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"IAStorIcon "= "c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"HP Software Update "= "c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"SunJavaUpdateSched "= "c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 5 (0x5)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableUIADesktopToggle "= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs "=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "
.
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-05-19 995392]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 299008]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-05-19 1335360]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-06-21 34200]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-20 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-08 1166848]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-05-19 921664]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 299008]
S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2011-05-19 51712]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-05-19 53248]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-07-19 282624]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-07-20 59904]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-06-21 25496]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-21 56344]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-08-03 8604672]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-10-26 406632]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\DRIVERS\tihub3.sys [2011-07-20 136000]
S3 tixhci;TI XHCI Service;c:\windows\system32\DRIVERS\tixhci.sys [2011-07-20 406336]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2011-04-20 168216]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2011-04-20 392472]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2011-04-20 416024]
"SysTrayApp "= "c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"Apoint "= "c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]
"IntelTBRunOnce "= "wscript.exe" [2009-07-14 168960]
"IntelPAN "= "c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
"BTMTrayAgent "= "c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-05-19 10365952]
"MSC "= "c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dogpile.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: familysearch.org\indexing
Trusted Zone: lasvegasadvisor.com\www
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Shockwave Flash Object "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx "
"ThreadingModel "= "Apartment "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@= "0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@= "ShockwaveFlash.ShockwaveFlash.10 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "ShockwaveFlash.ShockwaveFlash "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Macromedia Flash Factory Object "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx "
"ThreadingModel "= "Apartment "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@= "FlashFactory.FlashFactory.1 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "FlashFactory.FlashFactory "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-30 21:17:01
ComboFix-quarantined-files.txt 2012-10-31 01:17
.
Pre-Run: 565,690,605,568 bytes free
Post-Run: 565,170,667,520 bytes free
.
- - End Of File - - 39175287732DC9B7749DF59DA21C10C0

 

OTL logfile created on: 11/1/2012 8:02:39 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Linda G\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.10 Gb Available Physical Memory | 53.70% Memory free
7.81 Gb Paging File | 5.87 Gb Available in Paging File | 75.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.42 Gb Total Space | 521.47 Gb Free Space | 89.69% Space Free | Partition Type: NTFS

Computer Name: HAROLD | User Name: Linda G | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/01 08:01:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Linda G\Desktop\OTL.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/05/19 03:16:48 | 000,995,392 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011/05/19 03:16:46 | 001,335,360 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011/05/19 03:16:36 | 000,921,664 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011/05/19 03:16:34 | 000,839,744 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2011/04/13 12:39:14 | 000,503,942 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2010/11/06 01:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/06 01:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/10/05 23:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/10/05 23:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/15 12:38:39 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2e16482769fcdf856919e292a968f16c\IAStorUtil.ni.dll
MOD - [2012/06/15 08:54:50 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/15 08:54:44 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/05/13 12:20:49 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b2b9f4ec1819e4b95792d92f56d26f9\IAStorCommon.ni.dll
MOD - [2012/05/13 10:13:36 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/13 10:13:02 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/13 10:12:58 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/13 10:12:55 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/13 10:12:55 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/13 10:12:50 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/08/08 09:39:18 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/07/27 23:04:48 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/07/27 22:48:34 | 000,340,240 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/07/27 22:44:18 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/06/03 14:51:38 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2011/01/25 05:57:18 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/11/29 17:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/03 06:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/05/19 03:16:48 | 000,995,392 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/05/19 03:16:46 | 001,335,360 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/05/19 03:16:36 | 000,921,664 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2010/11/06 01:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/10/05 23:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/10/05 23:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/08 09:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011/08/08 09:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/08/03 19:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/07/20 18:21:50 | 000,406,336 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci)
DRV:64bit: - [2011/07/20 18:21:50 | 000,136,000 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3)
DRV:64bit: - [2011/07/19 20:54:06 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/07/19 17:13:42 | 000,282,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/06/21 17:19:14 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/06/21 17:19:12 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/05/19 03:17:04 | 000,053,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011/05/19 03:17:02 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaud.sys -- (btmaudio)
DRV:64bit: - [2011/05/13 04:28:46 | 000,363,856 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/04/10 15:51:06 | 012,223,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/25 05:57:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/01/20 13:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2010/11/29 17:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/06 19:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/29 20:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/10/26 15:08:08 | 000,406,632 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/10/15 05:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/21 11:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/03/19 05:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 14:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-858795261-2083368777-664361467-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
IE - HKU\S-1-5-21-858795261-2083368777-664361467-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-858795261-2083368777-664361467-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-858795261-2083368777-664361467-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/06/05 15:31:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2012/02/14 00:31:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Linda G\AppData\Roaming\Mozilla\Extensions
[2011/05/24 23:05:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Linda G\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

