Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win7 X64 Startup Repair Loop problem


  • This topic is locked This topic is locked
20 replies to this topic

#1 Spoelker

Spoelker

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 20 October 2012 - 12:16 AM

To all:

I've working on a friend's computer. When it is started, it attempts to load windows, but then jumps into the Startup Repair screen. Cannot start in safe mode. Cannot access Windows. I know that something is afoot. Any help would be greatly appreciated. A FRST.txt dump of the machine is listed below. Thank you.

Keith


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-10-2012
Ran by SYSTEM at 20-10-2012 00:04:52
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet002

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-09-14] (IDT, Inc.)
HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [611896 2010-08-31] ()
HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-07-21] (Hewlett-Packard Company)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-09-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [584760 2010-09-28] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE [1694608 2011-11-09] (Bandoo Media, inc)
HKLM-x32\...\Run: [NACAgentUI] C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe [540088 2011-09-01] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKU\Zenni\...\Run: [Google Update] "C:\Users\Zenni\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-02-28] (Google Inc.)
HKU\Zenni\...\Run: [Facebook Update] "C:\Users\Zenni\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.)
HKU\Zenni\...\Run: [Media Finder] "C:\Program Files (x86)\Media Finder\MF.exe" /opentotray [8585728 2012-03-13] (Media Finder)
HKU\Zenni\...\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [x]
HKU\Zenni\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [x]
HKU\Zenni\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1353080 2012-08-11] (Valve Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
AppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\Users\Default\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

==================== Services (Whitelisted) ===================

2 CLKMSVC10_C6F09094; "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe" /svc [245232 2010-09-21] (CyberLink)
2 NACAgent; "C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe" [1233848 2011-09-01] (Cisco Systems, Inc.)
2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll" /prefetch:1 [262584 2011-03-31] (Symantec Corporation)
2 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [2804568 2010-06-01] (Symantec Corporation)
2 Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [188760 2012-09-03] ()
2 WebOptimizer; C:\Windows\System32\dmwu.exe [x]

==================== Drivers (Whitelisted) =====================

1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx64.sys [1124472 2011-02-25] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2011-02-17] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [132656 2011-02-17] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110415.003\IDSvia64.sys [476792 2011-03-14] (Symantec Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110418.002\ENG64.SYS [117880 2011-03-31] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110418.002\EX64.SYS [1828984 2011-03-31] (Symantec Corporation)
3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-05-11] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-10-20 00:04 - 2012-10-20 00:04 - 00000000 ____D C:\FRST
2012-10-17 09:47 - 2012-10-17 09:47 - 00274528 ____A C:\Windows\Minidump\101712-45630-01.dmp
2012-10-17 09:41 - 2012-10-17 09:41 - 00270176 ____A C:\Windows\Minidump\101712-48890-01.dmp
2012-10-17 09:38 - 2012-10-17 09:38 - 00274528 ____A C:\Windows\Minidump\101712-31075-01.dmp
2012-10-17 09:31 - 2012-10-17 09:31 - 00274472 ____A C:\Windows\Minidump\101712-52229-01.dmp
2012-10-17 09:28 - 2012-10-17 09:28 - 00274528 ____A C:\Windows\Minidump\101712-53633-01.dmp
2012-10-17 07:26 - 2012-10-17 07:26 - 00274472 ____A C:\Windows\Minidump\101712-49733-01.dmp
2012-10-17 07:23 - 2012-10-17 07:23 - 00274528 ____A C:\Windows\Minidump\101712-51246-01.dmp
2012-10-17 07:17 - 2012-10-17 07:17 - 00274528 ____A C:\Windows\Minidump\101712-46332-01.dmp
2012-10-16 19:38 - 2012-10-16 19:38 - 00274528 ____A C:\Windows\Minidump\101612-34117-01.dmp
2012-10-16 19:31 - 2012-10-16 19:31 - 00274528 ____A C:\Windows\Minidump\101612-40139-01.dmp
2012-10-16 19:25 - 2012-10-16 19:26 - 00274528 ____A C:\Windows\Minidump\101612-50793-01.dmp
2012-10-16 19:14 - 2012-10-16 19:14 - 00274528 ____A C:\Windows\Minidump\101612-39047-01.dmp
2012-10-16 17:42 - 2012-10-16 17:42 - 00002042 ____A C:\Users\Zenni\Downloads\dtest.txt
2012-10-16 17:33 - 2012-10-16 17:33 - 00274528 ____A C:\Windows\Minidump\101612-33961-01.dmp
2012-10-16 17:26 - 2012-10-16 17:26 - 00274528 ____A C:\Windows\Minidump\101612-33665-01.dmp
2012-10-16 16:45 - 2012-10-16 16:46 - 00274528 ____A C:\Windows\Minidump\101612-33228-01.dmp
2012-10-16 16:25 - 2012-10-16 16:25 - 00274528 ____A C:\Windows\Minidump\101612-40529-01.dmp
2012-10-16 15:50 - 2012-10-16 15:50 - 00274528 ____A C:\Windows\Minidump\101612-27830-01.dmp
2012-10-16 15:25 - 2012-10-16 15:25 - 00274528 ____A C:\Windows\Minidump\101612-53009-01.dmp
2012-10-16 11:38 - 2012-10-16 11:38 - 00270176 ____A C:\Windows\Minidump\101612-34616-01.dmp
2012-10-16 11:26 - 2012-10-16 11:26 - 00274528 ____A C:\Windows\Minidump\101612-31839-01.dmp
2012-10-15 19:28 - 2012-10-15 19:28 - 00274528 ____A C:\Windows\Minidump\101512-76237-01.dmp
2012-10-15 19:15 - 2012-10-15 19:15 - 00274528 ____A C:\Windows\Minidump\101512-79669-01.dmp
2012-10-15 17:25 - 2012-10-15 17:25 - 00270232 ____A C:\Windows\Minidump\101512-76268-01.dmp
2012-10-15 17:21 - 2012-10-15 17:22 - 00274528 ____A C:\Windows\Minidump\101512-43165-01.dmp
2012-10-15 16:08 - 2012-10-15 16:08 - 00274528 ____A C:\Windows\Minidump\101512-79326-01.dmp
2012-10-15 15:59 - 2012-10-15 15:59 - 00270232 ____A C:\Windows\Minidump\101512-72290-01.dmp
2012-10-15 15:55 - 2012-10-15 15:55 - 00274528 ____A C:\Windows\Minidump\101512-46503-01.dmp
2012-10-15 15:48 - 2012-10-15 15:48 - 00274528 ____A C:\Windows\Minidump\101512-41309-01.dmp
2012-10-15 15:45 - 2012-10-15 15:45 - 00274528 ____A C:\Windows\Minidump\101512-46987-01.dmp
2012-10-15 15:38 - 2012-10-15 15:38 - 00274528 ____A C:\Windows\Minidump\101512-36894-01.dmp
2012-10-15 15:35 - 2012-10-15 15:35 - 00274528 ____A C:\Windows\Minidump\101512-36816-01.dmp
2012-10-15 10:44 - 2012-10-15 10:44 - 00040448 __ASH C:\Users\Zenni\Downloads\Thumbs.db
2012-10-15 08:13 - 2012-10-16 17:38 - 00000000 ____D C:\Users\Zenni\Desktop\bluescreenview
2012-10-15 07:58 - 2012-10-15 07:58 - 00274528 ____A C:\Windows\Minidump\101512-46051-01.dmp
2012-10-15 07:22 - 2012-10-15 07:22 - 00274528 ____A C:\Windows\Minidump\101512-59046-01.dmp
2012-10-15 07:11 - 2012-10-15 07:12 - 00274528 ____A C:\Windows\Minidump\101512-53430-01.dmp
2012-10-15 06:51 - 2012-10-15 06:51 - 00274528 ____A C:\Windows\Minidump\101512-46269-01.dmp
2012-10-15 06:41 - 2012-10-15 06:41 - 00003304 ____N C:\bootsqm.dat
2012-10-15 06:21 - 2012-10-15 06:21 - 00000129 ____A C:\Windows\System32\MRT.INI
2012-10-15 05:57 - 2012-10-15 05:57 - 00274472 ____A C:\Windows\Minidump\101512-54974-01.dmp
2012-10-15 05:54 - 2012-10-15 05:54 - 00274472 ____A C:\Windows\Minidump\101512-86471-01.dmp
2012-10-14 17:57 - 2012-10-14 17:58 - 00274472 ____A C:\Windows\Minidump\101412-88343-01.dmp
2012-10-14 17:54 - 2012-10-14 17:54 - 00274472 ____A C:\Windows\Minidump\101412-91775-01.dmp
2012-10-14 17:46 - 2012-10-14 17:46 - 00274528 ____A C:\Windows\Minidump\101412-45879-01.dmp
2012-10-14 17:33 - 2012-10-14 17:33 - 00274528 ____A C:\Windows\Minidump\101412-47471-01.dmp
2012-10-14 16:58 - 2012-10-14 16:58 - 00274528 ____A C:\Windows\Minidump\101412-60107-01.dmp
2012-10-14 15:57 - 2012-10-14 15:57 - 00274528 ____A C:\Windows\Minidump\101412-60013-01.dmp
2012-10-14 15:46 - 2012-10-14 15:46 - 00274528 ____A C:\Windows\Minidump\101412-44553-01.dmp
2012-10-14 11:35 - 2012-08-31 10:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-10-14 11:34 - 2012-09-14 11:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-10-14 11:34 - 2012-09-14 10:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-10-14 11:34 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-10-14 11:34 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-10-14 11:34 - 2012-08-20 10:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-10-14 11:34 - 2012-08-20 10:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-10-14 11:34 - 2012-08-20 10:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-10-14 11:34 - 2012-08-20 10:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-10-14 11:34 - 2012-08-20 10:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-10-14 11:34 - 2012-08-20 10:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-10-14 11:34 - 2012-08-20 10:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-10-14 11:34 - 2012-08-20 10:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-10-14 11:34 - 2012-08-20 10:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 10:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 09:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-10-14 11:34 - 2012-08-20 09:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-10-14 11:34 - 2012-08-20 09:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-10-14 11:34 - 2012-08-20 09:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-10-14 11:34 - 2012-08-20 09:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-10-14 11:34 - 2012-08-20 09:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 09:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 07:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-10-14 11:34 - 2012-08-20 07:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-10-14 11:34 - 2012-08-20 07:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 07:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 07:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-14 11:34 - 2012-08-20 07:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-10-14 11:31 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-10-14 11:31 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-10-14 11:30 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-10-14 11:30 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-10-14 11:30 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-10-14 11:30 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-10-14 11:30 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-10-14 11:30 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-10-14 11:12 - 2012-10-14 11:12 - 00274472 ____A C:\Windows\Minidump\101412-96767-01.dmp
2012-10-14 08:45 - 2012-10-14 08:45 - 00000000 ____D C:\Windows\Sun
2012-10-14 08:24 - 2012-10-14 08:24 - 00274528 ____A C:\Windows\Minidump\101412-65052-01.dmp
2012-10-13 20:02 - 2012-10-13 20:02 - 00274472 ____A C:\Windows\Minidump\101412-39405-01.dmp
2012-10-13 19:59 - 2012-10-13 19:59 - 00274528 ____A C:\Windows\Minidump\101312-66206-01.dmp
2012-10-12 19:00 - 2012-10-12 19:00 - 00274528 ____A C:\Windows\Minidump\101212-59514-01.dmp
2012-10-12 18:57 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-10-11 23:34 - 2012-10-15 10:44 - 00000000 ___HD C:\Users\Zenni\Downloads\.originals
2012-10-11 23:30 - 2012-10-11 23:30 - 00000000 ____D C:\Users\Zenni\AppData\Local\{85091A9B-31AF-4043-B63B-470BC53D1E8D}
2012-10-10 16:03 - 2012-10-10 16:03 - 00000000 ____D C:\Users\Zenni\AppData\Local\{D0BC3D22-59C5-465D-9FE1-41D9F4521FE3}
2012-10-09 13:04 - 2012-10-09 13:06 - 00000000 ____D C:\Users\Zenni\AppData\Local\{1F61BF2B-DA20-4CDA-8A88-3AB9044300B4}
2012-10-07 20:25 - 2012-10-07 20:26 - 00000000 ____D C:\Users\Zenni\AppData\Local\{E7F724C1-CC65-496B-9426-4F2E2ED866F3}
2012-10-06 19:59 - 2012-10-06 19:59 - 00000000 ____D C:\Users\Zenni\AppData\Local\{346308FB-56FA-43A6-907D-0749200C6346}
2012-10-04 13:49 - 2012-10-04 13:49 - 00000000 ____D C:\Users\Zenni\AppData\Local\{84F49AC4-5BB3-48ED-A4FC-7AA111339BBC}
2012-10-01 12:33 - 2012-10-01 12:34 - 00000000 ____D C:\Users\Zenni\AppData\Local\{3064C5D1-3D1C-4E43-96EF-2D0F6533B003}
2012-10-01 12:15 - 2012-10-01 12:15 - 00000000 ____D C:\Users\Zenni\AppData\Local\{9597B7E7-9616-4DBD-B980-02BFD10712B4}
2012-09-29 18:38 - 2012-09-29 18:38 - 00000000 ____D C:\Users\Zenni\AppData\Local\{6128874C-72F2-4BBA-86B8-53670CE35D1B}
2012-09-25 14:13 - 2012-08-21 13:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-09-23 07:30 - 2012-08-24 03:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-09-23 07:30 - 2012-08-24 02:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-09-23 07:30 - 2012-08-24 02:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-09-23 07:30 - 2012-08-24 02:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-09-23 07:30 - 2012-08-24 02:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-09-23 07:30 - 2012-08-24 02:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-09-23 07:30 - 2012-08-24 02:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-09-23 07:30 - 2012-08-24 02:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-09-23 07:30 - 2012-08-24 02:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-09-23 07:30 - 2012-08-24 02:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-09-23 07:30 - 2012-08-24 02:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-09-23 07:30 - 2012-08-24 02:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-09-23 07:30 - 2012-08-24 02:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-09-23 07:30 - 2012-08-24 02:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-09-23 07:30 - 2012-08-24 02:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-09-23 07:30 - 2012-08-24 02:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-09-23 07:30 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-09-23 07:30 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-09-23 07:30 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-09-23 07:30 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-09-23 07:30 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-09-23 07:30 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-09-23 07:30 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-09-23 07:30 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-09-23 07:30 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-09-23 07:30 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-09-23 07:30 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-09-23 07:30 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-09-23 07:30 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-09-23 07:30 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-09-23 07:30 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-09-23 07:30 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-09-21 12:36 - 2012-09-21 12:36 - 00073099 ____A C:\Users\Zenni\Downloads\84fa73a3d0539c0
2012-09-21 12:34 - 2012-09-21 12:34 - 00087972 ____A C:\Users\Zenni\Downloads\4ed93db8d1ffe77 (2)
2012-09-21 12:34 - 2012-09-21 12:34 - 00087972 ____A C:\Users\Zenni\Downloads\4ed93db8d1ffe77 (1)
2012-09-21 12:33 - 2012-09-21 12:33 - 00087972 ____A C:\Users\Zenni\Downloads\4ed93db8d1ffe77

