Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infomash Redirect Virus - Please Help


  • This topic is locked This topic is locked
26 replies to this topic

#1 Elimax

Elimax

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 22 July 2012 - 03:31 PM

I've tried everything but with no success. I have read some of the other "Infomash" redirect virus discussions and it sounds as though that is exactly what I have. Mcafee tech support says that there is nothing they can do and cannot find the infection. I have run Rkill, malwarebytes, TDSSkiller, etc. The virus continues to redirect anytime I do a search in google via firefox. Any help would be greatly appreciated. I am NOT very computer literate, though I can follow directions.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Scott at 13:21:23 on 2012-07-22
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8149.6046 [GMT -7:00]
.
AV: McAfee® Security-as-a-Service *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee® Security-as-a-Service *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfeann.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
C:\dell\DBRM\Reminder\DbrmTrayicon.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\UPS\WSTD\WSTDMessaging.exe
C:\UPS\WSTD\WorldShipTD.exe
C:\ups\wstd\upslnkmg.exe
C:\PROGRA~2\Intuit\QUICKB~1\dbextclr11.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Intuit\QuickBooks 2012\qbw32.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120614092517.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [HHCtrl] "C:\Users\Scott\AppData\Local\HHCtrl\HHCtrl.exe" /l
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
mRun: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
mRun: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [NA1Messenger] C:\UPS\WSTD\UPSNA1Msgr.exe
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [MVS Splash] "C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UPSWOR~2.LNK - C:\UPS\WSTD\WSTDMessaging.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UPSWOR~1.LNK - C:\UPS\WSTD\wstdPldReminder.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
TCP: DhcpNameServer = 192.168.7.254
TCP: Interfaces\{28CB404A-1DCB-4510-ADFE-11C645B06CD6} : DhcpNameServer = 192.168.7.254
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Authentication Packages = msv1_0 wvauth
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120614092517.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun-x64: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
mRun-x64: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
mRun-x64: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
mRun-x64: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
mRun-x64: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
mRun-x64: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun-x64: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun-x64: [NA1Messenger] C:\UPS\WSTD\UPSNA1Msgr.exe
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [MVS Splash] "C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\f4gaot5t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.expedition-imports.com
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-4-4 13336]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-2-6 13672]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-23 212944]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2011-5-12 324928]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-5-6 199272]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 myAgtSvc;McAfee Virus and Spyware Protection Service;C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2012-5-6 291328]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-3-9 144672]
R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2012-1-10 1248256]
R2 RumorServer;McAfee Peer Distribution Service;C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2012-5-6 291328]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-4-4 2656536]
R2 Wave Authentication Manager Service;Wave Authentication Manager Service;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-7-1 1600000]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 QuickBooksDB22;QuickBooksDB22;C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB22 --> C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB22 [?]
S2 0040551335454234mcinstcleanup;McAfee Application Installer Cleanup (0040551335454234);C:\Users\Scott\AppData\Local\Temp\004055~1.EXE -cleanup -nolog --> C:\Users\Scott\AppData\Local\Temp\004055~1.EXE -cleanup -nolog [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-14 250056]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2012-4-14 245760]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 113120]
S3 netvsc;netvsc;C:\Windows\system32\DRIVERS\netvsc60.sys --> C:\Windows\system32\DRIVERS\netvsc60.sys [?]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SynthVid;SynthVid;C:\Windows\system32\DRIVERS\VMBusVideoM.sys --> C:\Windows\system32\DRIVERS\VMBusVideoM.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-18 23:33:28 311808 ----a-w- C:\Users\Scott\AppData\Local\yxxiu.exe
2012-07-15 23:12:38 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 04:19:53 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2012-06-29 22:16:57 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation
2012-06-25 23:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll
.
==================== Find3M ====================
.
2012-07-15 23:20:18 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-15 23:20:18 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-03 20:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-13 19:17:30 103784 ----a-w- C:\Users\Scott\GoToAssistDownloadHelper.exe
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-09 20:24:48 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
============= FINISH: 13:21:50.52 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:36 AM

Posted 25 July 2012 - 01:30 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Elimax

Elimax
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 25 July 2012 - 09:18 AM

Results of Security Check.

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfeer Security-as-a-Service
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
McAfee Virus and Spyware Protection Service
McAfee SiteAdvisor
McAfee SiteAdvisor Enterprise Plus
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 7 Update 1
Java version out of Date!
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
McAfee Managed VirusScan Agent myAgtSvc.exe
McAfee Managed VirusScan DesktopUI XTray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#4 Elimax

Elimax
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 25 July 2012 - 09:58 AM

Ran Combiofix. After reboot received the following message at the same time combofix was trying to generate log:

Windows Cannot Find NIRKMD - Make sure you typed the name correctly. I let it sit for 10 minutes with this up, and nothing was happening. I hit OK. It came up 2-3 more times, each time I hit OK.

Combofix log was generated. Tried to open firefox and got an "illegal operation" error. Restarted computer, programs are working normally however I STILL AM GETTING REDIRECTS. Log below.

ComboFix 12-07-26.03 - Scott 07/25/2012 7:32.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8149.6125 [GMT -7:00]
Running from: c:\users\Scott\Downloads\ComboFix.exe
AV: McAfee® Security-as-a-Service *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee® Security-as-a-Service *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\10048ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\10048ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\10048ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\10048ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\1072ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\1072ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\1072ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\1072ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\1152ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\1152ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\1152ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\1152ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\1204ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\1204ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\1204ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\1204ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\1404ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\1404ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\1404ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\1404ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\1836ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\1836ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\1836ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\1836ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\1844ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\1844ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\1844ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\1844ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\1864ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\1864ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\1864ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\1864ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\1876ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\1876ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\1876ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\1876ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\2072ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\2072ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\2072ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\2072ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\2588ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\2588ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\2588ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\2588ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\2612ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\2612ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\2612ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\2612ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\2676ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\2676ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\2676ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\2676ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\2684ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\2684ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\2684ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\2684ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\2848ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\2848ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\2848ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\2848ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\2860ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\2860ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\2860ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\2860ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\2996ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\2996ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\2996ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\2996ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3004ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3004ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3004ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3004ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3016ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3016ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3016ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3016ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3092ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3092ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3092ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3092ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3116ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3116ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3116ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3116ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3120ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3120ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3120ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3120ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3124ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3124ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3124ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3124ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3140ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3140ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3140ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3140ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3248ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3248ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3248ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3248ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3256ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3256ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3256ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3256ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3292ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3292ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3292ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3292ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3324ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3324ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3324ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3324ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3332ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3332ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3332ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3332ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3364ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3364ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3364ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3364ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3372ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3372ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3372ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3372ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3376ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3376ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3376ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3376ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3408ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3408ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3408ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3408ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3568ExpeditionImportsCorporationBackpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3568ExpeditionImportsCorporationBackreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3568ExpeditionImportsCorporationBackreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3568ExpeditionImportsCorporationBacktaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3568ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3568ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3568ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3568ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3620ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3620ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3620ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3620ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3640ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3640ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3640ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3640ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3652ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3652ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3652ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3652ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3672ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3672ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3672ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3672ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3676ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3676ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3676ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3676ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3692ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3692ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3692ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3692ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3720ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3720ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3720ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3720ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3760ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3760ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3760ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3760ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3804ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3804ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3804ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3804ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3896ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3896ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3896ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3896ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3948ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3948ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3948ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\3948ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4004ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4004ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4004ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4004ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4036ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4036ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4036ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4036ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4040ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4040ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4040ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4040ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4260ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4260ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4260ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4260ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4492ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4492ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4492ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4492ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4496ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4496ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4496ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4496ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4576ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4576ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4576ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4576ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4596ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4596ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4596ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4596ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4656ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4656ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4656ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4656ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4708ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4708ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4708ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4708ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4728ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4728ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4728ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4728ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4776ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4776ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4776ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4776ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4796ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4796ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4796ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4796ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4960ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4960ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4960ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\4960ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5040ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5040ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5040ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5040ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5240ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5240ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5240ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5240ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5320ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5320ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5320ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5320ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5332ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5332ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5332ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5332ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5348ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5348ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5348ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5348ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5400ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5400ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5400ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5400ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5436ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5436ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5436ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5436ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5452AccountantCenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5452ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5452ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5452ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5452ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5456ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5456ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5456ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5456ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5472ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5472ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5472ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5472ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5516ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5516ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5516ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5516ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5524ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5524ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5524ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5524ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5528ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5528ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5528ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5528ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5532ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5532ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5532ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5532ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5548ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5548ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5548ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5548ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5556ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5556ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5556ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5556ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5588ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5588ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5588ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5588ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5648ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5648ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5648ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5648ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5788ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5788ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5788ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5788ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5796ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5796ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5796ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5796ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5832ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5832ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5832ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5832ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5944ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5944ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5944ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5944ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\596ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\596ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\596ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\596ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5992ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5992ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5992ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\5992ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\6100ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\6100ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\6100ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\6100ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\6104ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\6104ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\6104ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\6104ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\6160ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\6160ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\6160ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\6160ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\6260ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\6260ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\6260ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\6260ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\6292ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\6292ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\6292ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\6292ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\6504ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\6504ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\6504ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\6504ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\6556ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\6556ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\6556ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\6556ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\6624ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\6624ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\6624ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\6624ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\6732ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\6732ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\6732ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\6732ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\6768ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\6768ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\6768ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\6768ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\6924ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\6924ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\6924ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\6924ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7028ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7028ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7028ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7028ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7040ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7040ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7040ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7040ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7084ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7084ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7084ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7084ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7088ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7088ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7088ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7088ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7204ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7204ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7204ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7204ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7220ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7220ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7220ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7220ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7376ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7376ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7376ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7376ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7412ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7412ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7412ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7412ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7452ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7452ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7452ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7452ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7456ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7456ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7456ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7456ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7544ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7544ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7544ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7544ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7556ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7556ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7556ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7556ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7584ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7584ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7584ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7584ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7660ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7660ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7660ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7660ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7688ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7688ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7688ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7688ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7740ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7740ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7740ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7740ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7944ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7944ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7944ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\7944ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\8016ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\8016ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\8016ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\8016ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\8048ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\8048ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\8048ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\8048ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\8052ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\8052ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\8052ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\8052ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\8124ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\8124ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\8124ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\8124ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\8216ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\8216ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\8216ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\8216ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\8408ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\8408ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\8408ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\8408ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\8556ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\8556ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\8556ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\8556ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\8888ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\8888ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\8888ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\8888ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\8996ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\8996ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\8996ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\8996ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\9072ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\9072ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\9072ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\9072ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\940ExpeditionImportsCorporationpffcenter.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\940ExpeditionImportsCorporationreviewDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\940ExpeditionImportsCorporationreviewNotesPopUp.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\940ExpeditionImportsCorporationtaskNotesDialog.html
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\ac.js
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\close_pop.png
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\jquery.corner.js
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\jquery.min.js
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\mootools.svn.js
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\pffCenter.css
c:\users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\pffCenter.js
c:\users\Scott\AppData\Local\Temp\{16AA8FB8-4A98-4757-B7A5-0FF22C0A6E33}_1101_1\dbdata11.dll
c:\users\Scott\AppData\Local\yxxiu.exe
c:\users\Scott\g2ax_customer_downloadhelper_win32_x86.exe
c:\users\Scott\GoToAssistDownloadHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-25 to 2012-07-25 )))))))))))))))))))))))))))))))
.
.
2012-07-25 14:35 . 2012-07-25 14:35 -------- d-----w- c:\users\QBDataServiceUser22\AppData\Local\temp
2012-07-15 23:12 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 04:19 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-29 22:16 . 2012-06-29 22:16 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation
2012-06-25 23:04 . 2012-06-25 23:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-15 23:20 . 2012-04-15 05:54 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-15 23:20 . 2012-04-04 20:36 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 20:46 . 2012-05-08 14:20 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-19 07:32 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 07:33 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 07:33 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 07:33 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 07:32 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-19 07:32 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 07:33 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 07:32 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-19 07:32 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-05-09 20:24 . 2012-05-09 20:24 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-04 11:06 . 2012-06-13 23:58 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 23:58 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 23:58 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 23:58 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-13 23:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-08-09 112408]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-02-18 336384]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368]
"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984]
"PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192]
"PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-06 62752]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2011-04-21 139264]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2012-01-10 2215768]
"NA1Messenger"="c:\ups\WSTD\UPSNA1Msgr.exe" [2012-03-03 24576]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"MVS Splash"="c:\program files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe" [2012-05-04 476736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2012-6-5 5982040]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-6-5 1176464]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2012\QBW32.EXE [2012-6-5 1181584]
UPS WorldShip Messaging Utility.lnk - c:\ups\WSTD\WSTDMessaging.exe [2011-12-2 422912]
UPS WorldShip PLD Reminder Utility.lnk - c:\ups\WSTD\wstdPldReminder.exe [2011-12-2 34304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 0040551335454234mcinstcleanup;McAfee Application Installer Cleanup (0040551335454234);c:\users\Scott\AppData\Local\Temp\004055~1.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-15 250056]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-21 168448]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-21 22528]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-15 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-09 283200]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-02-19 203776]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-12 249648]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-06-29 171688]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-02-06 13672]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2011-05-12 324928]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-02-22 162192]
S2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2012-05-04 291328]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-09 144672]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2012-01-10 1248256]
S2 RumorServer;McAfee Peer Distribution Service;c:\program files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2012-05-04 291328]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-08-09 2656536]
S2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-07-01 1600000]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-02-19 9259520]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-02-19 300544]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2011-07-20 342704]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 QuickBooksDB22;QuickBooksDB22;c:\progra~2\Intuit\QUICKB~1\QBDBMgrN.exe [2012-01-10 679936]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 23:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2011-05-27 22:46 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2011-05-27 22:46 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtDCpl64.exe" [2010-10-04 2907240]
"TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-05-27 257392]
"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2011-03-08 227328]
"combofix"="c:\combofix\CF23128.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 192.168.7.254
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\f4gaot5t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.expedition-imports.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-HHCtrl - c:\users\Scott\AppData\Local\HHCtrl\HHCtrl.exe
Toolbar-Locked - (no file)
AddRemove-MVS - c:\progra~2\McAfee\MANAGE~1\Agent\myinx
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\mcafee\ManagedServices]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\mcafee\VSCORE]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-07-25 07:46:33 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-25 14:46
.
Pre-Run: 916,768,509,952 bytes free
Post-Run: 916,704,346,112 bytes free
.
- - End Of File - - 18BD9D0201BC3C4734C328147A3DCF06

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:36 AM

Posted 25 July 2012 - 02:10 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Elimax

Elimax
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 25 July 2012 - 04:08 PM