O1 HOSTS File: ([2012/10/30 21:15:45 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-858795261-2083368777-664361467-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-858795261-2083368777-664361467-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-858795261-2083368777-664361467-1000\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
O15 - HKU\S-1-5-21-858795261-2083368777-664361467-1000\..Trusted Domains: familysearch.org ([indexing] https in Trusted sites)
O15 - HKU\S-1-5-21-858795261-2083368777-664361467-1000\..Trusted Domains: lasvegasadvisor.com ([www] http in Trusted sites)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F7D5BCC-E91C-450F-9EB5-877123739309}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/01 08:01:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Linda G\Desktop\OTL.exe
[2012/11/01 07:59:12 | 000,000,000 | ---D | C] -- C:\Users\Linda G\AppData\Local\{74DB80AA-E0D7-48AC-B2A0-B347F9478922}
[2012/10/31 06:35:01 | 000,000,000 | ---D | C] -- C:\Users\Linda G\AppData\Local\{42D6A215-A5ED-4EF5-B97B-78498477F538}
[2012/10/31 05:46:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/30 21:17:03 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/10/30 21:10:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/10/30 21:10:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/10/30 21:10:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/10/30 21:02:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/30 21:02:43 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/10/30 20:57:58 | 004,991,862 | R--- | C] (Swearware) -- C:\Users\Linda G\Desktop\ComboFix.exe
[2012/10/30 18:34:37 | 000,000,000 | ---D | C] -- C:\Users\Linda G\AppData\Local\{C71833E7-250B-4AC3-B9E8-BC0C85FFD97F}
[2012/10/30 11:26:24 | 000,000,000 | ---D | C] -- C:\Users\Linda G\Desktop\RK_Quarantine
[2012/10/30 06:18:57 | 000,000,000 | ---D | C] -- C:\Users\Linda G\AppData\Local\{3620BAFB-79FD-4BF3-A880-603E4CE0616C}
[2012/10/29 14:37:25 | 000,687,724 | R--- | C] (Swearware) -- C:\Users\Linda G\Desktop\dds.com
[2012/10/29 14:36:44 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Linda G\Desktop\aswMBR.exe
[2012/10/29 08:49:41 | 000,000,000 | ---D | C] -- C:\Users\Linda G\AppData\Local\{C86F10E1-34E4-41C5-9344-8F74E8545C9F}
[2012/10/28 18:57:58 | 000,000,000 | ---D | C] -- C:\Users\Linda G\AppData\Local\{B7FF70A0-2B02-4A55-B39F-01DA72F4C4C8}
[2012/10/28 05:55:50 | 000,000,000 | ---D | C] -- C:\Users\Linda G\AppData\Local\{309CB932-DBEA-478F-92E8-A7D6C52CF476}
[2012/10/27 15:37:50 | 000,000,000 | ---D | C] -- C:\Users\Linda G\AppData\Local\{9AF3CF4F-0A91-4708-BB65-27D0D0E3335F}
[2012/10/26 19:03:14 | 000,000,000 | ---D | C] -- C:\Users\Linda G\AppData\Local\{F04217B6-A599-40CE-92AE-BE7407EDCFAB}
[2012/10/26 07:02:38 | 000,000,000 | ---D | C] -- C:\Users\Linda G\AppData\Local\{3B59CBD1-F4D0-4DA5-B8C5-D1E2377F402C}
[2012/10/25 19:02:13 | 000,000,000 | ---D | C] -- C:\Users\Linda G\AppData\Local\{C1F3CD5C-7709-47E3-9A30-C6DFB45C7938}
[2012/10/25 06:48:12 | 000,000,000 | ---D | C] -- C:\Users\Linda G\AppData\Local\{A450AD48-882D-423A-AF0D-FBD847E41D7B}
[2012/10/24 18:47:48 | 000,000,000 | ---D | C] -- C:\Users\Linda G\AppData\Local\{E987936E-A847-4576-ABD1-E205C5B8E252}
[2012/10/24 05:29:10 | 000,000,000 | ---D | C] -- C:\Users\Linda G\AppData\Local\{04E27E5D-131B-4483-B363-993F8B984FF2}
[2012/10/23 05:45:21 | 000,000,000 | ---D | C] -- C:\Users\Linda G\AppData\Local\{62492D1D-B919-42E3-9F57-70D6B1BBB47A}
[2012/10/22 12:48:59 | 000,000,000 | ---D | C] -- C:\Users\Linda G\AppData\Local\{2A03CFE5-85E4-41C2-BBD8-4B1A0E6DF62C}
[2012/10/21 21:41:11 | 000,000,000 | ---D | C] -- C:\Users\Linda G\AppData\Local\{93AA491B-931B-4F17-8C2C-BA275719823A}
[2012/10/21 09:40:46 | 000,000,000 | ---D | C] -- C:\Users\Linda G\AppData\Local\{5BE9E74F-A266-440B-B919-365C7FC4E632}
[2012/10/20 21:40:22 | 000,000,000 | ---D | C] -- C:\Users\Linda G\AppData\Local\{3BA41A57-5614-465F-8105-ABE78200FBEF}
[2012/10/20 06:58:16 | 000,000,000 | ---D | C] -- C:\Users\Linda G\.FamilySearchIndexing
[2012/10/20 06:58:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FamilySearch
[2012/10/20 06:33:24 | 000,000,000 | ---D | C] -- C:\Users\Linda G\AppData\Local\{C51D2AC1-7259-4EDD-ABF3-D57D4F694361}
[2012/10/19 07:57:28 | 000,000,000 | ---D | C] -- C:\Users\Linda G\AppData\Local\{12FE1E00-D950-4FF7-8CE2-7B08A5929BCB}
[2012/10/18 19:57:04 | 000,000,000 | ---D | C] -- C:\Users\Linda G\AppData\Local\{AC9FE421-2008-4DD2-BA3F-704C1A3401CC}
[2012/10/18 09:46:38 | 000,000,000 | ---D | C] -- C:\Users\Linda G\AppData\Local\{B7FDCFE8-11C8-44D1-A0DC-C83A8DF24929}
[2012/10/17 19:51:11 | 000,000,000 | ---D | C] -- C:\Users\Linda G\AppData\Local\{996B45BA-B715-427C-9C49-61245DB1965E}