==================== 3 Months Modified Files ==================

2012-10-18 06:58 - 2011-09-09 20:05 - 00000928 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1301458492-3097864153-2210454754-1000UA.job
2012-10-18 06:58 - 2011-02-28 12:50 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1301458492-3097864153-2210454754-1000UA.job
2012-10-18 06:58 - 2011-01-17 00:50 - 01734084 ____A C:\Windows\WindowsUpdate.log
2012-10-17 17:04 - 2011-02-28 12:50 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1301458492-3097864153-2210454754-1000Core.job
2012-10-17 14:26 - 2011-09-09 20:05 - 00000906 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1301458492-3097864153-2210454754-1000Core.job
2012-10-17 09:56 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-17 09:56 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-17 09:47 - 2012-10-17 09:47 - 00274528 ____A C:\Windows\Minidump\101712-45630-01.dmp
2012-10-17 09:47 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-17 09:47 - 2009-07-13 20:51 - 00048861 ____A C:\Windows\setupact.log
2012-10-17 09:46 - 2011-06-15 18:30 - 413731489 ____A C:\Windows\MEMORY.DMP
2012-10-17 09:41 - 2012-10-17 09:41 - 00270176 ____A C:\Windows\Minidump\101712-48890-01.dmp
2012-10-17 09:38 - 2012-10-17 09:38 - 00274528 ____A C:\Windows\Minidump\101712-31075-01.dmp
2012-10-17 09:31 - 2012-10-17 09:31 - 00274472 ____A C:\Windows\Minidump\101712-52229-01.dmp
2012-10-17 09:28 - 2012-10-17 09:28 - 00274528 ____A C:\Windows\Minidump\101712-53633-01.dmp
2012-10-17 07:26 - 2012-10-17 07:26 - 00274472 ____A C:\Windows\Minidump\101712-49733-01.dmp
2012-10-17 07:23 - 2012-10-17 07:23 - 00274528 ____A C:\Windows\Minidump\101712-51246-01.dmp
2012-10-17 07:17 - 2012-10-17 07:17 - 00274528 ____A C:\Windows\Minidump\101712-46332-01.dmp
2012-10-16 19:38 - 2012-10-16 19:38 - 00274528 ____A C:\Windows\Minidump\101612-34117-01.dmp
2012-10-16 19:31 - 2012-10-16 19:31 - 00274528 ____A C:\Windows\Minidump\101612-40139-01.dmp
2012-10-16 19:26 - 2012-10-16 19:25 - 00274528 ____A C:\Windows\Minidump\101612-50793-01.dmp
2012-10-16 19:14 - 2012-10-16 19:14 - 00274528 ____A C:\Windows\Minidump\101612-39047-01.dmp
2012-10-16 17:42 - 2012-10-16 17:42 - 00002042 ____A C:\Users\Zenni\Downloads\dtest.txt
2012-10-16 17:33 - 2012-10-16 17:33 - 00274528 ____A C:\Windows\Minidump\101612-33961-01.dmp
2012-10-16 17:26 - 2012-10-16 17:26 - 00274528 ____A C:\Windows\Minidump\101612-33665-01.dmp
2012-10-16 16:46 - 2012-10-16 16:45 - 00274528 ____A C:\Windows\Minidump\101612-33228-01.dmp
2012-10-16 16:25 - 2012-10-16 16:25 - 00274528 ____A C:\Windows\Minidump\101612-40529-01.dmp
2012-10-16 15:50 - 2012-10-16 15:50 - 00274528 ____A C:\Windows\Minidump\101612-27830-01.dmp
2012-10-16 15:25 - 2012-10-16 15:25 - 00274528 ____A C:\Windows\Minidump\101612-53009-01.dmp
2012-10-16 11:38 - 2012-10-16 11:38 - 00270176 ____A C:\Windows\Minidump\101612-34616-01.dmp
2012-10-16 11:26 - 2012-10-16 11:26 - 00274528 ____A C:\Windows\Minidump\101612-31839-01.dmp
2012-10-15 19:28 - 2012-10-15 19:28 - 00274528 ____A C:\Windows\Minidump\101512-76237-01.dmp
2012-10-15 19:15 - 2012-10-15 19:15 - 00274528 ____A C:\Windows\Minidump\101512-79669-01.dmp
2012-10-15 17:25 - 2012-10-15 17:25 - 00270232 ____A C:\Windows\Minidump\101512-76268-01.dmp
2012-10-15 17:22 - 2012-10-15 17:21 - 00274528 ____A C:\Windows\Minidump\101512-43165-01.dmp
2012-10-15 16:08 - 2012-10-15 16:08 - 00274528 ____A C:\Windows\Minidump\101512-79326-01.dmp
2012-10-15 15:59 - 2012-10-15 15:59 - 00270232 ____A C:\Windows\Minidump\101512-72290-01.dmp
2012-10-15 15:55 - 2012-10-15 15:55 - 00274528 ____A C:\Windows\Minidump\101512-46503-01.dmp
2012-10-15 15:48 - 2012-10-15 15:48 - 00274528 ____A C:\Windows\Minidump\101512-41309-01.dmp
2012-10-15 15:45 - 2012-10-15 15:45 - 00274528 ____A C:\Windows\Minidump\101512-46987-01.dmp
2012-10-15 15:38 - 2012-10-15 15:38 - 00274528 ____A C:\Windows\Minidump\101512-36894-01.dmp
2012-10-15 15:35 - 2012-10-15 15:35 - 00274528 ____A C:\Windows\Minidump\101512-36816-01.dmp
2012-10-15 11:50 - 2011-01-17 00:53 - 00025422 ____A C:\Windows\PFRO.log
2012-10-15 10:44 - 2012-10-15 10:44 - 00040448 __ASH C:\Users\Zenni\Downloads\Thumbs.db
2012-10-15 08:05 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2012-10-15 07:58 - 2012-10-15 07:58 - 00274528 ____A C:\Windows\Minidump\101512-46051-01.dmp
2012-10-15 07:22 - 2012-10-15 07:22 - 00274528 ____A C:\Windows\Minidump\101512-59046-01.dmp
2012-10-15 07:12 - 2012-10-15 07:11 - 00274528 ____A C:\Windows\Minidump\101512-53430-01.dmp
2012-10-15 06:51 - 2012-10-15 06:51 - 00274528 ____A C:\Windows\Minidump\101512-46269-01.dmp
2012-10-15 06:41 - 2012-10-15 06:41 - 00003304 ____N C:\bootsqm.dat
2012-10-15 06:21 - 2012-10-15 06:21 - 00000129 ____A C:\Windows\System32\MRT.INI
2012-10-15 06:17 - 2011-05-12 10:17 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-10-15 05:57 - 2012-10-15 05:57 - 00274472 ____A C:\Windows\Minidump\101512-54974-01.dmp
2012-10-15 05:54 - 2012-10-15 05:54 - 00274472 ____A C:\Windows\Minidump\101512-86471-01.dmp
2012-10-14 17:58 - 2012-10-14 17:57 - 00274472 ____A C:\Windows\Minidump\101412-88343-01.dmp
2012-10-14 17:54 - 2012-10-14 17:54 - 00274472 ____A C:\Windows\Minidump\101412-91775-01.dmp
2012-10-14 17:46 - 2012-10-14 17:46 - 00274528 ____A C:\Windows\Minidump\101412-45879-01.dmp
2012-10-14 17:33 - 2012-10-14 17:33 - 00274528 ____A C:\Windows\Minidump\101412-47471-01.dmp
2012-10-14 16:58 - 2012-10-14 16:58 - 00274528 ____A C:\Windows\Minidump\101412-60107-01.dmp
2012-10-14 15:57 - 2012-10-14 15:57 - 00274528 ____A C:\Windows\Minidump\101412-60013-01.dmp
2012-10-14 15:46 - 2012-10-14 15:46 - 00274528 ____A C:\Windows\Minidump\101412-44553-01.dmp
2012-10-14 11:12 - 2012-10-14 11:12 - 00274472 ____A C:\Windows\Minidump\101412-96767-01.dmp
2012-10-14 08:24 - 2012-10-14 08:24 - 00274528 ____A C:\Windows\Minidump\101412-65052-01.dmp
2012-10-13 20:02 - 2012-10-13 20:02 - 00274472 ____A C:\Windows\Minidump\101412-39405-01.dmp
2012-10-13 19:59 - 2012-10-13 19:59 - 00274528 ____A C:\Windows\Minidump\101312-66206-01.dmp
2012-10-12 19:00 - 2012-10-12 19:00 - 00274528 ____A C:\Windows\Minidump\101212-59514-01.dmp
2012-10-02 13:32 - 2009-07-13 21:08 - 00032562 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-09-27 18:20 - 2012-08-06 22:18 - 00002487 ____A C:\Users\Zenni\Desktop\yappiy.lnk
2012-09-22 00:25 - 2011-02-17 04:17 - 00000342 ____A C:\Windows\Tasks\HPCeeScheduleForZENNI-HP$.job
2012-09-21 12:36 - 2012-09-21 12:36 - 00073099 ____A C:\Users\Zenni\Downloads\84fa73a3d0539c0
2012-09-21 12:34 - 2012-09-21 12:34 - 00087972 ____A C:\Users\Zenni\Downloads\4ed93db8d1ffe77 (2)
2012-09-21 12:34 - 2012-09-21 12:34 - 00087972 ____A C:\Users\Zenni\Downloads\4ed93db8d1ffe77 (1)
2012-09-21 12:33 - 2012-09-21 12:33 - 00087972 ____A C:\Users\Zenni\Downloads\4ed93db8d1ffe77
2012-09-14 11:19 - 2012-10-14 11:34 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-09-14 10:28 - 2012-10-14 11:34 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-09-13 17:13 - 2012-09-13 17:13 - 00059904 ____A C:\Users\Zenni\Downloads\SJSUIntroSocTischlerChap1PPT.ppt
2012-08-31 10:19 - 2012-10-14 11:35 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-08-24 10:05 - 2012-10-14 11:34 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-08-24 08:57 - 2012-10-14 11:34 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-08-24 03:15 - 2012-09-23 07:30 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 02:39 - 2012-09-23 07:30 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 02:31 - 2012-09-23 07:30 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-24 02:22 - 2012-09-23 07:30 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 02:21 - 2012-09-23 07:30 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 02:20 - 2012-09-23 07:30 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-24 02:18 - 2012-09-23 07:30 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 02:17 - 2012-09-23 07:30 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 02:14 - 2012-09-23 07:30 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-24 02:14 - 2012-09-23 07:30 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-24 02:13 - 2012-09-23 07:30 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-24 02:12 - 2012-09-23 07:30 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 02:11 - 2012-09-23 07:30 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 02:10 - 2012-09-23 07:30 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 02:09 - 2012-09-23 07:30 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 02:04 - 2012-09-23 07:30 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-23 23:27 - 2012-09-23 07:30 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-23 23:03 - 2012-09-23 07:30 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-23 22:59 - 2012-09-23 07:30 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-23 22:51 - 2012-09-23 07:30 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-23 22:51 - 2012-09-23 07:30 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-23 22:51 - 2012-09-23 07:30 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-23 22:49 - 2012-09-23 07:30 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-23 22:48 - 2012-09-23 07:30 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-23 22:47 - 2012-09-23 07:30 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-23 22:47 - 2012-09-23 07:30 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-08-23 22:47 - 2012-09-23 07:30 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-23 22:45 - 2012-09-23 07:30 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-23 22:44 - 2012-09-23 07:30 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-23 22:44 - 2012-09-23 07:30 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-23 22:43 - 2012-09-23 07:30 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-23 22:40 - 2012-09-23 07:30 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-22 10:12 - 2012-09-11 12:25 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 10:12 - 2012-09-11 12:25 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-08-22 10:12 - 2012-09-11 12:25 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 10:12 - 2012-09-11 12:25 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-21 13:01 - 2012-09-25 14:13 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-08-20 10:48 - 2012-10-14 11:34 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-08-20 10:48 - 2012-10-14 11:34 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-08-20 10:48 - 2012-10-14 11:34 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-08-20 10:48 - 2012-10-14 11:34 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-08-20 10:48 - 2012-10-14 11:34 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-08-20 10:48 - 2012-10-14 11:34 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-08-20 10:48 - 2012-10-14 11:34 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-08-20 10:46 - 2012-10-14 11:34 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-08-20 10:38 - 2012-10-14 11:34 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 10:38 - 2012-10-14 11:34 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 10:38 - 2012-10-14 11:34 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 10:38 - 2012-10-14 11:34 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 10:38 - 2012-10-14 11:34 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 10:38 - 2012-10-14 11:34 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 10:38 - 2012-10-14 11:34 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 10:38 - 2012-10-14 11:34 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 10:38 - 2012-10-14 11:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 10:38 - 2012-10-14 11:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 10:38 - 2012-10-14 11:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 10:38 - 2012-10-14 11:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 10:38 - 2012-10-14 11:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 10:38 - 2012-10-14 11:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 10:38 - 2012-10-14 11:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 10:38 - 2012-10-14 11:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 10:38 - 2012-10-14 11:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 10:38 - 2012-10-14 11:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 10:38 - 2012-10-14 11:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 10:38 - 2012-10-14 11:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 10:38 - 2012-10-14 11:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 10:38 - 2012-10-14 11:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 10:38 - 2012-10-14 11:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 10:38 - 2012-10-14 11:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 10:38 - 2012-10-14 11:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 10:38 - 2012-10-14 11:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 10:38 - 2012-10-14 11:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 10:38 - 2012-10-14 11:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 09:40 - 2012-10-14 11:34 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-08-20 09:38 - 2012-10-14 11:34 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-08-20 09:37 - 2012-10-14 11:34 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-08-20 09:37 - 2012-10-14 11:34 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-08-20 09:37 - 2012-10-14 11:34 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-08-20 09:32 - 2012-10-14 11:34 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-08-20 09:32 - 2012-10-14 11:34 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 09:32 - 2012-10-14 11:34 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 09:32 - 2012-10-14 11:34 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 09:32 - 2012-10-14 11:34 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 09:32 - 2012-10-14 11:34 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 09:32 - 2012-10-14 11:34 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 09:32 - 2012-10-14 11:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 09:32 - 2012-10-14 11:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 09:32 - 2012-10-14 11:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 09:32 - 2012-10-14 11:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 09:32 - 2012-10-14 11:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 09:32 - 2012-10-14 11:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 09:32 - 2012-10-14 11:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-08-20 09:32 - 2012-10-14 11:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 09:32 - 2012-10-14 11:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 09:32 - 2012-10-14 11:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-08-20 09:32 - 2012-10-14 11:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 09:32 - 2012-10-14 11:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 09:32 - 2012-10-14 11:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 09:32 - 2012-10-14 11:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 09:32 - 2012-10-14 11:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 09:32 - 2012-10-14 11:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 09:32 - 2012-10-14 11:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-08-20 07:38 - 2012-10-14 11:34 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-08-20 07:38 - 2012-10-14 11:34 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-08-20 07:33 - 2012-10-14 11:34 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 07:33 - 2012-10-14 11:34 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 07:33 - 2012-10-14 11:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 07:33 - 2012-10-14 11:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-08-15 13:04 - 2009-07-13 20:45 - 00423752 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-11 11:29 - 2010-10-23 09:11 - 00071869 ____A C:\Windows\DirectX.log
2012-08-10 16:56 - 2012-10-14 11:31 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-08-10 15:56 - 2012-10-14 11:31 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-08-07 17:40 - 2012-08-07 17:40 - 00002211 ____A C:\Users\Public\Desktop\Rome - Total War.lnk
2012-08-07 15:51 - 2012-08-07 15:51 - 01206448 ____A (LogMeIn, Inc.) C:\Users\Zenni\Downloads\Support-LogMeInRescue.exe
2012-08-07 15:35 - 2012-08-06 22:08 - 100000000 ____A C:\Users\Zenni\Downloads\kas-etw.r29
2012-08-07 15:35 - 2012-08-06 22:02 - 100000000 ____A C:\Users\Zenni\Downloads\kas-etw.rar
2012-08-07 15:35 - 2012-08-06 22:01 - 100000000 ____A C:\Users\Zenni\Downloads\kas-etw.r30
2012-08-07 15:35 - 2012-08-06 21:56 - 100000000 ____A C:\Users\Zenni\Downloads\kas-etw.r06
2012-08-07 15:35 - 2012-08-06 21:46 - 100000000 ____A C:\Users\Zenni\Downloads\kas-etw.r55
2012-08-07 14:21 - 2012-08-07 14:20 - 06333840 ____A (Best Buy ) C:\Users\Zenni\Downloads\BestBuypcappSetup.exe
2012-08-06 22:30 - 2012-08-06 21:52 - 100000000 ____A C:\Users\Zenni\Downloads\kas-etw.r43
2012-08-06 22:29 - 2012-08-06 21:58 - 100000000 ____A C:\Users\Zenni\Downloads\kas-etw.r44
2012-08-06 22:28 - 2012-08-06 22:17 - 100000000 ____A C:\Users\Zenni\Downloads\kas-etw.r23
2012-08-06 22:28 - 2012-08-06 22:14 - 100000000 ____A C:\Users\Zenni\Downloads\kas-etw.r42
2012-08-06 22:28 - 2012-08-06 21:45 - 100000000 ____A C:\Users\Zenni\Downloads\kas-etw.r54
2012-08-06 22:27 - 2012-08-06 21:49 - 100000000 ____A C:\Users\Zenni\Downloads\kas-etw.r19
2012-08-06 22:26 - 2012-08-06 22:22 - 100000000 ____A C:\Users\Zenni\Downloads\kas-etw.r45
2012-08-06 22:26 - 2012-08-06 22:06 - 100000000 ____A C:\Users\Zenni\Downloads\kas-etw.r46
2012-08-06 22:26 - 2012-08-06 21:57 - 100000000 ____A C:\Users\Zenni\Downloads\kas-etw.r32
2012-08-06 22:25 - 2012-08-06 21:54 - 100000000 ____A C:\Users\Zenni\Downloads\kas-etw.r49
2012-08-06 22:23 - 2012-08-06 22:17 - 100000000 ____A C:\Users\Zenni\Downloads\kas-etw.r51
2012-08-06 22:21 - 2012-08-06 22:19 - 100000000 ____A C:\Users\Zenni\Downloads\kas-etw.r24
2012-08-06 22:19 - 2012-08-06 22:18 - 100000000 ____A C:\Users\Zenni\Downloads\kas-etw.r36
2012-08-06 22:19 - 2012-08-06 22:16 - 100000000 ____A C:\Users\Zenni\Downloads\kas-etw.r35
2012-08-06 22:17 - 2012-08-06 21:47 - 100000000 ____A C:\Users\Zenni\Downloads\kas-etw.r22
2012-08-06 22:15 - 2012-08-06 22:13 - 100000000 ____A C:\Users\Zenni\Downloads\kas-etw.r07
2012-08-06 22:12 - 2012-08-06 22:11 - 100000000 ____A C:\Users\Zenni\Downloads\kas-etw.r20
2012-08-06 22:11 - 2012-08-06 22:10 - 100000000 ____A C:\Users\Zenni\Downloads\kas-etw.r38
2012-08-06 22:11 - 2012-08-06 22:10 - 100000000 ____A C:\Users\Zenni\Downloads\kas-etw.r04
2012-08-06 22:11 - 2012-08-06 22:08 - 100000000 ____A C:\Users\Zenni\Downloads\kas-etw.r13
2012-08-06 22:11 - 2012-08-06 22:04 - 100000000 ____A C:\Users\Zenni\Downloads\kas-etw.r00
2012-08-06 22:10 - 2012-08-06 22:05 - 100000000 ____A C:\Users\Zenni\Downloads\kas-etw.r17
2012-08-06 22:10 - 2012-08-06 21:47 - 100000000 ____A C:\Users\Zenni\Downloads\kas-etw.r12
2012-08-06 22:04 - 2012-08-06 21:41 - 100000000 ____A C:\Users\Zenni\Downloads\kas-etw.r05
2012-08-06 22:04 - 2012-08-06 21:38 - 100000000 ____A C:\Users\Zenni\Downloads\kas-etw.r39
2012-08-06 22:00 - 2012-08-06 21:59 - 100000000 ____A C:\Users\Zenni\Downloads\kas-etw.r33
2012-08-06 22:00 - 2012-08-06 21:57 - 100000000 ____A C:\Users\Zenni\Downloads\kas-etw.r15
2012-08-06 21:57 - 2012-08-06 21:42 - 100000000 ____A C:\Users\Zenni\Downloads\kas-etw.r47
2012-08-06 21:52 - 2012-08-06 21:50 - 100000000 ____A C:\Users\Zenni\Downloads\kas-etw.r02
2012-08-06 21:47 - 2012-08-06 21:47 - 100000000 ____A C:\Users\Zenni\Downloads\kas-etw.r21
2012-08-06 21:46 - 2012-08-06 21:45 - 100000000 ____A C:\Users\Zenni\Downloads\kas-etw.r41
2012-08-06 21:45 - 2012-08-06 21:45 - 100000000 ____A C:\Users\Zenni\Downloads\kas-etw.r53
2012-08-06 21:41 - 2012-08-06 21:41 - 100000000 ____A C:\Users\Zenni\Downloads\kas-etw.r26
2012-08-06 20:58 - 2012-03-12 18:45 - 00001946 ____A C:\user.js
2012-08-06 20:56 - 2012-08-06 20:56 - 00000000 ____A C:\Users\Zenni\Desktop\test.txt
2012-08-06 20:51 - 2012-08-06 20:51 - 00292608 ____A (Premium) C:\Users\Zenni\Downloads\DownloadSetup (1).exe
2012-08-06 20:49 - 2012-08-06 20:49 - 00293232 ____A C:\Users\Zenni\Downloads\empire_total_war.exe
2012-08-06 16:07 - 2012-08-06 16:07 - 00292608 ____A (Premium) C:\Users\Zenni\Downloads\DownloadSetup.exe
2012-08-06 15:20 - 2012-08-06 15:20 - 00823648 ____A (Bandoo Media Inc) C:\Users\Zenni\Downloads\iLividSetupV1.exe
2012-08-05 15:50 - 2012-08-04 12:58 - 00000632 ____A C:\Windows\Vtw.INI
2012-08-02 09:58 - 2012-09-11 12:25 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-08-02 08:57 - 2012-09-11 12:25 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll

ATTENTION: ========> Check for possible partition/boot infection:
C:\Windows\svchost.exe

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

TDL4: custom:26000022 <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-10-16 09:31:34
Restore point made on: 2012-10-16 23:26:54
Restore point made on: 2012-10-18 06:59:21

==================== Memory info ===========================

Percentage of memory in use: 18%
Total physical RAM: 3834.9 MB
Available physical RAM: 3124.68 MB
Total Pagefile: 3833.05 MB
Available Pagefile: 3123.47 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:442.6 GB) (Free:328.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:22.87 GB) (Free:3.34 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive h: () (Removable) (Total:7.7 GB) (Free:1.92 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
ATTENTION: Malware custom entry on BCD on drive y: detected. Check for MBR/Partition infection.

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 103 MB
Disk 1 No Media 0 B 0 B
Disk 2 Online 7901 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 442 GB 200 MB
Partition 3 Primary 22 GB 442 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 442 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 22 GB Healthy

=========================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7900 MB 32 KB

==================================================================================

Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT32 Removable 7900 MB Healthy

=========================================================

Last Boot: 2012-10-07 11:16

==================== End Of Log =============================

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:42 AM

Posted 20 October 2012 - 12:38 AM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.





Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

TDL4: custom:26000022 <===== ATTENTION!
CMD: bootrec /FixMbr



NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Spoelker

Spoelker
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 20 October 2012 - 11:02 AM

Gringo:

May the gods of computing continue to shine upon thee!! the Fixlog is listed below. Computer started up. Running Malwarebytes etc on it to give it a good virus scrubbing.

Keith

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-10-2012
Ran by SYSTEM at 2012-10-20 10:43:29 Run:1
Running from D:\

==============================================


The operation completed successfully.
The operation completed successfully.

========= bootrec /FixMbr =========

’žT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


==== End of Fixlog ====

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:42 AM

Posted 20 October 2012 - 12:36 PM

  • Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.



These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.


-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Spoelker

Spoelker
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 20 October 2012 - 01:33 PM

Gringo:

Ran both AdwCleaner and Roguekiller. Logfiles are listed below. Again, thanks for assistance. Await next instructions

Keith




# AdwCleaner v2.005 - Logfile created 10/20/2012 at 14:11:40
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Zenni - ZENNI-HP
# Boot Mode : Normal
# Running from : C:\Users\Zenni\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Web Assistant Updater

***** [Files / Folders] *****

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\user.js
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Users\Public\Desktop\Media Finder.lnk
Folder Deleted : C:\Program Files (x86)\Media Finder
Folder Deleted : C:\Program Files (x86)\Search Toolbar
Folder Deleted : C:\Program Files (x86)\Windows iLivid Toolbar
Folder Deleted : C:\Program Files\Web Assistant
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\Users\Zenni\AppData\Local\Babylon
Folder Deleted : C:\Users\Zenni\AppData\Local\Conduit
Folder Deleted : C:\Users\Zenni\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Folder Deleted : C:\Users\Zenni\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Folder Deleted : C:\Users\Zenni\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Folder Deleted : C:\Users\Zenni\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Folder Deleted : C:\Users\Zenni\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Zenni\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Zenni\AppData\LocalLow\incredibar.com
Folder Deleted : C:\Users\Zenni\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\Zenni\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\Zenni\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Zenni\AppData\Roaming\Media Finder
Folder Deleted : C:\Users\Zenni\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\@themediafinder.com
Folder Deleted : C:\Users\Zenni\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\MediaFinder
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3F39D17D-50C7-4AC4-A63A-CDF6CDBD0C61}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEPlugin.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho
Key Deleted : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\IEPlugin.IEWebHook
Key Deleted : HKLM\SOFTWARE\Classes\IEPlugin.IEWebHook.1
Key Deleted : HKLM\SOFTWARE\Classes\MF
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{71E3A30E-9444-49D9-ABDB-B4B531D0BBA3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\Software\SearchquMediabarTb
Key Deleted : HKLM\Software\Web Assistant
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AE9908C1-3400-4B10-9061-C6C04D96E3D2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{414C790F-E24E-461B-983A-2AD84474DE4B}_is1
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AE9908C1-3400-4B10-9061-C6C04D96E3D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Key Deleted : HKLM\SOFTWARE\Web Assistant
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9D425283-D487-4337-BAB6-AB8354A81457}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Media Finder]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3072253 --> hxxp://www.google.com

-\\ Google Chrome v22.0.1229.94

File : C:\Users\Zenni\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [20611 octets] - [20/10/2012 14:07:30]
AdwCleaner[R2].txt - [20672 octets] - [20/10/2012 14:10:28]
AdwCleaner[S1].txt - [20500 octets] - [20/10/2012 14:11:40]

########## EOF - C:\AdwCleaner[S1].txt - [20561 octets] ##########




+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Zenni [Admin rights]
Mode : Remove -- Date : 10/20/2012 14:23:28

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[STARTUP][SUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000BEVT-60A0RT0 ATA Device +++++
--- User ---
[MBR] 860ac6e113db22e544a44b058ffe511a
[BSP] cdb64dad1fd797eebf9a35a3c3c3c35d : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 453219 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 928602112 | Size: 23417 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:42 AM

Posted 20 October 2012 - 01:59 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Spoelker

Spoelker
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 20 October 2012 - 03:05 PM

Gringo:

Things look ok. I've noticed nothing unusual with the machine and it is running normally. COMBOFIX Log is below. Thanks for the help


