Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected - dllhost.exe & fff5see virus


  • This topic is locked This topic is locked
26 replies to this topic

#1 donjusto4

donjusto4

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:44 AM

Posted 27 September 2014 - 12:39 AM

Hi,

 

Our computer recently and very suddenly started having problems.  Once our computer is connected to the internet, Malwarebytes constantly shows a pop up in the bottom right corner indicating that a malicious website was blocked.  This website is usually fff5see.com, IP 31.184.192.90, but is also others such as the-search-panet.info.  At the same time, the computer gets very slow and usually crashes becaue there are 10-20+ dllhost.exe COM Surrogate processes running.  Virus scanner removed some trojans, but now is not finding anything.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16575  BrowserJavaVersion: 1.6.0_31
Run by The Lightfoots at 0:12:58 on 2014-09-27
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.4057.1530 [GMT -5:00]
.
AV: Trend Micro Titanium Antivirus+ *Enabled/Updated* {5D349EF8-873B-C657-917F-F1D93E101A7C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Trend Micro Titanium Antivirus+ *Enabled/Updated* {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Windows\SysWOW64\atashost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Windows\system32\lxcycoms.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe
C:\Program Files (x86)\Lexmark 3400 Series\ezprint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe
C:\Program Files (x86)\Lexmark 3400 Series\ezprint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATICKA.EXE
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Windows\syswow64\dllhost.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [SightSpeed] "C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe" -bootmode
uRun: [EPSON Stylus Photo R280 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATICKA.EXE /FU "C:\Windows\TEMP\E_SA151.tmp" /EF "HKCU"
uRun: [ISUSPM Startup] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
uRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Uploader] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
mRun: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [FaxCenterServer] "C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe" /s
mRun: [CarboniteSetupLite] "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
mRun: [QuickFinder Scheduler] "C:\Program Files (x86)\WordPerfect Office X3\Programs\QFSCHD130.EXE"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [DBAgent] "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
StartupFolder: C:\Users\THELIG~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\THELIG~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open with WordPerfect - C:\Program Files (x86)\WordPerfect Office X3\Programs\WPLauncher.hta
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://jran.uscourts.gov/whalecomec3faf80722ce693d327d8ef3d563b8c7d7dec09fc/whalecom0/iNotes6W.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://hyvee.lifepics.com/NET/Uploader/LPUploader57.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} - hxxp://samsclubus.pnimedia.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{111A1043-BCE0-47EA-956E-917901BF5DDB} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C5BCC699-1B5F-4B78-AB2D-EFE3E96CCDC5} : DHCPNameServer = 74.84.103.202
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll
AppInit_DLLs= C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
x64-mStart Page = about:blank
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
x64-Run: [lxcymon.exe] "C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe"
x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark 3400 Series\ezprint.exe"
x64-Run: [LXCYCATS] rundll32 C:\Windows\System32\spool\DRIVERS\x64\3\LXCYtime.dll,RunDLLEntry
x64-Run: [SysTrayApp] C:\Program Files (x86)\IDT\WDM\sttray64.exe
x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
x64-mPolicies-System: ConsentPromptBehaviorUser = dword:3
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - LocalServer32 - <no file>
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\The Lightfoots\AppData\Roaming\Mozilla\Firefox\Profiles\fd6qh7kn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DCF2DF&PC=DCF2&q=
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=164&systemid=406&sr=0&q=
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\firefoxextension\components\TmFFEx6.dll
FF - component: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\firefoxextension\components\TmFFExt.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\The Lightfoots\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\The Lightfoots\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - plugin: C:\Users\The Lightfoots\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Users\The Lightfoots\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: C:\Users\The Lightfoots\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll
FF - plugin: C:\Users\The Lightfoots\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
FF - ExtSQL: !HIDDEN! 2009-06-24 17:58; {20a82645-c095-46ed-80e3-08825760534b}; c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-3-29 53488]
R0 TMEBC;TMEBC;C:\Windows\System32\drivers\TMEBC64.sys [2013-9-24 50976]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2010-7-14 87600]
R1 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2013-9-24 85936]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe [2009-3-30 88576]
R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2013-9-24 305760]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2012-12-20 137384]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-9-23 155648]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-9-24 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-9-24 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-9-24 64216]
R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;C:\Windows\System32\drivers\OA009Ufd.sys [2009-3-30 168864]
R3 OA009Vid;Creative Camera OA009 Function Driver;C:\Windows\System32\drivers\OA009Vid.sys [2009-3-30 307456]
R3 tmeevw;tmeevw;C:\Windows\System32\drivers\tmeevw.sys [2013-9-24 100640]
R3 tmnciesc;tmnciesc;C:\Windows\System32\drivers\tmnciesc.sys [2013-9-24 303392]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2009-3-30 392192]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 FlyUsb;FLY Fusion;C:\Windows\System32\drivers\FlyUsb.sys [2012-9-28 24576]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2014-8-15 90776]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2014-09-27 04:45:11    122584    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-24 18:03:46    231960    ----a-w-    C:\Windows\RegBootClean64.exe
2014-09-23 19:30:27    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-23 19:30:27    701104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-10 08:02:39    101694776    ----a-w-    C:\Windows\System32\mrt.exe
2014-09-09 06:40:37    2048    ----a-w-    C:\Windows\System32\tzres.dll
2014-09-09 06:24:46    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2014-08-23 01:05:12    304128    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2014-08-23 00:42:45    390144    ----a-w-    C:\Windows\System32\gdi32.dll
2014-08-22 23:38:23    2782208    ----a-w-    C:\Windows\System32\win32k.sys
2014-08-15 15:48:56    17868288    ----a-w-    C:\Windows\System32\mshtml.dll
2014-08-15 15:36:31    10920960    ----a-w-    C:\Windows\System32\ieframe.dll
2014-08-15 15:35:56    2339328    ----a-w-    C:\Windows\System32\jscript9.dll
2014-08-15 15:31:44    1384960    ----a-w-    C:\Windows\System32\urlmon.dll
2014-08-15 15:31:16    1392128    ----a-w-    C:\Windows\System32\wininet.dll
2014-08-15 15:30:08    599040    ----a-w-    C:\Windows\System32\vbscript.dll
2014-08-15 15:30:06    816640    ----a-w-    C:\Windows\System32\jscript.dll
2014-08-15 15:30:00    1494016    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-08-15 15:29:52    237056    ----a-w-    C:\Windows\System32\url.dll
2014-08-15 15:29:49    2156032    ----a-w-    C:\Windows\System32\iertutil.dll
2014-08-15 15:29:45    85504    ----a-w-    C:\Windows\System32\jsproxy.dll
2014-08-15 15:29:33    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-08-15 15:29:25    729088    ----a-w-    C:\Windows\System32\msfeeds.dll
2014-08-15 15:29:14    453120    ----a-w-    C:\Windows\System32\dxtmsft.dll
2014-08-15 15:29:08    282112    ----a-w-    C:\Windows\System32\dxtrans.dll
2014-08-15 15:29:03    55296    ----a-w-    C:\Windows\System32\msfeedsbs.dll
2014-08-15 15:29:01    96768    ----a-w-    C:\Windows\System32\mshtmled.dll
2014-08-15 15:28:56    11264    ----a-w-    C:\Windows\System32\msfeedssync.exe
2014-08-15 15:28:53    248320    ----a-w-    C:\Windows\System32\ieui.dll
2014-08-15 15:28:50    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-08-15 15:28:47    12800    ----a-w-    C:\Windows\System32\mshta.exe
2014-08-15 14:51:34    12363264    ----a-w-    C:\Windows\SysWow64\mshtml.dll
2014-08-15 14:42:27    1810432    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-08-15 14:42:11    9739776    ----a-w-    C:\Windows\SysWow64\ieframe.dll
2014-08-15 14:37:24    1137664    ----a-w-    C:\Windows\SysWow64\urlmon.dll
2014-08-15 14:37:03    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-08-15 14:36:30    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-08-15 14:35:56    1802240    ----a-w-    C:\Windows\SysWow64\iertutil.dll
2014-08-15 14:35:47    421376    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-08-15 14:35:46    231936    ----a-w-    C:\Windows\SysWow64\url.dll
2014-08-15 14:35:41    65024    ----a-w-    C:\Windows\SysWow64\jsproxy.dll
2014-08-15 14:35:35    717824    ----a-w-    C:\Windows\SysWow64\jscript.dll
2014-08-15 14:35:34    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-08-15 14:35:21    607744    ----a-w-    C:\Windows\SysWow64\msfeeds.dll
2014-08-15 14:35:14    223232    ----a-w-    C:\Windows\SysWow64\dxtrans.dll
2014-08-15 14:35:13    353792    ----a-w-    C:\Windows\SysWow64\dxtmsft.dll
2014-08-15 14:35:07    41472    ----a-w-    C:\Windows\SysWow64\msfeedsbs.dll
2014-08-15 14:34:55    73216    ----a-w-    C:\Windows\SysWow64\mshtmled.dll
2014-08-15 14:34:53    10752    ----a-w-    C:\Windows\SysWow64\msfeedssync.exe
2014-08-15 14:34:49    11776    ----a-w-    C:\Windows\SysWow64\mshta.exe
2014-08-15 14:34:48    176640    ----a-w-    C:\Windows\SysWow64\ieui.dll
2014-08-15 14:34:47    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-07-25 07:35:46    875688    ----a-w-    C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 04:47:06    869544    ----a-w-    C:\Windows\System32\msvcr120_clr0400.dll
.
============= FINISH:  0:19:21.41 ===============
 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:44 PM

Posted 27 September 2014 - 02:00 PM

Hi there,

please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 donjusto4

donjusto4
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:44 AM

Posted 27 September 2014 - 08:10 PM

Hi aharonov,

 

I completed the FRST scan.  The results are below.   Thanks.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2014
Ran by The Lightfoots (administrator) on THELIGHTFOOT-PC on 27-09-2014 20:00:21
Running from C:\Users\The Lightfoots\Desktop
Loaded Profiles: The Lightfoots & User Account (Available profiles: The Lightfoots & User Account & Account3)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
() C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe
(Lexmark International Inc.) C:\Program Files (x86)\Lexmark 3400 Series\ezprint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Creative Technology Ltd.) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
() C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe
(Lexmark International Inc.) C:\Program Files (x86)\Lexmark 3400 Series\ezprint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATICKA.EXE
(Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [272896 2008-09-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [4119552 2008-12-22] (Dell Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [2115664 2009-01-09] (Dell Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-05-07] (Intel Corporation)
HKLM\...\Run: [lxcymon.exe] => C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe [291504 2007-06-25] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark 3400 Series\ezprint.exe [82608 2007-06-25] (Lexmark International Inc.)
HKLM\...\Run: [LXCYCATS] => rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\LXCYtime.dll,RunDLLEntry                                                                                                                                (the data entry has 59 more characters).
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [462336 2008-12-14] (IDT, Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [229824 2013-10-09] (Trend Micro Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe [446635 2008-06-03] (Creative Technology Ltd.)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128296 2008-05-23] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [FaxCenterServer] => C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe [295600 2007-06-25] ()
HKLM-x32\...\Run: [CarboniteSetupLite] => C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe [283792 2010-03-09] (Carbonite, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-03-17] (Apple Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [QuickFinder Scheduler] => C:\Program Files (x86)\WordPerfect Office X3\Programs\QFSCHD130.EXE [77892 2005-12-01] (Corel Corporation)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [304568 2010-10-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [298376 2012-09-28] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1519176 2014-04-30] (Seagate Technology LLC)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1705635383-1763614354-1011035987-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3882312 2008-12-02] (Microsoft Corporation)
HKU\S-1-5-21-1705635383-1763614354-1011035987-1000\...\Run: [SightSpeed] => C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe [4823928 2008-12-17] (Dell Inc. and SightSpeed Inc.)
HKU\S-1-5-21-1705635383-1763614354-1011035987-1000\...\Run: [EPSON Stylus Photo R280 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICKA.EXE [213504 2007-04-13] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1705635383-1763614354-1011035987-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-11] (Macrovision Corporation)
HKU\S-1-5-21-1705635383-1763614354-1011035987-1000\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [86960 2006-09-11] (Macrovision Corporation)
HKU\S-1-5-21-1705635383-1763614354-1011035987-1000\...\Run: [DW6] => "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
HKU\S-1-5-21-1705635383-1763614354-1011035987-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1705635383-1763614354-1011035987-1000\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [126056 2014-04-30] (Seagate Technology LLC)
HKU\S-1-5-21-1705635383-1763614354-1011035987-1000\...\MountPoints2: {1ce42771-e77c-11e1-b90f-0023ae27e448} - D:\Imageviewer.exe
HKU\S-1-5-21-1705635383-1763614354-1011035987-1000\...\MountPoints2: {e4b5c9c1-d997-11df-82cd-0023ae27e448} - D:\LaunchU3.exe -a
HKU\S-1-5-21-1705635383-1763614354-1011035987-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-1705635383-1763614354-1011035987-1000\$0a84ff45e90ff7518a2f13a7bfd2ba35\n. ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-1705635383-1763614354-1011035987-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
AppInit_DLLs-x32: C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll => "C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll" File Not Found
AppInit_DLLs-x32:  C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll => "C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll" File Not Found
Startup: C:\Users\Account3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\The Lightfoots\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\The Lightfoots\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\User Account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=164&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=164&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=164&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=164&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - DefaultScope {74FDB083-C3C7-43DA-B583-201F9F3E1AD6} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {5B988F9F-3CFB-489E-B481-A5024E70C759} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=992732&p={searchTerms}
SearchScopes: HKCU - {74FDB083-C3C7-43DA-B583-201F9F3E1AD6} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll (Trend Micro Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll (Trend Micro Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {3BFFE033-BF43-11D5-A271-00A024A51325} https://jran.uscourts.gov/whalecomec3faf80722ce693d327d8ef3d563b8c7d7dec09fc/whalecom0/iNotes6W.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: HKLM-x32 {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} http://hyvee.lifepics.com/NET/Uploader/LPUploader57.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://samsclubus.pnimedia.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} -  No File
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll (Trend Micro Inc.)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\The Lightfoots\AppData\Roaming\Mozilla\Firefox\Profiles\fd6qh7kn.default
FF DefaultSearchEngine: Search Results
FF SearchEngineOrder.1: Search Results
FF SelectedSearchEngine: Search Results
FF Homepage: www.google.com
FF Keyword.URL: hxxp://dts.search-results.com/sr?src=ffb&appid=164&systemid=406&sr=0&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.1 -> C:\Users\The Lightfoots\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\The Lightfoots\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF Plugin HKCU: @movenetworks.com/Quantum Media Player -> C:\Users\The Lightfoots\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\The Lightfoots\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\The Lightfoots\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\The Lightfoots\AppData\Roaming\Mozilla\Firefox\Profiles\fd6qh7kn.default\searchplugins\Search_Results.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\The Lightfoots\AppData\Roaming\Mozilla\Firefox\Profiles\fd6qh7kn.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-02-13]
FF Extension: Skype extension for Firefox - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-09-18]
FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension [2014-09-25]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-25]
FF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2013-08-23]
FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension [2014-04-24]
FF HKCU\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Users\The Lightfoots\AppData\Roaming\Move Networks
FF Extension: Move Media Player - C:\Users\The Lightfoots\AppData\Roaming\Move Networks [2009-06-01]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1135\8.0.1135\chrome_tmbep.crx []