TDS Log

12:30:50.0264 2704 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
12:30:50.0717 2704 ============================================================
12:30:50.0717 2704 Current date / time: 2012/07/25 12:30:50.0717
12:30:50.0717 2704 SystemInfo:
12:30:50.0717 2704
12:30:50.0717 2704 OS Version: 6.1.7601 ServicePack: 1.0
12:30:50.0717 2704 Product type: Workstation
12:30:50.0717 2704 ComputerName: SCOTTS-PC
12:30:50.0717 2704 UserName: Scott
12:30:50.0717 2704 Windows directory: C:\Windows
12:30:50.0717 2704 System windows directory: C:\Windows
12:30:50.0717 2704 Running under WOW64
12:30:50.0717 2704 Processor architecture: Intel x64
12:30:50.0717 2704 Number of processors: 8
12:30:50.0717 2704 Page size: 0x1000
12:30:50.0717 2704 Boot type: Normal boot
12:30:50.0717 2704 ============================================================
12:30:52.0277 2704 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0B00000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:30:52.0292 2704 ============================================================
12:30:52.0292 2704 \Device\Harddisk0\DR0:
12:30:52.0292 2704 MBR partitions:
12:30:52.0292 2704 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1698000
12:30:52.0292 2704 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x16AC000, BlocksNum 0x73058000
12:30:52.0292 2704 ============================================================
12:30:52.0323 2704 C: <-> \Device\Harddisk0\DR0\Partition1
12:30:52.0323 2704 ============================================================
12:30:52.0323 2704 Initialize success
12:30:52.0323 2704 ============================================================
12:31:04.0257 6924 ============================================================
12:31:04.0257 6924 Scan started
12:31:04.0257 6924 Mode: Manual;
12:31:04.0257 6924 ============================================================
12:31:05.0115 6924 0040551335454234mcinstcleanup - ok
12:31:05.0271 6924 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:31:05.0318 6924 1394ohci - ok
12:31:05.0365 6924 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:31:05.0365 6924 ACPI - ok
12:31:05.0427 6924 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:31:05.0443 6924 AcpiPmi - ok
12:31:05.0724 6924 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:31:05.0724 6924 AdobeFlashPlayerUpdateSvc - ok
12:31:05.0771 6924 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
12:31:05.0786 6924 adp94xx - ok
12:31:05.0786 6924 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
12:31:05.0802 6924 adpahci - ok
12:31:05.0833 6924 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
12:31:05.0833 6924 adpu320 - ok
12:31:05.0864 6924 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:31:05.0864 6924 AeLookupSvc - ok
12:31:05.0942 6924 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:31:05.0942 6924 AFD - ok
12:31:05.0958 6924 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:31:05.0958 6924 agp440 - ok
12:31:05.0973 6924 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:31:05.0989 6924 ALG - ok
12:31:06.0020 6924 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:31:06.0020 6924 aliide - ok
12:31:06.0051 6924 AMD External Events Utility (b9c8770f3061582da3f9ab39071dee37) C:\Windows\system32\atiesrxx.exe
12:31:06.0083 6924 AMD External Events Utility - ok
12:31:06.0083 6924 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:31:06.0083 6924 amdide - ok
12:31:06.0098 6924 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
12:31:06.0098 6924 AmdK8 - ok
12:31:06.0301 6924 amdkmdag (31d7999c389c7f1effd4b861b64ecaa9) C:\Windows\system32\DRIVERS\atikmdag.sys
12:31:06.0504 6924 amdkmdag - ok
12:31:06.0582 6924 amdkmdap (48e49cb63cb14e1a6ee80a14381213b0) C:\Windows\system32\DRIVERS\atikmpag.sys
12:31:06.0613 6924 amdkmdap - ok
12:31:06.0613 6924 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
12:31:06.0629 6924 AmdPPM - ok
12:31:06.0660 6924 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:31:06.0691 6924 amdsata - ok
12:31:06.0691 6924 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
12:31:06.0707 6924 amdsbs - ok
12:31:06.0722 6924 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:31:06.0722 6924 amdxata - ok
12:31:06.0785 6924 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:31:06.0816 6924 AppID - ok
12:31:06.0831 6924 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:31:06.0847 6924 AppIDSvc - ok
12:31:06.0863 6924 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
12:31:06.0878 6924 Appinfo - ok
12:31:06.0941 6924 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
12:31:06.0956 6924 AppMgmt - ok
12:31:06.0956 6924 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
12:31:06.0956 6924 arc - ok
12:31:06.0956 6924 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
12:31:06.0956 6924 arcsas - ok
12:31:07.0065 6924 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:31:07.0097 6924 aspnet_state - ok
12:31:07.0175 6924 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:31:07.0190 6924 AsyncMac - ok
12:31:07.0221 6924 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:31:07.0221 6924 atapi - ok
12:31:07.0284 6924 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:31:07.0284 6924 AudioEndpointBuilder - ok
12:31:07.0284 6924 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:31:07.0284 6924 AudioSrv - ok
12:31:07.0346 6924 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
12:31:07.0377 6924 AxInstSV - ok
12:31:07.0424 6924 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
12:31:07.0424 6924 b06bdrv - ok
12:31:07.0455 6924 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:31:07.0455 6924 b57nd60a - ok
12:31:07.0565 6924 BBSvc (87f3bcf82a63e900af896cd930bf7e05) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
12:31:07.0611 6924 BBSvc - ok
12:31:07.0627 6924 BBUpdate (78779ee07231c658b483b1f38b5088df) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
12:31:07.0658 6924 BBUpdate - ok
12:31:07.0674 6924 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:31:07.0674 6924 BDESVC - ok
12:31:07.0689 6924 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:31:07.0689 6924 Beep - ok
12:31:07.0783 6924 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
12:31:07.0814 6924 BFE - ok
12:31:07.0877 6924 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
12:31:07.0923 6924 BITS - ok
12:31:07.0939 6924 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:31:07.0955 6924 blbdrive - ok
12:31:07.0970 6924 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:31:07.0970 6924 bowser - ok
12:31:07.0970 6924 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
12:31:07.0970 6924 BrFiltLo - ok
12:31:07.0970 6924 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
12:31:07.0986 6924 BrFiltUp - ok
12:31:08.0017 6924 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
12:31:08.0017 6924 BridgeMP - ok
12:31:08.0079 6924 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
12:31:08.0095 6924 Browser - ok
12:31:08.0126 6924 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:31:08.0126 6924 Brserid - ok
12:31:08.0126 6924 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:31:08.0142 6924 BrSerWdm - ok
12:31:08.0142 6924 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:31:08.0142 6924 BrUsbMdm - ok
12:31:08.0142 6924 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:31:08.0142 6924 BrUsbSer - ok
12:31:08.0235 6924 BrYNSvc (ea7e57f87d6fee5fd6c5f813c04e8cd2) C:\Program Files (x86)\Browny02\BrYNSvc.exe
12:31:08.0267 6924 BrYNSvc - ok
12:31:08.0298 6924 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
12:31:08.0298 6924 BTHMODEM - ok
12:31:08.0345 6924 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:31:08.0345 6924 bthserv - ok
12:31:08.0360 6924 catchme - ok
12:31:08.0391 6924 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:31:08.0391 6924 cdfs - ok
12:31:08.0407 6924 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
12:31:08.0454 6924 cdrom - ok
12:31:08.0485 6924 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:31:08.0501 6924 CertPropSvc - ok
12:31:08.0516 6924 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
12:31:08.0516 6924 circlass - ok
12:31:08.0547 6924 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:31:08.0547 6924 CLFS - ok
12:31:08.0625 6924 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:31:08.0625 6924 clr_optimization_v2.0.50727_32 - ok
12:31:08.0672 6924 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:31:08.0672 6924 clr_optimization_v2.0.50727_64 - ok
12:31:08.0766 6924 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:31:08.0781 6924 clr_optimization_v4.0.30319_32 - ok
12:31:08.0797 6924 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:31:08.0797 6924 clr_optimization_v4.0.30319_64 - ok
12:31:08.0797 6924 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
12:31:08.0797 6924 CmBatt - ok
12:31:08.0813 6924 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:31:08.0813 6924 cmdide - ok
12:31:08.0844 6924 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
12:31:08.0844 6924 CNG - ok
12:31:08.0875 6924 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
12:31:08.0891 6924 Compbatt - ok
12:31:08.0906 6924 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
12:31:08.0937 6924 CompositeBus - ok
12:31:08.0953 6924 COMSysApp - ok
12:31:08.0953 6924 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
12:31:08.0953 6924 crcdisk - ok
12:31:09.0031 6924 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
12:31:09.0078 6924 CryptSvc - ok
12:31:09.0109 6924 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
12:31:09.0156 6924 CSC - ok
12:31:09.0203 6924 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
12:31:09.0218 6924 CscService - ok
12:31:09.0234 6924 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:31:09.0234 6924 DcomLaunch - ok
12:31:09.0249 6924 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:31:09.0265 6924 defragsvc - ok
12:31:09.0281 6924 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:31:09.0281 6924 DfsC - ok
12:31:09.0359 6924 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
12:31:09.0374 6924 Dhcp - ok
12:31:09.0390 6924 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:31:09.0390 6924 discache - ok
12:31:09.0421 6924 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
12:31:09.0421 6924 Disk - ok
12:31:09.0452 6924 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
12:31:09.0468 6924 dmvsc - ok
12:31:09.0515 6924 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
12:31:09.0530 6924 Dnscache - ok
12:31:09.0561 6924 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
12:31:09.0608 6924 dot3svc - ok
12:31:09.0624 6924 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
12:31:09.0639 6924 DPS - ok
12:31:09.0686 6924 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:31:09.0702 6924 drmkaud - ok
12:31:09.0749 6924 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
12:31:09.0749 6924 dtsoftbus01 - ok
12:31:09.0780 6924 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:31:09.0827 6924 DXGKrnl - ok
12:31:09.0920 6924 e1cexpress (eafcb4551836ff44ee775ceddfa7a77e) C:\Windows\system32\DRIVERS\e1c62x64.sys
12:31:09.0951 6924 e1cexpress - ok
12:31:09.0967 6924 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:31:09.0983 6924 EapHost - ok
12:31:10.0076 6924 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
12:31:10.0092 6924 ebdrv - ok
12:31:10.0170 6924 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
12:31:10.0170 6924 EFS - ok
12:31:10.0248 6924 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
12:31:10.0295 6924 ehRecvr - ok
12:31:10.0310 6924 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:31:10.0326 6924 ehSched - ok
12:31:10.0357 6924 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
12:31:10.0373 6924 elxstor - ok
12:31:10.0373 6924 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:31:10.0373 6924 ErrDev - ok
12:31:10.0388 6924 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:31:10.0404 6924 EventSystem - ok
12:31:10.0404 6924 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:31:10.0419 6924 exfat - ok
12:31:10.0435 6924 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:31:10.0435 6924 fastfat - ok
12:31:10.0466 6924 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
12:31:10.0513 6924 Fax - ok
12:31:10.0513 6924 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
12:31:10.0513 6924 fdc - ok
12:31:10.0544 6924 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:31:10.0544 6924 fdPHost - ok
12:31:10.0575 6924 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:31:10.0575 6924 FDResPub - ok
12:31:10.0622 6924 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:31:10.0622 6924 FileInfo - ok
12:31:10.0638 6924 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:31:10.0638 6924 Filetrace - ok
12:31:10.0778 6924 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:31:10.0825 6924 FLEXnet Licensing Service - ok
12:31:10.0841 6924 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
12:31:10.0841 6924 flpydisk - ok
12:31:10.0872 6924 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:31:10.0872 6924 FltMgr - ok
12:31:10.0919 6924 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
12:31:10.0934 6924 FontCache - ok
12:31:11.0012 6924 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:31:11.0012 6924 FontCache3.0.0.0 - ok
12:31:11.0043 6924 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:31:11.0043 6924 FsDepends - ok
12:31:11.0075 6924 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
12:31:11.0106 6924 Fs_Rec - ok
12:31:11.0168 6924 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:31:11.0168 6924 fvevol - ok
12:31:11.0184 6924 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
12:31:11.0184 6924 gagp30kx - ok
12:31:11.0277 6924 GoToAssist (8f6ae606eb0cc884ee12c41948424422) C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe
12:31:11.0309 6924 GoToAssist - ok
12:31:11.0324 6924 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
12:31:11.0324 6924 gpsvc - ok
12:31:11.0355 6924 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:31:11.0355 6924 hcw85cir - ok
12:31:11.0402 6924 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:31:11.0402 6924 HDAudBus - ok
12:31:11.0418 6924 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
12:31:11.0418 6924 HidBatt - ok
12:31:11.0433 6924 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
12:31:11.0433 6924 HidBth - ok
12:31:11.0433 6924 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
12:31:11.0433 6924 HidIr - ok
12:31:11.0449 6924 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
12:31:11.0449 6924 hidserv - ok
12:31:11.0496 6924 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:31:11.0527 6924 HidUsb - ok
12:31:11.0543 6924 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
12:31:11.0574 6924 hkmsvc - ok
12:31:11.0589 6924 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
12:31:11.0605 6924 HomeGroupListener - ok
12:31:11.0636 6924 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
12:31:11.0652 6924 HomeGroupProvider - ok
12:31:11.0683 6924 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:31:11.0730 6924 HpSAMD - ok
12:31:11.0761 6924 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:31:11.0761 6924 HTTP - ok
12:31:11.0823 6924 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:31:11.0823 6924 hwpolicy - ok
12:31:11.0855 6924 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
12:31:11.0855 6924 i8042prt - ok
12:31:11.0886 6924 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\drivers\iaStor.sys
12:31:11.0886 6924 iaStor - ok
12:31:11.0995 6924 IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
12:31:11.0995 6924 IAStorDataMgrSvc - ok
12:31:12.0042 6924 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:31:12.0057 6924 iaStorV - ok
12:31:12.0120 6924 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:31:12.0151 6924 idsvc - ok
12:31:12.0167 6924 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
12:31:12.0167 6924 iirsp - ok
12:31:12.0213 6924 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
12:31:12.0245 6924 IKEEXT - ok
12:31:12.0401 6924 IntcAzAudAddService (19f9d8f7c996d5ae22e913491c912009) C:\Windows\system32\drivers\RTDVHD64.sys
12:31:12.0432 6924 IntcAzAudAddService - ok