ComboFix 12-10-19.01 - Zenni 10/20/2012 15:07:56.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2579 [GMT -4:00]
Running from: c:\users\Zenni\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Minitab.exe
c:\program files (x86)\Minitab.exe\Minitab 16\DFORMD.DLL
c:\program files (x86)\Minitab.exe\Minitab 16\English\Macros\Contproc.mac
c:\program files (x86)\Minitab.exe\Minitab 16\English\Macros\Form.mac
c:\program files (x86)\Minitab.exe\Minitab 16\English\Macros\Simproc.mac
c:\program files (x86)\Minitab.exe\Minitab 16\English\Macros\Userfunc.mac
c:\program files (x86)\Minitab.exe\Minitab 16\English\MyMenu\AddIn.cls
c:\program files (x86)\Minitab.exe\Minitab 16\English\MyMenu\Form1.frm
c:\program files (x86)\Minitab.exe\Minitab 16\English\MyMenu\Form1.frx
c:\program files (x86)\Minitab.exe\Minitab 16\English\MyMenu\Form2.frm
c:\program files (x86)\Minitab.exe\Minitab 16\English\MyMenu\Form3.frm
c:\program files (x86)\Minitab.exe\Minitab 16\English\MyMenu\Module1.bas
c:\program files (x86)\Minitab.exe\Minitab 16\English\MyMenu\vbaddin.dll
c:\program files (x86)\Minitab.exe\Minitab 16\English\MyMenu\vbaddin.vbp
c:\program files (x86)\Minitab.exe\Minitab 16\English\Profiles\DMAIC.reg
c:\program files (x86)\Minitab.exe\Minitab 16\English\Profiles\Student Version.reg
c:\program files (x86)\Minitab.exe\Minitab 16\English\Restore Minitab Defaults English.lnk
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\ABCSales.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Accident.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Acid.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Acid1.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Acid2.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Advertising.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\AirBag.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\AirConditioning.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Airplanepin.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Alfalfa.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Aluminum.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Antacid.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\AssemblyPlant.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Auto.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Autogage.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Azalea.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Basil.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Basil2.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Batteries.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Bears.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Bears2.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Beds.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Beetle.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Billiard.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Bloodpressure.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Bloodsugar.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\BMI.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Bookorder.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Boxcox.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Bpcapa.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Brake.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Breakdowns.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\BulbDefect.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Bwcapa.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Cable.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Calcium.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Calico.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Camera.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Camshaft.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Camshaft2.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Canning.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Cap.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Capsules.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\CardiacPatient.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Carpet.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Cartoon.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Cassette.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\CatalyticReaction.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Ccd_ex1.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Cereal.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\CerealAd.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\CerealBox.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Cheese.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Cholest.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Cholestc.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Choleste.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Circuit.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Cities.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Cleaning.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\ClothingDefect.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Coating.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\College.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Compressor.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\ComputerSales.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\ComputerSoftware.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\CookingOil.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\CopperExpansion.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Cotton.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Cranksh.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Crankshd.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Cronbach.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Customer.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Cylinder.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Dates.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Dates2.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Dates3.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Defects.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Defects2.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Deodoriz.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Deodoriz2.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Department.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Detergent.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Diameter.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Dinnerware.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Dishwasher.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Docs.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\DoorLock.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Drive.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Driving.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\DrivingCorrections.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Dye.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Education.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Elasticity.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Electronic.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Electronics.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Employ.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Employment.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Energy.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Energycost.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Equipment.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Essay.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Exercise.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Exh_aov.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Exh_grph.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Exh_mvar.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Exh_qc.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Exh_regr.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Exh_stat.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Exh_tabl.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Eyecolor.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Fa.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Fabric.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Fabric1.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Factopt.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Factopt2.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Falls.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Fastener.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Fat.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Fertilizer.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Fiber.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Film.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\FishBiomass.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\FishWeights.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Flamertd.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Fondue.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Fondue2.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Furnace.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Furnace1.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Furntemp.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Ga.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Gage2.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Gageaiag.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Gagegeneral.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Gagelin.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Gagenest.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Gb.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Glucose.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Golfball.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Golfball2.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Grades.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Grades2.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\GunPowder.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Hardcoat.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Hcc.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Heartdrug.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\HeightAndWeight.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Hiloclos.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Hilotemp.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\HorseRacing.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Hospital.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\HospitalRatings.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Icu.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Injection.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\InjectionMolding.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Insulate.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Insulation.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Insulation2.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\InsulationStrength.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\IronCord.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Jet.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Job.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\JobClassification.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Key.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Lake.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Leaf.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Length.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Lightbul.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Lightbulb.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Liver.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\LoanApplicant.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Manufacturing.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Maple.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Market.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Marketd.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Marriage.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Mcapa.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Measure.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\MeasurementQuality.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Meatloaf.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Meet Minitab\Central.xls
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Meet Minitab\DOE.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Meet Minitab\Eastern.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Meet Minitab\Quality.MPJ
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Meet Minitab\Reports.MPJ
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Meet Minitab\SessionCommands.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Meet Minitab\ShippingData.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Meet Minitab\Western.txt
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\MemoryChip.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\MetalPart.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Mixopt.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Mncapa.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Mnorm.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Mobility.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Muffler.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Newmarket.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Octane.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Optdes.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Optdes2.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Optdes3.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Oxygen.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Packing.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Paint.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\PaintHardness.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Pancake.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Parkinsn.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\ParticleBoard.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Parts.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Patient.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Pellet.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Pendulum.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Peru.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Pigment.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Pins.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Pipe.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Pipediam.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Pipesample.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Piston.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Pizza.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Plant.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Plastic.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\PlasticPipe.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\PlasticSheets.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Plating.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Plywood.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Plywood1.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Politics.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Poll.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Poplar1.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Poplar2.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Poplar3.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Poplars.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\PostOffice.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Potato.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\PotatoChip.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Precipitation.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Pres.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Pressure.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Professor.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Pulse.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Pulse1.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Radon.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Reaction.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Reactor.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Recipe.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Refraction.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Reheat.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Reliable.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\ResearcherSalary.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Restrnt.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Ride.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Road.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Rollup.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Rsopt.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Running.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Sales.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Sales2.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Sample.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Sat.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\SawMill.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Schools.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Scores.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Seal.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Seal2.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Seasonalsales.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Sediment.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Sensor.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Shaft.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Shareprice.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Shoe.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Sinter.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\SixSigma.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\SolarEnergy.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Soybean.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\SportEquipment.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Sports.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\StainlessSteel.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Stamp.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\STAT200.TXT
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\States.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Steel.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Stream.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Strength.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Stripes.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student1\1Stgrade.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student1\Aggress.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student1\Bpres.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student1\Cadmium1.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student1\Cadmium2.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student1\Carspeed.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student1\Coredata.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student1\Exam.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student1\Example.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student1\Falcon.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student1\Guard.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student1\Heart.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student1\Homesale.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student1\Miami.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student1\Realest.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student1\Speed2.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student1\Sta261.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student1\Sta368.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student1\Utility.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student1\Voice.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\ADS.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\ADS2.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\AGE.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\ASSESS.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\BABY.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\BACKPAIN.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\BALLPARK.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\CANDYA.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\CANDYB.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\CANDYC.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\CARPHONE.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\CHOL.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\CPI.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\CRIMES.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\CRIMEU.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\DRIVE.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\ELECTION.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\FBALL.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\FJA.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\FORCE.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\GAS.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\GOLF.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\HEIGHT.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\HOMES.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\JEANS.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\JEANSA.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\JEANSB.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\JEANSC.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\LAKES.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\LANG.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\LOTTO.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\MARATHON.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\MARKS.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\MASSCOL2.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\MASSCOLL.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\MNWAGE.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\MORT.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\MOVIES.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\MUSIC.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\NIEL.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\NONPRT.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\NONPRT2.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\NOTE.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\NOTE98.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\PAY.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\PAY2.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\PIZZA.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\PROCES.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\PROF.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\PUBS.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\PULSEA.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\RADLEV.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\RATIO.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\RIVERA.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\RIVERB.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\RIVERC.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\RIVERC2.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\RIVERD.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\RIVERE.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\RIVERS.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\SALARY.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\SALMAN.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\SBP.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\SNOW.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\SP500.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\SPCAR.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\STEALS.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\STORES.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\T10.MPJ
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\T3.MPJ
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\TBILL.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\TEMCO.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\TEMCO2.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\TEXTS.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\TVHRS.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\USDEM.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\VPVH.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\WASTES.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\WHEAT.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student12\YOGURT.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\Academe.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\AgeDeath.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\Assess.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\Baby.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\Backpain.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\BallParkData.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\BodyTemp.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\Candya.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\Candyb.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\Candyc.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\Carphone.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\Chol.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\CollMass.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\CollMass2.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\Compliance.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\CongressSalary.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\Cotinine.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\CPI2.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\Depth.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\DJC20012002.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\DJC20012002a.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\DJC20012002b.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\Donner.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\Drive.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\DrivingCosts.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\DrugMarkup.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\Election2.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\EMail.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\EmployeeInfo.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\Endowment.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\ExamScores.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\Fja.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\Force.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\GasData.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\Height.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\Homes.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\Infants.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\Jeans.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\Lakes.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\Lotto.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\Marathon2.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\Marks.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\MBASurvey.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\Mercedes.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\MLBGameCost.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\MnWage2.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\MonthlySnow.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\Movies.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\Murders.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\Murderu.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\MusicData.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\NHL2003.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\Note02.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\OldFaithful.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\OpenHouse.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\PayData.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\PhoneRates.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\Pizza2.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\Poplar4.mtw
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\Process.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\Prof.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\Pubs.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\PulseA.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\Radlev.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\RandomIntegers.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\Rivera.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\Riverb.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\Riverc.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\Riverc2.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\Riverd.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\Rivere.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\Rivers.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\Salary02.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\SBP.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\SchoolsData.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\Sleep.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\SP5002.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\SPCarData.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\SpeedCom.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\Stores2.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\Survey.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\TBill2.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\Temco.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\Textbooks.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\Top25Stars.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\Tvhrs.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\TwinsYankees.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\TwoTowns.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\UGradSurvey.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\USAArrivals.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\USDemData.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\WastesData.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\YearlySnow.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student14\YogurtData.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Data\Accounts.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Data\Banking.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Data\Clotting.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Data\Computer.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Data\Crowds.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Data\Fish.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Data\Flex2.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Data\Flexible.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Data\Football.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Data\Genetics.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Data\Golf.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Data\Grades.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Data\Health.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Data\Heights.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Data\Horse.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Data\Hwaste.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Data\Krunchy.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Data\Lotto.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Data\Nielsen.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Data\Paper.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Data\Pasta.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Data\Pay.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Data\Prof.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Data\Radon.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Data\Reports.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Data\River1.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Data\River2.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Data\River3.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Data\River4.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Data\River5.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Data\Riverall.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Data\Salamder.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Data\Sales.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Data\Snowfall.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Data\Spc.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Data\Steals.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Data\Tbills.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Data\Techn.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Data\Trans.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Data\Tvview.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Data\Usdemog.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Data\Vpvh.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Data\Wgthgt.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Explore\Lakes.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Explore\Language.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Explore\Prof.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Explore\S&p500.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Explore\Salary.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Explore\Wheat.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\GetStart\Prof.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut1\Computer.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut1\GRADES.DAT
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut1\Pay.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut10\Genetics.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut10\Lotto.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut10\Prof.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut10\Radon.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut10\Tech.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut10\Trans.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut11\Banking.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut11\Cltngt11.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut11\Flxblt11.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut11\Grades.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut11\Sales.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut11\Snowfall.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut11\Tvview.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut11\Vpvh.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut12\Flex2.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut13\River2.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut13\River3.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut14\Genest14.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut14\PTEST.MTB
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut2\Computer.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut2\Gradest2.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut2\Radon.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut2\Snowfall.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut2\Tvview.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut3\Fish.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut3\Grades.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut3\Krunchy.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut3\Payt3.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut4\Horse.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut4\Pastat4.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut4\Prof.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut4\Sales.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut4\Tvview.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut5\Heights.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut6\Crowds.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut6\Horse.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut6\Pay.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut6\Prof.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut6\PTEST.MTB
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut6\Sales.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut6\Wgthgt.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut7\Clotting.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut7\Crowdst7.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut7\Fish.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut7\Health.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut7\Prof.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut7\Riverall.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut7\Sales.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut8\Flexible.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut8\Krunchy.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut8\Pasta.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut8\Prof.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut8\Sales.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut8\Techn.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut9\Computer.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut9\Snowfall.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student8\Tut9\Techn.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Ads.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Ads2.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Age.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Assess.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Candya.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Candyb.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Candyc.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Cpi.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Crimes.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Crimeu.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Drive.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Eclass.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Fball.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Fja.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Gas.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Golf.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Height.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Homes.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Jeansa.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Jeansb.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Jeansc.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Lakes.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Lang.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Lotto.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Marks.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Mnwage.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Mort.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Niel.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Nonprt.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Nonprt2.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Note.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Pay.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Pay2.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Pizza.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Proces.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Prof.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Pubs.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Radlev.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Ratio.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Rivera.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Riverb.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Riverc.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Riverc2.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Riverd.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Rivere.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Rivers.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Salary.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Salman.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Snow.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Sp500.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Spcar.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Steals.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Stores.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Tbill.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Techn.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Techn2.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Texts.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Tvhrs.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Tvview.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Usdem.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Vpvh.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Wastes.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Wheat.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Student9\Yogurt.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Students.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Sugar.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Surfaceflaws.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Survey1.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Survey2.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Survey3.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Survey4.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Telephone.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\TelevisionSet.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Temperature.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Textile.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Thickness.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Tiles.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\TireManufacturer.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\TireManufacturer2.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Tires.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\TireTread.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Tirewear.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Toothpaste.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\ToothpasteSales.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Toys.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Track15.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Track1500.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Trackm.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Trackmw.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Train.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Transcription.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Trashbag.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Treatment.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Trees.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Tumor.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\TVDefect.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Twain.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Umbrella.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Unavailable.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Vseat.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Wallpaper.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Washer.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Waste.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\WaterCharges.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\WaterPump.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\WaterResistance.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\WaterUsage.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Weight.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Weld.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Wind.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Windshield.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Wine.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Winearoma.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\WineJudge.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\WineTaste.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Wire.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Wrinkles.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Yield.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Yieldplt.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\English\Sample Data\Yieldstdev.MTW
c:\program files (x86)\Minitab.exe\Minitab 16\lfbmp14nu.dll
c:\program files (x86)\Minitab.exe\Minitab 16\LFCMP14nu.DLL
c:\program files (x86)\Minitab.exe\Minitab 16\lffax14nu.dll
c:\program files (x86)\Minitab.exe\Minitab 16\lfgif14nu.dll
c:\program files (x86)\Minitab.exe\Minitab 16\LFJ2K14nu.dll
c:\program files (x86)\Minitab.exe\Minitab 16\Lfpng14nu.dll
c:\program files (x86)\Minitab.exe\Minitab 16\lftif14nu.dll
c:\program files (x86)\Minitab.exe\Minitab 16\Lfwmf14nu.dll
c:\program files (x86)\Minitab.exe\Minitab 16\libxml2.dll
c:\program files (x86)\Minitab.exe\Minitab 16\LTDIS14nu.dll
c:\program files (x86)\Minitab.exe\Minitab 16\ltfil14nu.DLL
c:\program files (x86)\Minitab.exe\Minitab 16\ltimg14nu.dll
c:\program files (x86)\Minitab.exe\Minitab 16\ltkrn14nu.dll
c:\program files (x86)\Minitab.exe\Minitab 16\mfc70.dll
c:\program files (x86)\Minitab.exe\Minitab 16\minitab.lic
c:\program files (x86)\Minitab.exe\Minitab 16\msvcr70.dll
c:\program files (x86)\Minitab.exe\Minitab 16\Mtb.exe
c:\program files (x86)\Minitab.exe\Minitab 16\MtbArchive.dll
c:\program files (x86)\Minitab.exe\Minitab 16\MtbBCG.dll
c:\program files (x86)\Minitab.exe\Minitab 16\MtbBook.dll
c:\program files (x86)\Minitab.exe\Minitab 16\MtbBT.dll
c:\program files (x86)\Minitab.exe\Minitab 16\MtbCDL.dll
c:\program files (x86)\Minitab.exe\Minitab 16\MtbCDLParseValidation.dll
c:\program files (x86)\Minitab.exe\Minitab 16\MtbCDLValidation.dll
c:\program files (x86)\Minitab.exe\Minitab 16\MtbCmndFramework.dll
c:\program files (x86)\Minitab.exe\Minitab 16\MtbDateTime.dll
c:\program files (x86)\Minitab.exe\Minitab 16\MtbDDE.dll
c:\program files (x86)\Minitab.exe\Minitab 16\MtbDlg.dll
c:\program files (x86)\Minitab.exe\Minitab 16\MtbEdt.dll
c:\program files (x86)\Minitab.exe\Minitab 16\MtbExceptions.dll
c:\program files (x86)\Minitab.exe\Minitab 16\Mtbff.des
c:\program files (x86)\Minitab.exe\Minitab 16\MtbFormat.dll
c:\program files (x86)\Minitab.exe\Minitab 16\MtbGE.dll
c:\program files (x86)\Minitab.exe\Minitab 16\MtbGED.dll
c:\program files (x86)\Minitab.exe\Minitab 16\mtbgr.dll
c:\program files (x86)\Minitab.exe\Minitab 16\MtbGraphAttributes.dll
c:\program files (x86)\Minitab.exe\Minitab 16\MtbGraphics.dll
c:\program files (x86)\Minitab.exe\Minitab 16\MtbGraphicsCmnd.dll
c:\program files (x86)\Minitab.exe\Minitab 16\MtbGraphicsFtn.dll
c:\program files (x86)\Minitab.exe\Minitab 16\MtbGUI.dll
c:\program files (x86)\Minitab.exe\Minitab 16\MtbHOB.dll
c:\program files (x86)\Minitab.exe\Minitab 16\MtbHVW.dll
c:\program files (x86)\Minitab.exe\Minitab 16\MtbIO.dll
c:\program files (x86)\Minitab.exe\Minitab 16\MtbMath.dll
c:\program files (x86)\Minitab.exe\Minitab 16\MtbMemory.dll
c:\program files (x86)\Minitab.exe\Minitab 16\MtbMessaging.dll
c:\program files (x86)\Minitab.exe\Minitab 16\MtbMsg.dll
c:\program files (x86)\Minitab.exe\Minitab 16\MtbMVT.dll
c:\program files (x86)\Minitab.exe\Minitab 16\MtbObjectiveGrid.dll
c:\program files (x86)\Minitab.exe\Minitab 16\MtbObserver.dll
c:\program files (x86)\Minitab.exe\Minitab 16\MtbOLE.dll
c:\program files (x86)\Minitab.exe\Minitab 16\MtbOut.dll
c:\program files (x86)\Minitab.exe\Minitab 16\MtbPrefs.dll
c:\program files (x86)\Minitab.exe\Minitab 16\MtbRch.dll
c:\program files (x86)\Minitab.exe\Minitab 16\MtbRD.cmd
c:\program files (x86)\Minitab.exe\Minitab 16\MtbSed.dll
c:\program files (x86)\Minitab.exe\Minitab 16\MtbSortCmnd.dll
c:\program files (x86)\Minitab.exe\Minitab 16\MtbStatUtil.dll
c:\program files (x86)\Minitab.exe\Minitab 16\MtbStreams.dll
c:\program files (x86)\Minitab.exe\Minitab 16\MtbStrings.dll
c:\program files (x86)\Minitab.exe\Minitab 16\MtbTemplate.dll
c:\program files (x86)\Minitab.exe\Minitab 16\MtbTG.des
c:\program files (x86)\Minitab.exe\Minitab 16\MtbUtl.dll
c:\program files (x86)\Minitab.exe\Minitab 16\MtbWorkVar.dll
c:\program files (x86)\Minitab.exe\Minitab 16\r2netdll.dll
c:\program files (x86)\Minitab.exe\Minitab 16\Resources\1033\Mtb.chm
c:\program files (x86)\Minitab.exe\Minitab 16\Resources\1033\mtb.dlg
c:\program files (x86)\Minitab.exe\Minitab 16\Resources\1033\mtb.inx
c:\program files (x86)\Minitab.exe\Minitab 16\Resources\1033\Mtbauto.chm
c:\program files (x86)\Minitab.exe\Minitab 16\Resources\1033\Mtbdoe.chm
c:\program files (x86)\Minitab.exe\Minitab 16\Resources\1033\Mtbedt.chm
c:\program files (x86)\Minitab.exe\Minitab 16\Resources\1033\Mtbgl.chm
c:\program files (x86)\Minitab.exe\Minitab 16\Resources\1033\Mtbgr.chm
c:\program files (x86)\Minitab.exe\Minitab 16\Resources\1033\mtbh.dlg
c:\program files (x86)\Minitab.exe\Minitab 16\Resources\1033\Mtbio.chm
c:\program files (x86)\Minitab.exe\Minitab 16\Resources\1033\Mtbmac.chm
c:\program files (x86)\Minitab.exe\Minitab 16\Resources\1033\Mtbmc.chm
c:\program files (x86)\Minitab.exe\Minitab 16\Resources\1033\Mtbmf.chm
c:\program files (x86)\Minitab.exe\Minitab 16\Resources\1033\Mtbqc.chm
c:\program files (x86)\Minitab.exe\Minitab 16\Resources\1033\MtbResources.dll
c:\program files (x86)\Minitab.exe\Minitab 16\Resources\1033\Mtbrs.chm
c:\program files (x86)\Minitab.exe\Minitab 16\Resources\1033\Mtbsc.chm
c:\program files (x86)\Minitab.exe\Minitab 16\Resources\1033\Mtbsg.chm
c:\program files (x86)\Minitab.exe\Minitab 16\Resources\1033\Mtbss.chm
c:\program files (x86)\Minitab.exe\Minitab 16\Resources\1033\Mtbst.chm
c:\program files (x86)\Minitab.exe\Minitab 16\Resources\1033\Mtbtut.chm
c:\program files (x86)\Minitab.exe\Minitab 16\Resources\1033\Mtbuh.chm
c:\program files (x86)\Minitab.exe\Minitab 16\rmd.exe
c:\program files (x86)\Minitab.exe\Minitab 16\RWUXThemeSU.dll
c:\programdata\ADDICT-THING\bhoclass.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-09-20 to 2012-10-20 )))))))))))))))))))))))))))))))
.
.
2012-10-20 19:20 . 2012-10-20 19:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-20 19:12 . 2012-10-20 19:12 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7313320F-6CD8-4D2D-BAE3-2AE7EA678E44}\offreg.dll
2012-10-20 15:47 . 2012-10-17 06:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7313320F-6CD8-4D2D-BAE3-2AE7EA678E44}\mpengine.dll
2012-10-20 15:47 . 2012-05-31 16:25 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-10-20 15:10 . 2012-10-20 15:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-20 08:04 . 2012-10-20 08:04 -------- d-----w- C:\FRST
2012-10-14 19:35 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-14 19:35 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-14 19:35 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-14 19:35 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-14 19:31 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-14 19:31 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-14 19:30 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-14 19:30 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-14 19:30 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-14 19:30 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-14 19:30 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-14 19:30 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-14 16:45 . 2012-10-14 16:45 -------- d-----w- c:\windows\Sun
2012-09-25 22:13 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-15 14:17 . 2011-05-12 18:17 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-29 23:54 . 2011-02-17 13:01 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-22 18:12 . 2012-09-11 20:25 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-11 20:25 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-11 20:25 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-11 20:25 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-20 17:38 . 2012-10-14 19:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-11 20:25 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-11 20:25 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{B6EF6C45-5E8D-4c3b-B580-A5073261A381}]
2011-11-03 17:43 528216 ----a-w- c:\program files (x86)\RewardsArcadeSuite\RewardsArcadeSuite.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Zenni\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-11 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-30 98304]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-09-29 584760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"NACAgentUI"="c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2011-09-01 540088]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-9-28 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 CLKMSVC10_C6F09094;CyberLink Product - 2011/01/17 00:56;c:\program files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2010-09-21 245232]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 WebOptimizer;WebOptimizer;c:\windows\system32\dmwu.exe [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-09-15 239136]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-09-15 344680]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-21 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [2011-01-27 450680]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [2011-03-15 912504]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx64.sys [2011-02-25 1124472]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110415.003\IDSvia64.sys [2011-03-14 476792]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [2011-01-27 171128]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [2011-04-21 386168]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2010-09-14 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-08 203264]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-09-17 92216]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-06-15 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-09-29 26680]
S2 NACAgent;Cisco NAC Agent;c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [2011-09-01 1233848]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [2011-04-17 130008]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-08 7767552]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-08 279040]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [2010-09-04 31088]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-02-17 132656]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-10-08 38528]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_C6F09094
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1301458492-3097864153-2210454754-1000Core.job
- c:\users\Zenni\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-10 22:21]
.
2012-10-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1301458492-3097864153-2210454754-1000UA.job
- c:\users\Zenni\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-10 22:21]
.
2012-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1301458492-3097864153-2210454754-1000Core.job
- c:\users\Zenni\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-28 20:50]
.
2012-10-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1301458492-3097864153-2210454754-1000UA.job
- c:\users\Zenni\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-28 20:50]
.
2012-09-22 c:\windows\Tasks\HPCeeScheduleForZENNI-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-09-14 487424]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-01 611896]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences Pro\FencesMenu64.dll" [2010-09-16 464744]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 0.0.0.0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
BHO-{56E4076B-A42B-4745-BA35-34DA8AC4C2F2} - c:\program files (x86)\EpicPlay\epicPlayGames.dll
BHO-{C4AB9871-2F1A-123B-BFB7-22B1C71D9807} - c:\programdata\ADDICT-THING\bhoclass.dll
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-Optimizer Pro - c:\program files (x86)\Optimizer Pro\OptProLauncher.exe
Toolbar-10 - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-EpicPlay - c:\program files (x86)\EpicPlay\epicRemoval.exe
AddRemove-{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8} - c:\program files (x86)\InstallShield Installation Information\{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-20 15:23:33
ComboFix-quarantined-files.txt 2012-10-20 19:23
.
Pre-Run: 351,396,335,616 bytes free
Post-Run: 351,593,578,496 bytes free
.
- - End Of File - - 5E3B76377DB16DAC84428AB520E6BB9E