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe [88576 2008-12-14] (Andrea Electronics Corporation)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-09-23] (Stardock Corporation) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-05-21] (Hewlett-Packard Company)
S2 lxcy_device; C:\Windows\system32\lxcycoms.exe [566448 2007-06-20] ( )
S2 lxcy_device; C:\Windows\SysWOW64\lxcycoms.exe [537264 2007-06-20] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 RosettaStoneDaemon; C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [444224 2009-09-03] (Rosetta Stone Ltd.) [File not signed]
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-04-30] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157264 2014-04-30] (Seagate Technology LLC)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe [281600 2008-12-14] (IDT, Inc.)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [3051520 2008-12-22] (Dell Inc.) [File not signed]
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
R2 yksvc; RUNDLL32.EXE ykx64coinst,serviceStartProc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2012-09-28] (LeapFrog)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
U4 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-27] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 OA009Ufd; C:\Windows\System32\DRIVERS\OA009Ufd.sys [168864 2008-09-03] (Creative Technology Ltd.)
R3 OA009Vid; C:\Windows\System32\DRIVERS\OA009Vid.sys [307456 2008-09-03] (Creative Technology Ltd.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [117312 2013-12-03] (Trend Micro Inc.)
R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [283160 2013-12-03] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [50976 2013-07-01] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [100640 2013-06-13] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [85936 2013-12-03] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [303392 2013-05-15] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2011-08-22] (Trend Micro Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U2 TMAgent; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-27 20:00 - 2014-09-27 20:01 - 00038269 _____ () C:\Users\The Lightfoots\Desktop\FRST.txt
2014-09-27 19:59 - 2014-09-27 20:00 - 00000000 ____D () C:\FRST
2014-09-27 19:58 - 2014-09-27 19:58 - 02108928 _____ (Farbar) C:\Users\The Lightfoots\Desktop\FRST64.exe
2014-09-27 19:54 - 2014-09-27 19:55 - 01100288 _____ (Farbar) C:\Users\The Lightfoots\Desktop\FRST.exe
2014-09-27 00:21 - 2014-09-27 00:21 - 00010469 _____ () C:\Users\The Lightfoots\Desktop\attach.txt
2014-09-27 00:21 - 2014-09-27 00:19 - 00030351 _____ () C:\Users\The Lightfoots\Desktop\dds.txt
2014-09-27 00:09 - 2014-09-27 00:10 - 00688992 ____R (Swearware) C:\Users\The Lightfoots\Downloads\dds.com
2014-09-26 21:25 - 2014-09-26 21:25 - 00000000 ____D () C:\Users\User Account\AppData\Roaming\Adobe
2014-09-26 21:25 - 2014-09-26 21:25 - 00000000 ____D () C:\Users\User Account\AppData\Local\Macromedia
2014-09-26 21:24 - 2014-09-26 21:24 - 00000000 ____D () C:\Users\User Account\AppData\Roaming\Mozilla
2014-09-26 21:24 - 2014-09-26 21:24 - 00000000 ____D () C:\Users\User Account\AppData\Roaming\Dell
2014-09-26 21:24 - 2014-09-26 21:24 - 00000000 ____D () C:\Users\User Account\AppData\Local\Mozilla
2014-09-26 21:23 - 2014-09-26 21:23 - 00000000 ____D () C:\Users\User Account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Antivirus+
2014-09-26 21:22 - 2014-09-26 21:22 - 00000000 ____D () C:\Users\User Account\Documents\Dell WebCam Central
2014-09-26 21:22 - 2014-09-26 21:22 - 00000000 ____D () C:\Users\User Account\AppData\Roaming\ICAClient
2014-09-26 21:22 - 2014-09-26 21:22 - 00000000 ____D () C:\Users\User Account\AppData\Roaming\FaxCtr
2014-09-26 21:22 - 2014-09-26 21:22 - 00000000 ____D () C:\Users\User Account\AppData\Roaming\Apple Computer
2014-09-26 21:22 - 2014-09-26 21:22 - 00000000 ____D () C:\Users\User Account\AppData\Local\PowerDVD DX
2014-09-26 21:22 - 2014-09-26 21:22 - 00000000 ____D () C:\Users\User Account\AppData\Local\Citrix
2014-09-26 21:22 - 2014-09-26 21:22 - 00000000 ____D () C:\Users\User Account\AppData\Local\ArcSoft
2014-09-26 21:21 - 2014-09-26 21:22 - 00000000 ____D () C:\Users\User Account\AppData\Roaming\ArcSoft
2014-09-26 21:21 - 2014-09-26 21:21 - 00111760 _____ () C:\Users\User Account\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-26 21:21 - 2014-09-26 21:21 - 00001022 _____ () C:\Users\User Account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-26 21:21 - 2014-09-26 21:21 - 00001017 _____ () C:\Users\User Account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-09-26 21:21 - 2014-09-26 21:21 - 00000992 _____ () C:\Users\User Account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-09-26 21:21 - 2014-09-26 21:21 - 00000958 _____ () C:\Users\User Account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-09-26 21:20 - 2014-09-26 21:22 - 00000000 ____D () C:\Users\User Account\AppData\Local\VirtualStore
2014-09-26 21:20 - 2014-09-26 21:21 - 00000000 ____D () C:\Users\User Account
2014-09-26 21:20 - 2014-09-26 21:20 - 00000020 ___SH () C:\Users\User Account\ntuser.ini
2014-09-26 21:20 - 2009-11-30 12:38 - 00000000 ____D () C:\Users\User Account\AppData\Roaming\Macromedia
2014-09-26 21:20 - 2009-05-12 09:03 - 00000000 ____D () C:\Users\User Account\AppData\Local\Microsoft Help
2014-09-26 21:20 - 2008-01-20 22:20 - 00000000 ___RD () C:\Users\User Account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-26 21:20 - 2008-01-20 22:20 - 00000000 ___RD () C:\Users\User Account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-25 22:03 - 2014-09-25 22:03 - 00000000 ____D () C:\Users\Account3\AppData\Roaming\Dell
2014-09-25 21:59 - 2014-09-25 21:59 - 00000000 ____D () C:\Users\Account3\AppData\Roaming\ICAClient
2014-09-25 21:59 - 2014-09-25 21:59 - 00000000 ____D () C:\Users\Account3\AppData\Local\ArcSoft
2014-09-25 21:58 - 2014-09-25 21:59 - 00000000 ____D () C:\Users\Account3\AppData\Roaming\ArcSoft
2014-09-25 21:58 - 2014-09-25 21:58 - 00000000 ____D () C:\Users\Account3\AppData\Roaming\FaxCtr
2014-09-25 21:58 - 2014-09-25 21:58 - 00000000 ____D () C:\Users\Account3\AppData\Roaming\Apple Computer
2014-09-25 21:58 - 2014-09-25 21:58 - 00000000 ____D () C:\Users\Account3\AppData\Local\PowerDVD DX
2014-09-25 21:58 - 2014-09-25 21:58 - 00000000 ____D () C:\Users\Account3\AppData\Local\Citrix
2014-09-25 21:57 - 2014-09-25 21:57 - 00111760 _____ () C:\Users\Account3\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-25 21:57 - 2014-09-25 21:57 - 00000992 _____ () C:\Users\Account3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-09-25 21:56 - 2014-09-25 21:58 - 00000000 ____D () C:\Users\Account3\AppData\Local\VirtualStore
2014-09-25 21:56 - 2014-09-25 21:57 - 00001022 _____ () C:\Users\Account3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-25 21:56 - 2014-09-25 21:57 - 00000958 _____ () C:\Users\Account3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-09-25 21:56 - 2014-09-25 21:56 - 00001017 _____ () C:\Users\Account3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-09-25 21:53 - 2014-09-25 21:56 - 00000000 ____D () C:\Users\Account3
2014-09-25 21:53 - 2014-09-25 21:53 - 00000020 ___SH () C:\Users\Account3\ntuser.ini
2014-09-25 21:53 - 2009-11-30 12:38 - 00000000 ____D () C:\Users\Account3\AppData\Roaming\Macromedia
2014-09-25 21:53 - 2009-05-12 09:03 - 00000000 ____D () C:\Users\Account3\AppData\Local\Microsoft Help
2014-09-25 21:53 - 2008-01-20 22:20 - 00000000 ___RD () C:\Users\Account3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-25 21:53 - 2008-01-20 22:20 - 00000000 ___RD () C:\Users\Account3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-25 21:15 - 2014-09-25 21:17 - 00002010 _____ () C:\Users\The Lightfoots\Desktop\Rkill.txt
2014-09-25 21:15 - 2014-09-25 21:15 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\The Lightfoots\Downloads\rkill.exe
2014-09-25 21:15 - 2014-09-25 21:15 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\The Lightfoots\Downloads\rkill64.exe
2014-09-25 21:01 - 2014-09-25 21:01 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\The Lightfoots\Downloads\tdsskiller.exe
2014-09-25 03:03 - 2014-09-09 01:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-25 03:03 - 2014-09-09 01:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-24 16:29 - 2014-09-27 08:29 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-24 16:26 - 2014-09-24 16:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-24 16:26 - 2014-09-24 16:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-24 16:26 - 2014-09-24 16:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-24 16:26 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-24 16:26 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-24 16:26 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-24 16:24 - 2014-09-24 16:25 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\The Lightfoots\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-23 19:27 - 2014-09-23 21:40 - 00003806 _____ () C:\Windows\System32\Tasks\The Lightfoots1
2014-09-23 19:27 - 2014-09-23 19:27 - 00003822 _____ () C:\Windows\System32\Tasks\The Lightfoots1 Merge
2014-09-23 19:25 - 2014-09-23 21:41 - 00003804 _____ () C:\Windows\System32\Tasks\The Lightfoots
2014-09-23 19:25 - 2014-09-23 19:25 - 00003820 _____ () C:\Windows\System32\Tasks\The Lightfoots Merge
2014-09-23 19:23 - 2014-09-23 19:23 - 00003556 _____ () C:\Windows\System32\Tasks\The Lightfoots DBAgent 2 0
2014-09-23 19:22 - 2014-09-23 19:22 - 00003568 _____ () C:\Windows\System32\Tasks\Seagate_Install_Launch
2014-09-23 19:20 - 2014-09-23 19:20 - 00000000 ____D () C:\Users\The Lightfoots\AppData\Roaming\Seagate
2014-09-23 19:18 - 2014-09-23 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
2014-09-23 19:18 - 2014-09-23 19:18 - 00000000 ____D () C:\Program Files (x86)\Seagate
2014-09-23 19:10 - 2014-09-23 19:10 - 00000000 ____D () C:\Windows\System32\Tasks\Leader Technologies
2014-09-18 21:38 - 2014-09-24 18:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-10 03:11 - 2014-08-15 10:48 - 17868288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 03:11 - 2014-08-15 10:36 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 03:11 - 2014-08-15 10:35 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 03:11 - 2014-08-15 10:31 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 03:11 - 2014-08-15 10:31 - 01384960 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 03:11 - 2014-08-15 10:30 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 03:11 - 2014-08-15 10:30 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-10 03:11 - 2014-08-15 10:30 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 03:11 - 2014-08-15 10:29 - 02156032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 03:11 - 2014-08-15 10:29 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 03:11 - 2014-08-15 10:29 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 03:11 - 2014-08-15 10:29 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 03:11 - 2014-08-15 10:29 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-09-10 03:11 - 2014-08-15 10:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 03:11 - 2014-08-15 10:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 03:11 - 2014-08-15 10:29 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 03:11 - 2014-08-15 10:29 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-09-10 03:11 - 2014-08-15 10:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 03:11 - 2014-08-15 10:28 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 03:11 - 2014-08-15 10:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-09-10 03:11 - 2014-08-15 10:28 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-09-10 03:11 - 2014-08-15 09:51 - 12363264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 03:11 - 2014-08-15 09:42 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 03:11 - 2014-08-15 09:42 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 03:11 - 2014-08-15 09:37 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 03:11 - 2014-08-15 09:37 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 03:11 - 2014-08-15 09:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 03:11 - 2014-08-15 09:35 - 01802240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 03:11 - 2014-08-15 09:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-09-10 03:11 - 2014-08-15 09:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 03:11 - 2014-08-15 09:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 03:11 - 2014-08-15 09:35 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 03:11 - 2014-08-15 09:35 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-09-10 03:11 - 2014-08-15 09:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 03:11 - 2014-08-15 09:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 03:11 - 2014-08-15 09:35 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 03:11 - 2014-08-15 09:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-09-10 03:11 - 2014-08-15 09:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 03:11 - 2014-08-15 09:34 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 03:11 - 2014-08-15 09:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 03:11 - 2014-08-15 09:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-09-10 03:11 - 2014-08-15 09:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-08-29 03:00 - 2014-08-22 20:05 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-29 03:00 - 2014-08-22 19:42 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-29 03:00 - 2014-08-22 18:38 - 02782208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-27 20:01 - 2013-08-23 09:07 - 00000274 _____ () C:\Windows\Tasks\HP Photo Creations Messager.job
2014-09-27 19:59 - 2009-03-29 16:24 - 01109878 _____ () C:\Windows\WindowsUpdate.log
2014-09-27 19:52 - 2012-05-19 09:10 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-27 19:52 - 2012-05-13 09:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-27 19:51 - 2012-05-19 09:10 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-27 10:29 - 2006-11-02 10:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-27 10:29 - 2006-11-02 10:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-26 23:46 - 2009-04-26 01:10 - 00000000 ____D () C:\Users\The Lightfoots\Tracing
2014-09-26 06:12 - 2011-05-30 18:30 - 01288954 _____ () C:\Windows\PFRO.log
2014-09-26 06:12 - 2006-11-02 10:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-26 06:11 - 2006-11-02 10:42 - 00032652 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-26 06:10 - 2014-06-25 09:06 - 00000000 ____D () C:\Users\The Lightfoots\Desktop\Unused Desktop Items
2014-09-25 08:56 - 2009-04-25 22:17 - 00000000 ____D () C:\Users\The Lightfoots
2014-09-25 04:50 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\rescache
2014-09-24 21:29 - 2010-12-22 23:14 - 00000000 ____D () C:\Program Files (x86)\Ask.com
2014-09-24 18:23 - 2012-05-09 20:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-24 13:03 - 2012-12-29 10:54 - 00231960 _____ () C:\Windows\RegBootClean64.exe
2014-09-24 13:03 - 2009-03-29 22:05 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-09-23 19:23 - 2010-12-22 23:37 - 00000000 ____D () C:\Users\The Lightfoots\AppData\Roaming\Nero
2014-09-23 19:18 - 2010-12-22 23:22 - 00000000 ____D () C:\ProgramData\Nero
2014-09-23 19:11 - 2006-11-02 07:46 - 00775178 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-23 15:06 - 2012-02-15 08:05 - 00003750 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{757AAB00-75CF-4743-B9AE-9B762E0BF178}
2014-09-23 14:30 - 2012-05-13 09:45 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-23 14:30 - 2012-05-13 09:45 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-23 14:30 - 2012-01-03 21:53 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-10 03:21 - 2009-04-25 22:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 03:09 - 2014-02-26 04:08 - 00768982 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 03:07 - 2013-08-15 03:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 03:02 - 2006-11-02 07:35 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-09-08 16:41 - 2010-12-15 23:00 - 00000000 ____D () C:\Users\The Lightfoots\Documents\Justin work
2014-08-31 23:32 - 2006-11-02 10:27 - 00196806 _____ () C:\Windows\setupact.log
2014-08-29 03:19 - 2006-11-02 10:21 - 00403056 _____ () C:\Windows\system32\FNTCACHE.DAT