12:31:12.0463 6924 Intel® PROSet Monitoring Service (d7b978f4504d3da95a21002863d0e7ee) C:\Windows\system32\IProsetMonitor.exe
12:31:12.0494 6924 Intel® PROSet Monitoring Service - ok
12:31:12.0510 6924 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:31:12.0510 6924 intelide - ok
12:31:12.0572 6924 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:31:12.0572 6924 intelppm - ok
12:31:12.0744 6924 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
12:31:12.0744 6924 IntuitUpdateServiceV4 - ok
12:31:12.0775 6924 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:31:12.0775 6924 IPBusEnum - ok
12:31:12.0791 6924 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:31:12.0822 6924 IpFilterDriver - ok
12:31:12.0884 6924 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
12:31:12.0884 6924 iphlpsvc - ok
12:31:12.0884 6924 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:31:12.0915 6924 IPMIDRV - ok
12:31:12.0915 6924 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:31:12.0915 6924 IPNAT - ok
12:31:12.0931 6924 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:31:12.0947 6924 IRENUM - ok
12:31:12.0947 6924 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:31:12.0947 6924 isapnp - ok
12:31:12.0978 6924 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:31:12.0993 6924 iScsiPrt - ok
12:31:13.0087 6924 jhi_service (6c85719a21b3f62c2c76280f4bd36c7b) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
12:31:13.0118 6924 jhi_service - ok
12:31:13.0149 6924 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:31:13.0149 6924 kbdclass - ok
12:31:13.0165 6924 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
12:31:13.0196 6924 kbdhid - ok
12:31:13.0243 6924 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:31:13.0243 6924 KeyIso - ok
12:31:13.0259 6924 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
12:31:13.0259 6924 KSecDD - ok
12:31:13.0274 6924 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
12:31:13.0290 6924 KSecPkg - ok
12:31:13.0305 6924 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:31:13.0305 6924 ksthunk - ok
12:31:13.0352 6924 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:31:13.0352 6924 KtmRm - ok
12:31:13.0415 6924 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
12:31:13.0430 6924 LanmanServer - ok
12:31:13.0461 6924 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
12:31:13.0493 6924 LanmanWorkstation - ok
12:31:13.0508 6924 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:31:13.0508 6924 lltdio - ok
12:31:13.0539 6924 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:31:13.0539 6924 lltdsvc - ok
12:31:13.0555 6924 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:31:13.0571 6924 lmhosts - ok
12:31:13.0664 6924 LMS (519d66259df1672aabce9d2e0acc5552) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
12:31:13.0664 6924 LMS - ok
12:31:13.0711 6924 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
12:31:13.0711 6924 LSI_FC - ok
12:31:13.0727 6924 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
12:31:13.0727 6924 LSI_SAS - ok
12:31:13.0727 6924 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
12:31:13.0727 6924 LSI_SAS2 - ok
12:31:13.0758 6924 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
12:31:13.0758 6924 LSI_SCSI - ok
12:31:13.0805 6924 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:31:13.0805 6924 luafv - ok
12:31:13.0914 6924 McAfee SiteAdvisor Enterprise Service (4f2d526298cbc517edb82501e8041112) C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe
12:31:13.0945 6924 McAfee SiteAdvisor Enterprise Service - ok
12:31:14.0054 6924 McShield (2c883bf52e794e1e71927d9b2ae4d4ef) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
12:31:14.0085 6924 McShield - ok
12:31:14.0101 6924 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
12:31:14.0163 6924 Mcx2Svc - ok
12:31:14.0163 6924 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
12:31:14.0163 6924 megasas - ok
12:31:14.0195 6924 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
12:31:14.0195 6924 MegaSR - ok
12:31:14.0273 6924 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
12:31:14.0304 6924 MEIx64 - ok
12:31:14.0366 6924 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys
12:31:14.0397 6924 mfeapfk - ok
12:31:14.0429 6924 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys
12:31:14.0460 6924 mfeavfk - ok
12:31:14.0491 6924 mfeavfk01 - ok
12:31:14.0553 6924 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys
12:31:14.0553 6924 mfehidk - ok
12:31:14.0600 6924 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys
12:31:14.0616 6924 mfenlfk - ok
12:31:14.0647 6924 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys
12:31:14.0694 6924 mferkdet - ok
12:31:14.0741 6924 mfevtp (02b0b1b2f94224ecf9825d81137cd141) C:\Windows\system32\mfevtps.exe
12:31:14.0756 6924 mfevtp - ok
12:31:14.0803 6924 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys
12:31:14.0803 6924 mfewfpk - ok
12:31:14.0834 6924 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:31:14.0834 6924 MMCSS - ok
12:31:14.0850 6924 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:31:14.0850 6924 Modem - ok
12:31:14.0897 6924 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:31:14.0897 6924 monitor - ok
12:31:14.0943 6924 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:31:14.0959 6924 mouclass - ok
12:31:15.0006 6924 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:31:15.0006 6924 mouhid - ok
12:31:15.0068 6924 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:31:15.0068 6924 mountmgr - ok
12:31:15.0162 6924 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:31:15.0193 6924 MozillaMaintenance - ok
12:31:15.0209 6924 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:31:15.0240 6924 mpio - ok
12:31:15.0255 6924 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:31:15.0255 6924 mpsdrv - ok
12:31:15.0287 6924 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
12:31:15.0333 6924 MpsSvc - ok
12:31:15.0349 6924 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:31:15.0380 6924 MRxDAV - ok
12:31:15.0411 6924 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:31:15.0411 6924 mrxsmb - ok
12:31:15.0443 6924 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:31:15.0443 6924 mrxsmb10 - ok
12:31:15.0458 6924 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:31:15.0458 6924 mrxsmb20 - ok
12:31:15.0489 6924 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:31:15.0521 6924 msahci - ok
12:31:15.0536 6924 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:31:15.0583 6924 msdsm - ok
12:31:15.0614 6924 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:31:15.0614 6924 MSDTC - ok
12:31:15.0630 6924 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:31:15.0630 6924 Msfs - ok
12:31:15.0677 6924 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:31:15.0692 6924 mshidkmdf - ok
12:31:15.0708 6924 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:31:15.0708 6924 msisadrv - ok
12:31:15.0755 6924 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:31:15.0755 6924 MSiSCSI - ok
12:31:15.0755 6924 msiserver - ok
12:31:15.0895 6924 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:31:15.0911 6924 MSKSSRV - ok
12:31:16.0004 6924 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:31:16.0051 6924 MSPCLOCK - ok
12:31:16.0051 6924 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:31:16.0051 6924 MSPQM - ok
12:31:16.0082 6924 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:31:16.0082 6924 MsRPC - ok
12:31:16.0098 6924 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
12:31:16.0098 6924 mssmbios - ok
12:31:16.0113 6924 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:31:16.0113 6924 MSTEE - ok
12:31:16.0113 6924 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
12:31:16.0113 6924 MTConfig - ok
12:31:16.0129 6924 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:31:16.0129 6924 Mup - ok
12:31:16.0285 6924 myAgtSvc (011053c6a37b28a9e3c38ab826465db3) C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
12:31:16.0285 6924 myAgtSvc - ok
12:31:16.0316 6924 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
12:31:16.0316 6924 napagent - ok
12:31:16.0347 6924 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:31:16.0347 6924 NativeWifiP - ok
12:31:16.0425 6924 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
12:31:16.0441 6924 NDIS - ok
12:31:16.0457 6924 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:31:16.0457 6924 NdisCap - ok
12:31:16.0519 6924 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:31:16.0519 6924 NdisTapi - ok
12:31:16.0535 6924 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:31:16.0581 6924 Ndisuio - ok
12:31:16.0613 6924 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:31:16.0644 6924 NdisWan - ok
12:31:16.0644 6924 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:31:16.0675 6924 NDProxy - ok
12:31:16.0691 6924 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:31:16.0691 6924 NetBIOS - ok
12:31:16.0706 6924 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:31:16.0706 6924 NetBT - ok
12:31:16.0706 6924 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:31:16.0706 6924 Netlogon - ok
12:31:16.0769 6924 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:31:16.0769 6924 Netman - ok
12:31:16.0909 6924 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:31:16.0940 6924 NetMsmqActivator - ok
12:31:16.0956 6924 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:31:16.0956 6924 NetPipeActivator - ok
12:31:17.0003 6924 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:31:17.0003 6924 netprofm - ok
12:31:17.0003 6924 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:31:17.0003 6924 NetTcpActivator - ok
12:31:17.0003 6924 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:31:17.0003 6924 NetTcpPortSharing - ok
12:31:17.0034 6924 netvsc (73ce12b8bdd747b0063cb0a7ef44cea7) C:\Windows\system32\DRIVERS\netvsc60.sys
12:31:17.0065 6924 netvsc - ok
12:31:17.0112 6924 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
12:31:17.0112 6924 nfrd960 - ok
12:31:17.0143 6924 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
12:31:17.0174 6924 NlaSvc - ok
12:31:17.0190 6924 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:31:17.0190 6924 Npfs - ok
12:31:17.0190 6924 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:31:17.0205 6924 nsi - ok
12:31:17.0205 6924 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:31:17.0205 6924 nsiproxy - ok
12:31:17.0252 6924 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:31:17.0268 6924 Ntfs - ok
12:31:17.0361 6924 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:31:17.0361 6924 Null - ok
12:31:17.0393 6924 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:31:17.0439 6924 nvraid - ok
12:31:17.0486 6924 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:31:17.0517 6924 nvstor - ok
12:31:17.0564 6924 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:31:17.0564 6924 nv_agp - ok
12:31:17.0642 6924 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:31:17.0642 6924 odserv - ok
12:31:17.0658 6924 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:31:17.0658 6924 ohci1394 - ok
12:31:17.0736 6924 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:31:17.0767 6924 ose - ok
12:31:17.0783 6924 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:31:17.0798 6924 p2pimsvc - ok
12:31:17.0814 6924 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:31:17.0814 6924 p2psvc - ok
12:31:17.0829 6924 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
12:31:17.0829 6924 Parport - ok
12:31:17.0845 6924 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
12:31:17.0845 6924 partmgr - ok
12:31:17.0892 6924 PBADRV (363b3f857abee85767e01e3044c539cd) C:\Windows\system32\DRIVERS\PBADRV.sys
12:31:17.0892 6924 PBADRV - ok
12:31:17.0923 6924 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:31:17.0923 6924 PcaSvc - ok
12:31:17.0954 6924 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:31:17.0954 6924 pci - ok
12:31:17.0985 6924 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:31:17.0985 6924 pciide - ok
12:31:18.0001 6924 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
12:31:18.0017 6924 pcmcia - ok
12:31:18.0032 6924 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:31:18.0032 6924 pcw - ok
12:31:18.0079 6924 PDFProFiltSrvPP (c1c3baf078be5a14384a4ba2d730817d) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
12:31:18.0110 6924 PDFProFiltSrvPP - ok
12:31:18.0141 6924 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:31:18.0141 6924 PEAUTH - ok
12:31:18.0188 6924 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
12:31:18.0204 6924 PeerDistSvc - ok
12:31:18.0297 6924 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:31:18.0297 6924 PerfHost - ok
12:31:18.0360 6924 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
12:31:18.0391 6924 pla - ok
12:31:18.0469 6924 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
12:31:18.0469 6924 PlugPlay - ok
12:31:18.0500 6924 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:31:18.0500 6924 PNRPAutoReg - ok
12:31:18.0516 6924 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:31:18.0516 6924 PNRPsvc - ok
12:31:18.0531 6924 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
12:31:18.0563 6924 PolicyAgent - ok
12:31:18.0594 6924 Power (a2cca4fb273e6050f17a0a416cff2fcd) C:\Windows\system32\umpo.dll
12:31:18.0594 6924 Power - ok
12:31:18.0656 6924 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:31:18.0687 6924 PptpMiniport - ok
12:31:18.0719 6924 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
12:31:18.0719 6924 Processor - ok
12:31:18.0750 6924 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
12:31:18.0765 6924 ProfSvc - ok
12:31:18.0765 6924 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:31:18.0765 6924 ProtectedStorage - ok
12:31:18.0828 6924 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:31:18.0828 6924 Psched - ok
12:31:18.0875 6924 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
12:31:18.0890 6924 PxHlpa64 - ok
12:31:18.0984 6924 QBCFMonitorService (291e76c02c0994e4e6f1f97a4bcf6c0e) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
12:31:19.0015 6924 QBCFMonitorService - ok
12:31:19.0031 6924 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
12:31:19.0062 6924 QBFCService - ok
12:31:19.0124 6924 QBVSS (0c7b65c8743442a37152fcfac5f7d16a) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
12:31:19.0155 6924 QBVSS - ok
12:31:19.0249 6924 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
12:31:19.0265 6924 ql2300 - ok
12:31:19.0265 6924 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
12:31:19.0265 6924 ql40xx - ok
12:31:19.0311 6924 QuickBooksDB22 - ok
12:31:19.0343 6924 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:31:19.0343 6924 QWAVE - ok
12:31:19.0358 6924 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:31:19.0374 6924 QWAVEdrv - ok
12:31:19.0374 6924 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:31:19.0374 6924 RasAcd - ok
12:31:19.0452 6924 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:31:19.0452 6924 RasAgileVpn - ok
12:31:19.0467 6924 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:31:19.0483 6924 RasAuto - ok
12:31:19.0514 6924 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:31:19.0561 6924 Rasl2tp - ok
12:31:19.0623 6924 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
12:31:19.0639 6924 RasMan - ok
12:31:19.0670 6924 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:31:19.0670 6924 RasPppoe - ok
12:31:19.0717 6924 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:31:19.0733 6924 RasSstp - ok
12:31:19.0748 6924 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:31:19.0748 6924 rdbss - ok
12:31:19.0764 6924 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:31:19.0764 6924 rdpbus - ok
12:31:19.0811 6924 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:31:19.0811 6924 RDPCDD - ok
12:31:19.0842 6924 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
12:31:19.0873 6924 RDPDR - ok
12:31:19.0920 6924 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:31:19.0935 6924 RDPENCDD - ok
12:31:19.0982 6924 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:31:19.0982 6924 RDPREFMP - ok
12:31:19.0998 6924 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
12:31:20.0029 6924 RDPWD - ok