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:42 AM

Posted 20 October 2012 - 03:29 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Spoelker

Spoelker
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 20 October 2012 - 04:33 PM

Gringo:

Next steps are finished.... See below.

Thanks in advance.





16:45:30.0472 5288 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
16:45:30.0787 5288 ============================================================
16:45:30.0787 5288 Current date / time: 2012/10/20 16:45:30.0787
16:45:30.0787 5288 SystemInfo:
16:45:30.0787 5288
16:45:30.0787 5288 OS Version: 6.1.7601 ServicePack: 1.0
16:45:30.0787 5288 Product type: Workstation
16:45:30.0787 5288 ComputerName: ZENNI-HP
16:45:30.0788 5288 UserName: Zenni
16:45:30.0788 5288 Windows directory: C:\Windows
16:45:30.0788 5288 System windows directory: C:\Windows
16:45:30.0788 5288 Running under WOW64
16:45:30.0788 5288 Processor architecture: Intel x64
16:45:30.0788 5288 Number of processors: 2
16:45:30.0788 5288 Page size: 0x1000
16:45:30.0788 5288 Boot type: Normal boot
16:45:30.0788 5288 ============================================================
16:45:33.0869 5288 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:45:33.0946 5288 ============================================================
16:45:33.0946 5288 \Device\Harddisk0\DR0:
16:45:33.0960 5288 MBR partitions:
16:45:33.0960 5288 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
16:45:33.0960 5288 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x37531800
16:45:33.0960 5288 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x37595800, BlocksNum 0x2DBC800
16:45:33.0960 5288 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
16:45:33.0960 5288 ============================================================
16:45:33.0990 5288 C: <-> \Device\Harddisk0\DR0\Partition2
16:45:34.0210 5288 D: <-> \Device\Harddisk0\DR0\Partition3
16:45:34.0211 5288 ============================================================
16:45:34.0211 5288 Initialize success
16:45:34.0211 5288 ============================================================
16:45:37.0105 5364 ============================================================
16:45:37.0105 5364 Scan started
16:45:37.0105 5364 Mode: Manual;
16:45:37.0105 5364 ============================================================
16:45:37.0933 5364 ================ Scan system memory ========================
16:45:37.0933 5364 System memory - ok
16:45:37.0934 5364 ================ Scan services =============================
16:45:38.0406 5364 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:45:38.0434 5364 1394ohci - ok
16:45:38.0652 5364 [ 5AA055FE5AE506E19E9A8F537756EE10 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
16:45:38.0654 5364 Accelerometer - ok
16:45:38.0792 5364 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:45:38.0797 5364 ACPI - ok
16:45:38.0828 5364 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:45:38.0830 5364 AcpiPmi - ok
16:45:39.0049 5364 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:45:39.0086 5364 adp94xx - ok
16:45:39.0289 5364 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:45:39.0328 5364 adpahci - ok
16:45:39.0412 5364 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:45:39.0417 5364 adpu320 - ok
16:45:39.0444 5364 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:45:39.0445 5364 AeLookupSvc - ok
16:45:39.0714 5364 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
16:45:39.0716 5364 AESTFilters - ok
16:45:39.0923 5364 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
16:45:39.0946 5364 AFD - ok
16:45:40.0004 5364 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:45:40.0007 5364 agp440 - ok
16:45:40.0061 5364 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:45:40.0062 5364 ALG - ok
16:45:40.0110 5364 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
16:45:40.0138 5364 aliide - ok
16:45:40.0323 5364 [ 09FCD2C758F1AD3DF931AB9D944FE348 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:45:40.0340 5364 AMD External Events Utility - ok
16:45:40.0371 5364 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
16:45:40.0373 5364 amdide - ok
16:45:40.0491 5364 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:45:40.0555 5364 AmdK8 - ok
16:45:41.0276 5364 [ 2E76D0A912AB09CA5586AB23E466A25F ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
16:45:41.0468 5364 amdkmdag - ok
16:45:41.0833 5364 [ DD3C0C1B62DA0736482501C4BCDCD1F8 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
16:45:41.0838 5364 amdkmdap - ok
16:45:41.0913 5364 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:45:41.0915 5364 AmdPPM - ok
16:45:42.0014 5364 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:45:42.0016 5364 amdsata - ok
16:45:42.0117 5364 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:45:42.0173 5364 amdsbs - ok
16:45:42.0211 5364 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:45:42.0213 5364 amdxata - ok
16:45:42.0319 5364 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
16:45:42.0321 5364 AppID - ok
16:45:42.0357 5364 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:45:42.0359 5364 AppIDSvc - ok
16:45:42.0455 5364 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
16:45:42.0457 5364 Appinfo - ok
16:45:42.0624 5364 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
16:45:42.0661 5364 arc - ok
16:45:42.0745 5364 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:45:42.0783 5364 arcsas - ok
16:45:42.0855 5364 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:45:42.0880 5364 AsyncMac - ok
16:45:42.0947 5364 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
16:45:42.0949 5364 atapi - ok
16:45:43.0210 5364 [ F8633CDD09647A64EE8DB550630427FF ] athr C:\Windows\system32\DRIVERS\athrx.sys
16:45:43.0239 5364 athr - ok
16:45:43.0419 5364 [ 2D648572BA9A610952FCAFBA1E119C2D ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
16:45:43.0421 5364 AtiHdmiService - ok
16:45:43.0496 5364 [ E82E61F46D1336447F4DEFF8C074F13E ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie64.sys
16:45:43.0497 5364 AtiPcie - ok
16:45:43.0546 5364 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:45:43.0566 5364 AudioEndpointBuilder - ok
16:45:43.0671 5364 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:45:43.0682 5364 AudioSrv - ok
16:45:43.0751 5364 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:45:43.0775 5364 AxInstSV - ok
16:45:44.0045 5364 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
16:45:44.0069 5364 b06bdrv - ok
16:45:44.0182 5364 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:45:44.0238 5364 b57nd60a - ok
16:45:44.0335 5364 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:45:44.0396 5364 BDESVC - ok
16:45:44.0680 5364 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:45:44.0716 5364 Beep - ok
16:45:44.0858 5364 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
16:45:44.0878 5364 BFE - ok
16:45:45.0466 5364 [ 0163C18A9EBC4A76542790CEC49F5120 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx64.sys
16:45:45.0483 5364 BHDrvx64 - ok
16:45:45.0591 5364 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
16:45:45.0654 5364 BITS - ok
16:45:45.0733 5364 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:45:45.0783 5364 blbdrive - ok
16:45:46.0032 5364 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:45:46.0083 5364 bowser - ok
16:45:46.0159 5364 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:45:46.0199 5364 BrFiltLo - ok
16:45:46.0292 5364 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:45:46.0327 5364 BrFiltUp - ok
16:45:46.0412 5364 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
16:45:46.0450 5364 BridgeMP - ok
16:45:46.0487 5364 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
16:45:46.0490 5364 Browser - ok
16:45:46.0520 5364 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:45:46.0524 5364 Brserid - ok
16:45:46.0592 5364 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:45:46.0632 5364 BrSerWdm - ok
16:45:46.0691 5364 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:45:46.0733 5364 BrUsbMdm - ok
16:45:46.0775 5364 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:45:46.0827 5364 BrUsbSer - ok
16:45:46.0885 5364 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:45:46.0928 5364 BTHMODEM - ok
16:45:47.0056 5364 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:45:47.0084 5364 bthserv - ok
16:45:47.0171 5364 catchme - ok
16:45:47.0346 5364 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:45:47.0417 5364 cdfs - ok
16:45:47.0618 5364 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
16:45:47.0621 5364 cdrom - ok
16:45:47.0764 5364 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
16:45:47.0801 5364 CertPropSvc - ok
16:45:47.0866 5364 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:45:47.0916 5364 circlass - ok
16:45:48.0071 5364 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:45:48.0080 5364 CLFS - ok
16:45:48.0510 5364 [ DEDE5EC7DC09D840D5D74E06FF4DE127 ] CLKMSVC10_C6F09094 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe
16:45:48.0544 5364 CLKMSVC10_C6F09094 - ok
16:45:48.0663 5364 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:45:48.0666 5364 clr_optimization_v2.0.50727_32 - ok
16:45:48.0858 5364 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:45:48.0883 5364 clr_optimization_v2.0.50727_64 - ok
16:45:49.0156 5364 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:45:49.0159 5364 clr_optimization_v4.0.30319_32 - ok
16:45:49.0267 5364 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:45:49.0271 5364 clr_optimization_v4.0.30319_64 - ok
16:45:49.0295 5364 [ D68D9F4D53010B7E84D4E80A2E485554 ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
16:45:49.0296 5364 clwvd - ok
16:45:49.0349 5364 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:45:49.0386 5364 CmBatt - ok
16:45:49.0485 5364 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:45:49.0527 5364 cmdide - ok
16:45:49.0723 5364 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
16:45:49.0757 5364 CNG - ok
16:45:49.0837 5364 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:45:49.0838 5364 Compbatt - ok
16:45:49.0910 5364 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
16:45:49.0912 5364 CompositeBus - ok
16:45:49.0923 5364 COMSysApp - ok
16:45:49.0965 5364 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
16:45:49.0966 5364 crcdisk - ok
16:45:50.0065 5364 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:45:50.0095 5364 CryptSvc - ok
16:45:50.0239 5364 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:45:50.0281 5364 DcomLaunch - ok
16:45:50.0448 5364 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:45:50.0487 5364 defragsvc - ok
16:45:50.0528 5364 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:45:50.0531 5364 DfsC - ok
16:45:50.0645 5364 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
16:45:50.0687 5364 Dhcp - ok
16:45:50.0825 5364 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:45:50.0826 5364 discache - ok
16:45:50.0922 5364 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
16:45:50.0972 5364 Disk - ok
16:45:51.0084 5364 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:45:51.0089 5364 Dnscache - ok
16:45:51.0134 5364 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:45:51.0140 5364 dot3svc - ok
16:45:51.0171 5364 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
16:45:51.0173 5364 DPS - ok
16:45:51.0260 5364 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:45:51.0293 5364 drmkaud - ok
16:45:51.0574 5364 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:45:51.0590 5364 DXGKrnl - ok
16:45:51.0666 5364 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:45:51.0670 5364 EapHost - ok
16:45:51.0827 5364 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
16:45:51.0973 5364 ebdrv - ok
16:45:52.0255 5364 [ 066108AE4C35835081598827A1A7D08D ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
16:45:52.0263 5364 eeCtrl - ok
16:45:52.0335 5364 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
16:45:52.0382 5364 EFS - ok
16:45:52.0708 5364 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:45:52.0773 5364 ehRecvr - ok
16:45:52.0909 5364 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:45:52.0945 5364 ehSched - ok
16:45:53.0167 5364 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
16:45:53.0175 5364 elxstor - ok
16:45:53.0298 5364 [ 12866876E3851F1E5D462B2A83E25578 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:45:53.0301 5364 EraserUtilRebootDrv - ok
16:45:53.0394 5364 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:45:53.0426 5364 ErrDev - ok
16:45:53.0657 5364 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:45:53.0677 5364 EventSystem - ok
16:45:53.0735 5364 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:45:53.0741 5364 exfat - ok
16:45:53.0864 5364 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:45:53.0913 5364 fastfat - ok
16:45:54.0161 5364 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
16:45:54.0205 5364 Fax - ok
16:45:54.0236 5364 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:45:54.0264 5364 fdc - ok
16:45:54.0324 5364 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:45:54.0327 5364 fdPHost - ok
16:45:54.0343 5364 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:45:54.0346 5364 FDResPub - ok
16:45:54.0374 5364 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:45:54.0375 5364 FileInfo - ok
16:45:54.0389 5364 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:45:54.0429 5364 Filetrace - ok
16:45:54.0504 5364 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:45:54.0532 5364 flpydisk - ok
16:45:54.0661 5364 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:45:54.0686 5364 FltMgr - ok
16:45:54.0891 5364 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
16:45:54.0917 5364 FontCache - ok
16:45:55.0152 5364 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:45:55.0182 5364 FontCache3.0.0.0 - ok
16:45:55.0316 5364 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:45:55.0346 5364 FsDepends - ok
16:45:55.0481 5364 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:45:55.0482 5364 Fs_Rec - ok
16:45:55.0577 5364 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:45:55.0582 5364 fvevol - ok
16:45:55.0607 5364 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
16:45:55.0609 5364 gagp30kx - ok
16:45:55.0818 5364 [ D154305DE6090E6E84E525F84BB08A06 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
16:45:55.0845 5364 GameConsoleService - ok
16:45:56.0091 5364 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
16:45:56.0137 5364 gpsvc - ok
16:45:56.0200 5364 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:45:56.0203 5364 hcw85cir - ok
16:45:56.0236 5364 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:45:56.0241 5364 HdAudAddService - ok
16:45:56.0264 5364 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
16:45:56.0266 5364 HDAudBus - ok
16:45:56.0322 5364 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:45:56.0361 5364 HidBatt - ok
16:45:56.0417 5364 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
16:45:56.0461 5364 HidBth - ok
16:45:56.0499 5364 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:45:56.0548 5364 HidIr - ok
16:45:56.0601 5364 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
16:45:56.0631 5364 hidserv - ok
16:45:56.0636 5364 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:45:56.0638 5364 HidUsb - ok
16:45:56.0785 5364 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:45:56.0832 5364 hkmsvc - ok
16:45:56.0973 5364 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:45:56.0981 5364 HomeGroupListener - ok
16:45:57.0037 5364 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:45:57.0040 5364 HomeGroupProvider - ok
16:45:57.0343 5364 [ 37965381364B2E106E1DD7D74CDCAA43 ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
16:45:57.0345 5364 HP Health Check Service - ok
16:45:57.0620 5364 [ C930128C8F8FF03D8F8C42B570920D56 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
16:45:57.0623 5364 HP Wireless Assistant Service - ok
16:45:57.0755 5364 [ 3DC11A802353401332D49C3CBFBBE5FC ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
16:45:57.0762 5364 HPClientSvc - ok
16:45:57.0790 5364 [ F323230C391771611BBE9363B88C3E3E ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
16:45:57.0793 5364 HPDrvMntSvc.exe - ok
16:45:57.0832 5364 [ 0AC88FBE4BF315F5F8FD862426C11540 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
16:45:57.0833 5364 hpdskflt - ok