Files to move or delete:
====================
C:\Users\The Lightfoots\iTunes64Setup.exe


Some content of TEMP:
====================
C:\Users\The Lightfoots\AppData\Local\Temp\atl80.dll
C:\Users\The Lightfoots\AppData\Local\Temp\CarboniteSetupLiteSunPreinstaller.exe
C:\Users\The Lightfoots\AppData\Local\Temp\dsHostCheckerSetup.exe
C:\Users\The Lightfoots\AppData\Local\Temp\dsNcAdmin_inst.dll
C:\Users\The Lightfoots\AppData\Local\Temp\dsNCInst64.exe
C:\Users\The Lightfoots\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\The Lightfoots\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\The Lightfoots\AppData\Local\Temp\FlashPlayerUpdate02.exe
C:\Users\The Lightfoots\AppData\Local\Temp\FlashPlayerUpdate03.exe
C:\Users\The Lightfoots\AppData\Local\Temp\ICSTMP_2272.exe
C:\Users\The Lightfoots\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\The Lightfoots\AppData\Local\Temp\installhelper.dll
C:\Users\The Lightfoots\AppData\Local\Temp\InstallManager_DCF_DCF.exe
C:\Users\The Lightfoots\AppData\Local\Temp\jre-6u13-windows-i586-p-iftw.exe
C:\Users\The Lightfoots\AppData\Local\Temp\jre-6u15-windows-i586-iftw.exe
C:\Users\The Lightfoots\AppData\Local\Temp\jre-6u17-windows-i586-iftw-rv.exe
C:\Users\The Lightfoots\AppData\Local\Temp\jre-6u19-windows-i586-iftw-rv.exe
C:\Users\The Lightfoots\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe
C:\Users\The Lightfoots\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\The Lightfoots\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\The Lightfoots\AppData\Local\Temp\JuniperSetupClientInstaller.exe
C:\Users\The Lightfoots\AppData\Local\Temp\libexpat.dll
C:\Users\The Lightfoots\AppData\Local\Temp\mfc80.dll
C:\Users\The Lightfoots\AppData\Local\Temp\mfc80u.dll
C:\Users\The Lightfoots\AppData\Local\Temp\mfcm80.dll
C:\Users\The Lightfoots\AppData\Local\Temp\mfcm80u.dll
C:\Users\The Lightfoots\AppData\Local\Temp\msvcm80.dll
C:\Users\The Lightfoots\AppData\Local\Temp\msvcp80.dll
C:\Users\The Lightfoots\AppData\Local\Temp\msvcr80.dll
C:\Users\The Lightfoots\AppData\Local\Temp\neoNCSetup64.exe
C:\Users\The Lightfoots\AppData\Local\Temp\nlsdl.dll
C:\Users\The Lightfoots\AppData\Local\Temp\ose00000.exe
C:\Users\The Lightfoots\AppData\Local\Temp\SkypeSetup.exe
C:\Users\The Lightfoots\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\The Lightfoots\AppData\Local\Temp\The_Weather_Channel_Application.exe
C:\Users\The Lightfoots\AppData\Local\Temp\TmDbg64.dll
C:\Users\The Lightfoots\AppData\Local\Temp\_is393C.exe
C:\Users\The Lightfoots\AppData\Local\Temp\_is4A4C.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-25 22:37

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-09-2014
Ran by The Lightfoots at 2014-09-27 20:02:28
Running from C:\Users\The Lightfoots\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro Titanium Antivirus+ (Enabled - Up to date) {5D349EF8-873B-C657-917F-F1D93E101A7C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro Titanium Antivirus+ (Enabled - Up to date) {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1703.41614 - ABBYY Software House)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.8.0.1430 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader 9.5.4 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.4 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version:  - )
Apple Application Support (HKLM-x32\...\{122ADF8C-DDA1-480C-9936-C88F2825B265}) (Version: 2.1.9 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}) (Version: 5.2.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Archive Player (HKLM-x32\...\{90343910-6DC6-44C5-BF18-AC0B696C8384}) (Version: 8.0 - Bosch Security Systems)
ArcSoft PhotoImpression 6 (HKLM-x32\...\{D03E7B00-CA85-4684-9321-1888873C34BD}) (Version: 6 - ArcSoft)
ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version:  - ArcSoft)
ArcSoft Print Creations (HKLM-x32\...\{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}) (Version:  - ArcSoft)
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.6.9.0 - Ask.com) <==== ATTENTION
Bing Bar (HKLM-x32\...\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}) (Version: 7.1.361.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Carbonite Online Backup Setup (HKLM-x32\...\Carbonite Setup Lite) (Version: 3.7.3 - Carbonite Inc.)
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKCU\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.1.0.30 - Citrix Systems, Inc.)
Citrix online plug-in (DV) (x32 Version: 12.1.0.30 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (HDX) (x32 Version: 12.1.0.30 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (USB) (x32 Version: 12.1.0.30 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (Web) (x32 Version: 12.1.0.30 - Citrix Systems, Inc.) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
Cozi (HKLM-x32\...\{7456BBA3-642F-4E59-9F89-7639977D7C39}) (Version: 1.0.3220.15315 - Cozi Group, Inc.)
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.102.115.201 - Alps Electric)
Dell Video Chat (HKLM-x32\...\Dell Video Chat) (Version: 6.0 (6567) - SightSpeed Inc.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version:  - )
Dell Wireless WLAN Card Utility (HKLM\...\Broadcom 802.11 Application) (Version: 5.10.38.30 - Dell Inc.)
DELL0604 (x32 Version: 1.0.0 - WildTangent) Hidden
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
DX Series AVI Codec (HKLM-x32\...\{BA83519E-C201-463E-924C-23324A97F1AF}) (Version: 2.01.0033 - PELCO)
Easy DVD Creator 2.3.0 (HKLM-x32\...\Easy DVD Creator_is1) (Version:  - Ether Software)
EPSON Print CD (HKLM-x32\...\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}) (Version: 1.60.000 - )
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
EPSON R280 User's Guide (HKLM-x32\...\Silent Package Run-Time Sample) (Version:  - )
Facebook Plug-In (HKCU\...\Facebook Plug-In) (Version:  - Facebook, Inc.)
FOX News Live Stream (HKLM-x32\...\FoxPlayerAIR.01F2E49DE175CC541F416F2DF78BDD5E63AD0096.1) (Version: v1.0.562 - UNKNOWN)
FOX News Live Stream (x32 Version: 1.0.562 - UNKNOWN) Hidden
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 4.0.0.320 (HKCU\...\GoToMeeting) (Version:  - )
HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{FB555BCF-9202-4886-9203-88C9A210D727}) (Version: 25.0.571.0 - Hewlett-Packard Co.)
HP Deskjet 3050A J611 series Help (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP Deskjet 3050A J611 series Product Improvement Study (HKLM\...\{710D4D91-1924-4A6B-8659-9CDE02DC7207}) (Version: 25.0.571.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations)
HP Support Solutions Framework (HKLM-x32\...\{D2F04839-0AD0-4F06-A6B5-6DFF05E27B67}) (Version: 11.50.0019 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
Integrated Webcam Driver (1.00.02.0825)   (HKLM\...\Creative OA009) (Version:  - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}) (Version: 10.6.3.25 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.2.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Juniper Networks Cache Cleaner 6.3.0 (HKCU\...\Juniper_Networks_Cache_Cleaner 6.3.0) (Version: 6.3.0.14121 - Juniper Networks)
Juniper Networks Cache Cleaner 6.4.0 (HKCU\...\Juniper_Networks_Cache_Cleaner 6.4.0) (Version: 6.4.0.14919 - Juniper Networks)
Juniper Networks Cache Cleaner 6.5.0 (HKCU\...\Juniper_Networks_Cache_Cleaner 6.5.0) (Version: 6.5.0.15551 - Juniper Networks)
Juniper Networks Host Checker (HKCU\...\Neoteris_Host_Checker) (Version: 6.5.0.15551 - Juniper Networks)
Juniper Networks Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 2.1.3.6931 - Juniper Networks)
Juniper Networks Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Juniper Terminal Services Client (HKCU\...\Juniper_Term_Services) (Version: 6.5.0.15551 - Juniper Networks)
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 4.2.9.15649 - LeapFrog)
LeapFrog Connect (x32 Version: 4.2.9.15649 - LeapFrog) Hidden
LeapFrog Tag Plugin (x32 Version: 4.2.9.15649 - LeapFrog) Hidden
Lexmark 3400 Series (HKLM\...\Lexmark 3400 Series) (Version:  - Lexmark International, Inc.)
Lexmark Fax Solutions (HKLM\...\Lexmark Fax Solutions) (Version:  - )
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.1419.1 - Creative Technology Ltd)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Flight Simulator 2004 A Century of Flight (HKLM-x32\...\Flight Simulator 9.0) (Version: 9.0 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Move Media Player (HKCU\...\Move Media Player) (Version:  - Move Networks)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero BurnLite 10 (HKLM-x32\...\{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}) (Version: 10.0.10600 - Nero AG)
Nero BurnLite 10 (HKLM-x32\...\{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}) (Version: 10.0.10500.5.100 - Nero AG)
Nero Control Center 10 (x32 Version: 10.0.13100.3.1 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.15100.0.1 - Nero AG) Hidden
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Octoshape add-in for Adobe Flash Player (HKCU\...\Octoshape add-in for Adobe Flash Player) (Version:  - )
PowerDVD (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.1 - Dell)
Quickset (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.2.17 - Dell Inc.)
QuickTime (HKLM-x32\...\{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}) (Version: 7.66.71.0 - Apple Inc.)
Rosetta Stone Ltd Services (HKLM-x32\...\{326057C5-6185-4C85-A630-9C2FC2DB3F93}) (Version: 3.2.6 - Rosetta Stone Ltd.)
Roxio Creator Audio (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Roxio Creator DE (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.1 - Roxio) Hidden
Roxio Update Manager (x32 Version: 6.0.0 - Roxio) Hidden
Seagate Dashboard (HKLM-x32\...\{67445E65-3D93-428F-83A5-446F7D02689A}) (Version: 3.1.3.0 - Seagate)
Searchqu Toolbar (HKLM-x32\...\Searchqu Toolbar) (Version: 3.0.0.122191 - Bandoo Media, Inc) <==== ATTENTION
Shopping InContext (HKCU\...\{4E002314-9999-4402-9823-1CB9E6098849}_is1) (Version: 3.2 - In Context Solutions, LLC)
Shutterfly Express Uploader (HKLM-x32\...\com.Shutterfly.ExpressUploader) (Version: 1.2.0.0 - Shutterfly, Inc.)
Shutterfly Express Uploader (x32 Version: 1.2.0 - Shutterfly, Inc.) Hidden
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Trend Micro Titanium (Version: 7.0 - Trend Micro Inc.) Hidden
Trend Micro Titanium Antivirus+ (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 7.0 - Trend Micro Inc.)
TSP_CODEC (HKLM-x32\...\{A90C03D6-08E1-4C59-B93B-6919A6C0AC19}) (Version: 1.00.0000 - Bytescribe)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update Manager (x32 Version: 4.60 - Corel Corporation) Hidden
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) (HKLM-x32\...\TagPlugin) (Version: 4.2.9.15649 - LeapFrog)
VSO Image Resizer 3.0.0.138 (HKLM-x32\...\{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1) (Version: 3.0.0.138 - VSO-Software)
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.0.62 - WildTangent)
Windows Driver Package - LeapFrog (FlyUsb) USB  (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Call (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mail (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8051.1204 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
WordPerfect Office X3 (HKLM-x32\...\{83FBD495-DDF6-4C8D-92D6-10261DD6F6A3}) (Version: 13.0 - Corel Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1705635383-1763614354-1011035987-1000_Classes\CLSID\{037FB476-15E0-4ED1-B11A-E420B750B1A8}\localserver32 -> C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1705635383-1763614354-1011035987-1000_Classes\CLSID\{5AFAFE48-7107-4FE5-B21A-86A4254541DD}\localserver32 -> C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1705635383-1763614354-1011035987-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-1705635383-1763614354-1011035987-1000_Classes\CLSID\{E42CE23D-69F9-480A-A15F-BFF5E4D170C3}\localserver32 -> C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1705635383-1763614354-1011035987-1000_Classes\CLSID\{F1522EC1-F84F-4CE2-A38C-F9384B0DFD41}\localserver32 -> C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1705635383-1763614354-1011035987-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\$Recycle.Bin ()
CustomCLSID: HKU\S-1-5-21-1705635383-1763614354-1011035987-1000_Classes\CLSID\{FFF2D28F-E4EE-44D9-8104-8E71556757F6}\localserver32 -> C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)