[2012/10/17 07:50:36 | 000,000,000 | ---D | C] -- C:\Users\Linda G\AppData\Local\{447F7B3D-F298-4694-86E2-2AF6E08F1D30}
[2012/10/16 19:50:00 | 000,000,000 | ---D | C] -- C:\Users\Linda G\AppData\Local\{F11C1AA9-6215-4337-8D54-10209B7082AB}
[2012/10/16 07:49:25 | 000,000,000 | ---D | C] -- C:\Users\Linda G\AppData\Local\{AC6016B1-F6E8-461A-9232-E0A7950FE8DB}
[2012/10/15 19:48:49 | 000,000,000 | ---D | C] -- C:\Users\Linda G\AppData\Local\{1E71CD8A-5561-4980-94F1-36449EAE2143}
[2012/10/15 07:48:25 | 000,000,000 | ---D | C] -- C:\Users\Linda G\AppData\Local\{8F4A29D2-7808-423D-9526-7446CA9D16A6}
[2012/10/14 19:42:20 | 000,000,000 | ---D | C] -- C:\Users\Linda G\AppData\Local\{CC28C317-B2C7-488D-8F65-E74D61A985DB}
[2012/10/10 18:40:03 | 000,000,000 | ---D | C] -- C:\Users\Linda G\AppData\Local\{54E71BE9-B3B8-4191-9FC3-26B9424A5E53}
[2012/10/10 06:39:28 | 000,000,000 | ---D | C] -- C:\Users\Linda G\AppData\Local\{7154C0B1-A1EC-4EBA-B2B1-926E5D21ADF9}
[2012/10/09 18:38:53 | 000,000,000 | ---D | C] -- C:\Users\Linda G\AppData\Local\{EF7B07B2-25EA-47B0-AD94-AC831EF8A2CC}
[2012/10/09 06:38:28 | 000,000,000 | ---D | C] -- C:\Users\Linda G\AppData\Local\{7C9976AB-5109-4F8A-86A1-F3682DAE87B0}
[2012/10/07 19:54:11 | 000,000,000 | ---D | C] -- C:\Users\Linda G\AppData\Local\{FDE8181D-297B-4552-B042-9818A7C5ABFE}
[2012/10/07 07:53:36 | 000,000,000 | ---D | C] -- C:\Users\Linda G\AppData\Local\{0462C1E8-C514-4518-898E-FEA11A52E5EF}
[2012/10/06 19:53:11 | 000,000,000 | ---D | C] -- C:\Users\Linda G\AppData\Local\{F092FD70-7018-4E2A-872D-A4C96A0B7BE9}
[2012/10/05 21:10:30 | 000,000,000 | ---D | C] -- C:\Users\Linda G\AppData\Local\{EA7EE538-7746-4452-A15C-0399A9482205}
[2012/10/05 09:09:54 | 000,000,000 | ---D | C] -- C:\Users\Linda G\AppData\Local\{78E098F8-D65C-430A-BF4D-82EE88C416F0}
[2012/10/04 21:09:30 | 000,000,000 | ---D | C] -- C:\Users\Linda G\AppData\Local\{62C5E7C1-3B26-4D93-9342-152794B1956F}
[2012/10/04 08:39:25 | 000,000,000 | ---D | C] -- C:\Users\Linda G\AppData\Local\{45C00AB2-3822-46F6-A36F-C1FF57C178DD}
[2012/10/03 20:22:06 | 000,000,000 | ---D | C] -- C:\Users\Linda G\AppData\Local\{FC657B08-CEF1-42B8-ADAA-17FF07236A12}
[2012/10/03 07:04:03 | 000,000,000 | ---D | C] -- C:\Users\Linda G\AppData\Local\{B1476376-F767-4F5C-8ECB-70320356A3DC}
[2012/10/02 19:03:28 | 000,000,000 | ---D | C] -- C:\Users\Linda G\AppData\Local\{D0139DE7-804D-4534-BDA1-83C5F42F81B8}
[4 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/01 08:04:17 | 000,778,834 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/11/01 08:04:17 | 000,660,318 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/11/01 08:04:17 | 000,121,214 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/11/01 08:01:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Linda G\Desktop\OTL.exe
[2012/11/01 07:58:31 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/11/01 07:58:27 | 3147,341,824 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/31 14:57:34 | 000,000,102 | ---- | M] () -- C:\Users\Linda G\jobq.dat
[2012/10/31 13:41:15 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/31 13:41:15 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/30 21:15:45 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/10/30 20:57:58 | 004,991,862 | R--- | M] (Swearware) -- C:\Users\Linda G\Desktop\ComboFix.exe
[2012/10/30 11:19:51 | 001,584,640 | ---- | M] () -- C:\Users\Linda G\Desktop\RogueKiller.exe
[2012/10/30 11:18:59 | 002,194,704 | ---- | M] () -- C:\Users\Linda G\Desktop\tdsskiller.zip
[2012/10/29 14:56:26 | 000,000,512 | ---- | M] () -- C:\Users\Linda G\Desktop\MBR.dat
[2012/10/29 14:37:25 | 000,687,724 | R--- | M] (Swearware) -- C:\Users\Linda G\Desktop\dds.com
[2012/10/29 14:36:59 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Linda G\Desktop\aswMBR.exe
[2012/10/29 14:35:53 | 000,302,592 | ---- | M] () -- C:\Users\Linda G\Desktop\GMER.exe
[2012/10/29 14:19:29 | 000,001,980 | ---- | M] () -- C:\Users\Linda G\Documents\cc_20121029_141913.reg
[2012/10/29 14:12:55 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/10/29 13:57:47 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/24 15:01:02 | 051,760,902 | ---- | M] () -- C:\Users\Linda G\Documents\UnknownBoivinBirth.bmp
[2012/10/24 15:00:06 | 000,000,000 | ---- | M] () -- C:\Users\Linda G\Documents\UnknownBoivinBirth.jpg.cc3w6to.partial
[2012/10/24 14:58:20 | 000,000,000 | ---- | M] () -- C:\Users\Linda G\Documents\UnknownBoivinBirth.jpg.es6ph5k.partial
[2012/10/20 06:58:04 | 000,002,448 | ---- | M] () -- C:\Users\Public\Desktop\FamilySearch Indexing.lnk