12:31:20.0045 6924 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:31:20.0045 6924 rdyboost - ok
12:31:20.0060 6924 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:31:20.0060 6924 RemoteAccess - ok
12:31:20.0091 6924 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:31:20.0091 6924 RemoteRegistry - ok
12:31:20.0216 6924 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
12:31:20.0247 6924 RoxMediaDB12OEM - ok
12:31:20.0294 6924 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
12:31:20.0294 6924 RoxWatch12 - ok
12:31:20.0325 6924 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:31:20.0325 6924 RpcEptMapper - ok
12:31:20.0357 6924 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:31:20.0357 6924 RpcLocator - ok
12:31:20.0388 6924 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:31:20.0388 6924 RpcSs - ok
12:31:20.0419 6924 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:31:20.0419 6924 rspndr - ok
12:31:20.0513 6924 RumorServer (011053c6a37b28a9e3c38ab826465db3) C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
12:31:20.0528 6924 RumorServer - ok
12:31:20.0559 6924 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
12:31:20.0622 6924 s3cap - ok
12:31:20.0622 6924 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:31:20.0622 6924 SamSs - ok
12:31:20.0637 6924 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:31:20.0684 6924 sbp2port - ok
12:31:20.0700 6924 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:31:20.0700 6924 SCardSvr - ok
12:31:20.0715 6924 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:31:20.0747 6924 scfilter - ok
12:31:20.0793 6924 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
12:31:20.0825 6924 Schedule - ok
12:31:20.0871 6924 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:31:20.0871 6924 SCPolicySvc - ok
12:31:20.0903 6924 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
12:31:20.0918 6924 SDRSVC - ok
12:31:20.0934 6924 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:31:20.0934 6924 secdrv - ok
12:31:20.0965 6924 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
12:31:20.0981 6924 seclogon - ok
12:31:21.0168 6924 SecureStorageService (8365191d0fe7df5972b889821adbe62b) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe
12:31:21.0215 6924 SecureStorageService - ok
12:31:21.0230 6924 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
12:31:21.0230 6924 SENS - ok
12:31:21.0261 6924 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:31:21.0261 6924 SensrSvc - ok
12:31:21.0293 6924 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:31:21.0293 6924 Serenum - ok
12:31:21.0324 6924 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:31:21.0324 6924 Serial - ok
12:31:21.0386 6924 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
12:31:21.0386 6924 sermouse - ok
12:31:21.0417 6924 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
12:31:21.0433 6924 SessionEnv - ok
12:31:21.0449 6924 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:31:21.0449 6924 sffdisk - ok
12:31:21.0449 6924 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:31:21.0449 6924 sffp_mmc - ok
12:31:21.0464 6924 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:31:21.0480 6924 sffp_sd - ok
12:31:21.0495 6924 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
12:31:21.0495 6924 sfloppy - ok
12:31:21.0527 6924 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
12:31:21.0527 6924 SharedAccess - ok
12:31:21.0558 6924 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
12:31:21.0589 6924 ShellHWDetection - ok
12:31:21.0605 6924 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
12:31:21.0605 6924 SiSRaid2 - ok
12:31:21.0605 6924 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
12:31:21.0620 6924 SiSRaid4 - ok
12:31:21.0636 6924 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:31:21.0636 6924 Smb - ok
12:31:21.0698 6924 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:31:21.0698 6924 SNMPTRAP - ok
12:31:21.0729 6924 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:31:21.0729 6924 spldr - ok
12:31:21.0761 6924 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
12:31:21.0792 6924 Spooler - ok
12:31:21.0885 6924 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
12:31:21.0901 6924 sppsvc - ok
12:31:21.0917 6924 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:31:21.0917 6924 sppuinotify - ok
12:31:21.0963 6924 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:31:21.0963 6924 srv - ok
12:31:21.0995 6924 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:31:21.0995 6924 srv2 - ok
12:31:22.0010 6924 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:31:22.0010 6924 srvnet - ok
12:31:22.0057 6924 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:31:22.0073 6924 SSDPSRV - ok
12:31:22.0088 6924 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:31:22.0088 6924 SstpSvc - ok
12:31:22.0104 6924 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
12:31:22.0104 6924 stexstor - ok
12:31:22.0151 6924 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
12:31:22.0151 6924 StillCam - ok
12:31:22.0182 6924 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
12:31:22.0197 6924 stisvc - ok
12:31:22.0275 6924 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
12:31:22.0307 6924 stllssvr - ok
12:31:22.0322 6924 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
12:31:22.0322 6924 StorSvc - ok
12:31:22.0385 6924 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
12:31:22.0416 6924 storvsc - ok
12:31:22.0431 6924 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
12:31:22.0431 6924 swenum - ok
12:31:22.0463 6924 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:31:22.0463 6924 swprv - ok
12:31:22.0478 6924 SynthVid (4cdd7df58730d23ba9cb5829a6e2ecea) C:\Windows\system32\DRIVERS\VMBusVideoM.sys
12:31:22.0509 6924 SynthVid - ok
12:31:22.0572 6924 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
12:31:22.0572 6924 SysMain - ok
12:31:22.0587 6924 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
12:31:22.0619 6924 TabletInputService - ok
12:31:22.0634 6924 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
12:31:22.0665 6924 TapiSrv - ok
12:31:22.0697 6924 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:31:22.0697 6924 TBS - ok
12:31:22.0759 6924 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
12:31:22.0759 6924 Tcpip - ok
12:31:22.0775 6924 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
12:31:22.0790 6924 TCPIP6 - ok
12:31:22.0853 6924 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:31:22.0884 6924 tcpipreg - ok
12:31:22.0993 6924 tcsd_win32.exe (3d52b206d9f6f3ecfdb5d676614e47b6) C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
12:31:23.0024 6924 tcsd_win32.exe - ok
12:31:23.0196 6924 TdmService (e2f626e4a23e12de31d8820ff143a456) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
12:31:23.0211 6924 TdmService - ok
12:31:23.0227 6924 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:31:23.0227 6924 TDPIPE - ok
12:31:23.0258 6924 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
12:31:23.0274 6924 TDTCP - ok
12:31:23.0321 6924 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:31:23.0336 6924 tdx - ok
12:31:23.0367 6924 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
12:31:23.0383 6924 TermDD - ok
12:31:23.0414 6924 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
12:31:23.0445 6924 TermService - ok
12:31:23.0461 6924 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:31:23.0461 6924 Themes - ok
12:31:23.0492 6924 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:31:23.0492 6924 THREADORDER - ok
12:31:23.0508 6924 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:31:23.0523 6924 TrkWks - ok
12:31:23.0570 6924 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
12:31:23.0570 6924 TrustedInstaller - ok
12:31:23.0601 6924 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:31:23.0633 6924 tssecsrv - ok
12:31:23.0648 6924 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:31:23.0679 6924 TsUsbFlt - ok
12:31:23.0695 6924 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
12:31:23.0726 6924 TsUsbGD - ok
12:31:23.0757 6924 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:31:23.0773 6924 tunnel - ok
12:31:23.0789 6924 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
12:31:23.0789 6924 uagp35 - ok
12:31:23.0804 6924 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:31:23.0820 6924 udfs - ok
12:31:23.0835 6924 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:31:23.0851 6924 UI0Detect - ok
12:31:23.0867 6924 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:31:23.0867 6924 uliagpkx - ok
12:31:23.0913 6924 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
12:31:23.0945 6924 umbus - ok
12:31:23.0991 6924 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
12:31:23.0991 6924 UmPass - ok
12:31:24.0038 6924 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
12:31:24.0054 6924 UmRdpService - ok
12:31:24.0210 6924 UNS (1b71370aec1115f80d9a4a209317c968) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
12:31:24.0210 6924 UNS - ok
12:31:24.0257 6924 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:31:24.0257 6924 upnphost - ok
12:31:24.0288 6924 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
12:31:24.0319 6924 usbccgp - ok
12:31:24.0397 6924 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:31:24.0397 6924 usbcir - ok
12:31:24.0413 6924 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
12:31:24.0444 6924 usbehci - ok
12:31:24.0491 6924 usbhub (8b892002d7b79312821169a14317ab86) C:\Windows\system32\DRIVERS\usbhub.sys
12:31:24.0522 6924 usbhub - ok
12:31:24.0553 6924 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
12:31:24.0569 6924 usbohci - ok
12:31:24.0584 6924 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
12:31:24.0584 6924 usbprint - ok
12:31:24.0600 6924 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:31:24.0631 6924 USBSTOR - ok
12:31:24.0662 6924 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
12:31:24.0725 6924 usbuhci - ok
12:31:24.0756 6924 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:31:24.0756 6924 UxSms - ok
12:31:24.0771 6924 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:31:24.0771 6924 VaultSvc - ok
12:31:24.0818 6924 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:31:24.0818 6924 vdrvroot - ok
12:31:24.0849 6924 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
12:31:24.0881 6924 vds - ok
12:31:24.0896 6924 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:31:24.0896 6924 vga - ok
12:31:24.0927 6924 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:31:24.0927 6924 VgaSave - ok
12:31:24.0943 6924 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:31:24.0959 6924 vhdmp - ok
12:31:24.0974 6924 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:31:24.0974 6924 viaide - ok
12:31:24.0990 6924 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
12:31:25.0021 6924 VMBusHID - ok
12:31:25.0052 6924 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:31:25.0052 6924 volmgr - ok
12:31:25.0083 6924 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:31:25.0083 6924 volmgrx - ok
12:31:25.0115 6924 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:31:25.0115 6924 volsnap - ok
12:31:25.0177 6924 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
12:31:25.0177 6924 vsmraid - ok
12:31:25.0239 6924 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
12:31:25.0239 6924 VSS - ok
12:31:25.0271 6924 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
12:31:25.0271 6924 vwifibus - ok
12:31:25.0333 6924 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:31:25.0333 6924 W32Time - ok
12:31:25.0333 6924 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
12:31:25.0349 6924 WacomPen - ok
12:31:25.0395 6924 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:31:25.0427 6924 WANARP - ok
12:31:25.0427 6924 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:31:25.0427 6924 Wanarpv6 - ok
12:31:25.0489 6924 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
12:31:25.0536 6924 WatAdminSvc - ok
12:31:25.0676 6924 Wave Authentication Manager Service (e45bce01f15eeb240fe9db83b9d86be3) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
12:31:25.0707 6924 Wave Authentication Manager Service - ok
12:31:25.0754 6924 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
12:31:25.0801 6924 wbengine - ok
12:31:25.0848 6924 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:31:25.0848 6924 WbioSrvc - ok
12:31:25.0879 6924 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
12:31:25.0879 6924 wcncsvc - ok
12:31:25.0879 6924 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:31:25.0895 6924 WcsPlugInService - ok
12:31:25.0895 6924 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
12:31:25.0910 6924 Wd - ok
12:31:25.0926 6924 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:31:25.0926 6924 Wdf01000 - ok
12:31:25.0941 6924 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:31:25.0941 6924 WdiServiceHost - ok
12:31:25.0941 6924 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:31:25.0941 6924 WdiSystemHost - ok
12:31:25.0957 6924 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
12:31:26.0004 6924 WebClient - ok
12:31:26.0019 6924 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:31:26.0019 6924 Wecsvc - ok
12:31:26.0035 6924 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:31:26.0035 6924 wercplsupport - ok
12:31:26.0082 6924 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:31:26.0082 6924 WerSvc - ok
12:31:26.0129 6924 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:31:26.0129 6924 WfpLwf - ok
12:31:26.0129 6924 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:31:26.0129 6924 WIMMount - ok
12:31:26.0175 6924 WinDefend - ok
12:31:26.0175 6924 WinHttpAutoProxySvc - ok
12:31:26.0238 6924 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:31:26.0238 6924 Winmgmt - ok
12:31:26.0300 6924 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
12:31:26.0316 6924 WinRM - ok
12:31:26.0378 6924 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
12:31:26.0409 6924 WinUsb - ok
12:31:26.0425 6924 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:31:26.0441 6924 Wlansvc - ok
12:31:26.0487 6924 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:31:26.0503 6924 wlcrasvc - ok
12:31:26.0675 6924 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:31:26.0690 6924 wlidsvc - ok
12:31:26.0706 6924 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:31:26.0706 6924 WmiAcpi - ok
12:31:26.0721 6924 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:31:26.0721 6924 wmiApSrv - ok
12:31:26.0753 6924 WMPNetworkSvc - ok
12:31:26.0768 6924 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:31:26.0768 6924 WPCSvc - ok
12:31:26.0784 6924 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
12:31:26.0799 6924 WPDBusEnum - ok
12:31:26.0799 6924 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:31:26.0799 6924 ws2ifsl - ok
12:31:26.0831 6924 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
12:31:26.0831 6924 wscsvc - ok
12:31:26.0831 6924 WSearch - ok
12:31:26.0940 6924 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
12:31:26.0955 6924 wuauserv - ok
12:31:26.0971 6924 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:31:27.0002 6924 WudfPf - ok
12:31:27.0049 6924 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:31:27.0080 6924 WUDFRd - ok
12:31:27.0096 6924 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
12:31:27.0127 6924 wudfsvc - ok
12:31:27.0158 6924 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:31:27.0158 6924 WwanSvc - ok
12:31:27.0174 6924 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
12:31:27.0283 6924 \Device\Harddisk0\DR0 - ok
12:31:27.0283 6924 Boot (0x1200) (182beea5f6539d6f5745729746f3f3ab) \Device\Harddisk0\DR0\Partition0
12:31:27.0283 6924 \Device\Harddisk0\DR0\Partition0 - ok
12:31:27.0299 6924 Boot (0x1200) (c7b1808e6aa92a8bcc902f333777997c) \Device\Harddisk0\DR0\Partition1
12:31:27.0299 6924 \Device\Harddisk0\DR0\Partition1 - ok
12:31:27.0299 6924 ============================================================
12:31:27.0299 6924 Scan finished
12:31:27.0299 6924 ============================================================
12:31:27.0314 7128 Detected object count: 0
12:31:27.0314 7128 Actual detected object count: 0