==================== Restore Points  =========================

05-09-2014 05:00:02 Scheduled Checkpoint
08-09-2014 02:14:41 Scheduled Checkpoint
08-09-2014 14:31:56 Scheduled Checkpoint
10-09-2014 04:05:03 Scheduled Checkpoint
10-09-2014 08:00:44 Windows Update
11-09-2014 14:39:01 Scheduled Checkpoint
18-09-2014 15:56:17 Scheduled Checkpoint
19-09-2014 15:38:47 Scheduled Checkpoint
20-09-2014 15:49:12 Scheduled Checkpoint
21-09-2014 06:38:55 Scheduled Checkpoint
22-09-2014 14:53:05 Scheduled Checkpoint
23-09-2014 23:20:23 Scheduled Checkpoint
24-09-2014 00:11:19 Installed Microsoft Visual C++ 2005 Redistributable
24-09-2014 00:17:29 Installed Seagate Dashboard.
25-09-2014 08:00:32 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 07:34 - 2006-09-18 16:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0506DB67-8DF1-497E-9731-74A9D70F62D6} - System32\Tasks\Titanium BTC => C:\Program Files\Trend Micro\Titanium\plugin\TMDC\TMDC.exe [2014-08-06] (Trend Micro Inc.)
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {109E76C3-12DD-4AD6-A4A0-F758B9C49155} - System32\Tasks\{D53244DC-C32A-460F-9700-87938779469C} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {175BD448-AEE0-402A-8672-72140E3EDB72} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-19] (Google Inc.)
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {24EE2021-6A9B-463E-8EE3-6DDC6BA07A14} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-19] (Google Inc.)
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {2B522191-531A-4D44-952E-1ECDC69A2FB5} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2014-04-30] (Seagate Technology LLC)
Task: {2F89A576-66AB-4648-912A-BD9708C286EC} - System32\Tasks\The Lightfoots DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2014-04-30] (Seagate Technology LLC)
Task: {3354959E-2324-4FBB-AFFC-045C6EE64135} - System32\Tasks\The Lightfoots => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-04-30] (Seagate Technology LLC)
Task: {39C61474-E188-4CCB-B3D5-1A32CAC0D1FA} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - The Lightfoots => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-20] (Microsoft Corporation)
Task: {4125C440-700B-4489-8306-F5F16980C82D} - System32\Tasks\HP Photo Creations Messager => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2011-02-15] ()
Task: {479C2681-F8FE-4E1E-9758-F23B96A8A207} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {7334D307-C533-49F1-AE83-F4C0E4F9ED86} - System32\Tasks\The Lightfoots1 Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-04-30] (Seagate Technology LLC)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {C167F0DF-21E0-4D6F-97A6-9B545AD00369} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {C3B53AB7-4F5D-4DCC-A966-C856F2B4B90F} - System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-06-08] (Hewlett-Packard Co.)
Task: {CC11C3EF-D278-4A23-80D3-E0E133349C04} - System32\Tasks\The Lightfoots Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-04-30] (Seagate Technology LLC)
Task: {D9AD6A62-EF72-4DEA-B043-867E444CC8AF} - System32\Tasks\Launch BCM WLAN Tray => C:\Windows\system32\WLTRAY.EXE [2008-12-22] (Dell Inc.)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {F0EBCBB2-2B8F-4C01-B60F-E53B6BC9F9AD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FA1291D0-5CF5-4147-B5F4-B049A2CAFDEA} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2010-05-21] () <==== ATTENTION
Task: {FB9FE2FC-376F-4BBF-A0B7-A1CCBC834F17} - System32\Tasks\The Lightfoots1 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-04-30] (Seagate Technology LLC)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Messager.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe

==================== Loaded Modules (whitelisted) =============

2009-03-29 21:45 - 2008-12-22 05:35 - 00032768 _____ () C:\Windows\System32\WLTRYSVC.EXE
2009-03-29 21:45 - 2008-12-22 05:35 - 00057856 _____ () C:\Windows\System32\bcmwlrmt.dll
2009-04-25 23:18 - 2006-11-22 09:21 - 00045056 _____ () C:\Windows\System32\LXPRMON.DLL
2009-04-25 23:17 - 2006-11-22 09:05 - 00012288 _____ () C:\Program Files (x86)\Lexmark Fax Solutions\FxCtrStr.dll
2009-04-25 23:17 - 2006-11-22 09:19 - 00081408 _____ () C:\Program Files (x86)\Lexmark Fax Solutions\ipcmt64.dll
2009-04-25 23:15 - 2007-03-16 05:42 - 00144896 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxcypp6c.dll
2013-09-24 20:55 - 2013-01-15 21:19 - 00048128 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc110-mt-1_49.dll
2013-09-24 20:55 - 2013-04-01 23:25 - 00675840 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll
2013-09-24 20:55 - 2013-01-15 21:23 - 00058368 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc110-mt-1_49.dll
2013-09-24 20:55 - 2012-12-18 15:06 - 01300480 _____ () C:\Program Files\Trend Micro\AMSP\libprotobuf.dll
2013-09-24 20:55 - 2013-01-15 21:19 - 00018944 _____ () C:\Program Files\Trend Micro\AMSP\boost_system-vc110-mt-1_49.dll
2013-09-24 20:39 - 2013-07-23 10:28 - 00247352 _____ () C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll
2009-04-25 23:17 - 2007-06-25 09:34 - 00291504 _____ () C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe
2014-09-10 04:01 - 2014-09-10 04:01 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\c23f14907e2a9d78ea7a4a1f56fbeb95\VistaBridgeLibrary.ni.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-04-25 23:17 - 2006-08-08 14:54 - 00278528 _____ () C:\Program Files (x86)\Lexmark 3400 Series\lxcyscw.dll
2009-04-25 23:17 - 2006-02-13 08:04 - 00143360 _____ () C:\Program Files (x86)\Lexmark 3400 Series\lxcydrec.dll
2009-04-25 23:17 - 2006-05-25 15:20 - 00241664 _____ () C:\Program Files (x86)\Lexmark 3400 Series\iptk.dll
2014-09-18 21:38 - 2014-09-24 17:57 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Account3 (S-1-5-21-1705635383-1763614354-1011035987-1002 - Administrator - Enabled) => C:\Users\Account3
Administrator (S-1-5-21-1705635383-1763614354-1011035987-500 - Administrator - Disabled)
Guest (S-1-5-21-1705635383-1763614354-1011035987-501 - Limited - Enabled)
The Lightfoots (S-1-5-21-1705635383-1763614354-1011035987-1000 - Administrator - Enabled) => C:\Users\The Lightfoots
User Account (S-1-5-21-1705635383-1763614354-1011035987-1001 - Administrator - Enabled) => C:\Users\User Account

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/27/2014 10:50:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15662

Error: (09/27/2014 10:50:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15662

Error: (09/27/2014 10:50:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/27/2014 08:48:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application lxcycoms.exe, version 6.4.29.0, time stamp 0x4613cd75, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3d16, exception code 0xc0000005, fault offset 0x0000000000048eb0,
process id 0x914, application start time 0xlxcycoms.exe0.

Error: (09/27/2014 08:28:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21228897

Error: (09/27/2014 08:28:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21228897

Error: (09/27/2014 08:28:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/27/2014 00:05:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16575, time stamp 0x4549b14e, faulting module MSHTML.dll, version 9.0.8112.16575, time stamp 0x53ee1e4f, exception code 0xc0000005, fault offset 0x00260dbe,
process id 0x2a00, application start time 0xiexplore.exe0.

Error: (09/26/2014 09:25:03 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\USER ACCOUNT\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\4ERE6LZ0.DEFAULT\SAFEBROWSING> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (09/26/2014 09:25:03 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\USER ACCOUNT\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\4ERE6LZ0.DEFAULT\SAFEBROWSING> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)


System errors:
=============
Error: (09/27/2014 07:57:34 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (09/27/2014 08:48:21 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: lxcy_device1

Error: (09/26/2014 09:20:02 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}

Error: (09/26/2014 09:19:10 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}

Error: (09/26/2014 06:40:10 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (09/26/2014 06:39:48 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {0228576F-6E6C-4E1A-B175-0E46A316AFE2}

Error: (09/26/2014 06:15:48 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000BITS

Error: (09/26/2014 06:15:34 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {659CDEA7-489E-11D9-A9CD-000D56965251}

Error: (09/26/2014 06:13:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Intel® PRO/1000 NDIS 6 Adapter Driver%%1058

Error: (09/26/2014 06:13:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Intel® PRO/1000 PCI Express Network Connection Driver%%1058


Microsoft Office Sessions:
=========================
Error: (12/09/2011 09:53:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.6546.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 51025 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (12/03/2011 02:50:52 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.6546.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12792 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/29/2010 09:06:57 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 34765 seconds with 540 seconds of active time.  This session ended with a crash.