16:45:57.0999 5364 [ 5311386F0EC157D155BB07A1D420FB4D ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
16:45:58.0026 5364 hpqwmiex - ok
16:45:58.0108 5364 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:45:58.0140 5364 HpSAMD - ok
16:45:58.0192 5364 [ 778CE2C015DEC896C5C9323342BD71D4 ] hpsrv C:\Windows\system32\Hpservice.exe
16:45:58.0195 5364 hpsrv - ok
16:45:58.0358 5364 [ 854197D1270D20193FE2D4B14784AADE ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
16:45:58.0359 5364 HPWMISVC - ok
16:45:58.0412 5364 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:45:58.0421 5364 HTTP - ok
16:45:58.0496 5364 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:45:58.0497 5364 hwpolicy - ok
16:45:58.0585 5364 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:45:58.0610 5364 i8042prt - ok
16:45:58.0844 5364 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:45:58.0869 5364 iaStorV - ok
16:45:58.0954 5364 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:45:58.0957 5364 IDriverT - ok
16:45:59.0372 5364 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:45:59.0430 5364 idsvc - ok
16:45:59.0622 5364 [ 8F9FAA4583E634A1505BAD8D0C04C5C9 ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110415.003\IDSvia64.sys
16:45:59.0630 5364 IDSVia64 - ok
16:46:00.0292 5364 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
16:46:00.0423 5364 igfx - ok
16:46:00.0458 5364 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
16:46:00.0497 5364 iirsp - ok
16:46:00.0764 5364 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
16:46:00.0783 5364 IKEEXT - ok
16:46:00.0895 5364 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
16:46:00.0949 5364 intelide - ok
16:46:00.0968 5364 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:46:01.0005 5364 intelppm - ok
16:46:01.0031 5364 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:46:01.0069 5364 IPBusEnum - ok
16:46:01.0131 5364 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:46:01.0134 5364 IpFilterDriver - ok
16:46:01.0281 5364 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:46:01.0325 5364 iphlpsvc - ok
16:46:01.0424 5364 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:46:01.0461 5364 IPMIDRV - ok
16:46:01.0530 5364 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:46:01.0562 5364 IPNAT - ok
16:46:01.0658 5364 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:46:01.0694 5364 IRENUM - ok
16:46:01.0757 5364 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:46:01.0759 5364 isapnp - ok
16:46:01.0802 5364 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:46:01.0806 5364 iScsiPrt - ok
16:46:01.0832 5364 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
16:46:01.0833 5364 kbdclass - ok
16:46:02.0020 5364 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
16:46:02.0061 5364 kbdhid - ok
16:46:02.0147 5364 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
16:46:02.0150 5364 KeyIso - ok
16:46:02.0268 5364 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:46:02.0306 5364 KSecDD - ok
16:46:02.0465 5364 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:46:02.0506 5364 KSecPkg - ok
16:46:02.0547 5364 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:46:02.0548 5364 ksthunk - ok
16:46:02.0581 5364 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:46:02.0639 5364 KtmRm - ok
16:46:02.0863 5364 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
16:46:02.0897 5364 LanmanServer - ok
16:46:02.0972 5364 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:46:02.0978 5364 LanmanWorkstation - ok
16:46:03.0011 5364 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:46:03.0050 5364 lltdio - ok
16:46:03.0110 5364 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:46:03.0116 5364 lltdsvc - ok
16:46:03.0135 5364 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:46:03.0136 5364 lmhosts - ok
16:46:03.0213 5364 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
16:46:03.0239 5364 LSI_FC - ok
16:46:03.0296 5364 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
16:46:03.0340 5364 LSI_SAS - ok
16:46:03.0401 5364 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:46:03.0472 5364 LSI_SAS2 - ok
16:46:03.0575 5364 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:46:03.0609 5364 LSI_SCSI - ok
16:46:03.0822 5364 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:46:03.0873 5364 luafv - ok
16:46:03.0914 5364 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:46:03.0919 5364 Mcx2Svc - ok
16:46:04.0021 5364 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
16:46:04.0051 5364 megasas - ok
16:46:04.0190 5364 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
16:46:04.0245 5364 MegaSR - ok
16:46:04.0384 5364 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:46:04.0388 5364 MMCSS - ok
16:46:04.0475 5364 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:46:04.0551 5364 Modem - ok
16:46:04.0608 5364 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:46:04.0610 5364 monitor - ok
16:46:04.0729 5364 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:46:04.0729 5364 mouclass - ok
16:46:04.0739 5364 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:46:04.0740 5364 mouhid - ok
16:46:04.0837 5364 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:46:04.0865 5364 mountmgr - ok
16:46:04.0974 5364 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
16:46:05.0010 5364 mpio - ok
16:46:05.0105 5364 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:46:05.0125 5364 mpsdrv - ok
16:46:05.0361 5364 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:46:05.0380 5364 MpsSvc - ok
16:46:05.0414 5364 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:46:05.0416 5364 MRxDAV - ok
16:46:05.0625 5364 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:46:05.0651 5364 mrxsmb - ok
16:46:05.0841 5364 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:46:05.0878 5364 mrxsmb10 - ok
16:46:05.0964 5364 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:46:05.0968 5364 mrxsmb20 - ok
16:46:06.0005 5364 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
16:46:06.0006 5364 msahci - ok
16:46:06.0120 5364 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:46:06.0162 5364 msdsm - ok
16:46:06.0253 5364 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:46:06.0295 5364 MSDTC - ok
16:46:06.0426 5364 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:46:06.0428 5364 Msfs - ok
16:46:06.0472 5364 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:46:06.0497 5364 mshidkmdf - ok
16:46:06.0572 5364 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:46:06.0572 5364 msisadrv - ok
16:46:06.0606 5364 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:46:06.0610 5364 MSiSCSI - ok
16:46:06.0615 5364 msiserver - ok
16:46:06.0661 5364 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:46:06.0684 5364 MSKSSRV - ok
16:46:06.0733 5364 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:46:06.0763 5364 MSPCLOCK - ok
16:46:06.0800 5364 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:46:06.0848 5364 MSPQM - ok
16:46:06.0981 5364 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:46:07.0013 5364 MsRPC - ok
16:46:07.0037 5364 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
16:46:07.0038 5364 mssmbios - ok
16:46:07.0080 5364 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:46:07.0081 5364 MSTEE - ok
16:46:07.0099 5364 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
16:46:07.0101 5364 MTConfig - ok
16:46:07.0138 5364 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:46:07.0139 5364 Mup - ok
16:46:07.0666 5364 [ 72DD381229BCA8961E826BA73AFE60BC ] NACAgent C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
16:46:07.0692 5364 NACAgent - ok
16:46:07.0829 5364 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
16:46:07.0847 5364 napagent - ok
16:46:08.0019 5364 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:46:08.0045 5364 NativeWifiP - ok
16:46:08.0208 5364 [ BA3D1E520FCCC1783282F43B8ADFC4CA ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110418.002\ENG64.SYS
16:46:08.0250 5364 NAVENG - ok
16:46:08.0426 5364 [ 9F602385A74E30D13FB9083213CDDC87 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110418.002\EX64.SYS
16:46:08.0470 5364 NAVEX15 - ok
16:46:08.0650 5364 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:46:08.0682 5364 NDIS - ok
16:46:08.0800 5364 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:46:08.0844 5364 NdisCap - ok
16:46:08.0899 5364 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:46:08.0971 5364 NdisTapi - ok
16:46:09.0025 5364 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:46:09.0028 5364 Ndisuio - ok
16:46:09.0094 5364 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:46:09.0096 5364 NdisWan - ok
16:46:09.0277 5364 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:46:09.0303 5364 NDProxy - ok
16:46:09.0383 5364 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:46:09.0385 5364 NetBIOS - ok
16:46:09.0555 5364 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:46:09.0561 5364 NetBT - ok
16:46:09.0624 5364 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
16:46:09.0627 5364 Netlogon - ok
16:46:09.0719 5364 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:46:09.0729 5364 Netman - ok
16:46:09.0767 5364 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:46:09.0774 5364 netprofm - ok
16:46:09.0807 5364 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:46:09.0839 5364 NetTcpPortSharing - ok
16:46:10.0451 5364 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
16:46:10.0565 5364 netw5v64 - ok
16:46:10.0627 5364 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
16:46:10.0667 5364 nfrd960 - ok
16:46:10.0942 5364 [ E78A365CC3E0FBFC018A33DCE01909F8 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
16:46:10.0972 5364 NIS - ok
16:46:11.0057 5364 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:46:11.0066 5364 NlaSvc - ok
16:46:11.0643 5364 [ 5839A8027D6D324A7CD494051A96628C ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
16:46:11.0678 5364 NOBU - ok
16:46:11.0710 5364 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:46:11.0711 5364 Npfs - ok
16:46:11.0735 5364 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:46:11.0736 5364 nsi - ok
16:46:11.0748 5364 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:46:11.0749 5364 nsiproxy - ok
16:46:11.0958 5364 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:46:12.0000 5364 Ntfs - ok
16:46:12.0032 5364 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:46:12.0070 5364 Null - ok
16:46:12.0194 5364 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:46:12.0198 5364 nvraid - ok
16:46:12.0227 5364 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:46:12.0230 5364 nvstor - ok
16:46:12.0249 5364 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:46:12.0252 5364 nv_agp - ok
16:46:12.0627 5364 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:46:12.0673 5364 odserv - ok
16:46:12.0762 5364 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:46:12.0815 5364 ohci1394 - ok
16:46:12.0844 5364 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:46:12.0849 5364 ose - ok
16:46:12.0887 5364 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:46:12.0892 5364 p2pimsvc - ok
16:46:12.0978 5364 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:46:13.0021 5364 p2psvc - ok
16:46:13.0101 5364 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:46:13.0149 5364 Parport - ok
16:46:13.0268 5364 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:46:13.0316 5364 partmgr - ok
16:46:13.0442 5364 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:46:13.0532 5364 PcaSvc - ok
16:46:13.0571 5364 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
16:46:13.0573 5364 pci - ok
16:46:13.0604 5364 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
16:46:13.0605 5364 pciide - ok
16:46:13.0714 5364 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:46:13.0752 5364 pcmcia - ok
16:46:13.0810 5364 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:46:13.0811 5364 pcw - ok
16:46:14.0011 5364 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:46:14.0048 5364 PEAUTH - ok
16:46:14.0189 5364 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:46:14.0218 5364 PerfHost - ok
16:46:14.0549 5364 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
16:46:14.0611 5364 pla - ok
16:46:14.0713 5364 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:46:14.0725 5364 PlugPlay - ok
16:46:14.0747 5364 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:46:14.0749 5364 PNRPAutoReg - ok
16:46:14.0765 5364 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:46:14.0768 5364 PNRPsvc - ok
16:46:14.0880 5364 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:46:14.0924 5364 PolicyAgent - ok
16:46:15.0083 5364 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
16:46:15.0126 5364 Power - ok
16:46:15.0262 5364 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:46:15.0294 5364 PptpMiniport - ok
16:46:15.0422 5364 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:46:15.0425 5364 Processor - ok
16:46:15.0684 5364 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
16:46:15.0727 5364 ProfSvc - ok
16:46:15.0757 5364 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:46:15.0760 5364 ProtectedStorage - ok
16:46:15.0916 5364 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:46:15.0972 5364 Psched - ok
16:46:16.0127 5364 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
16:46:16.0158 5364 ql2300 - ok
16:46:16.0258 5364 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
16:46:16.0299 5364 ql40xx - ok
16:46:16.0455 5364 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:46:16.0496 5364 QWAVE - ok
16:46:16.0538 5364 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:46:16.0572 5364 QWAVEdrv - ok
16:46:16.0621 5364 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:46:16.0665 5364 RasAcd - ok
16:46:16.0708 5364 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:46:16.0760 5364 RasAgileVpn - ok
16:46:16.0780 5364 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:46:16.0786 5364 RasAuto - ok
16:46:16.0828 5364 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:46:16.0831 5364 Rasl2tp - ok
16:46:16.0934 5364 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
16:46:16.0975 5364 RasMan - ok
16:46:17.0064 5364 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:46:17.0105 5364 RasPppoe - ok
16:46:17.0148 5364 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:46:17.0183 5364 RasSstp - ok
16:46:17.0473 5364 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:46:17.0480 5364 rdbss - ok
16:46:17.0543 5364 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:46:17.0585 5364 rdpbus - ok
16:46:17.0673 5364 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:46:17.0674 5364 RDPCDD - ok
16:46:17.0725 5364 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:46:17.0726 5364 RDPENCDD - ok
16:46:17.0788 5364 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:46:17.0789 5364 RDPREFMP - ok
16:46:17.0945 5364 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:46:17.0973 5364 RDPWD - ok
16:46:18.0096 5364 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:46:18.0139 5364 rdyboost - ok
16:46:18.0167 5364 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:46:18.0170 5364 RemoteAccess - ok
16:46:18.0213 5364 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:46:18.0253 5364 RemoteRegistry - ok
16:46:18.0465 5364 [ C1568E17039B2EC2B73A4F880DDD51E5 ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
16:46:18.0505 5364 RoxioNow Service - ok
16:46:18.0535 5364 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:46:18.0540 5364 RpcEptMapper - ok
16:46:18.0633 5364 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:46:18.0671 5364 RpcLocator - ok
16:46:18.0761 5364 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
16:46:18.0773 5364 RpcSs - ok
16:46:18.0803 5364 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:46:18.0804 5364 rspndr - ok
16:46:18.0907 5364 [ 3CEEE53BBF8BA284FF44585CEC0162FE ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
16:46:18.0941 5364 RSUSBSTOR - ok
16:46:19.0109 5364 [ 4B42BC58294E83A6A92EC8B88C14C4A3 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
16:46:19.0115 5364 RTL8167 - ok
16:46:19.0135 5364 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
16:46:19.0137 5364 SamSs - ok
16:46:19.0265 5364 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:46:19.0308 5364 sbp2port - ok