[4 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/30 21:10:26 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/10/30 21:10:26 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/10/30 21:10:26 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/10/30 21:10:26 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/10/30 21:10:26 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/10/30 11:19:51 | 001,584,640 | ---- | C] () -- C:\Users\Linda G\Desktop\RogueKiller.exe
[2012/10/30 11:18:53 | 002,194,704 | ---- | C] () -- C:\Users\Linda G\Desktop\tdsskiller.zip
[2012/10/29 14:56:26 | 000,000,512 | ---- | C] () -- C:\Users\Linda G\Desktop\MBR.dat
[2012/10/29 14:35:52 | 000,302,592 | ---- | C] () -- C:\Users\Linda G\Desktop\GMER.exe
[2012/10/29 14:19:25 | 000,001,980 | ---- | C] () -- C:\Users\Linda G\Documents\cc_20121029_141913.reg
[2012/10/24 15:00:56 | 051,760,902 | ---- | C] () -- C:\Users\Linda G\Documents\UnknownBoivinBirth.bmp
[2012/10/24 15:00:06 | 000,000,000 | ---- | C] () -- C:\Users\Linda G\Documents\UnknownBoivinBirth.jpg.cc3w6to.partial
[2012/10/24 14:58:20 | 000,000,000 | ---- | C] () -- C:\Users\Linda G\Documents\UnknownBoivinBirth.jpg.es6ph5k.partial
[2012/10/20 06:58:05 | 000,002,448 | ---- | C] () -- C:\Users\Public\Desktop\FamilySearch Indexing.lnk
[2012/03/15 21:54:43 | 000,000,080 | ---- | C] () -- C:\windows\Masque.INI
[2012/03/15 21:10:41 | 000,000,171 | ---- | C] () -- C:\windows\QUICKEN.INI
[2012/02/27 16:47:45 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2011/11/08 07:50:11 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/11/08 07:50:11 | 000,218,304 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/11/08 07:50:10 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/11/08 07:50:10 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2011/11/08 07:50:09 | 013,356,032 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2011/11/08 07:49:39 | 000,000,096 | ---- | C] () -- C:\windows\LaunApp.ini
[2011/11/08 07:49:33 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini
[2011/11/08 07:49:32 | 000,000,325 | ---- | C] () -- C:\windows\Prelaunch.ini
[2011/11/08 07:49:32 | 000,000,271 | ---- | C] () -- C:\windows\WisPriority.ini
[2011/11/08 07:49:32 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini
[2011/11/08 07:49:32 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini
[2011/11/08 06:32:12 | 000,017,776 | ---- | C] () -- C:\windows\EvtMessage.dll
[2011/11/08 06:28:39 | 000,796,420 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/11/08 06:24:49 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll
[2011/07/29 07:40:44 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini
[2011/07/29 07:40:44 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini
[2011/06/26 10:28:00 | 000,000,102 | ---- | C] () -- C:\Users\Linda G\jobq.dat
[2010/07/01 17:16:18 | 000,000,093 | ---- | C] () -- C:\Users\Linda G\AppData\Local\fusioncache.dat
[2009/11/09 13:31:18 | 000,000,017 | ---- | C] () -- C:\Users\Linda G\AppData\Local\resmon.resmoncfg
[2009/10/27 18:24:42 | 000,000,482 | ---- | C] () -- C:\Users\Linda G\AppData\Roaming\wklnhst.dat
[2009/10/26 02:33:03 | 018,112,198 | -H-- | C] () -- C:\Users\Linda G\AppData\Local\IconCache (1).db
[2009/10/26 00:15:44 | 000,087,288 | ---- | C] () -- C:\Users\Linda G\AppData\Local\GDIPFONTCACHEV1 (1).DAT
[2009/10/26 00:15:20 | 003,407,872 | -HS- | C] () -- C:\Users\Linda G\ntuser (1).dat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
" " = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
" " = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
" " = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
" " = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
" " = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/02/14 00:31:47 | 000,000,000 | ---D | M] -- C:\Users\Linda G\AppData\Roaming\Acer
[2012/02/14 00:31:47 | 000,000,000 | ---D | M] -- C:\Users\Linda G\AppData\Roaming\CheckPoint
[2012/09/14 19:41:07 | 000,000,000 | ---D | M] -- C:\Users\Linda G\AppData\Roaming\com.masque.slots.IGTSlotsLilLady
[2012/03/13 11:41:01 | 000,000,000 | ---D | M] -- C:\Users\Linda G\AppData\Roaming\FamilyTreeMaker
[2012/02/13 18:48:17 | 000,000,000 | ---D | M] -- C:\Users\Linda G\AppData\Roaming\Fingertapps
[2012/02/14 00:31:48 | 000,000,000 | ---D | M] -- C:\Users\Linda G\AppData\Roaming\Leadertech
[2012/04/03 08:55:31 | 000,000,000 | ---D | M] -- C:\Users\Linda G\AppData\Roaming\Masque
[2012/02/20 15:04:33 | 000,000,000 | ---D | M] -- C:\Users\Linda G\AppData\Roaming\PCDr
[2009/10/27 18:24:42 | 000,000,000 | ---D | M] -- C:\Users\Linda G\AppData\Roaming\Template
[2012/02/14 00:31:51 | 000,000,000 | ---D | M] -- C:\Users\Linda G\AppData\Roaming\Thunderbird
[2012/02/14 00:32:27 | 000,000,000 | ---D | M] -- C:\Users\Linda G\AppData\Roaming\WildTangent
[2012/02/14 00:32:27 | 000,000,000 | ---D | M] -- C:\Users\Linda G\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >

 

OTL Extras logfile created on: 11/1/2012 8:02:39 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Linda G\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.10 Gb Available Physical Memory | 53.70% Memory free
7.81 Gb Paging File | 5.87 Gb Available in Paging File | 75.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.42 Gb Total Space | 521.47 Gb Free Space | 89.69% Space Free | Partition Type: NTFS

Computer Name: HAROLD | User Name: Linda G | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll ",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{021FD132-765D-4A35-B9BD-B14357C8AF06}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{07608628-AFCC-4668-96C2-B5EAC4B36A6C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1945BA39-3D57-451E-AF3B-7760ED0C3F65}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{32D7FDD0-D3FB-4F65-A8A5-7A5BE4965590}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{517DA183-640C-4681-ABC4-CDC907A6CC30}" = lport=137 | protocol=17 | dir=in | app=system |
"{57B4CF29-F298-496E-BC12-B3BDB72CEAC5}" = lport=138 | protocol=17 | dir=in | app=system |
"{5AA63C19-6E14-4DFD-A307-E65D247B3DFD}" = rport=445 | protocol=6 | dir=out | app=system |
"{5BEC7560-60D5-4C49-B5C7-D54A9D36933C}" = lport=445 | protocol=6 | dir=in | app=system |
"{5CDA4D99-1AC1-44B0-A175-8A91E59E1119}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6C77BFE3-92D4-4F10-84E1-DD58A5315E6D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7E95AFF9-556A-45AD-8F62-D51FA1B5B0B9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8A5D7C73-BA67-4D80-83AF-3C614AE8E38D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9BE44D6E-2A78-49E4-AF88-AC46AF0C4DD6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A6F03B60-D6F2-4A25-838F-718F5777C82E}" = rport=137 | protocol=17 | dir=out | app=system |
"{A7D9B35B-4046-4238-9054-2DCD011F9346}" = lport=10243 | protocol=6 | dir=in | app=system |
"{AAF29750-81BF-41B0-B527-E033ACEF287A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B79C8BCB-0B62-40FF-AE2B-54E2A91D28BA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C9317E64-E05B-4802-A0BC-84364078EBB1}" = rport=139 | protocol=6 | dir=out | app=system |
"{CD0064FF-B672-465B-AB5A-2D1025DB0D48}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D133E5CB-A7C3-420D-BDAA-858586A784DD}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E257CF9B-2CEA-4E20-99FF-39E0A610A3CB}" = lport=139 | protocol=6 | dir=in | app=system |
"{E5C95342-F271-4EE9-8088-FFFB737489FD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EA182F0C-566E-495E-A59E-B9D8A444FE95}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{F1106B18-EB1E-4BD1-BB92-BF8F265E338F}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07A94D05-30F7-4372-92EB-97E4FE8617F4}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{0A01EF2F-66F9-4C82-9A76-557BDBBEFB32}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\devicesetup.exe |
"{22B61CC0-D015-4D0A-98B5-6418806B1CC1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2A0CCD3A-5CF2-4CED-A703-82E3240F414C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{38D10FAB-7E02-4637-A912-1B3DD0A7A45C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3DC2A92A-A0FE-4A45-8838-DE4F750A67F5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4DC2C854-4102-4307-867F-34284816BC8A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4EC191B3-B38E-43B6-9E2C-754F5BA22EAA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{73CF315F-1D95-4905-B762-A1636D4103B4}" = protocol=6 | dir=out | app=system |
"{7BDD397B-5127-4575-BA20-F99DA288CC2C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8A86A96E-7B08-473E-BC2E-74CEFE5F3479}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8FF65E1B-B587-4F53-89F1-CCF61C5FCB49}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{955D467C-DCC6-4AD0-A771-761EB9DFFB82}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A3082A47-CF63-4E6C-8F90-0B29AF74E351}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A6C87AB1-B412-45D3-924D-76F8FC52EC25}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B5466AC9-99F1-450F-83BA-7B684A9706FB}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe |
"{BCEEDC0C-FB48-42CA-93F6-07AD15EF0FAF}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
"{C43EDD87-334A-48EB-84AE-368E2C9816D7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C531EE33-3C4E-4E77-8815-F34EA16B0124}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{C9CBF4C5-9361-4131-9AE8-5010BA8257E2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CA6EADAA-C12D-4C64-94C1-3474EC01C37A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E41A9C90-01AE-4DFC-AD74-1566EC5453C7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E5EC65A5-DE9E-440E-AB90-7D7A869B9F9D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EE85C959-093A-4DA9-8580-0AC071227725}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{FCEB034D-404F-4192-BAD8-9B8D2FAFBDEB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel(R) PROSet/Wireless WiFi Software
"{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java(TM) 6 Update 27 (64-bit)
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{2D5E3D2B-919F-407C-8757-E64827518BB6}" = HP Officejet Pro 8600 Basic Device Software
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel(R) Turbo Boost Technology Monitor 2.0
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"ProInst" = Intel PROSet Wireless