aswMBR Log:

12:30:50.0264 2704 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
12:30:50.0717 2704 ============================================================
12:30:50.0717 2704 Current date / time: 2012/07/25 12:30:50.0717
12:30:50.0717 2704 SystemInfo:
12:30:50.0717 2704
12:30:50.0717 2704 OS Version: 6.1.7601 ServicePack: 1.0
12:30:50.0717 2704 Product type: Workstation
12:30:50.0717 2704 ComputerName: SCOTTS-PC
12:30:50.0717 2704 UserName: Scott
12:30:50.0717 2704 Windows directory: C:\Windows
12:30:50.0717 2704 System windows directory: C:\Windows
12:30:50.0717 2704 Running under WOW64
12:30:50.0717 2704 Processor architecture: Intel x64
12:30:50.0717 2704 Number of processors: 8
12:30:50.0717 2704 Page size: 0x1000
12:30:50.0717 2704 Boot type: Normal boot
12:30:50.0717 2704 ============================================================
12:30:52.0277 2704 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0B00000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:30:52.0292 2704 ============================================================
12:30:52.0292 2704 \Device\Harddisk0\DR0:
12:30:52.0292 2704 MBR partitions:
12:30:52.0292 2704 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1698000
12:30:52.0292 2704 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x16AC000, BlocksNum 0x73058000
12:30:52.0292 2704 ============================================================
12:30:52.0323 2704 C: <-> \Device\Harddisk0\DR0\Partition1
12:30:52.0323 2704 ============================================================
12:30:52.0323 2704 Initialize success
12:30:52.0323 2704 ============================================================
12:31:04.0257 6924 ============================================================
12:31:04.0257 6924 Scan started
12:31:04.0257 6924 Mode: Manual;
12:31:04.0257 6924 ============================================================
12:31:05.0115 6924 0040551335454234mcinstcleanup - ok
12:31:05.0271 6924 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:31:05.0318 6924 1394ohci - ok
12:31:05.0365 6924 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:31:05.0365 6924 ACPI - ok
12:31:05.0427 6924 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:31:05.0443 6924 AcpiPmi - ok
12:31:05.0724 6924 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:31:05.0724 6924 AdobeFlashPlayerUpdateSvc - ok
12:31:05.0771 6924 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
12:31:05.0786 6924 adp94xx - ok
12:31:05.0786 6924 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
12:31:05.0802 6924 adpahci - ok
12:31:05.0833 6924 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
12:31:05.0833 6924 adpu320 - ok
12:31:05.0864 6924 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:31:05.0864 6924 AeLookupSvc - ok
12:31:05.0942 6924 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:31:05.0942 6924 AFD - ok
12:31:05.0958 6924 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:31:05.0958 6924 agp440 - ok
12:31:05.0973 6924 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:31:05.0989 6924 ALG - ok
12:31:06.0020 6924 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:31:06.0020 6924 aliide - ok
12:31:06.0051 6924 AMD External Events Utility (b9c8770f3061582da3f9ab39071dee37) C:\Windows\system32\atiesrxx.exe
12:31:06.0083 6924 AMD External Events Utility - ok
12:31:06.0083 6924 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:31:06.0083 6924 amdide - ok
12:31:06.0098 6924 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
12:31:06.0098 6924 AmdK8 - ok
12:31:06.0301 6924 amdkmdag (31d7999c389c7f1effd4b861b64ecaa9) C:\Windows\system32\DRIVERS\atikmdag.sys
12:31:06.0504 6924 amdkmdag - ok
12:31:06.0582 6924 amdkmdap (48e49cb63cb14e1a6ee80a14381213b0) C:\Windows\system32\DRIVERS\atikmpag.sys
12:31:06.0613 6924 amdkmdap - ok
12:31:06.0613 6924 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
12:31:06.0629 6924 AmdPPM - ok
12:31:06.0660 6924 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:31:06.0691 6924 amdsata - ok
12:31:06.0691 6924 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
12:31:06.0707 6924 amdsbs - ok
12:31:06.0722 6924 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:31:06.0722 6924 amdxata - ok
12:31:06.0785 6924 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:31:06.0816 6924 AppID - ok
12:31:06.0831 6924 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:31:06.0847 6924 AppIDSvc - ok
12:31:06.0863 6924 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
12:31:06.0878 6924 Appinfo - ok
12:31:06.0941 6924 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
12:31:06.0956 6924 AppMgmt - ok
12:31:06.0956 6924 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
12:31:06.0956 6924 arc - ok
12:31:06.0956 6924 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
12:31:06.0956 6924 arcsas - ok
12:31:07.0065 6924 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:31:07.0097 6924 aspnet_state - ok
12:31:07.0175 6924 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:31:07.0190 6924 AsyncMac - ok
12:31:07.0221 6924 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:31:07.0221 6924 atapi - ok
12:31:07.0284 6924 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:31:07.0284 6924 AudioEndpointBuilder - ok
12:31:07.0284 6924 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:31:07.0284 6924 AudioSrv - ok
12:31:07.0346 6924 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
12:31:07.0377 6924 AxInstSV - ok
12:31:07.0424 6924 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
12:31:07.0424 6924 b06bdrv - ok
12:31:07.0455 6924 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:31:07.0455 6924 b57nd60a - ok
12:31:07.0565 6924 BBSvc (87f3bcf82a63e900af896cd930bf7e05) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
12:31:07.0611 6924 BBSvc - ok
12:31:07.0627 6924 BBUpdate (78779ee07231c658b483b1f38b5088df) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
12:31:07.0658 6924 BBUpdate - ok
12:31:07.0674 6924 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:31:07.0674 6924 BDESVC - ok
12:31:07.0689 6924 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:31:07.0689 6924 Beep - ok
12:31:07.0783 6924 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
12:31:07.0814 6924 BFE - ok
12:31:07.0877 6924 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
12:31:07.0923 6924 BITS - ok
12:31:07.0939 6924 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:31:07.0955 6924 blbdrive - ok
12:31:07.0970 6924 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:31:07.0970 6924 bowser - ok
12:31:07.0970 6924 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
12:31:07.0970 6924 BrFiltLo - ok
12:31:07.0970 6924 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
12:31:07.0986 6924 BrFiltUp - ok
12:31:08.0017 6924 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
12:31:08.0017 6924 BridgeMP - ok
12:31:08.0079 6924 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
12:31:08.0095 6924 Browser - ok
12:31:08.0126 6924 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:31:08.0126 6924 Brserid - ok
12:31:08.0126 6924 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:31:08.0142 6924 BrSerWdm - ok
12:31:08.0142 6924 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:31:08.0142 6924 BrUsbMdm - ok
12:31:08.0142 6924 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:31:08.0142 6924 BrUsbSer - ok
12:31:08.0235 6924 BrYNSvc (ea7e57f87d6fee5fd6c5f813c04e8cd2) C:\Program Files (x86)\Browny02\BrYNSvc.exe
12:31:08.0267 6924 BrYNSvc - ok
12:31:08.0298 6924 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
12:31:08.0298 6924 BTHMODEM - ok
12:31:08.0345 6924 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:31:08.0345 6924 bthserv - ok
12:31:08.0360 6924 catchme - ok
12:31:08.0391 6924 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:31:08.0391 6924 cdfs - ok
12:31:08.0407 6924 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
12:31:08.0454 6924 cdrom - ok
12:31:08.0485 6924 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:31:08.0501 6924 CertPropSvc - ok
12:31:08.0516 6924 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
12:31:08.0516 6924 circlass - ok
12:31:08.0547 6924 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:31:08.0547 6924 CLFS - ok
12:31:08.0625 6924 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:31:08.0625 6924 clr_optimization_v2.0.50727_32 - ok
12:31:08.0672 6924 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:31:08.0672 6924 clr_optimization_v2.0.50727_64 - ok
12:31:08.0766 6924 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:31:08.0781 6924 clr_optimization_v4.0.30319_32 - ok
12:31:08.0797 6924 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:31:08.0797 6924 clr_optimization_v4.0.30319_64 - ok
12:31:08.0797 6924 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
12:31:08.0797 6924 CmBatt - ok
12:31:08.0813 6924 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:31:08.0813 6924 cmdide - ok
12:31:08.0844 6924 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
12:31:08.0844 6924 CNG - ok
12:31:08.0875 6924 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
12:31:08.0891 6924 Compbatt - ok
12:31:08.0906 6924 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
12:31:08.0937 6924 CompositeBus - ok
12:31:08.0953 6924 COMSysApp - ok
12:31:08.0953 6924 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
12:31:08.0953 6924 crcdisk - ok
12:31:09.0031 6924 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
12:31:09.0078 6924 CryptSvc - ok
12:31:09.0109 6924 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
12:31:09.0156 6924 CSC - ok
12:31:09.0203 6924 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
12:31:09.0218 6924 CscService - ok
12:31:09.0234 6924 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:31:09.0234 6924 DcomLaunch - ok
12:31:09.0249 6924 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:31:09.0265 6924 defragsvc - ok
12:31:09.0281 6924 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:31:09.0281 6924 DfsC - ok
12:31:09.0359 6924 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
12:31:09.0374 6924 Dhcp - ok
12:31:09.0390 6924 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:31:09.0390 6924 discache - ok
12:31:09.0421 6924 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
12:31:09.0421 6924 Disk - ok
12:31:09.0452 6924 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
12:31:09.0468 6924 dmvsc - ok
12:31:09.0515 6924 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
12:31:09.0530 6924 Dnscache - ok
12:31:09.0561 6924 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
12:31:09.0608 6924 dot3svc - ok
12:31:09.0624 6924 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
12:31:09.0639 6924 DPS - ok
12:31:09.0686 6924 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:31:09.0702 6924 drmkaud - ok
12:31:09.0749 6924 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
12:31:09.0749 6924 dtsoftbus01 - ok
12:31:09.0780 6924 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:31:09.0827 6924 DXGKrnl - ok
12:31:09.0920 6924 e1cexpress (eafcb4551836ff44ee775ceddfa7a77e) C:\Windows\system32\DRIVERS\e1c62x64.sys
12:31:09.0951 6924 e1cexpress - ok
12:31:09.0967 6924 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:31:09.0983 6924 EapHost - ok
12:31:10.0076 6924 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
12:31:10.0092 6924 ebdrv - ok
12:31:10.0170 6924 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
12:31:10.0170 6924 EFS - ok
12:31:10.0248 6924 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
12:31:10.0295 6924 ehRecvr - ok
12:31:10.0310 6924 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:31:10.0326 6924 ehSched - ok
12:31:10.0357 6924 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
12:31:10.0373 6924 elxstor - ok
12:31:10.0373 6924 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:31:10.0373 6924 ErrDev - ok
12:31:10.0388 6924 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:31:10.0404 6924 EventSystem - ok
12:31:10.0404 6924 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:31:10.0419 6924 exfat - ok
12:31:10.0435 6924 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:31:10.0435 6924 fastfat - ok
12:31:10.0466 6924 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
12:31:10.0513 6924 Fax - ok
12:31:10.0513 6924 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
12:31:10.0513 6924 fdc - ok
12:31:10.0544 6924 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:31:10.0544 6924 fdPHost - ok
12:31:10.0575 6924 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:31:10.0575 6924 FDResPub - ok
12:31:10.0622 6924 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:31:10.0622 6924 FileInfo - ok
12:31:10.0638 6924 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:31:10.0638 6924 Filetrace - ok
12:31:10.0778 6924 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:31:10.0825 6924 FLEXnet Licensing Service - ok
12:31:10.0841 6924 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
12:31:10.0841 6924 flpydisk - ok
12:31:10.0872 6924 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:31:10.0872 6924 FltMgr - ok
12:31:10.0919 6924 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
12:31:10.0934 6924 FontCache - ok
12:31:11.0012 6924 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:31:11.0012 6924 FontCache3.0.0.0 - ok
12:31:11.0043 6924 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:31:11.0043 6924 FsDepends - ok
12:31:11.0075 6924 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
12:31:11.0106 6924 Fs_Rec - ok
12:31:11.0168 6924 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:31:11.0168 6924 fvevol - ok
12:31:11.0184 6924 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
12:31:11.0184 6924 gagp30kx - ok
12:31:11.0277 6924 GoToAssist (8f6ae606eb0cc884ee12c41948424422) C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe
12:31:11.0309 6924 GoToAssist - ok
12:31:11.0324 6924 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
12:31:11.0324 6924 gpsvc - ok
12:31:11.0355 6924 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:31:11.0355 6924 hcw85cir - ok
12:31:11.0402 6924 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:31:11.0402 6924 HDAudBus - ok
12:31:11.0418 6924 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
12:31:11.0418 6924 HidBatt - ok
12:31:11.0433 6924 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
12:31:11.0433 6924 HidBth - ok
12:31:11.0433 6924 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
12:31:11.0433 6924 HidIr - ok
12:31:11.0449 6924 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
12:31:11.0449 6924 hidserv - ok
12:31:11.0496 6924 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:31:11.0527 6924 HidUsb - ok
12:31:11.0543 6924 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
12:31:11.0574 6924 hkmsvc - ok
12:31:11.0589 6924 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
12:31:11.0605 6924 HomeGroupListener - ok
12:31:11.0636 6924 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
12:31:11.0652 6924 HomeGroupProvider - ok
12:31:11.0683 6924 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:31:11.0730 6924 HpSAMD - ok
12:31:11.0761 6924 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:31:11.0761 6924 HTTP - ok
12:31:11.0823 6924 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:31:11.0823 6924 hwpolicy - ok
12:31:11.0855 6924 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
12:31:11.0855 6924 i8042prt - ok
12:31:11.0886 6924 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\drivers\iaStor.sys
12:31:11.0886 6924 iaStor - ok
12:31:11.0995 6924 IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
12:31:11.0995 6924 IAStorDataMgrSvc - ok
12:31:12.0042 6924 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:31:12.0057 6924 iaStorV - ok
12:31:12.0120 6924 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:31:12.0151 6924 idsvc - ok
12:31:12.0167 6924 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
12:31:12.0167 6924 iirsp - ok
12:31:12.0213 6924 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
12:31:12.0245 6924 IKEEXT - ok
12:31:12.0401 6924 IntcAzAudAddService (19f9d8f7c996d5ae22e913491c912009) C:\Windows\system32\drivers\RTDVHD64.sys
12:31:12.0432 6924 IntcAzAudAddService - ok