16:46:19.0385 5364 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:46:19.0392 5364 SCardSvr - ok
16:46:19.0434 5364 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:46:19.0473 5364 scfilter - ok
16:46:19.0754 5364 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
16:46:19.0790 5364 Schedule - ok
16:46:19.0864 5364 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:46:19.0866 5364 SCPolicySvc - ok
16:46:19.0972 5364 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
16:46:19.0976 5364 sdbus - ok
16:46:20.0017 5364 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:46:20.0020 5364 SDRSVC - ok
16:46:20.0081 5364 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:46:20.0119 5364 secdrv - ok
16:46:20.0270 5364 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
16:46:20.0275 5364 seclogon - ok
16:46:20.0359 5364 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
16:46:20.0364 5364 SENS - ok
16:46:20.0488 5364 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:46:20.0538 5364 SensrSvc - ok
16:46:20.0597 5364 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:46:20.0663 5364 Serenum - ok
16:46:20.0737 5364 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:46:20.0741 5364 Serial - ok
16:46:20.0767 5364 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
16:46:20.0770 5364 sermouse - ok
16:46:20.0848 5364 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
16:46:20.0872 5364 SessionEnv - ok
16:46:20.0964 5364 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:46:20.0993 5364 sffdisk - ok
16:46:21.0037 5364 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:46:21.0039 5364 sffp_mmc - ok
16:46:21.0067 5364 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:46:21.0093 5364 sffp_sd - ok
16:46:21.0122 5364 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:46:21.0148 5364 sfloppy - ok
16:46:21.0298 5364 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:46:21.0307 5364 SharedAccess - ok
16:46:21.0352 5364 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:46:21.0388 5364 ShellHWDetection - ok
16:46:21.0474 5364 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:46:21.0520 5364 SiSRaid2 - ok
16:46:21.0607 5364 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
16:46:21.0637 5364 SiSRaid4 - ok
16:46:21.0679 5364 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:46:21.0716 5364 Smb - ok
16:46:21.0809 5364 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:46:21.0814 5364 SNMPTRAP - ok
16:46:21.0831 5364 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:46:21.0832 5364 spldr - ok
16:46:21.0920 5364 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
16:46:21.0947 5364 Spooler - ok
16:46:22.0339 5364 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
16:46:22.0402 5364 sppsvc - ok
16:46:22.0516 5364 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:46:22.0542 5364 sppuinotify - ok
16:46:22.0810 5364 [ 90EF30C3867BCDE4579C01A6D6E75A7A ] SRTSP C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS
16:46:22.0850 5364 SRTSP - ok
16:46:22.0871 5364 [ C513E8A5E7978DA49077F5484344EE1B ] SRTSPX C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS
16:46:22.0872 5364 SRTSPX - ok
16:46:23.0054 5364 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
16:46:23.0085 5364 srv - ok
16:46:23.0240 5364 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:46:23.0272 5364 srv2 - ok
16:46:23.0380 5364 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
16:46:23.0388 5364 SrvHsfHDA - ok
16:46:23.0441 5364 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
16:46:23.0476 5364 SrvHsfV92 - ok
16:46:23.0613 5364 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
16:46:23.0667 5364 SrvHsfWinac - ok
16:46:23.0833 5364 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:46:23.0862 5364 srvnet - ok
16:46:24.0058 5364 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:46:24.0102 5364 SSDPSRV - ok
16:46:24.0132 5364 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:46:24.0135 5364 SstpSvc - ok
16:46:24.0458 5364 [ B00068BA94F5F306911B14B425AAEB56 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
16:46:24.0483 5364 STacSV - ok
16:46:24.0650 5364 Steam Client Service - ok
16:46:24.0701 5364 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
16:46:24.0702 5364 stexstor - ok
16:46:24.0877 5364 [ DA40D9C9CCB9836D6ABD1706935A2277 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
16:46:24.0908 5364 STHDA - ok
16:46:25.0083 5364 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
16:46:25.0125 5364 stisvc - ok
16:46:25.0196 5364 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
16:46:25.0198 5364 swenum - ok
16:46:25.0276 5364 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:46:25.0295 5364 swprv - ok
16:46:25.0319 5364 [ 6160145C7A87FC7672E8E3B886888176 ] SymDS C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS
16:46:25.0325 5364 SymDS - ok
16:46:25.0483 5364 [ 96AEED40D4D3521568B42027687E69E0 ] SymEFA C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS
16:46:25.0546 5364 SymEFA - ok
16:46:25.0697 5364 [ 21A1C2D694C3CF962D31F5E873AB3D6F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
16:46:25.0701 5364 SymEvent - ok
16:46:25.0839 5364 [ BD0D711D8CBFCAA19CA123306EAF53A5 ] SymIRON C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS
16:46:25.0842 5364 SymIRON - ok
16:46:25.0913 5364 [ A6ADB3D83023F8DAA0F7B6FDA785D83B ] SymNetS C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS
16:46:25.0920 5364 SymNetS - ok
16:46:26.0308 5364 [ 961CFAC2A5318E212F459D651F28E0A4 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
16:46:26.0323 5364 SynTP - ok
16:46:26.0785 5364 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
16:46:26.0822 5364 SysMain - ok
16:46:26.0862 5364 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:46:26.0865 5364 TabletInputService - ok
16:46:26.0975 5364 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:46:27.0019 5364 TapiSrv - ok
16:46:27.0093 5364 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:46:27.0099 5364 TBS - ok
16:46:27.0428 5364 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:46:27.0452 5364 Tcpip - ok
16:46:27.0478 5364 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:46:27.0491 5364 TCPIP6 - ok
16:46:27.0568 5364 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:46:27.0626 5364 tcpipreg - ok
16:46:27.0760 5364 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:46:27.0815 5364 TDPIPE - ok
16:46:27.0969 5364 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:46:28.0010 5364 TDTCP - ok
16:46:28.0184 5364 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:46:28.0217 5364 tdx - ok
16:46:28.0265 5364 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
16:46:28.0266 5364 TermDD - ok
16:46:28.0385 5364 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
16:46:28.0427 5364 TermService - ok
16:46:28.0494 5364 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:46:28.0499 5364 Themes - ok
16:46:28.0583 5364 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:46:28.0587 5364 THREADORDER - ok
16:46:28.0615 5364 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:46:28.0621 5364 TrkWks - ok
16:46:28.0824 5364 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:46:28.0828 5364 TrustedInstaller - ok
16:46:28.0862 5364 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:46:28.0864 5364 tssecsrv - ok
16:46:29.0071 5364 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:46:29.0093 5364 TsUsbFlt - ok
16:46:29.0167 5364 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:46:29.0194 5364 tunnel - ok
16:46:29.0266 5364 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:46:29.0298 5364 uagp35 - ok
16:46:29.0428 5364 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:46:29.0470 5364 udfs - ok
16:46:29.0657 5364 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:46:29.0704 5364 UI0Detect - ok
16:46:29.0795 5364 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:46:29.0827 5364 uliagpkx - ok
16:46:29.0981 5364 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
16:46:30.0015 5364 umbus - ok
16:46:30.0117 5364 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
16:46:30.0159 5364 UmPass - ok
16:46:30.0237 5364 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:46:30.0251 5364 upnphost - ok
16:46:30.0293 5364 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:46:30.0295 5364 usbccgp - ok
16:46:30.0400 5364 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:46:30.0438 5364 usbcir - ok
16:46:30.0485 5364 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:46:30.0530 5364 usbehci - ok
16:46:30.0628 5364 [ DC2B306861F42EEEB92EF525F4119F08 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
16:46:30.0629 5364 usbfilter - ok
16:46:30.0792 5364 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:46:30.0842 5364 usbhub - ok
16:46:30.0884 5364 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
16:46:30.0886 5364 usbohci - ok
16:46:30.0922 5364 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:46:30.0958 5364 usbprint - ok
16:46:31.0053 5364 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
16:46:31.0093 5364 usbscan - ok
16:46:31.0135 5364 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:46:31.0171 5364 USBSTOR - ok
16:46:31.0244 5364 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:46:31.0282 5364 usbuhci - ok
16:46:31.0424 5364 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
16:46:31.0469 5364 usbvideo - ok
16:46:31.0560 5364 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:46:31.0565 5364 UxSms - ok
16:46:31.0579 5364 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
16:46:31.0580 5364 VaultSvc - ok
16:46:31.0702 5364 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:46:31.0703 5364 vdrvroot - ok
16:46:31.0901 5364 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
16:46:31.0923 5364 vds - ok
16:46:32.0008 5364 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:46:32.0040 5364 vga - ok
16:46:32.0096 5364 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:46:32.0137 5364 VgaSave - ok
16:46:32.0245 5364 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:46:32.0251 5364 vhdmp - ok
16:46:32.0283 5364 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
16:46:32.0286 5364 viaide - ok
16:46:32.0307 5364 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:46:32.0308 5364 volmgr - ok
16:46:32.0452 5364 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:46:32.0460 5364 volmgrx - ok
16:46:32.0584 5364 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:46:32.0619 5364 volsnap - ok
16:46:32.0742 5364 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
16:46:32.0772 5364 vsmraid - ok
16:46:32.0872 5364 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
16:46:32.0920 5364 VSS - ok
16:46:32.0962 5364 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:46:33.0040 5364 vwifibus - ok
16:46:33.0125 5364 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:46:33.0150 5364 vwififlt - ok
16:46:33.0341 5364 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:46:33.0377 5364 W32Time - ok
16:46:33.0465 5364 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
16:46:33.0467 5364 WacomPen - ok
16:46:33.0506 5364 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:46:33.0508 5364 WANARP - ok
16:46:33.0512 5364 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:46:33.0513 5364 Wanarpv6 - ok
16:46:34.0189 5364 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:46:34.0215 5364 WatAdminSvc - ok
16:46:34.0447 5364 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
16:46:34.0508 5364 wbengine - ok
16:46:34.0619 5364 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:46:34.0651 5364 WbioSrvc - ok
16:46:34.0722 5364 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:46:34.0734 5364 wcncsvc - ok
16:46:34.0746 5364 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:46:34.0750 5364 WcsPlugInService - ok
16:46:34.0780 5364 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
16:46:34.0816 5364 Wd - ok
16:46:35.0034 5364 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:46:35.0097 5364 Wdf01000 - ok
16:46:35.0260 5364 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:46:35.0266 5364 WdiServiceHost - ok
16:46:35.0342 5364 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:46:35.0348 5364 WdiSystemHost - ok
16:46:35.0565 5364 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
16:46:35.0575 5364 WebClient - ok
16:46:35.0709 5364 WebOptimizer - ok
16:46:35.0789 5364 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:46:35.0816 5364 Wecsvc - ok
16:46:35.0859 5364 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:46:35.0865 5364 wercplsupport - ok
16:46:35.0905 5364 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:46:35.0930 5364 WerSvc - ok
16:46:36.0020 5364 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:46:36.0054 5364 WfpLwf - ok
16:46:36.0107 5364 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:46:36.0109 5364 WIMMount - ok
16:46:36.0126 5364 WinDefend - ok
16:46:36.0141 5364 WinHttpAutoProxySvc - ok
16:46:36.0316 5364 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:46:36.0341 5364 Winmgmt - ok
16:46:36.0672 5364 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
16:46:36.0698 5364 WinRM - ok
16:46:36.0909 5364 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:46:36.0941 5364 Wlansvc - ok
16:46:37.0311 5364 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:46:37.0366 5364 wlidsvc - ok
16:46:37.0431 5364 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:46:37.0432 5364 WmiAcpi - ok
16:46:37.0561 5364 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:46:37.0601 5364 wmiApSrv - ok
16:46:37.0744 5364 WMPNetworkSvc - ok
16:46:37.0898 5364 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:46:37.0926 5364 WPCSvc - ok
16:46:38.0041 5364 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:46:38.0044 5364 WPDBusEnum - ok
16:46:38.0142 5364 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:46:38.0188 5364 ws2ifsl - ok
16:46:38.0288 5364 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
16:46:38.0326 5364 wscsvc - ok
16:46:38.0335 5364 WSearch - ok
16:46:38.0691 5364 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:46:38.0726 5364 wuauserv - ok
16:46:38.0741 5364 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:46:38.0744 5364 WudfPf - ok
16:46:38.0928 5364 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:46:38.0932 5364 WUDFRd - ok
16:46:39.0015 5364 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:46:39.0021 5364 wudfsvc - ok
16:46:39.0121 5364 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
16:46:39.0152 5364 WwanSvc - ok
16:46:39.0250 5364 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
16:46:39.0255 5364 YahooAUService - ok
16:46:39.0330 5364 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
16:46:39.0372 5364 yukonw7 - ok
16:46:39.0402 5364 ================ Scan global ===============================
16:46:39.0749 5364 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:46:39.0939 5364 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
16:46:39.0989 5364 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
16:46:40.0198 5364 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:46:40.0496 5364 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:46:40.0538 5364 [Global] - ok
16:46:40.0539 5364 ================ Scan MBR ==================================
16:46:40.0669 5364 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:46:42.0076 5364 \Device\Harddisk0\DR0 - ok
16:46:42.0077 5364 ================ Scan VBR ==================================
16:46:42.0080 5364 [ ABCE790E703C167FF461BF5ED40B4D01 ] \Device\Harddisk0\DR0\Partition1
16:46:42.0083 5364 \Device\Harddisk0\DR0\Partition1 - ok
16:46:42.0095 5364 [ 3F43F2399752E008449AC590B55E73B4 ] \Device\Harddisk0\DR0\Partition2
16:46:42.0097 5364 \Device\Harddisk0\DR0\Partition2 - ok
16:46:42.0162 5364 [ 4B1EACCA2775E0DBB26D6E73D16378A9 ] \Device\Harddisk0\DR0\Partition3
16:46:42.0205 5364 \Device\Harddisk0\DR0\Partition3 - ok
16:46:42.0267 5364 [ 30BACBAE52AA2DC086C669E324F9A79C ] \Device\Harddisk0\DR0\Partition4
16:46:42.0316 5364 \Device\Harddisk0\DR0\Partition4 - ok
16:46:42.0317 5364 ============================================================
16:46:42.0317 5364 Scan finished
16:46:42.0317 5364 ============================================================
16:46:42.0342 5356 Detected object count: 0
16:46:42.0342 5356 Actual detected object count: 0
16:47:09.0114 5280 Deinitialize success