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08E9B665-BA03-4380-8494-B1E3E1693DDE}" = Masque IGT Slots Lucky Larry's Lobstermania
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ECFCB07-9BFE-4970-ACA1-D568D982760B}" = Complete Care Business Service Agreement
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell" = WildTangent Games App (Dell Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{781A93CD-1608-427D-B7F0-D05C07795B25}" = Intel(R) WiDi
"{7C0BF6E9-7021-46E4-87B3-4C4587256A22}" = Masque IGT Slots Wolf Run
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B234375-EFB1-4024-8B53-EA7C745A6687}" = Adobe Flash Player 10 Plugin
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_STANDARDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualxServ Service Agreement
"{90A66DB0-9084-4586-8AD1-58BA8F9F6DE5}" = Masque IGT Slots Lil' Lady
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A54F806B-A2E1-4794-A7FE-365167EC67CB}" = Masque IGT Slots Little Green Men
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}" = Dell Home Systems Service Agreement
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B1EB7FFF-6E44-43D8-869D-B78E44CD3E0F}" = TI USB3 Host Driver
"{B5E8EA9B-2DDB-427C-B18D-96C4B4B51999}" = WMS Slots Reel 'em in
"{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}" = Premium Service Agreement
"{C5A17C43-4712-4B16-B80C-ED3FF97500C2}" = Masque IGT Slots Texas Tea
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
"{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Accidental Damage Services Agreement
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"0591-8077-9297-0833" = FamilySearch Indexing 3.15.1
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Dell Webcam Central" = Dell Webcam Central
"InstallShield_{B1EB7FFF-6E44-43D8-869D-B78E44CD3E0F}" = TI USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Masque Casino Games" = Masque Casino Games
"Masque Slots" = Masque Slots
"Mozilla Thunderbird (3.1.20)" = Mozilla Thunderbird (3.1.20)
"ProInst" = Intel PROSet Wireless
"Revo Uninstaller" = Revo Uninstaller 1.93
"STANDARDR" = Microsoft Office Standard 2007
"WildTangent dell Master Uninstall" = WildTangent Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"WT089409" = Bejeweled 2 Deluxe
"WT089411" = Build-a-lot 2
"WT089414" = Diner Dash 2 Restaurant Rescue
"WT089420" = Jewel Quest
"WT089422" = Jewel Quest Solitaire 2
"WT089426" = Poker Superstars III
"WT089445" = Penguins!