Error: (08/27/2010 06:17:15 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 29320 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-09-27 20:03:33.087
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-27 20:03:32.460
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-27 20:03:31.910
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-27 20:03:31.188
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-27 20:02:03.592
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-27 20:02:03.167
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-27 20:02:00.587
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-27 20:02:00.112
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-27 20:01:59.512
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-27 20:01:59.086
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T6400 @ 2.00GHz
Percentage of memory in use: 59%
Total physical RAM: 4057.45 MB
Available physical RAM: 1653.2 MB
Total Pagefile: 8290.18 MB
Available Pagefile: 4344.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:94.16 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:6.85 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: E3640451)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=283.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:44 PM

Posted 28 September 2014 - 07:49 AM

Ok, please continue with these steps:


Step 1

Please download this attached Attached File  fixlist.txt   2.1KB   17 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!



Step 3

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#5 donjusto4

donjusto4
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:44 AM

Posted 28 September 2014 - 01:17 PM

I downloaded the fixlist.txt file to my desktop, where the FRST file was.  I tried opening FRST as administrator and hit the "fix" button and everything seemed to work fine for a bit until Trend Micro popped up and told me it deleted the FRST file.  I re-downloaded and tried it again, telling Trend Micro to make an exception for it.  This time, it seems stuck.  It has said "fixing in progress.. please wait" for several hours now.  Is this normal, or should I stop the FRST fix and try it again?

 

Thanks



#6 donjusto4

donjusto4
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:44 AM

Posted 28 September 2014 - 01:33 PM

Ignore previous post.  I found the fixlog file.  I think it finished before trend micro deleted it, or maybe on my second try.  Anyway, I will move on to the next step, and then post all my results.  Thanks.



#7 donjusto4

donjusto4
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:44 AM

Posted 28 September 2014 - 08:37 PM

Here is the Fixlog.txt file:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-09-2014
Ran by The Lightfoots at 2014-09-28 09:05:30 Run:2
Running from C:\Users\The Lightfoots\Desktop
Loaded Profiles: The Lightfoots & User Account &  (Available profiles: The Lightfoots & User Account & Account3)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
HKU\S-1-5-21-1705635383-1763614354-1011035987-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-1705635383-1763614354-1011035987-1000\$0a84ff45e90ff7518a2f13a7bfd2ba35\n. ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-1705635383-1763614354-1011035987-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
AppInit_DLLs-x32: C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll => "C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll" File Not Found
AppInit_DLLs-x32:  C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll => "C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll" File Not Found
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=164&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=164&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=164&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=164&systemid=406&sr=0&q={searchTerms}
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
FF DefaultSearchEngine: Search Results
FF SearchEngineOrder.1: Search Results
FF SelectedSearchEngine: Search Results
FF Keyword.URL: hxxp://dts.search-results.com/sr?src=ffb&appid=164&systemid=406&sr=0&q=
FF SearchPlugin: C:\Users\The Lightfoots\AppData\Roaming\Mozilla\Firefox\Profiles\fd6qh7kn.default\searchplugins\Search_Results.xml
2014-09-24 21:29 - 2010-12-22 23:14 - 00000000 ____D () C:\Program Files (x86)\Ask.com
Task: {FA1291D0-5CF5-4147-B5F4-B049A2CAFDEA} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2010-05-21] () <==== ATTENTION
EmptyTemp:

*****************

Processes closed successfully.
"HKU\S-1-5-21-1705635383-1763614354-1011035987-1000\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}" => Key not found.
"HKU\S-1-5-21-1705635383-1763614354-1011035987-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key not found.
"HKU\S-1-5-21-1705635383-1763614354-1011035987-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.
"C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll" => Value Data not found.
" C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll" => Value Data not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key not found.
"HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key not found.
"HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key not found.
"HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox Keyword.URL deleted successfully.
"C:\Users\The Lightfoots\AppData\Roaming\Mozilla\Firefox\Profiles\fd6qh7kn.default\searchplugins\Search_Results.xml" => not found.
"C:\Program Files (x86)\Ask.com" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA1291D0-5CF5-4147-B5F4-B049A2CAFDEA}" => Key not found.
C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar" => Key not found.
 

 

Here is the ESET result:

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=8c21c38c58d512458a4247c97922ee91
# engine=20340
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-28 09:06:12
# local_time=2014-09-28 04:06:12 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='Trend Micro Titanium Antivirus+'
# compatibility_mode=523 16777213 100 100 21819992 36423450 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 95 149136805 248537078 0 0
# scanned=373996
# found=9
# cleaned=0
# scan_time=7863
sh=E04D9FA1625602DF20A03F8B2DA384B3B1C61035 ft=1 fh=f96c01aa48ca81f1 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Ask.com\SaUpdate.exe"
sh=40E5776A978F6D576041B7288FAE7D1BAC2C908C ft=1 fh=6255ab29f2d81e96 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Ask.com\UpdateTask.exe"
sh=62045F02D57633FD85942779147C8BF730D21F28 ft=1 fh=c71c0011bb0588ee vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Program Files (x86)\WinFF\Installer.exe"
sh=1D8C5E504F276466D049920AFBB5C73D49FCE109 ft=1 fh=faaa2358a63f028e vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Users\The Lightfoots\AppData\Local\AskToolbar\Downloaded Program Files\Nero.dll"
sh=F4C1C0ADCB5D9863434EE5BEBA4C7281FC582ACA ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\The Lightfoots\AppData\Local\Temp\jar_cache2444992816064039236.tmp"
sh=AB7419C74C8749F82BC282F961E98276C2B7B3CA ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\The Lightfoots\AppData\Local\Temp\jar_cache3130465787101946821.tmp"
sh=FE85794311C77D02493EA7DF4E099618854414DB ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\The Lightfoots\AppData\Local\Temp\jar_cache6414360709766327051.tmp"
sh=AB7419C74C8749F82BC282F961E98276C2B7B3CA ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\The Lightfoots\AppData\Local\Temp\~+JF8132704183307429202.tmp"
sh=A2C89907F95DEB77235AFE1067031A9A37A2A255 ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen virus" ac=I fn="C:\Users\The Lightfoots\AppData\Local\Temp\130a8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ETO1HDIB\ed3833f81cc7761ce0608d6e421d9b4bc24230a4[1].htm"
ESETSmartInstaller@High as downloader log:
all ok
 

 

 

Here is the final FRST result:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-09-2014
Ran by The Lightfoots (administrator) on THELIGHTFOOT-PC on 28-09-2014 16:07:52
Running from C:\Users\The Lightfoots\Desktop
Loaded Profiles: The Lightfoots & User Account (Available profiles: The Lightfoots & User Account & Account3)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [272896 2008-09-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [4119552 2008-12-22] (Dell Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [2115664 2009-01-09] (Dell Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-05-07] (Intel Corporation)
HKLM\...\Run: [lxcymon.exe] => C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe [291504 2007-06-25] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark 3400 Series\ezprint.exe [82608 2007-06-25] (Lexmark International Inc.)
HKLM\...\Run: [LXCYCATS] => rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\LXCYtime.dll,RunDLLEntry                                                                                                                                (the data entry has 59 more characters).
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [462336 2008-12-14] (IDT, Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [229824 2013-10-09] (Trend Micro Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe [446635 2008-06-03] (Creative Technology Ltd.)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128296 2008-05-23] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [FaxCenterServer] => C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe [295600 2007-06-25] ()
HKLM-x32\...\Run: [CarboniteSetupLite] => C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe [283792 2010-03-09] (Carbonite, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-03-17] (Apple Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [QuickFinder Scheduler] => C:\Program Files (x86)\WordPerfect Office X3\Programs\QFSCHD130.EXE [77892 2005-12-01] (Corel Corporation)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [304568 2010-10-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [298376 2012-09-28] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1519176 2014-04-30] (Seagate Technology LLC)
HKLM\...\RunOnce: [DCERegBootClean64] => C:\Windows\RegBootClean64.exe [231960 2014-09-28] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1705635383-1763614354-1011035987-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3882312 2008-12-02] (Microsoft Corporation)
HKU\S-1-5-21-1705635383-1763614354-1011035987-1000\...\Run: [SightSpeed] => C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe [4823928 2008-12-17] (Dell Inc. and SightSpeed Inc.)
HKU\S-1-5-21-1705635383-1763614354-1011035987-1000\...\Run: [EPSON Stylus Photo R280 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICKA.EXE [213504 2007-04-13] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1705635383-1763614354-1011035987-1000\...\Run: [ISUSPM Startup] => c:\Program Files (x86)\Common Files\InstallShield\UpdateService\isuspm.exe [249856 2005-08-11] (Macrovision Corporation)
HKU\S-1-5-21-1705635383-1763614354-1011035987-1000\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [86960 2006-09-11] (Macrovision Corporation)
HKU\S-1-5-21-1705635383-1763614354-1011035987-1000\...\Run: [DW6] => "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
HKU\S-1-5-21-1705635383-1763614354-1011035987-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1705635383-1763614354-1011035987-1000\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [126056 2014-04-30] (Seagate Technology LLC)
HKU\S-1-5-21-1705635383-1763614354-1011035987-1000\...\MountPoints2: {1ce42771-e77c-11e1-b90f-0023ae27e448} - D:\Imageviewer.exe
HKU\S-1-5-21-1705635383-1763614354-1011035987-1000\...\MountPoints2: {e4b5c9c1-d997-11df-82cd-0023ae27e448} - D:\LaunchU3.exe -a
Startup: C:\Users\Account3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\The Lightfoots\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\The Lightfoots\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\User Account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {74FDB083-C3C7-43DA-B583-201F9F3E1AD6} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {5B988F9F-3CFB-489E-B481-A5024E70C759} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=992732&p={searchTerms}
SearchScopes: HKCU - {74FDB083-C3C7-43DA-B583-201F9F3E1AD6} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll (Trend Micro Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll (Trend Micro Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {3BFFE033-BF43-11D5-A271-00A024A51325} https://jran.uscourts.gov/whalecomec3faf80722ce693d327d8ef3d563b8c7d7dec09fc/whalecom0/iNotes6W.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: HKLM-x32 {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} http://hyvee.lifepics.com/NET/Uploader/LPUploader57.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://samsclubus.pnimedia.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} -  No File
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll (Trend Micro Inc.)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\The Lightfoots\AppData\Roaming\Mozilla\Firefox\Profiles\fd6qh7kn.default
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.1 -> C:\Users\The Lightfoots\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\The Lightfoots\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF Plugin HKCU: @movenetworks.com/Quantum Media Player -> C:\Users\The Lightfoots\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\The Lightfoots\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\The Lightfoots\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Extension: Microsoft .NET Framework Assistant - C:\Users\The Lightfoots\AppData\Roaming\Mozilla\Firefox\Profiles\fd6qh7kn.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-02-13]
FF Extension: Skype extension for Firefox - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-09-18]
FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension [2014-09-25]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-25]
FF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2013-08-23]
FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension [2014-04-24]
FF HKCU\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Users\The Lightfoots\AppData\Roaming\Move Networks
FF Extension: Move Media Player - C:\Users\The Lightfoots\AppData\Roaming\Move Networks [2009-06-01]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1135\8.0.1135\chrome_tmbep.crx []