12:31:12.0463 6924 Intel® PROSet Monitoring Service (d7b978f4504d3da95a21002863d0e7ee) C:\Windows\system32\IProsetMonitor.exe
12:31:12.0494 6924 Intel® PROSet Monitoring Service - ok
12:31:12.0510 6924 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:31:12.0510 6924 intelide - ok
12:31:12.0572 6924 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:31:12.0572 6924 intelppm - ok
12:31:12.0744 6924 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
12:31:12.0744 6924 IntuitUpdateServiceV4 - ok
12:31:12.0775 6924 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:31:12.0775 6924 IPBusEnum - ok
12:31:12.0791 6924 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:31:12.0822 6924 IpFilterDriver - ok
12:31:12.0884 6924 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
12:31:12.0884 6924 iphlpsvc - ok
12:31:12.0884 6924 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:31:12.0915 6924 IPMIDRV - ok
12:31:12.0915 6924 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:31:12.0915 6924 IPNAT - ok
12:31:12.0931 6924 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:31:12.0947 6924 IRENUM - ok
12:31:12.0947 6924 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:31:12.0947 6924 isapnp - ok
12:31:12.0978 6924 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:31:12.0993 6924 iScsiPrt - ok
12:31:13.0087 6924 jhi_service (6c85719a21b3f62c2c76280f4bd36c7b) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
12:31:13.0118 6924 jhi_service - ok
12:31:13.0149 6924 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:31:13.0149 6924 kbdclass - ok
12:31:13.0165 6924 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
12:31:13.0196 6924 kbdhid - ok
12:31:13.0243 6924 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:31:13.0243 6924 KeyIso - ok
12:31:13.0259 6924 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
12:31:13.0259 6924 KSecDD - ok
12:31:13.0274 6924 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
12:31:13.0290 6924 KSecPkg - ok
12:31:13.0305 6924 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:31:13.0305 6924 ksthunk - ok
12:31:13.0352 6924 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:31:13.0352 6924 KtmRm - ok
12:31:13.0415 6924 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
12:31:13.0430 6924 LanmanServer - ok
12:31:13.0461 6924 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
12:31:13.0493 6924 LanmanWorkstation - ok
12:31:13.0508 6924 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:31:13.0508 6924 lltdio - ok
12:31:13.0539 6924 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:31:13.0539 6924 lltdsvc - ok
12:31:13.0555 6924 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:31:13.0571 6924 lmhosts - ok
12:31:13.0664 6924 LMS (519d66259df1672aabce9d2e0acc5552) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
12:31:13.0664 6924 LMS - ok
12:31:13.0711 6924 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
12:31:13.0711 6924 LSI_FC - ok
12:31:13.0727 6924 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
12:31:13.0727 6924 LSI_SAS - ok
12:31:13.0727 6924 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
12:31:13.0727 6924 LSI_SAS2 - ok
12:31:13.0758 6924 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
12:31:13.0758 6924 LSI_SCSI - ok
12:31:13.0805 6924 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:31:13.0805 6924 luafv - ok
12:31:13.0914 6924 McAfee SiteAdvisor Enterprise Service (4f2d526298cbc517edb82501e8041112) C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe
12:31:13.0945 6924 McAfee SiteAdvisor Enterprise Service - ok
12:31:14.0054 6924 McShield (2c883bf52e794e1e71927d9b2ae4d4ef) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
12:31:14.0085 6924 McShield - ok
12:31:14.0101 6924 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
12:31:14.0163 6924 Mcx2Svc - ok
12:31:14.0163 6924 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
12:31:14.0163 6924 megasas - ok
12:31:14.0195 6924 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
12:31:14.0195 6924 MegaSR - ok
12:31:14.0273 6924 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
12:31:14.0304 6924 MEIx64 - ok
12:31:14.0366 6924 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys
12:31:14.0397 6924 mfeapfk - ok
12:31:14.0429 6924 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys
12:31:14.0460 6924 mfeavfk - ok
12:31:14.0491 6924 mfeavfk01 - ok
12:31:14.0553 6924 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys
12:31:14.0553 6924 mfehidk - ok
12:31:14.0600 6924 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys
12:31:14.0616 6924 mfenlfk - ok
12:31:14.0647 6924 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys
12:31:14.0694 6924 mferkdet - ok
12:31:14.0741 6924 mfevtp (02b0b1b2f94224ecf9825d81137cd141) C:\Windows\system32\mfevtps.exe
12:31:14.0756 6924 mfevtp - ok
12:31:14.0803 6924 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys
12:31:14.0803 6924 mfewfpk - ok
12:31:14.0834 6924 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:31:14.0834 6924 MMCSS - ok
12:31:14.0850 6924 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:31:14.0850 6924 Modem - ok
12:31:14.0897 6924 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:31:14.0897 6924 monitor - ok
12:31:14.0943 6924 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:31:14.0959 6924 mouclass - ok
12:31:15.0006 6924 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:31:15.0006 6924 mouhid - ok
12:31:15.0068 6924 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:31:15.0068 6924 mountmgr - ok
12:31:15.0162 6924 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:31:15.0193 6924 MozillaMaintenance - ok
12:31:15.0209 6924 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:31:15.0240 6924 mpio - ok
12:31:15.0255 6924 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:31:15.0255 6924 mpsdrv - ok
12:31:15.0287 6924 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
12:31:15.0333 6924 MpsSvc - ok
12:31:15.0349 6924 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:31:15.0380 6924 MRxDAV - ok
12:31:15.0411 6924 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:31:15.0411 6924 mrxsmb - ok
12:31:15.0443 6924 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:31:15.0443 6924 mrxsmb10 - ok
12:31:15.0458 6924 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:31:15.0458 6924 mrxsmb20 - ok
12:31:15.0489 6924 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:31:15.0521 6924 msahci - ok
12:31:15.0536 6924 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:31:15.0583 6924 msdsm - ok
12:31:15.0614 6924 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:31:15.0614 6924 MSDTC - ok
12:31:15.0630 6924 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:31:15.0630 6924 Msfs - ok
12:31:15.0677 6924 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:31:15.0692 6924 mshidkmdf - ok
12:31:15.0708 6924 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:31:15.0708 6924 msisadrv - ok
12:31:15.0755 6924 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:31:15.0755 6924 MSiSCSI - ok
12:31:15.0755 6924 msiserver - ok
12:31:15.0895 6924 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:31:15.0911 6924 MSKSSRV - ok
12:31:16.0004 6924 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:31:16.0051 6924 MSPCLOCK - ok
12:31:16.0051 6924 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:31:16.0051 6924 MSPQM - ok
12:31:16.0082 6924 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:31:16.0082 6924 MsRPC - ok
12:31:16.0098 6924 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
12:31:16.0098 6924 mssmbios - ok
12:31:16.0113 6924 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:31:16.0113 6924 MSTEE - ok
12:31:16.0113 6924 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
12:31:16.0113 6924 MTConfig - ok
12:31:16.0129 6924 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:31:16.0129 6924 Mup - ok
12:31:16.0285 6924 myAgtSvc (011053c6a37b28a9e3c38ab826465db3) C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
12:31:16.0285 6924 myAgtSvc - ok
12:31:16.0316 6924 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
12:31:16.0316 6924 napagent - ok
12:31:16.0347 6924 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:31:16.0347 6924 NativeWifiP - ok
12:31:16.0425 6924 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
12:31:16.0441 6924 NDIS - ok
12:31:16.0457 6924 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:31:16.0457 6924 NdisCap - ok
12:31:16.0519 6924 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:31:16.0519 6924 NdisTapi - ok
12:31:16.0535 6924 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:31:16.0581 6924 Ndisuio - ok
12:31:16.0613 6924 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:31:16.0644 6924 NdisWan - ok
12:31:16.0644 6924 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:31:16.0675 6924 NDProxy - ok
12:31:16.0691 6924 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:31:16.0691 6924 NetBIOS - ok
12:31:16.0706 6924 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:31:16.0706 6924 NetBT - ok
12:31:16.0706 6924 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:31:16.0706 6924 Netlogon - ok
12:31:16.0769 6924 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:31:16.0769 6924 Netman - ok
12:31:16.0909 6924 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:31:16.0940 6924 NetMsmqActivator - ok
12:31:16.0956 6924 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:31:16.0956 6924 NetPipeActivator - ok
12:31:17.0003 6924 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:31:17.0003 6924 netprofm - ok
12:31:17.0003 6924 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:31:17.0003 6924 NetTcpActivator - ok
12:31:17.0003 6924 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:31:17.0003 6924 NetTcpPortSharing - ok
12:31:17.0034 6924 netvsc (73ce12b8bdd747b0063cb0a7ef44cea7) C:\Windows\system32\DRIVERS\netvsc60.sys
12:31:17.0065 6924 netvsc - ok
12:31:17.0112 6924 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
12:31:17.0112 6924 nfrd960 - ok
12:31:17.0143 6924 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
12:31:17.0174 6924 NlaSvc - ok
12:31:17.0190 6924 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:31:17.0190 6924 Npfs - ok
12:31:17.0190 6924 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:31:17.0205 6924 nsi - ok
12:31:17.0205 6924 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:31:17.0205 6924 nsiproxy - ok
12:31:17.0252 6924 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:31:17.0268 6924 Ntfs - ok
12:31:17.0361 6924 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:31:17.0361 6924 Null - ok
12:31:17.0393 6924 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:31:17.0439 6924 nvraid - ok
12:31:17.0486 6924 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:31:17.0517 6924 nvstor - ok
12:31:17.0564 6924 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:31:17.0564 6924 nv_agp - ok
12:31:17.0642 6924 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:31:17.0642 6924 odserv - ok
12:31:17.0658 6924 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:31:17.0658 6924 ohci1394 - ok
12:31:17.0736 6924 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:31:17.0767 6924 ose - ok
12:31:17.0783 6924 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:31:17.0798 6924 p2pimsvc - ok
12:31:17.0814 6924 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:31:17.0814 6924 p2psvc - ok
12:31:17.0829 6924 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
12:31:17.0829 6924 Parport - ok
12:31:17.0845 6924 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
12:31:17.0845 6924 partmgr - ok
12:31:17.0892 6924 PBADRV (363b3f857abee85767e01e3044c539cd) C:\Windows\system32\DRIVERS\PBADRV.sys
12:31:17.0892 6924 PBADRV - ok
12:31:17.0923 6924 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:31:17.0923 6924 PcaSvc - ok
12:31:17.0954 6924 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:31:17.0954 6924 pci - ok
12:31:17.0985 6924 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:31:17.0985 6924 pciide - ok
12:31:18.0001 6924 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
12:31:18.0017 6924 pcmcia - ok
12:31:18.0032 6924 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:31:18.0032 6924 pcw - ok
12:31:18.0079 6924 PDFProFiltSrvPP (c1c3baf078be5a14384a4ba2d730817d) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
12:31:18.0110 6924 PDFProFiltSrvPP - ok
12:31:18.0141 6924 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:31:18.0141 6924 PEAUTH - ok
12:31:18.0188 6924 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
12:31:18.0204 6924 PeerDistSvc - ok
12:31:18.0297 6924 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:31:18.0297 6924 PerfHost - ok
12:31:18.0360 6924 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
12:31:18.0391 6924 pla - ok
12:31:18.0469 6924 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
12:31:18.0469 6924 PlugPlay - ok
12:31:18.0500 6924 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:31:18.0500 6924 PNRPAutoReg - ok
12:31:18.0516 6924 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:31:18.0516 6924 PNRPsvc - ok
12:31:18.0531 6924 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
12:31:18.0563 6924 PolicyAgent - ok
12:31:18.0594 6924 Power (a2cca4fb273e6050f17a0a416cff2fcd) C:\Windows\system32\umpo.dll
12:31:18.0594 6924 Power - ok
12:31:18.0656 6924 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:31:18.0687 6924 PptpMiniport - ok
12:31:18.0719 6924 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
12:31:18.0719 6924 Processor - ok
12:31:18.0750 6924 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
12:31:18.0765 6924 ProfSvc - ok
12:31:18.0765 6924 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:31:18.0765 6924 ProtectedStorage - ok
12:31:18.0828 6924 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:31:18.0828 6924 Psched - ok
12:31:18.0875 6924 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
12:31:18.0890 6924 PxHlpa64 - ok
12:31:18.0984 6924 QBCFMonitorService (291e76c02c0994e4e6f1f97a4bcf6c0e) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
12:31:19.0015 6924 QBCFMonitorService - ok
12:31:19.0031 6924 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
12:31:19.0062 6924 QBFCService - ok
12:31:19.0124 6924 QBVSS (0c7b65c8743442a37152fcfac5f7d16a) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
12:31:19.0155 6924 QBVSS - ok
12:31:19.0249 6924 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
12:31:19.0265 6924 ql2300 - ok
12:31:19.0265 6924 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
12:31:19.0265 6924 ql40xx - ok
12:31:19.0311 6924 QuickBooksDB22 - ok
12:31:19.0343 6924 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:31:19.0343 6924 QWAVE - ok
12:31:19.0358 6924 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:31:19.0374 6924 QWAVEdrv - ok
12:31:19.0374 6924 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:31:19.0374 6924 RasAcd - ok
12:31:19.0452 6924 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:31:19.0452 6924 RasAgileVpn - ok
12:31:19.0467 6924 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:31:19.0483 6924 RasAuto - ok
12:31:19.0514 6924 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:31:19.0561 6924 Rasl2tp - ok
12:31:19.0623 6924 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
12:31:19.0639 6924 RasMan - ok
12:31:19.0670 6924 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:31:19.0670 6924 RasPppoe - ok
12:31:19.0717 6924 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:31:19.0733 6924 RasSstp - ok
12:31:19.0748 6924 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:31:19.0748 6924 rdbss - ok
12:31:19.0764 6924 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:31:19.0764 6924 rdpbus - ok
12:31:19.0811 6924 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:31:19.0811 6924 RDPCDD - ok
12:31:19.0842 6924 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
12:31:19.0873 6924 RDPDR - ok
12:31:19.0920 6924 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:31:19.0935 6924 RDPENCDD - ok
12:31:19.0982 6924 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:31:19.0982 6924 RDPREFMP - ok
12:31:19.0998 6924 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
12:31:20.0029 6924 RDPWD - ok