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/17/2012 5:27:44 PM | Computer Name = Harold | Source = WinMgmt | ID = 10
Description =

Error - 10/18/2012 5:29:13 AM | Computer Name = Harold | Source = WinMgmt | ID = 10
Description =

Error - 10/18/2012 6:04:21 AM | Computer Name = Harold | Source = WinMgmt | ID = 10
Description =

Error - 10/18/2012 9:45:58 AM | Computer Name = Harold | Source = WinMgmt | ID = 10
Description =

Error - 10/18/2012 5:09:57 PM | Computer Name = Harold | Source = WinMgmt | ID = 10
Description =

Error - 10/18/2012 7:56:17 PM | Computer Name = Harold | Source = WinMgmt | ID = 10
Description =

Error - 10/19/2012 6:34:56 AM | Computer Name = Harold | Source = WinMgmt | ID = 10
Description =

Error - 10/19/2012 7:50:53 AM | Computer Name = Harold | Source = WinMgmt | ID = 10
Description =

Error - 10/19/2012 2:58:31 PM | Computer Name = Harold | Source = WinMgmt | ID = 10
Description =

Error - 10/19/2012 3:23:47 PM | Computer Name = Harold | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 10/30/2012 9:02:50 PM | Computer Name = Harold | Source = Service Control Manager | ID = 7034
Description = The Bluetooth Media Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 10/30/2012 9:12:39 PM | Computer Name = Harold | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Bluetooth Device Monitor service.