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe [88576 2008-12-14] (Andrea Electronics Corporation)
S2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-09-23] (Stardock Corporation) [File not signed]
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-05-21] (Hewlett-Packard Company)
S2 lxcy_device; C:\Windows\system32\lxcycoms.exe [566448 2007-06-20] ( )
S2 lxcy_device; C:\Windows\SysWOW64\lxcycoms.exe [537264 2007-06-20] ( )
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S2 RosettaStoneDaemon; C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [444224 2009-09-03] (Rosetta Stone Ltd.) [File not signed]
S2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-04-30] (Seagate Technology LLC)
S2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157264 2014-04-30] (Seagate Technology LLC)
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe [281600 2008-12-14] (IDT, Inc.)
S2 wltrysvc; C:\Windows\System32\bcmwltry.exe [3051520 2008-12-22] (Dell Inc.) [File not signed]
S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
S2 yksvc; RUNDLL32.EXE ykx64coinst,serviceStartProc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2012-09-28] (LeapFrog)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 OA009Ufd; C:\Windows\System32\DRIVERS\OA009Ufd.sys [168864 2008-09-03] (Creative Technology Ltd.)
R3 OA009Vid; C:\Windows\System32\DRIVERS\OA009Vid.sys [307456 2008-09-03] (Creative Technology Ltd.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [117312 2013-12-03] (Trend Micro Inc.)
R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [283160 2013-12-03] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [50976 2013-07-01] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [100640 2013-06-13] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [85936 2013-12-03] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [303392 2013-05-15] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2011-08-22] (Trend Micro Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U2 TMAgent; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-28 13:44 - 2014-09-28 13:44 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-28 13:33 - 2014-09-28 13:34 - 02347384 _____ (ESET) C:\Users\The Lightfoots\Desktop\esetsmartinstaller_enu.exe
2014-09-28 09:03 - 2014-09-28 09:03 - 02108928 _____ (Farbar) C:\Users\The Lightfoots\Desktop\FRST64.exe
2014-09-28 08:34 - 2014-09-28 08:53 - 00003738 _____ () C:\Windows\RegBootClean64.CFG
2014-09-28 08:30 - 2014-09-28 08:30 - 00002158 _____ () C:\Users\The Lightfoots\Desktop\fixlist.txt
2014-09-27 22:08 - 2014-09-27 22:10 - 00000000 ____D () C:\Users\The Lightfoots\Desktop\Pics from iphone
2014-09-27 22:08 - 2014-09-27 22:08 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2014-09-27 20:02 - 2014-09-27 20:04 - 00045559 _____ () C:\Users\The Lightfoots\Desktop\Addition.txt
2014-09-27 20:00 - 2014-09-28 16:07 - 00029596 _____ () C:\Users\The Lightfoots\Desktop\FRST.txt
2014-09-27 19:59 - 2014-09-28 16:07 - 00000000 ____D () C:\FRST
2014-09-27 19:54 - 2014-09-27 19:55 - 01100288 _____ (Farbar) C:\Users\The Lightfoots\Desktop\FRST.exe
2014-09-27 00:21 - 2014-09-27 00:21 - 00010469 _____ () C:\Users\The Lightfoots\Desktop\attach.txt
2014-09-27 00:21 - 2014-09-27 00:19 - 00030351 _____ () C:\Users\The Lightfoots\Desktop\dds.txt
2014-09-27 00:09 - 2014-09-27 00:10 - 00688992 ____R (Swearware) C:\Users\The Lightfoots\Downloads\dds.com
2014-09-26 21:25 - 2014-09-26 21:25 - 00000000 ____D () C:\Users\User Account\AppData\Roaming\Adobe
2014-09-26 21:25 - 2014-09-26 21:25 - 00000000 ____D () C:\Users\User Account\AppData\Local\Macromedia
2014-09-26 21:24 - 2014-09-26 21:24 - 00000000 ____D () C:\Users\User Account\AppData\Roaming\Mozilla
2014-09-26 21:24 - 2014-09-26 21:24 - 00000000 ____D () C:\Users\User Account\AppData\Roaming\Dell
2014-09-26 21:24 - 2014-09-26 21:24 - 00000000 ____D () C:\Users\User Account\AppData\Local\Mozilla
2014-09-26 21:23 - 2014-09-26 21:23 - 00000000 ____D () C:\Users\User Account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Antivirus+
2014-09-26 21:22 - 2014-09-26 21:22 - 00000000 ____D () C:\Users\User Account\Documents\Dell WebCam Central
2014-09-26 21:22 - 2014-09-26 21:22 - 00000000 ____D () C:\Users\User Account\AppData\Roaming\ICAClient
2014-09-26 21:22 - 2014-09-26 21:22 - 00000000 ____D () C:\Users\User Account\AppData\Roaming\FaxCtr
2014-09-26 21:22 - 2014-09-26 21:22 - 00000000 ____D () C:\Users\User Account\AppData\Roaming\Apple Computer
2014-09-26 21:22 - 2014-09-26 21:22 - 00000000 ____D () C:\Users\User Account\AppData\Local\PowerDVD DX
2014-09-26 21:22 - 2014-09-26 21:22 - 00000000 ____D () C:\Users\User Account\AppData\Local\Citrix
2014-09-26 21:22 - 2014-09-26 21:22 - 00000000 ____D () C:\Users\User Account\AppData\Local\ArcSoft
2014-09-26 21:21 - 2014-09-26 21:22 - 00000000 ____D () C:\Users\User Account\AppData\Roaming\ArcSoft
2014-09-26 21:21 - 2014-09-26 21:21 - 00111760 _____ () C:\Users\User Account\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-26 21:21 - 2014-09-26 21:21 - 00001022 _____ () C:\Users\User Account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-26 21:21 - 2014-09-26 21:21 - 00001017 _____ () C:\Users\User Account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-09-26 21:21 - 2014-09-26 21:21 - 00000992 _____ () C:\Users\User Account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-09-26 21:21 - 2014-09-26 21:21 - 00000958 _____ () C:\Users\User Account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-09-26 21:20 - 2014-09-26 21:22 - 00000000 ____D () C:\Users\User Account\AppData\Local\VirtualStore
2014-09-26 21:20 - 2014-09-26 21:21 - 00000000 ____D () C:\Users\User Account
2014-09-26 21:20 - 2014-09-26 21:20 - 00000020 ___SH () C:\Users\User Account\ntuser.ini
2014-09-26 21:20 - 2009-11-30 12:38 - 00000000 ____D () C:\Users\User Account\AppData\Roaming\Macromedia
2014-09-26 21:20 - 2009-05-12 09:03 - 00000000 ____D () C:\Users\User Account\AppData\Local\Microsoft Help
2014-09-26 21:20 - 2008-01-20 22:20 - 00000000 ___RD () C:\Users\User Account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-26 21:20 - 2008-01-20 22:20 - 00000000 ___RD () C:\Users\User Account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-25 22:03 - 2014-09-25 22:03 - 00000000 ____D () C:\Users\Account3\AppData\Roaming\Dell
2014-09-25 21:59 - 2014-09-25 21:59 - 00000000 ____D () C:\Users\Account3\AppData\Roaming\ICAClient
2014-09-25 21:59 - 2014-09-25 21:59 - 00000000 ____D () C:\Users\Account3\AppData\Local\ArcSoft
2014-09-25 21:58 - 2014-09-25 21:59 - 00000000 ____D () C:\Users\Account3\AppData\Roaming\ArcSoft
2014-09-25 21:58 - 2014-09-25 21:58 - 00000000 ____D () C:\Users\Account3\AppData\Roaming\FaxCtr
2014-09-25 21:58 - 2014-09-25 21:58 - 00000000 ____D () C:\Users\Account3\AppData\Roaming\Apple Computer
2014-09-25 21:58 - 2014-09-25 21:58 - 00000000 ____D () C:\Users\Account3\AppData\Local\PowerDVD DX
2014-09-25 21:58 - 2014-09-25 21:58 - 00000000 ____D () C:\Users\Account3\AppData\Local\Citrix
2014-09-25 21:57 - 2014-09-25 21:57 - 00111760 _____ () C:\Users\Account3\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-25 21:57 - 2014-09-25 21:57 - 00000992 _____ () C:\Users\Account3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-09-25 21:56 - 2014-09-25 21:58 - 00000000 ____D () C:\Users\Account3\AppData\Local\VirtualStore
2014-09-25 21:56 - 2014-09-25 21:57 - 00001022 _____ () C:\Users\Account3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-25 21:56 - 2014-09-25 21:57 - 00000958 _____ () C:\Users\Account3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-09-25 21:56 - 2014-09-25 21:56 - 00001017 _____ () C:\Users\Account3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-09-25 21:53 - 2014-09-25 21:56 - 00000000 ____D () C:\Users\Account3
2014-09-25 21:53 - 2014-09-25 21:53 - 00000020 ___SH () C:\Users\Account3\ntuser.ini
2014-09-25 21:53 - 2009-11-30 12:38 - 00000000 ____D () C:\Users\Account3\AppData\Roaming\Macromedia
2014-09-25 21:53 - 2009-05-12 09:03 - 00000000 ____D () C:\Users\Account3\AppData\Local\Microsoft Help
2014-09-25 21:53 - 2008-01-20 22:20 - 00000000 ___RD () C:\Users\Account3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-25 21:53 - 2008-01-20 22:20 - 00000000 ___RD () C:\Users\Account3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-25 21:15 - 2014-09-25 21:17 - 00002010 _____ () C:\Users\The Lightfoots\Desktop\Rkill.txt
2014-09-25 21:15 - 2014-09-25 21:15 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\The Lightfoots\Downloads\rkill.exe
2014-09-25 21:15 - 2014-09-25 21:15 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\The Lightfoots\Downloads\rkill64.exe
2014-09-25 21:01 - 2014-09-25 21:01 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\The Lightfoots\Downloads\tdsskiller.exe
2014-09-25 03:03 - 2014-09-09 01:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-25 03:03 - 2014-09-09 01:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-24 16:29 - 2014-09-28 13:36 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-24 16:26 - 2014-09-24 16:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-24 16:26 - 2014-09-24 16:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-24 16:26 - 2014-09-24 16:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-24 16:26 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-24 16:26 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-24 16:26 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-24 16:24 - 2014-09-24 16:25 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\The Lightfoots\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-23 19:27 - 2014-09-23 21:40 - 00003806 _____ () C:\Windows\System32\Tasks\The Lightfoots1
2014-09-23 19:27 - 2014-09-23 19:27 - 00003822 _____ () C:\Windows\System32\Tasks\The Lightfoots1 Merge
2014-09-23 19:25 - 2014-09-23 21:41 - 00003804 _____ () C:\Windows\System32\Tasks\The Lightfoots
2014-09-23 19:25 - 2014-09-23 19:25 - 00003820 _____ () C:\Windows\System32\Tasks\The Lightfoots Merge
2014-09-23 19:23 - 2014-09-23 19:23 - 00003556 _____ () C:\Windows\System32\Tasks\The Lightfoots DBAgent 2 0
2014-09-23 19:22 - 2014-09-23 19:22 - 00003568 _____ () C:\Windows\System32\Tasks\Seagate_Install_Launch
2014-09-23 19:20 - 2014-09-23 19:20 - 00000000 ____D () C:\Users\The Lightfoots\AppData\Roaming\Seagate
2014-09-23 19:18 - 2014-09-23 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
2014-09-23 19:18 - 2014-09-23 19:18 - 00000000 ____D () C:\Program Files (x86)\Seagate
2014-09-23 19:10 - 2014-09-23 19:10 - 00000000 ____D () C:\Windows\System32\Tasks\Leader Technologies
2014-09-18 21:38 - 2014-09-24 18:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-10 03:11 - 2014-08-15 10:48 - 17868288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 03:11 - 2014-08-15 10:36 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 03:11 - 2014-08-15 10:35 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 03:11 - 2014-08-15 10:31 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 03:11 - 2014-08-15 10:31 - 01384960 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 03:11 - 2014-08-15 10:30 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 03:11 - 2014-08-15 10:30 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-10 03:11 - 2014-08-15 10:30 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 03:11 - 2014-08-15 10:29 - 02156032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 03:11 - 2014-08-15 10:29 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 03:11 - 2014-08-15 10:29 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 03:11 - 2014-08-15 10:29 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 03:11 - 2014-08-15 10:29 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-09-10 03:11 - 2014-08-15 10:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 03:11 - 2014-08-15 10:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 03:11 - 2014-08-15 10:29 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 03:11 - 2014-08-15 10:29 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-09-10 03:11 - 2014-08-15 10:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 03:11 - 2014-08-15 10:28 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 03:11 - 2014-08-15 10:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-09-10 03:11 - 2014-08-15 10:28 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-09-10 03:11 - 2014-08-15 09:51 - 12363264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 03:11 - 2014-08-15 09:42 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 03:11 - 2014-08-15 09:42 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 03:11 - 2014-08-15 09:37 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 03:11 - 2014-08-15 09:37 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 03:11 - 2014-08-15 09:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 03:11 - 2014-08-15 09:35 - 01802240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 03:11 - 2014-08-15 09:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-09-10 03:11 - 2014-08-15 09:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 03:11 - 2014-08-15 09:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 03:11 - 2014-08-15 09:35 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 03:11 - 2014-08-15 09:35 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-09-10 03:11 - 2014-08-15 09:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 03:11 - 2014-08-15 09:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 03:11 - 2014-08-15 09:35 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 03:11 - 2014-08-15 09:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-09-10 03:11 - 2014-08-15 09:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 03:11 - 2014-08-15 09:34 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 03:11 - 2014-08-15 09:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 03:11 - 2014-08-15 09:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-09-10 03:11 - 2014-08-15 09:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-08-29 03:00 - 2014-08-22 20:05 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-29 03:00 - 2014-08-22 19:42 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-29 03:00 - 2014-08-22 18:38 - 02782208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-28 16:01 - 2013-08-23 09:07 - 00000274 _____ () C:\Windows\Tasks\HP Photo Creations Messager.job
2014-09-28 15:29 - 2012-05-13 09:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-28 15:17 - 2012-05-19 09:10 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-28 15:10 - 2006-11-02 10:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-28 15:10 - 2006-11-02 10:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-28 14:17 - 2012-05-19 09:10 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-28 13:04 - 2009-03-29 16:24 - 01152894 _____ () C:\Windows\WindowsUpdate.log
2014-09-28 08:53 - 2012-12-29 10:54 - 00231960 _____ () C:\Windows\RegBootClean64.exe
2014-09-27 22:25 - 2012-02-15 08:05 - 00003750 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{757AAB00-75CF-4743-B9AE-9B762E0BF178}
2014-09-27 22:08 - 2006-11-02 10:27 - 00197457 _____ () C:\Windows\setupact.log
2014-09-26 23:46 - 2009-04-26 01:10 - 00000000 ____D () C:\Users\The Lightfoots\Tracing
2014-09-26 06:12 - 2011-05-30 18:30 - 01288954 _____ () C:\Windows\PFRO.log
2014-09-26 06:12 - 2006-11-02 10:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-26 06:11 - 2006-11-02 10:42 - 00032652 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-26 06:10 - 2014-06-25 09:06 - 00000000 ____D () C:\Users\The Lightfoots\Desktop\Unused Desktop Items
2014-09-25 08:56 - 2009-04-25 22:17 - 00000000 ____D () C:\Users\The Lightfoots
2014-09-25 04:50 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\rescache
2014-09-24 18:23 - 2012-05-09 20:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-24 13:03 - 2009-03-29 22:05 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-09-23 19:23 - 2010-12-22 23:37 - 00000000 ____D () C:\Users\The Lightfoots\AppData\Roaming\Nero
2014-09-23 19:18 - 2010-12-22 23:22 - 00000000 ____D () C:\ProgramData\Nero
2014-09-23 19:11 - 2006-11-02 07:46 - 00775178 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-23 14:30 - 2012-05-13 09:45 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-23 14:30 - 2012-05-13 09:45 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-23 14:30 - 2012-01-03 21:53 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-10 03:21 - 2009-04-25 22:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 03:09 - 2014-02-26 04:08 - 00768982 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 03:07 - 2013-08-15 03:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 03:02 - 2006-11-02 07:35 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-09-08 16:41 - 2010-12-15 23:00 - 00000000 ____D () C:\Users\The Lightfoots\Documents\Justin work
2014-08-29 03:19 - 2006-11-02 10:21 - 00403056 _____ () C:\Windows\system32\FNTCACHE.DAT