12:31:20.0045 6924 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:31:20.0045 6924 rdyboost - ok
12:31:20.0060 6924 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:31:20.0060 6924 RemoteAccess - ok
12:31:20.0091 6924 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:31:20.0091 6924 RemoteRegistry - ok
12:31:20.0216 6924 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
12:31:20.0247 6924 RoxMediaDB12OEM - ok
12:31:20.0294 6924 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
12:31:20.0294 6924 RoxWatch12 - ok
12:31:20.0325 6924 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:31:20.0325 6924 RpcEptMapper - ok
12:31:20.0357 6924 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:31:20.0357 6924 RpcLocator - ok
12:31:20.0388 6924 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:31:20.0388 6924 RpcSs - ok
12:31:20.0419 6924 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:31:20.0419 6924 rspndr - ok
12:31:20.0513 6924 RumorServer (011053c6a37b28a9e3c38ab826465db3) C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
12:31:20.0528 6924 RumorServer - ok
12:31:20.0559 6924 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
12:31:20.0622 6924 s3cap - ok
12:31:20.0622 6924 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:31:20.0622 6924 SamSs - ok
12:31:20.0637 6924 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:31:20.0684 6924 sbp2port - ok
12:31:20.0700 6924 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:31:20.0700 6924 SCardSvr - ok
12:31:20.0715 6924 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:31:20.0747 6924 scfilter - ok
12:31:20.0793 6924 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
12:31:20.0825 6924 Schedule - ok
12:31:20.0871 6924 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:31:20.0871 6924 SCPolicySvc - ok
12:31:20.0903 6924 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
12:31:20.0918 6924 SDRSVC - ok
12:31:20.0934 6924 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:31:20.0934 6924 secdrv - ok
12:31:20.0965 6924 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
12:31:20.0981 6924 seclogon - ok
12:31:21.0168 6924 SecureStorageService (8365191d0fe7df5972b889821adbe62b) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe
12:31:21.0215 6924 SecureStorageService - ok
12:31:21.0230 6924 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
12:31:21.0230 6924 SENS - ok
12:31:21.0261 6924 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:31:21.0261 6924 SensrSvc - ok
12:31:21.0293 6924 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:31:21.0293 6924 Serenum - ok
12:31:21.0324 6924 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:31:21.0324 6924 Serial - ok
12:31:21.0386 6924 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
12:31:21.0386 6924 sermouse - ok
12:31:21.0417 6924 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
12:31:21.0433 6924 SessionEnv - ok
12:31:21.0449 6924 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:31:21.0449 6924 sffdisk - ok
12:31:21.0449 6924 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:31:21.0449 6924 sffp_mmc - ok
12:31:21.0464 6924 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:31:21.0480 6924 sffp_sd - ok
12:31:21.0495 6924 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
12:31:21.0495 6924 sfloppy - ok
12:31:21.0527 6924 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
12:31:21.0527 6924 SharedAccess - ok
12:31:21.0558 6924 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
12:31:21.0589 6924 ShellHWDetection - ok
12:31:21.0605 6924 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
12:31:21.0605 6924 SiSRaid2 - ok
12:31:21.0605 6924 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
12:31:21.0620 6924 SiSRaid4 - ok
12:31:21.0636 6924 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:31:21.0636 6924 Smb - ok
12:31:21.0698 6924 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:31:21.0698 6924 SNMPTRAP - ok
12:31:21.0729 6924 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:31:21.0729 6924 spldr - ok
12:31:21.0761 6924 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
12:31:21.0792 6924 Spooler - ok
12:31:21.0885 6924 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
12:31:21.0901 6924 sppsvc - ok
12:31:21.0917 6924 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:31:21.0917 6924 sppuinotify - ok
12:31:21.0963 6924 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:31:21.0963 6924 srv - ok
12:31:21.0995 6924 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:31:21.0995 6924 srv2 - ok
12:31:22.0010 6924 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:31:22.0010 6924 srvnet - ok
12:31:22.0057 6924 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:31:22.0073 6924 SSDPSRV - ok
12:31:22.0088 6924 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:31:22.0088 6924 SstpSvc - ok
12:31:22.0104 6924 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
12:31:22.0104 6924 stexstor - ok
12:31:22.0151 6924 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
12:31:22.0151 6924 StillCam - ok
12:31:22.0182 6924 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
12:31:22.0197 6924 stisvc - ok
12:31:22.0275 6924 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
12:31:22.0307 6924 stllssvr - ok
12:31:22.0322 6924 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
12:31:22.0322 6924 StorSvc - ok
12:31:22.0385 6924 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
12:31:22.0416 6924 storvsc - ok
12:31:22.0431 6924 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
12:31:22.0431 6924 swenum - ok
12:31:22.0463 6924 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:31:22.0463 6924 swprv - ok
12:31:22.0478 6924 SynthVid (4cdd7df58730d23ba9cb5829a6e2ecea) C:\Windows\system32\DRIVERS\VMBusVideoM.sys
12:31:22.0509 6924 SynthVid - ok
12:31:22.0572 6924 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
12:31:22.0572 6924 SysMain - ok
12:31:22.0587 6924 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
12:31:22.0619 6924 TabletInputService - ok
12:31:22.0634 6924 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
12:31:22.0665 6924 TapiSrv - ok
12:31:22.0697 6924 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:31:22.0697 6924 TBS - ok
12:31:22.0759 6924 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
12:31:22.0759 6924 Tcpip - ok
12:31:22.0775 6924 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
12:31:22.0790 6924 TCPIP6 - ok
12:31:22.0853 6924 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:31:22.0884 6924 tcpipreg - ok
12:31:22.0993 6924 tcsd_win32.exe (3d52b206d9f6f3ecfdb5d676614e47b6) C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
12:31:23.0024 6924 tcsd_win32.exe - ok
12:31:23.0196 6924 TdmService (e2f626e4a23e12de31d8820ff143a456) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
12:31:23.0211 6924 TdmService - ok
12:31:23.0227 6924 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:31:23.0227 6924 TDPIPE - ok
12:31:23.0258 6924 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
12:31:23.0274 6924 TDTCP - ok
12:31:23.0321 6924 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:31:23.0336 6924 tdx - ok
12:31:23.0367 6924 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
12:31:23.0383 6924 TermDD - ok
12:31:23.0414 6924 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
12:31:23.0445 6924 TermService - ok
12:31:23.0461 6924 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:31:23.0461 6924 Themes - ok
12:31:23.0492 6924 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:31:23.0492 6924 THREADORDER - ok
12:31:23.0508 6924 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:31:23.0523 6924 TrkWks - ok
12:31:23.0570 6924 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
12:31:23.0570 6924 TrustedInstaller - ok
12:31:23.0601 6924 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:31:23.0633 6924 tssecsrv - ok
12:31:23.0648 6924 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:31:23.0679 6924 TsUsbFlt - ok
12:31:23.0695 6924 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
12:31:23.0726 6924 TsUsbGD - ok
12:31:23.0757 6924 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:31:23.0773 6924 tunnel - ok
12:31:23.0789 6924 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
12:31:23.0789 6924 uagp35 - ok
12:31:23.0804 6924 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:31:23.0820 6924 udfs - ok
12:31:23.0835 6924 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:31:23.0851 6924 UI0Detect - ok
12:31:23.0867 6924 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:31:23.0867 6924 uliagpkx - ok
12:31:23.0913 6924 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
12:31:23.0945 6924 umbus - ok
12:31:23.0991 6924 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
12:31:23.0991 6924 UmPass - ok
12:31:24.0038 6924 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
12:31:24.0054 6924 UmRdpService - ok
12:31:24.0210 6924 UNS (1b71370aec1115f80d9a4a209317c968) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
12:31:24.0210 6924 UNS - ok
12:31:24.0257 6924 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:31:24.0257 6924 upnphost - ok
12:31:24.0288 6924 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
12:31:24.0319 6924 usbccgp - ok
12:31:24.0397 6924 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:31:24.0397 6924 usbcir - ok
12:31:24.0413 6924 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
12:31:24.0444 6924 usbehci - ok
12:31:24.0491 6924 usbhub (8b892002d7b79312821169a14317ab86) C:\Windows\system32\DRIVERS\usbhub.sys
12:31:24.0522 6924 usbhub - ok
12:31:24.0553 6924 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
12:31:24.0569 6924 usbohci - ok
12:31:24.0584 6924 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
12:31:24.0584 6924 usbprint - ok
12:31:24.0600 6924 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:31:24.0631 6924 USBSTOR - ok
12:31:24.0662 6924 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
12:31:24.0725 6924 usbuhci - ok
12:31:24.0756 6924 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:31:24.0756 6924 UxSms - ok
12:31:24.0771 6924 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:31:24.0771 6924 VaultSvc - ok
12:31:24.0818 6924 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:31:24.0818 6924 vdrvroot - ok
12:31:24.0849 6924 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
12:31:24.0881 6924 vds - ok
12:31:24.0896 6924 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:31:24.0896 6924 vga - ok
12:31:24.0927 6924 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:31:24.0927 6924 VgaSave - ok
12:31:24.0943 6924 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:31:24.0959 6924 vhdmp - ok
12:31:24.0974 6924 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:31:24.0974 6924 viaide - ok
12:31:24.0990 6924 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
12:31:25.0021 6924 VMBusHID - ok
12:31:25.0052 6924 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:31:25.0052 6924 volmgr - ok
12:31:25.0083 6924 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:31:25.0083 6924 volmgrx - ok
12:31:25.0115 6924 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:31:25.0115 6924 volsnap - ok
12:31:25.0177 6924 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
12:31:25.0177 6924 vsmraid - ok
12:31:25.0239 6924 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
12:31:25.0239 6924 VSS - ok
12:31:25.0271 6924 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
12:31:25.0271 6924 vwifibus - ok
12:31:25.0333 6924 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:31:25.0333 6924 W32Time - ok
12:31:25.0333 6924 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
12:31:25.0349 6924 WacomPen - ok
12:31:25.0395 6924 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:31:25.0427 6924 WANARP - ok
12:31:25.0427 6924 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:31:25.0427 6924 Wanarpv6 - ok
12:31:25.0489 6924 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
12:31:25.0536 6924 WatAdminSvc - ok
12:31:25.0676 6924 Wave Authentication Manager Service (e45bce01f15eeb240fe9db83b9d86be3) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
12:31:25.0707 6924 Wave Authentication Manager Service - ok
12:31:25.0754 6924 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
12:31:25.0801 6924 wbengine - ok
12:31:25.0848 6924 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:31:25.0848 6924 WbioSrvc - ok
12:31:25.0879 6924 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
12:31:25.0879 6924 wcncsvc - ok
12:31:25.0879 6924 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:31:25.0895 6924 WcsPlugInService - ok
12:31:25.0895 6924 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
12:31:25.0910 6924 Wd - ok
12:31:25.0926 6924 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:31:25.0926 6924 Wdf01000 - ok
12:31:25.0941 6924 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:31:25.0941 6924 WdiServiceHost - ok
12:31:25.0941 6924 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:31:25.0941 6924 WdiSystemHost - ok
12:31:25.0957 6924 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
12:31:26.0004 6924 WebClient - ok
12:31:26.0019 6924 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:31:26.0019 6924 Wecsvc - ok
12:31:26.0035 6924 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:31:26.0035 6924 wercplsupport - ok
12:31:26.0082 6924 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:31:26.0082 6924 WerSvc - ok
12:31:26.0129 6924 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:31:26.0129 6924 WfpLwf - ok
12:31:26.0129 6924 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:31:26.0129 6924 WIMMount - ok
12:31:26.0175 6924 WinDefend - ok
12:31:26.0175 6924 WinHttpAutoProxySvc - ok
12:31:26.0238 6924 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:31:26.0238 6924 Winmgmt - ok
12:31:26.0300 6924 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
12:31:26.0316 6924 WinRM - ok
12:31:26.0378 6924 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
12:31:26.0409 6924 WinUsb - ok
12:31:26.0425 6924 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:31:26.0441 6924 Wlansvc - ok
12:31:26.0487 6924 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:31:26.0503 6924 wlcrasvc - ok
12:31:26.0675 6924 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:31:26.0690 6924 wlidsvc - ok
12:31:26.0706 6924 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:31:26.0706 6924 WmiAcpi - ok
12:31:26.0721 6924 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:31:26.0721 6924 wmiApSrv - ok
12:31:26.0753 6924 WMPNetworkSvc - ok
12:31:26.0768 6924 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:31:26.0768 6924 WPCSvc - ok
12:31:26.0784 6924 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
12:31:26.0799 6924 WPDBusEnum - ok
12:31:26.0799 6924 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:31:26.0799 6924 ws2ifsl - ok
12:31:26.0831 6924 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
12:31:26.0831 6924 wscsvc - ok
12:31:26.0831 6924 WSearch - ok
12:31:26.0940 6924 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
12:31:26.0955 6924 wuauserv - ok
12:31:26.0971 6924 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:31:27.0002 6924 WudfPf - ok
12:31:27.0049 6924 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:31:27.0080 6924 WUDFRd - ok
12:31:27.0096 6924 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
12:31:27.0127 6924 wudfsvc - ok
12:31:27.0158 6924 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:31:27.0158 6924 WwanSvc - ok
12:31:27.0174 6924 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
12:31:27.0283 6924 \Device\Harddisk0\DR0 - ok
12:31:27.0283 6924 Boot (0x1200) (182beea5f6539d6f5745729746f3f3ab) \Device\Harddisk0\DR0\Partition0
12:31:27.0283 6924 \Device\Harddisk0\DR0\Partition0 - ok
12:31:27.0299 6924 Boot (0x1200) (c7b1808e6aa92a8bcc902f333777997c) \Device\Harddisk0\DR0\Partition1
12:31:27.0299 6924 \Device\Harddisk0\DR0\Partition1 - ok
12:31:27.0299 6924 ============================================================
12:31:27.0299 6924 Scan finished
12:31:27.0299 6924 ============================================================
12:31:27.0314 7128 Detected object count: 0
12:31:27.0314 7128 Actual detected object count: 0