Error - 10/30/2012 9:13:57 PM | Computer Name = Harold | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 10/30/2012 9:15:22 PM | Computer Name = Harold | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 10/30/2012 9:15:46 PM | Computer Name = Harold | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 10/31/2012 5:47:19 AM | Computer Name = Harold | Source = DCOM | ID = 10016
Description =

Error - 10/31/2012 9:59:54 AM | Computer Name = Harold | Source = DCOM | ID = 10016
Description =

Error - 10/31/2012 1:35:30 PM | Computer Name = Harold | Source = DCOM | ID = 10016
Description =

Error - 10/31/2012 2:36:47 PM | Computer Name = Harold | Source = BROWSER | ID = 8032
Description =

Error - 11/1/2012 8:00:01 AM | Computer Name = Harold | Source = DCOM | ID = 10016
Description =


< End of report >

 

All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-858795261-2083368777-664361467-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//@surf.mar@/\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-858795261-2083368777-664361467-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\familysearch.org\indexing\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-858795261-2083368777-664361467-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\lasvegasadvisor.com\www\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Linda G
->Temp folder emptied: 46299 bytes
->Temporary Internet Files folder emptied: 145489093 bytes
->Java cache emptied: 158740 bytes
->Flash cache emptied: 58647 bytes

User: Owner
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 55904 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84793 bytes
RecycleBin emptied: 4554465504 bytes

Total Files Cleaned = 4,483.00 mb


[EMPTYJAVA]

User: All Users

User: AppData

User: Default

User: Default User

User: Linda G
->Java cache emptied: 0 bytes

User: Owner

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: AppData

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Linda G
->Flash cache emptied: 0 bytes

User: Owner

User: Public

Total Flash Files Cleaned = 0.00 mb

Error: Unable to interpret <[Reboot> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 11032012_091411

Files\Folders moved on Reboot...
C:\Users\Linda G\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Linda G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SHHCNIA4\5174[1].htm moved successfully.
C:\Users\Linda G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SHHCNIA4\cl[1].htm moved successfully.
C:\Users\Linda G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SHHCNIA4\like[1].htm moved successfully.
C:\Users\Linda G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SHHCNIA4\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Users\Linda G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DT1W689O\st[1].htm moved successfully.
C:\Users\Linda G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DT1W689O\xd_arbiter[2].htm moved successfully.
C:\Users\Linda G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CYG89OTP\103973-active-suspected-virus[1].htm moved successfully.
C:\Users\Linda G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CYG89OTP\ba41f783-c96b-4b2d-8be8-46ee74bd1e3b__3rd_party_BBS.[1].htm moved successfully.
C:\Users\Linda G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CYG89OTP\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Users\Linda G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0S6XZDIZ\audmeasure[1].gif moved successfully.
C:\Users\Linda G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0S6XZDIZ\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Users\Linda G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java(TM) 6 Update 35
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Mozilla Thunderbird (3.1.20) Thunderbird out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

Farbar Service Scanner Version: 27-10-2012
Ran by Linda G (administrator) on 03-11-2012 at 09:30:34
Running from "C:\Users\Linda G\Desktop "
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware "=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

 

# AdwCleaner v2.006 - Logfile created 11/03/2012 at 09:37:30
# Updated 30/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Linda G - HAROLD
# Boot Mode : Normal
# Running from : C:\Users\Linda G\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Linda G\AppData\LocalLow\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [749 octets] - [03/11/2012 09:36:16]
AdwCleaner[R2].txt - [808 octets] - [03/11/2012 09:37:08]
AdwCleaner[S1].txt - [744 octets] - [03/11/2012 09:37:30]

########## EOF - C:\AdwCleaner[S1].txt - [803 octets] ##########

 

I was unable to capture a log from Temp File Cleaner.

ESET Online produced no log.

 

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Linda G
->Temp folder emptied: 1005041 bytes
->Temporary Internet Files folder emptied: 7891256 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 6719978 bytes
->Flash cache emptied: 506 bytes

User: Owner
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 992406 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 8089633108 bytes

Total Files Cleaned = 7,731.00 mb


[EMPTYFLASH]

User: All Users

User: AppData

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Linda G
->Flash cache emptied: 0 bytes

User: Owner

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: AppData

User: Default

User: Default User

User: Linda G
->Java cache emptied: 0 bytes

User: Owner

User: Public

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 11052012_202430

Files\Folders moved on Reboot...
C:\Users\Linda G\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Linda G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W0TQ1IHL\like[1].htm moved successfully.
C:\Users\Linda G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ASAA76D4\xd_arbiter[2].htm moved successfully.
C:\Users\Linda G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2PE3OGEL\103973-active-suspected-virus-2[1].htm moved successfully.
C:\Users\Linda G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...