Files to move or delete:
====================
C:\Users\The Lightfoots\iTunes64Setup.exe


Some content of TEMP:
====================
C:\Users\The Lightfoots\AppData\Local\Temp\atl80.dll
C:\Users\The Lightfoots\AppData\Local\Temp\CarboniteSetupLiteSunPreinstaller.exe
C:\Users\The Lightfoots\AppData\Local\Temp\dsHostCheckerSetup.exe
C:\Users\The Lightfoots\AppData\Local\Temp\dsNcAdmin_inst.dll
C:\Users\The Lightfoots\AppData\Local\Temp\dsNCInst64.exe
C:\Users\The Lightfoots\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\The Lightfoots\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\The Lightfoots\AppData\Local\Temp\FlashPlayerUpdate02.exe
C:\Users\The Lightfoots\AppData\Local\Temp\FlashPlayerUpdate03.exe
C:\Users\The Lightfoots\AppData\Local\Temp\ICSTMP_2272.exe
C:\Users\The Lightfoots\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\The Lightfoots\AppData\Local\Temp\installhelper.dll
C:\Users\The Lightfoots\AppData\Local\Temp\InstallManager_DCF_DCF.exe
C:\Users\The Lightfoots\AppData\Local\Temp\jre-6u13-windows-i586-p-iftw.exe
C:\Users\The Lightfoots\AppData\Local\Temp\jre-6u15-windows-i586-iftw.exe
C:\Users\The Lightfoots\AppData\Local\Temp\jre-6u17-windows-i586-iftw-rv.exe
C:\Users\The Lightfoots\AppData\Local\Temp\jre-6u19-windows-i586-iftw-rv.exe
C:\Users\The Lightfoots\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe
C:\Users\The Lightfoots\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\The Lightfoots\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\The Lightfoots\AppData\Local\Temp\JuniperSetupClientInstaller.exe
C:\Users\The Lightfoots\AppData\Local\Temp\libexpat.dll
C:\Users\The Lightfoots\AppData\Local\Temp\mfc80.dll
C:\Users\The Lightfoots\AppData\Local\Temp\mfc80u.dll
C:\Users\The Lightfoots\AppData\Local\Temp\mfcm80.dll
C:\Users\The Lightfoots\AppData\Local\Temp\mfcm80u.dll
C:\Users\The Lightfoots\AppData\Local\Temp\msvcm80.dll
C:\Users\The Lightfoots\AppData\Local\Temp\msvcp80.dll
C:\Users\The Lightfoots\AppData\Local\Temp\msvcr80.dll
C:\Users\The Lightfoots\AppData\Local\Temp\neoNCSetup64.exe
C:\Users\The Lightfoots\AppData\Local\Temp\nlsdl.dll
C:\Users\The Lightfoots\AppData\Local\Temp\ose00000.exe
C:\Users\The Lightfoots\AppData\Local\Temp\SkypeSetup.exe
C:\Users\The Lightfoots\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\The Lightfoots\AppData\Local\Temp\The_Weather_Channel_Application.exe
C:\Users\The Lightfoots\AppData\Local\Temp\TmDbg64.dll
C:\Users\The Lightfoots\AppData\Local\Temp\_is393C.exe
C:\Users\The Lightfoots\AppData\Local\Temp\_is4A4C.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-25 22:37

==================== End Of Log ============================



#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:44 PM

Posted 29 September 2014 - 02:03 AM

How is your computer running now? What problems persist (if any)?

#9 donjusto4

donjusto4
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:44 AM

Posted 29 September 2014 - 07:02 PM

It is running much better.  We still have one issue - our computer continues trying to go to searchnet.blinxcore.com - Malwarebytes keeps blocking it - several times a day.  Other than that, everything seems resolved.  Any ideas on the searchnet.blinxcore.com issue?

 

Thanks



#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:44 PM

Posted 30 September 2014 - 03:45 AM

This is another malware issue.


Please download Combofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)

#11 donjusto4

donjusto4
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:44 AM

Posted 30 September 2014 - 10:14 AM

Here is the log:

 

ComboFix 14-09-29.02 - The Lightfoots 09/30/2014   7:35.1.2 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.4057.1422 [GMT -5:00]
Running from: c:\users\The Lightfoots\Downloads\ComboFix.exe
AV: Trend Micro Titanium Antivirus+ *Disabled/Updated* {5D349EF8-873B-C657-917F-F1D93E101A7C}
SP: Trend Micro Titanium Antivirus+ *Disabled/Updated* {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\SPL3262.tmp
c:\programdata\SPL8FF4.tmp
c:\programdata\SPLB894.tmp
c:\programdata\SPLD1FD.tmp
c:\users\The Lightfoots\AppData\Roaming\Microsoft\Windows\Recent\kaylin edited.jpg
c:\users\The Lightfoots\g2mdlhlpx.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-08-28 to 2014-09-30  )))))))))))))))))))))))))))))))
.
.
2014-09-30 14:54 . 2014-09-30 14:54    --------    d-----w-    c:\users\The Lightfoots\AppData\Local\temp
2014-09-30 14:54 . 2014-09-30 14:54    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-09-28 18:44 . 2014-09-28 18:44    --------    d-----w-    c:\program files (x86)\ESET
2014-09-28 00:59 . 2014-09-28 21:09    --------    d-----w-    C:\FRST
2014-09-27 02:20 . 2014-09-27 02:21    --------    d-----w-    c:\users\User Account
2014-09-26 02:53 . 2014-09-26 02:56    --------    d-----w-    c:\users\Account3
2014-09-25 08:03 . 2014-09-09 06:40    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-09-25 08:03 . 2014-09-09 06:24    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2014-09-24 21:29 . 2014-09-30 00:51    122584    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-24 21:26 . 2014-05-12 12:26    64216    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-09-24 21:26 . 2014-05-12 12:26    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-09-24 21:26 . 2014-05-12 12:25    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-09-24 21:26 . 2014-09-24 21:26    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2014-09-24 21:26 . 2014-09-24 21:26    --------    d-----w-    c:\programdata\Malwarebytes
2014-09-24 00:20 . 2014-09-24 00:20    --------    d-----w-    c:\users\The Lightfoots\AppData\Roaming\Seagate
2014-09-24 00:18 . 2014-09-24 00:18    --------    d-----w-    c:\program files (x86)\Seagate
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-29 03:21 . 2012-12-29 15:54    231960    ----a-w-    c:\windows\RegBootClean64.exe
2014-09-23 19:30 . 2012-05-13 14:45    701104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-23 19:30 . 2012-01-04 02:53    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-10 08:02 . 2006-11-02 12:35    101694776    ----a-w-    c:\windows\system32\mrt.exe
2014-08-23 01:05 . 2014-08-29 08:00    304128    ----a-w-    c:\windows\SysWow64\gdi32.dll
2014-08-23 00:42 . 2014-08-29 08:00    390144    ----a-w-    c:\windows\system32\gdi32.dll
2014-08-22 23:38 . 2014-08-29 08:00    2782208    ----a-w-    c:\windows\system32\win32k.sys
2014-07-25 07:35 . 2014-07-25 07:35    875688    ----a-w-    c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 04:47 . 2014-07-25 04:47    869544    ----a-w-    c:\windows\system32\msvcr120_clr0400.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"SightSpeed"="c:\program files (x86)\Dell Video Chat\DellVideoChat.exe" [2008-12-18 4823928]
"ISUSPM Startup"="c:\program files (x86)\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Uploader"="c:\program files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe" [2014-04-30 126056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"FaxCenterServer"="c:\program files (x86)\Lexmark Fax Solutions\fm3032.exe" [2007-06-25 295600]
"CarboniteSetupLite"="c:\program files (x86)\Carbonite\CarbonitePreinstaller.exe" [2010-03-09 283792]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-18 421888]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"QuickFinder Scheduler"="c:\program files (x86)\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2005-12-01 77892]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2012-09-28 298376]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"DBAgent"="c:\program files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" [2014-04-30 1519176]
.
c:\users\The Lightfoots\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\users\User Account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
c:\users\Account3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2008-9-23 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-13 19:30]
.
2014-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-19 14:10]
.
2014-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-19 14:10]
.
2014-09-30 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-09-04 272896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-09 153624]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-09 225816]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-09 200216]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 4119552]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"lxcymon.exe"="c:\program files (x86)\Lexmark 3400 Series\lxcymon.exe" [2007-06-25 291504]
"EzPrint"="c:\program files (x86)\Lexmark 3400 Series\ezprint.exe" [2007-06-25 82608]
"LXCYCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCYtime.dll" [2006-11-21 31744]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2013-10-09 229824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DCERegBootClean64"="c:\windows\RegBootClean64.exe" [2014-09-29 231960]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/?gws_rd=ssl
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files (x86)\WordPerfect Office X3\Programs\WPLauncher.hta
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\The Lightfoots\AppData\Roaming\Mozilla\Firefox\Profiles\fd6qh7kn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DCF2DF&PC=DCF2&q=
FF - prefs.js: browser.startup.homepage - www.google.com
FF - ExtSQL: !HIDDEN! 2009-06-24 17:58; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-DW6 - c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
Toolbar-10 - (no file)
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Searchqu Toolbar - c:\program files (x86)\Searchqu Toolbar\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2014-09-30  10:00:15
ComboFix-quarantined-files.txt  2014-09-30 15:00
.
Pre-Run: 113,119,920,128 bytes free
Post-Run: 143,202,488,320 bytes free
.
- - End Of File - - 6FB9C82C55460DA03BB6B656AD8C4C3B
CDB4DE4BBD714F152979DA2DCBEF57EB
 



#12 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:44 PM

Posted 30 September 2014 - 10:20 AM

Can you please post a protection log from Malwarebytes that shows some of those blocks that you've mentioned.

#13 donjusto4

donjusto4
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:44 AM

Posted 30 September 2014 - 12:32 PM

Here is the one from yesterday that shows the blocks:

 

Malwarebytes Anti-Malware
www.malwarebytes.org


Detection, 9/29/2014 2:36:36 PM, SYSTEM, THELIGHTFOOT-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 0, Outbound,
Update, 9/29/2014 3:16:37 PM, SYSTEM, THELIGHTFOOT-PC, Scheduler, Malware Database, 2014.9.29.2, 2014.9.29.11,
Protection, 9/29/2014 3:16:38 PM, SYSTEM, THELIGHTFOOT-PC, Protection, Refresh, Starting,
Protection, 9/29/2014 3:16:38 PM, SYSTEM, THELIGHTFOOT-PC, Protection, Malicious Website Protection, Stopping,
Protection, 9/29/2014 3:16:38 PM, SYSTEM, THELIGHTFOOT-PC, Protection, Malicious Website Protection, Stopped,
Protection, 9/29/2014 3:17:26 PM, SYSTEM, THELIGHTFOOT-PC, Protection, Refresh, Success,
Protection, 9/29/2014 3:17:26 PM, SYSTEM, THELIGHTFOOT-PC, Protection, Malicious Website Protection, Starting,
Protection, 9/29/2014 3:17:31 PM, SYSTEM, THELIGHTFOOT-PC, Protection, Malicious Website Protection, Started,
Update, 9/29/2014 6:51:00 PM, SYSTEM, THELIGHTFOOT-PC, Scheduler, Malware Database, 2014.9.29.11, 2014.9.29.13,
Protection, 9/29/2014 6:51:01 PM, SYSTEM, THELIGHTFOOT-PC, Protection, Refresh, Starting,
Protection, 9/29/2014 6:51:01 PM, SYSTEM, THELIGHTFOOT-PC, Protection, Malicious Website Protection, Stopping,
Protection, 9/29/2014 6:51:01 PM, SYSTEM, THELIGHTFOOT-PC, Protection, Malicious Website Protection, Stopped,
Protection, 9/29/2014 6:51:56 PM, SYSTEM, THELIGHTFOOT-PC, Protection, Refresh, Success,
Protection, 9/29/2014 6:51:56 PM, SYSTEM, THELIGHTFOOT-PC, Protection, Malicious Website Protection, Starting,
Protection, 9/29/2014 6:51:56 PM, SYSTEM, THELIGHTFOOT-PC, Protection, Malicious Website Protection, Started,
Update, 9/29/2014 7:51:21 PM, SYSTEM, THELIGHTFOOT-PC, Scheduler, Malware Database, 2014.9.29.13, 2014.9.29.14,
Protection, 9/29/2014 7:51:21 PM, SYSTEM, THELIGHTFOOT-PC, Protection, Refresh, Starting,
Protection, 9/29/2014 7:51:21 PM, SYSTEM, THELIGHTFOOT-PC, Protection, Malicious Website Protection, Stopping,
Protection, 9/29/2014 7:51:21 PM, SYSTEM, THELIGHTFOOT-PC, Protection, Malicious Website Protection, Stopped,
Protection, 9/29/2014 7:51:29 PM, SYSTEM, THELIGHTFOOT-PC, Protection, Refresh, Success,
Protection, 9/29/2014 7:51:29 PM, SYSTEM, THELIGHTFOOT-PC, Protection, Malicious Website Protection, Starting,
Protection, 9/29/2014 7:51:29 PM, SYSTEM, THELIGHTFOOT-PC, Protection, Malicious Website Protection, Started,
Detection, 9/29/2014 10:13:20 PM, SYSTEM, THELIGHTFOOT-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 0, Outbound,
Detection, 9/29/2014 10:15:01 PM, SYSTEM, THELIGHTFOOT-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 0, Outbound,
Detection, 9/29/2014 10:17:33 PM, SYSTEM, THELIGHTFOOT-PC, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 0, Outbound,

(end)

 

Here is the one from today, I don't see any of the blocks on there but thought I would include it anyway.