Still Redirecting.....

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:36 AM

Posted 25 July 2012 - 05:12 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Elimax

Elimax
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 25 July 2012 - 05:53 PM

Here is the scan:

OTL logfile created on: 7/25/2012 3:45:37 PM - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Scott\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.96 Gb Total Physical Memory | 5.86 Gb Available Physical Memory | 73.68% Memory free
15.91 Gb Paging File | 12.97 Gb Available in Paging File | 81.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.17 Gb Total Space | 853.82 Gb Free Space | 92.79% Space Free | Partition Type: NTFS

Computer Name: SCOTTS-PC | User Name: Scott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Scott\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.)
PRC - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe (McAfee, Inc.)
PRC - C:\UPS\WSTD\UPSNA1Msgr.exe ()
PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\Intuit\QuickBooks 2012\QBDBMgrN.exe (Intuit, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe (McAfee, Inc.)
PRC - C:\UPS\WSTD\WSTDMessaging.exe ()
PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
PRC - C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.)
PRC - C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2e16482769fcdf856919e292a968f16c\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll ()
MOD - C:\Program Files (x86)\Intuit\QuickBooks 2012\Webification.DLL ()
MOD - C:\Program Files (x86)\Intuit\QuickBooks 2012\ReportBridge.DLL ()
MOD - C:\Program Files (x86)\Intuit\QuickBooks 2012\QBMAPILibrary.dll ()
MOD - C:\Program Files (x86)\Intuit\QuickBooks 2012\QBCompressor.DLL ()
MOD - C:\Program Files (x86)\Intuit\QuickBooks 2012\QB2WPFBridge.dll ()
MOD - C:\Program Files (x86)\Intuit\QuickBooks 2012\mbpopup.dll ()
MOD - C:\Program Files (x86)\Intuit\QuickBooks 2012\IPDWidgetInterop.dll ()
MOD - C:\Program Files (x86)\Intuit\QuickBooks 2012\IPDWidgetBridge.DLL ()
MOD - C:\Program Files (x86)\Intuit\QuickBooks 2012\htmlhelper.dll ()
MOD - C:\Program Files (x86)\Intuit\QuickBooks 2012\FeaturesBridge.DLL ()
MOD - C:\Program Files (x86)\Intuit\QuickBooks 2012\boost_serialization-vc90-mt-p-1_33.dll ()
MOD - C:\Program Files (x86)\Intuit\QuickBooks 2012\boost_regex-vc90-mt-p-1_33.dll ()
MOD - C:\Program Files (x86)\Intuit\QuickBooks 2012\BackupLib.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\7aa839fb16503243d6ae454ab334bcf4\System.Data.Entity.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\05787d96761cf20b76b927ace10ef1d3\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.OracleC#\d62b53e7a5528b03ff512c624a1fdb83\System.Data.OracleClient.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bb40644f323a93fa9bc09be350918ef3\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\67a386434938003bceb0752e979dabb3\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bb40644f323a93fa9bc09be350918ef3\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8a9fac9cb825b5d2db0bdb867fff940e\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\4837a5c6204d53e7aa4f7dd94b98207c\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b2b9f4ec1819e4b95792d92f56d26f9\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\99d0f7ba920eea1117e45dcd9fec0eb5\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\5a3beae8b211b91bfc620c029cf4c2d4\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\7b7719d46a4da2e91e8c501347e48ab9\System.Numerics.ni.dll ()
MOD - C:\UPS\WSTD\UPSNA1Msgr.exe ()
MOD - C:\UPS\WSTD\POLICYMGR\UPS.Components.NA1MessengerServer.dll ()
MOD - C:\UPS\WSTD\POLICYMGR\UPS.Components.PolicyHolder.dll ()
MOD - C:\UPS\WSTD\POLICYMGR\Microsoft.ApplicationBlocks.Data.dll ()
MOD - C:\UPS\WSTD\UPSResourceManager.dll ()
MOD - C:\Program Files (x86)\Intuit\QuickBooks 2012\zlib1.dll ()
MOD - C:\UPS\WSTD\WSTDMessaging.exe ()
MOD - c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (Wave Authentication Manager Service) -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe (Wave Systems Corp.)
SRV:64bit: - (Intel® -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation)
SRV:64bit: - (TdmService) -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)
SRV:64bit: - (SecureStorageService) -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (QBCFMonitorService) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (RumorServer) -- C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe (McAfee, Inc.)
SRV - (myAgtSvc) -- C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe (McAfee, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (IntuitUpdateServiceV4) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
SRV - (QBVSS) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe (Intuit Inc.)
SRV - (QBFCService) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (QuickBooksDB22) -- C:\Program Files (x86)\Intuit\QuickBooks 2012\QBDBMgrN.exe (Intuit, Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (McAfee SiteAdvisor Enterprise Service) -- C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe (McAfee, Inc.)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
SRV - (tcsd_win32.exe) -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()
SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PDFProFiltSrvPP) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.)
SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc60.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (SynthVid) -- C:\Windows\SysNative\drivers\VMBusVideoM.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcAzAudAddService) -- C:\Windows\SysNative\drivers\RTDVHD64.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (PBADRV) -- C:\Windows\SysNative\drivers\PBADRV.SYS (Dell Inc)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3BC544E2-7431-4285-AD96-0A68AEE62DA5}
IE:64bit: - HKLM\..\SearchScopes\{3BC544E2-7431-4285-AD96-0A68AEE62DA5}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {3BC544E2-7431-4285-AD96-0A68AEE62DA5}
IE - HKLM\..\SearchScopes\{3BC544E2-7431-4285-AD96-0A68AEE62DA5}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-713880368-3550070389-1403612139-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1
IE - HKU\S-1-5-21-713880368-3550070389-1403612139-1000\..\SearchScopes,DefaultScope = {3BC544E2-7431-4285-AD96-0A68AEE62DA5}
IE - HKU\S-1-5-21-713880368-3550070389-1403612139-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.expedition-imports.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/04/15 19:19:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\ [2012/05/06 13:27:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/06/15 09:19:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 16:39:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{791CB49F-9916-11E1-826E-B8AC6F996F26}: C:\Users\Scott\AppData\Local\{791CB49F-9916-11E1-826E-B8AC6F996F26}\ [2012/05/08 07:02:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 16:39:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/04/14 21:36:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Extensions
[2012/05/01 19:02:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\f4gaot5t.default\extensions
[2012/04/14 22:51:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\f4gaot5t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/04/14 21:35:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/15 09:19:59 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES (X86)\COMMON FILES\MCAFEE\SYSTEMCORE
[2012/04/15 19:19:43 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2012/05/08 07:02:56 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\SCOTT\APPDATA\LOCAL\{791CB49F-9916-11E1-826E-B8AC6F996F26}
[2012/07/18 16:39:06 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/12 21:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/12 21:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/25 07:42:17 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120614092517.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120614092517.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Dell Computer Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [MVS Splash] C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NA1Messenger] C:\UPS\WSTD\UPSNA1Msgr.exe ()
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-713880368-3550070389-1403612139-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-713880368-3550070389-1403612139-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-713880368-3550070389-1403612139-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-713880368-3550070389-1403612139-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-713880368-3550070389-1403612139-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-713880368-3550070389-1403612139-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-713880368-3550070389-1403612139-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-713880368-3550070389-1403612139-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.7.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28CB404A-1DCB-4510-ADFE-11C645B06CD6}: DhcpNameServer = 192.168.7.254
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\intu-help-qb5 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\615\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20:64bit: - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/25 07:46:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/25 07:42:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/25 07:31:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/25 07:31:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/25 07:31:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/25 07:31:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/25 07:31:00 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/16 17:40:21 | 000,000,000 | ---D | C] -- C:\Users\Scott\Desktop\GooredFix Backups
[2012/07/15 16:11:17 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/15 16:11:17 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/15 16:11:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/15 16:11:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/15 16:11:17 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/15 16:11:17 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/15 16:11:16 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/15 16:11:16 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/15 16:11:16 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/15 16:11:16 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/15 16:11:16 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/15 16:11:16 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/15 16:11:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/10 21:19:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/07/10 21:19:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/07/10 21:19:48 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/10 21:19:43 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/07/10 21:19:42 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/06/29 17:54:52 | 002,134,616 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Scott\Desktop\TDSSKiller.exe
[2012/06/29 15:16:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation
[2012/06/25 16:04:24 | 001,394,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/25 15:44:06 | 000,000,336 | ---- | M] () -- C:\Windows\BRCALIB.INI
[2012/07/25 15:20:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/25 14:03:10 | 000,000,512 | ---- | M] () -- C:\Users\Scott\Desktop\MBR.dat
[2012/07/25 12:58:31 | 000,000,512 | ---- | M] () -- C:\Users\Scott\Documents\MBR.dat
[2012/07/25 07:57:37 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/25 07:57:37 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/25 07:57:07 | 000,782,922 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/25 07:57:07 | 000,663,010 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/25 07:57:07 | 000,121,878 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/25 07:50:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/25 07:50:00 | 2113,679,359 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/25 07:42:17 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/23 08:12:55 | 000,000,122 | ---- | M] () -- C:\Users\Scott\.ewanapi_cookie
[2012/07/15 16:20:53 | 000,001,135 | ---- | M] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/07/15 16:20:53 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/15 16:20:18 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/15 16:20:18 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/15 16:16:01 | 000,484,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/13 14:07:15 | 000,415,744 | ---- | M] () -- C:\Users\Scott\Documents\EI_letterhead_template_scrn.dot
[2012/07/13 13:35:12 | 003,628,334 | ---- | M] () -- C:\Users\Scott\Documents\Chargeback Pletscher.pdf
[2012/07/13 08:00:09 | 000,634,177 | ---- | M] () -- C:\Users\Scott\Documents\Grupo Authorization.pdf
[2012/07/04 12:00:07 | 008,737,131 | ---- | M] () -- C:\Users\Scott\Documents\Knapp Docs.pdf
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/29 12:08:18 | 002,134,616 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Scott\Desktop\TDSSKiller.exe
[2012/06/27 17:01:32 | 000,020,296 | ---- | M] () -- C:\Users\Scott\Documents\5023354166 Drop Ship BOL.pdf
[2012/06/27 16:57:32 | 000,017,090 | ---- | M] () -- C:\Users\Scott\Documents\5023354166 pallet label.pdf
[2012/06/27 12:00:06 | 000,010,377 | ---- | M] () -- C:\Users\Scott\Documents\42412110118782 Data Card.pdf
[2012/06/26 14:23:27 | 000,009,705 | ---- | M] () -- C:\Users\Scott\Documents\Stowe Trans.pdf
[2012/06/25 16:04:24 | 001,394,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/25 12:59:02 | 000,000,512 | ---- | C] () -- C:\Users\Scott\Desktop\MBR.dat
[2012/07/25 12:58:31 | 000,000,512 | ---- | C] () -- C:\Users\Scott\Documents\MBR.dat
[2012/07/25 07:31:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/25 07:31:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/25 07:31:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/25 07:31:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/25 07:31:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/15 16:20:53 | 000,001,135 | ---- | C] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/07/15 16:17:59 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/13 13:35:11 | 003,628,334 | ---- | C] () -- C:\Users\Scott\Documents\Chargeback Pletscher.pdf
[2012/07/13 08:00:09 | 000,634,177 | ---- | C] () -- C:\Users\Scott\Documents\Grupo Authorization.pdf
[2012/07/04 12:00:06 | 008,737,131 | ---- | C] () -- C:\Users\Scott\Documents\Knapp Docs.pdf
[2012/06/27 17:01:32 | 000,020,296 | ---- | C] () -- C:\Users\Scott\Documents\5023354166 Drop Ship BOL.pdf
[2012/06/27 16:57:32 | 000,017,090 | ---- | C] () -- C:\Users\Scott\Documents\5023354166 pallet label.pdf
[2012/06/27 12:00:06 | 000,010,377 | ---- | C] () -- C:\Users\Scott\Documents\42412110118782 Data Card.pdf
[2012/06/26 14:23:27 | 000,009,705 | ---- | C] () -- C:\Users\Scott\Documents\Stowe Trans.pdf
[2012/04/16 08:34:47 | 000,000,122 | ---- | C] () -- C:\Users\Scott\.ewanapi_cookie
[2012/04/15 13:18:10 | 000,000,319 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/04/15 09:23:13 | 000,000,180 | ---- | C] () -- C:\Windows\wstdUPSWSHIP.INI
[2012/04/15 09:23:04 | 000,000,963 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/04/14 22:24:35 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2012/04/14 22:12:38 | 000,000,260 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012/04/14 22:12:38 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012/04/14 22:11:23 | 000,000,336 | ---- | C] () -- C:\Windows\BRCALIB.INI
[2012/04/14 22:10:32 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012/04/14 22:10:32 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012/04/14 22:10:18 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2012/04/14 22:10:15 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2012/04/14 22:03:26 | 000,000,655 | ---- | C] () -- C:\Windows\DCPARTS_S404.INI
[2012/04/04 15:31:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/04/04 15:20:28 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/04/04 13:53:20 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll
[2012/01/10 10:49:24 | 000,667,280 | ---- | C] () -- C:\Windows\SysWow64\tx12.dll
[2012/01/10 10:49:24 | 000,000,530 | ---- | C] () -- C:\Windows\SysWow64\tx12_ic.ini
[2012/01/10 10:49:24 | 000,000,186 | ---- | C] () -- C:\Windows\SysWow64\Gsw32.exe.config
[2011/12/15 19:32:28 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\GetHostIP.exe
[2011/12/15 19:31:50 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\nssckbi.dll
[2011/02/10 07:33:46 | 000,795,928 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/19 15:18:20 | 001,008,640 | ---- | C] () -- C:\Windows\SysWow64\DemoLicense.dll

< End of report >

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:36 AM

Posted 26 July 2012 - 12:29 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKU\S-1-5-21-713880368-3550070389-1403612139-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O18:64bit: - Protocol\Handler\intu-help-qb5 - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Elimax

Elimax
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 27 July 2012 - 05:22 PM

========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-713880368-3550070389-1403612139-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\intu-help-qb5\ deleted successfully.
File Protocol\Handler\intu-help-qb5 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\qbwc\ deleted successfully.
File Protocol\Handler\qbwc - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Scott\Downloads\cmd.bat deleted successfully.
C:\Users\Scott\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: McAfeeMVSUser

User: Public

User: QBDataServiceUser22

User: Scott
->Java cache emptied: 13644884 bytes

Total Java Files Cleaned = 13.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: McAfeeMVSUser

User: Public

User: QBDataServiceUser22

User: Scott
->Flash cache emptied: 9616 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.55.0 log created on 07272012_150818


Computer is still re-directing on google searches.......All other functionality seams to be OK.

Edited by Elimax, 27 July 2012 - 05:23 PM.


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:36 AM

Posted 27 July 2012 - 08:35 PM

Greetings


In which browsers are you getting redirected?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Elimax

Elimax
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 27 July 2012 - 08:56 PM

Mozilla Firefox is what I use on a daily basis.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:36 AM

Posted 27 July 2012 - 10:04 PM

Greetings

1.At the top of the Firefox window, click the" Firefox" button,
go over to the" Help" sub-menu
(on Windows XP, click the Help menu at the top of the Firefox window) and select "Troubleshooting Information."
2.Click the "Reset Firefox" button in the upper-right corner of the Troubleshooting Information page.
3.To continue, click "Reset Firefox" in the confirmation window that opens.
4.Firefox will close and be reset. When it's done, a window will list the information that was imported. Click "Finish" and Firefox will open


Check for redirects


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:36 AM

Posted 29 July 2012 - 11:32 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Elimax

Elimax
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 29 July 2012 - 11:36 PM

I have not had any time. I will be back and perform the next step first thing in the morning and get back to you. I do appreciate all the help with this. The computer has been shutdown over the weekend.

Cheers




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users