ASWMR Results:
================

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-20 16:48:00
-----------------------------
16:48:00.801 OS Version: Windows x64 6.1.7601 Service Pack 1
16:48:00.801 Number of processors: 2 586 0x603
16:48:00.802 ComputerName: ZENNI-HP UserName: Zenni
16:48:09.607 Initialize success
16:49:06.804 AVAST engine defs: 12102000
16:49:21.547 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:49:21.553 Disk 0 Vendor: WDC_WD5000BEVT-60A0RT0 02.01A02 Size: 476940MB BusType: 11
16:49:21.714 Disk 0 MBR read successfully
16:49:21.721 Disk 0 MBR scan
16:49:21.733 Disk 0 Windows 7 default MBR code
16:49:21.842 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
16:49:21.858 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 453219 MB offset 409600
16:49:21.903 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 23417 MB offset 928602112
16:49:21.919 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
16:49:22.079 Disk 0 scanning C:\Windows\system32\drivers
16:50:11.446 Service scanning
16:52:42.670 Modules scanning
16:52:42.690 Disk 0 trace - called modules:
16:52:43.062 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
16:52:43.067 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004313610]
16:52:43.072 3 CLASSPNP.SYS[fffff8800107543f] -> nt!IofCallDriver -> [0xfffffa8004312270]
16:52:43.078 5 hpdskflt.sys[fffff880017f0289] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004298560]
16:53:09.725 AVAST engine scan C:\Windows
16:53:33.749 AVAST engine scan C:\Windows\system32
17:01:44.954 AVAST engine scan C:\Windows\system32\drivers
17:02:37.609 AVAST engine scan C:\Users\Zenni
17:07:32.288 AVAST engine scan C:\ProgramData
17:10:00.493 Scan finished successfully
17:26:44.398 Disk 0 MBR has been saved successfully to "C:\Users\Zenni\Desktop\MBR.dat"
17:26:44.404 The log file has been saved successfully to "C:\Users\Zenni\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:42 AM

Posted 20 October 2012 - 04:40 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Spoelker

Spoelker
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 20 October 2012 - 05:03 PM

Gringo:

Finished

ComboFix 12-10-19.01 - Zenni 10/20/2012 17:50:00.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2374 [GMT -4:00]
Running from: c:\users\Zenni\Desktop\ComboFix.exe
Command switches used :: c:\users\Zenni\Desktop\cfscript.txt
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-20 to 2012-10-20 )))))))))))))))))))))))))))))))
.
.
2012-10-20 21:58 . 2012-10-20 21:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-20 21:48 . 2012-10-20 21:48 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7313320F-6CD8-4D2D-BAE3-2AE7EA678E44}\offreg.dll
2012-10-20 15:47 . 2012-10-17 06:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7313320F-6CD8-4D2D-BAE3-2AE7EA678E44}\mpengine.dll
2012-10-20 15:47 . 2012-05-31 16:25 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-10-20 15:10 . 2012-10-20 15:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-20 08:04 . 2012-10-20 08:04 -------- d-----w- C:\FRST
2012-10-14 19:35 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-14 19:35 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-14 19:35 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-14 19:35 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-14 19:31 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-14 19:31 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-14 19:30 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-14 19:30 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-14 19:30 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-14 19:30 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-14 19:30 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-14 19:30 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-14 16:45 . 2012-10-14 16:45 -------- d-----w- c:\windows\Sun
2012-09-25 22:13 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-15 14:17 . 2011-05-12 18:17 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-29 23:54 . 2011-02-17 13:01 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-22 18:12 . 2012-09-11 20:25 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-11 20:25 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-11 20:25 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-11 20:25 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-20 17:38 . 2012-10-14 19:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-11 20:25 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-11 20:25 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{56E4076B-A42B-4745-BA35-34DA8AC4C2F2}]
c:\program files (x86)\EpicPlay\epicPlayGames.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{B6EF6C45-5E8D-4c3b-B580-A5073261A381}]
2011-11-03 17:43 528216 ----a-w- c:\program files (x86)\RewardsArcadeSuite\RewardsArcadeSuite.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{C4AB9871-2F1A-123B-BFB7-22B1C71D9807}]
c:\programdata\ADDICT-THING\bhoclass.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Zenni\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-11 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-30 98304]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-09-29 584760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"NACAgentUI"="c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2011-09-01 540088]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-9-28 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 CLKMSVC10_C6F09094;CyberLink Product - 2011/01/17 00:56;c:\program files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2010-09-21 245232]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 WebOptimizer;WebOptimizer;c:\windows\system32\dmwu.exe [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-09-15 239136]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-09-15 344680]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-21 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [2011-01-27 450680]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [2011-03-15 912504]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx64.sys [2011-02-25 1124472]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110415.003\IDSvia64.sys [2011-03-14 476792]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [2011-01-27 171128]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [2011-04-21 386168]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2010-09-14 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-08 203264]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-09-17 92216]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-06-15 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-09-29 26680]
S2 NACAgent;Cisco NAC Agent;c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [2011-09-01 1233848]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [2011-04-17 130008]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-08 7767552]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-08 279040]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [2010-09-04 31088]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-02-17 132656]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-10-08 38528]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 45210080
*NewlyCreated* - ASWMBR
*NewlyCreated* - WS2IFSL
*Deregistered* - 45210080
*Deregistered* - aswMBR
*Deregistered* - CLKMDRV10_C6F09094
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1301458492-3097864153-2210454754-1000Core.job
- c:\users\Zenni\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-10 22:21]
.
2012-10-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1301458492-3097864153-2210454754-1000UA.job
- c:\users\Zenni\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-10 22:21]
.
2012-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1301458492-3097864153-2210454754-1000Core.job
- c:\users\Zenni\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-28 20:50]
.
2012-10-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1301458492-3097864153-2210454754-1000UA.job
- c:\users\Zenni\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-28 20:50]
.
2012-09-22 c:\windows\Tasks\HPCeeScheduleForZENNI-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-09-14 487424]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-01 611896]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences Pro\FencesMenu64.dll" [2010-09-16 464744]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 0.0.0.0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
AddRemove-EpicPlay - c:\program files (x86)\EpicPlay\epicRemoval.exe
AddRemove-{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8} - c:\program files (x86)\InstallShield Installation Information\{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-20 18:01:42
ComboFix-quarantined-files.txt 2012-10-20 22:01
ComboFix2.txt 2012-10-20 19:23
.
Pre-Run: 351,278,903,296 bytes free
Post-Run: 351,340,347,392 bytes free
.
- - End Of File - - FF59858F9D8798ED28F9E26494AC63CB

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:42 AM

Posted 20 October 2012 - 05:55 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Spoelker

Spoelker
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 21 October 2012 - 12:09 AM

Gringo:

The latest iteration. Again, thanks for your help



Update for Microsoft Office 2007 (KB2508958)
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.5.0 MUI
Adobe Shockwave Player 11.5
Agatha Christie - Peril at End House
Age of Empires III
Atheros Driver Installation Program
Bejeweled 2 Deluxe
Best Buy pc app
Bing Rewards Client Installer
Blackhawk Striker 2
Blasterball 3
Blio
Bootstrapper
Bounce Symphony
Build-a-lot 2
Cake Mania
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco NAC Agent
Cisco PEAP Module
CyberLink DVD Suite
D3DX10
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
DVD Menu Pack for HP MediaSmart Video
Empire: Total War
Energy Star Digital Logo
EpicPlay
Escape Rosecliff Island
ESU for Microsoft Windows 7
Facebook Video Calling 1.2.0.159
Farm Frenzy
FATE
Fences Pro
Final Drive Nitro
Google Chrome
Google Talk Plugin
Heroes of Hellas 2 - Olympia
HP CloudDrive
HP Customer Experience Enhancements
HP Documentation
HP DVB-T TV Tuner 8.0.64.43
HP Game Console
HP Games
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart Video
HP MediaSmart Webcam
HP MediaSmart/TouchSmart Netflix
HP MovieStore
HP Photo Creations
HP Power Manager
HP Quick Launch
HP Setup
HP Setup Manager
HP Software Framework
HP Support Assistant
HPAsset component for HP Active Support Library
Hulu Desktop
IDT Audio
Java Auto Updater
Java™ 6 Update 31
Jewel Quest Solitaire 2
Junk Mail filter update
LabelPrint
Malwarebytes Anti-Malware version 1.65.1.1000
Medieval - Total War ™ - Viking Invasion ™
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
Minitab 16
Minitab Software Update Manager
Minitab16
Movie Theme Pack for HP MediaSmart Video
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - The London Caper
Nexuiz
Norton Internet Security
Norton Online Backup
Penguins!
PhotoNow!
PictureMover
Plants vs. Zombies
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
Realtek Ethernet Controller Driver For Windows 7
Realtek USB 2.0 Card Reader
Recovery Manager
RewardsArcadeSuite
Rome - Total War
RoxioNow Player
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
SoftwareManager
Steam
Stronghold Crusader
Times Reader
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Virtual Families
Virtual Villagers 4 - The Tree of Life
Wheel of Fortune 2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Xvid 1.2.2 final uninstall
Yahoo! Software Update
Yahoo! Toolbar
Zuma Deluxe

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:42 AM

Posted 21 October 2012 - 12:18 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.5.0 MUI
Bing Rewards Client Installer
EpicPlay
Java™ 6 Update 31
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Spoelker

Spoelker
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 21 October 2012 - 01:08 AM

Here's the next wave Gringo. Right now, the computer is running fine with no problems.






Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.20.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Zenni :: ZENNI-HP [administrator]

10/21/2012 1:46:51 AM
mbam-log-2012-10-21 (01-46-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206333
Time elapsed: 10 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:06:10 AM, on 10/21/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Users\Zenni\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zenni\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zenni\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zenni\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zenni\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zenni\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zenni\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zenni\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zenni\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zenni\Downloads\HijackThis (1).exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: EpicPlay Games - {56E4076B-A42B-4745-BA35-34DA8AC4C2F2} - C:\Program Files (x86)\EpicPlay\epicPlayGames.dll (file missing)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: RewardsArcadeSuite - {B6EF6C45-5E8D-4c3b-B580-A5073261A381} - C:\Program Files (x86)\RewardsArcadeSuite\RewardsArcadeSuite.dll
O2 - BHO: ADDICT-THING - {C4AB9871-2F1A-123B-BFB7-22B1C71D9807} - C:\ProgramData\ADDICT-THING\bhoclass.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [NACAgentUI] C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Zenni\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: CyberLink Product - 2011/01/17 00:56:10 (CLKMSVC10_C6F09094) - CyberLink - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Cisco NAC Agent (NACAgent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxioNow Service - Roxio - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WebOptimizer - Unknown owner - C:\Windows\system32\dmwu.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10735 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users