 

Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 9/30/2014 7:29:48 AM, SYSTEM, THELIGHTFOOT-PC, Protection, Malicious Website Protection, Stopping,
Protection, 9/30/2014 7:29:48 AM, SYSTEM, THELIGHTFOOT-PC, Protection, Malicious Website Protection, Stopped,
Protection, 9/30/2014 7:29:48 AM, SYSTEM, THELIGHTFOOT-PC, Protection, Malware Protection, Stopping,
Protection, 9/30/2014 7:31:22 AM, SYSTEM, THELIGHTFOOT-PC, Protection, Malware Protection, Stopped,
Protection, 9/30/2014 10:08:03 AM, SYSTEM, THELIGHTFOOT-PC, Protection, Malware Protection, Starting,
Protection, 9/30/2014 10:08:03 AM, SYSTEM, THELIGHTFOOT-PC, Protection, Malware Protection, Started,
Protection, 9/30/2014 10:08:03 AM, SYSTEM, THELIGHTFOOT-PC, Protection, Malicious Website Protection, Starting,
Update, 9/30/2014 10:08:10 AM, SYSTEM, THELIGHTFOOT-PC, Scheduler, Malware Database, 2014.9.29.14, 2014.9.30.5,
Protection, 9/30/2014 10:08:14 AM, SYSTEM, THELIGHTFOOT-PC, Protection, Refresh, Starting,
Protection, 9/30/2014 10:08:16 AM, SYSTEM, THELIGHTFOOT-PC, Protection, Malicious Website Protection, Started,
Protection, 9/30/2014 10:08:16 AM, SYSTEM, THELIGHTFOOT-PC, Protection, Malicious Website Protection, Stopping,
Protection, 9/30/2014 10:08:16 AM, SYSTEM, THELIGHTFOOT-PC, Protection, Malicious Website Protection, Stopped,
Protection, 9/30/2014 10:08:26 AM, SYSTEM, THELIGHTFOOT-PC, Protection, Refresh, Success,
Protection, 9/30/2014 10:08:26 AM, SYSTEM, THELIGHTFOOT-PC, Protection, Malicious Website Protection, Starting,
Protection, 9/30/2014 10:08:27 AM, SYSTEM, THELIGHTFOOT-PC, Protection, Malicious Website Protection, Started,
Update, 9/30/2014 12:21:27 PM, SYSTEM, THELIGHTFOOT-PC, Scheduler, Malware Database, 2014.9.30.5, 2014.9.30.7,
Protection, 9/30/2014 12:21:27 PM, SYSTEM, THELIGHTFOOT-PC, Protection, Refresh, Starting,
Protection, 9/30/2014 12:21:27 PM, SYSTEM, THELIGHTFOOT-PC, Protection, Malicious Website Protection, Stopping,
Protection, 9/30/2014 12:21:28 PM, SYSTEM, THELIGHTFOOT-PC, Protection, Malicious Website Protection, Stopped,
Protection, 9/30/2014 12:22:08 PM, SYSTEM, THELIGHTFOOT-PC, Protection, Refresh, Success,
Protection, 9/30/2014 12:22:08 PM, SYSTEM, THELIGHTFOOT-PC, Protection, Malicious Website Protection, Starting,
Protection, 9/30/2014 12:22:13 PM, SYSTEM, THELIGHTFOOT-PC, Protection, Malicious Website Protection, Started,

(end)

 

Also, I keep getting a security alert that says "The identity of this web site or the integrity of this connection cannot be verified.".  There is a yellow sign by the option that says "The security certificate has expired or is not yet valid."  If I click View Certificate, it says it is issued to "*.sightspeed.com" and is issued by DigiCert High Assurance CA-3"

 

Thanks!



#14 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:44 PM

Posted 30 September 2014 - 03:52 PM

Please download TDSSKiller and save it to your Desktop.
  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters.
  • Make sure that all available options (except "Loaded modules") are checked and click OK.
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.


#15 donjusto4

donjusto4
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:44 AM

Posted 30 September 2014 - 04:08 PM

Here is the report:

 

16:04:12.0037 0x0c38  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
16:04:19.0411 0x0c38  ============================================================
16:04:19.0412 0x0c38  Current date / time: 2014/09/30 16:04:19.0411
16:04:19.0412 0x0c38  SystemInfo:
16:04:19.0412 0x0c38  
16:04:19.0412 0x0c38  OS Version: 6.0.6002 ServicePack: 2.0
16:04:19.0412 0x0c38  Product type: Workstation
16:04:19.0412 0x0c38  ComputerName: THELIGHTFOOT-PC
16:04:19.0412 0x0c38  UserName: The Lightfoots
16:04:19.0412 0x0c38  Windows directory: C:\Windows
16:04:19.0412 0x0c38  System windows directory: C:\Windows
16:04:19.0412 0x0c38  Running under WOW64
16:04:19.0412 0x0c38  Processor architecture: Intel x64
16:04:19.0412 0x0c38  Number of processors: 2
16:04:19.0413 0x0c38  Page size: 0x1000
16:04:19.0413 0x0c38  Boot type: Normal boot
16:04:19.0413 0x0c38  ============================================================
16:04:19.0670 0x0c38  KLMD registered as C:\Windows\system32\drivers\33776137.sys
16:04:20.0563 0x0c38  System UUID: {AA3777A0-05F0-528C-B646-D0EBA5643DC3}
16:04:21.0879 0x0c38  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:04:21.0885 0x0c38  ============================================================
16:04:21.0885 0x0c38  \Device\Harddisk0\DR0:
16:04:21.0885 0x0c38  MBR partitions:
16:04:21.0885 0x0c38  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
16:04:21.0885 0x0c38  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x236CE2B0
16:04:21.0885 0x0c38  ============================================================
16:04:21.0914 0x0c38  C: <-> \Device\Harddisk0\DR0\Partition2
16:04:21.0946 0x0c38  E: <-> \Device\Harddisk0\DR0\Partition1
16:04:21.0946 0x0c38  ============================================================
16:04:21.0946 0x0c38  Initialize success
16:04:21.0946 0x0c38  ============================================================
16:04:49.0638 0x2270  ============================================================
16:04:49.0638 0x2270  Scan started
16:04:49.0638 0x2270  Mode: Manual; SigCheck; TDLFS;
16:04:49.0638 0x2270  ============================================================
16:04:49.0638 0x2270  KSN ping started
16:04:53.0372 0x2270  KSN ping finished: true
16:04:56.0022 0x2270  ================ Scan system memory ========================
16:04:56.0022 0x2270  System memory - ok
16:04:56.0023 0x2270  ================ Scan services =============================
16:04:56.0265 0x2270  [ ADC420616C501B45D26C0FD3EF1E54E4, 29FC41D40A35AC5476E2A673CE5B12684E0CFA12A1AEBEEBE5883FBA5CA68B67 ] ACDaemon        C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
16:04:56.0888 0x2270  ACDaemon - ok
16:04:57.0410 0x2270  [ 1965AAFFAB07E3FB03C77F81BEBA3547, 351A1EBB1B95C8E03ED125C8F997DEE810B4DF36AD290E7685FC01963B522BFC ] ACPI            C:\Windows\system32\drivers\acpi.sys
16:04:57.0501 0x2270  ACPI - ok
16:04:57.0787 0x2270  [ 4ECFCAAE5CB380F58934F0DCF5F64E7F, D82B37E57D93484D7A3CB65470BCD54A578A695F0203A8DD441B1348C1EEA751 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:04:57.0824 0x2270  AdobeFlashPlayerUpdateSvc - ok
16:04:57.0929 0x2270  [ F14215E37CF124104575073F782111D2, 7F624F7F0FE9909C07AB2E4C74727686FDA9DF33778A9CBBE35027D6579E4F71 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
16:04:57.0995 0x2270  adp94xx - ok
16:04:58.0082 0x2270  [ 7D05A75E3066861A6610F7EE04FF085C, 406F2CE539C306BA60C233FBCDB029153588F0499BBE91E66FC915E5C5D7D2A5 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
16:04:58.0166 0x2270  adpahci - ok
16:04:58.0211 0x2270  [ 820A201FE08A0C345B3BEDBC30E1A77C, 3170B308724CAA0AD50B74D045C837C48BD6A3A11ABA222670BEA82192A861BF ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
16:04:58.0244 0x2270  adpu160m - ok
16:04:58.0283 0x2270  [ 9B4AB6854559DC168FBB4C24FC52E794, 83CD75DE0A16AE66586837565ECA8B98BA9309519139C4C2032474B8DDF5A1AD ] adpu320         C:\Windows\system32\drivers\adpu320.sys
16:04:58.0319 0x2270  adpu320 - ok
16:04:58.0369 0x2270  [ 0F421175574BFE0BF2F4D8E910A253BB, CEABE3A4F546EB6ACA079931AB532DC88FF757DEEF6F434991802220328A9CD6 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:04:58.0580 0x2270  AeLookupSvc - ok
16:04:58.0694 0x2270  [ 9CAC9E19D71E4AF99920FCC3ECA0E3F1, EB18D19783D724472280B46803FA9CAFEB1826975240D35D43738B42C56802FD ] AESTFilters     C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe
16:04:58.0778 0x2270  AESTFilters - ok
16:04:58.0895 0x2270  [ 0D0E5281784C2C526BA43C2ECD374288, BE4B16E08A96A24BEB904A2216A538340FD91A11E0CAB43BF8788C35DAD2D2B5 ] Afc             C:\Windows\syswow64\drivers\Afc.sys
16:04:58.0937 0x2270  Afc - ok
16:04:59.0080 0x2270  [ E58A17E945593544C707423F9772EEA0, FC17AFF979354EB89DCA307BF07C52B84629AF540D4C6A32DD537695CA654205 ] AFD             C:\Windows\system32\drivers\afd.sys
16:04:59.0224 0x2270  AFD - ok
16:04:59.0303 0x2270  [ F6F6793B7F17B550ECFDBD3B229173F7, 7EB12A9372B7966440E39F1B567A43C21231D67DDFAA9C1DECC7E68627F82346 ] agp440          C:\Windows\system32\drivers\agp440.sys
16:04:59.0332 0x2270  agp440 - ok
16:04:59.0379 0x2270  [ 222CB641B4B8A1D1126F8033F9FD6A00, 8C7FD4BF87DC00893B99E64344C0E6A3F321DAD9BE60A99763629260E7C6312C ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
16:04:59.0408 0x2270  aic78xx - ok
16:04:59.0458 0x2270  [ 5922F4F59B7868F3D74BBBBEB7B825A3, 71504BC8B596F540BF059059670BC0C138D8759C1DD9F99F1EC368FD5C53F573 ] ALG             C:\Windows\System32\alg.exe
16:04:59.0716 0x2270  ALG - ok
16:04:59.0791 0x2270  [ 9544C2C55541C0C6BFD7B489D0E7D430, E242A7632BB51C965A7D2E2B0112C75018C0BB4B9A574920E44756E3AC1D8E77 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:04:59.0818 0x2270  aliide - ok
16:04:59.0862 0x2270  [ 970FA5059E61E30D25307B99903E991E, CFB241803A63EA3469B2596462A42DDCA813B3ACF96E56BB34F5979BB34DDC32 ] amdide          C:\Windows\system32\drivers\amdide.sys
16:04:59.0888 0x2270  amdide - ok
16:04:59.0912 0x2270  [ CDC3632A3A5EA4DBB83E46076A3165A1, 40BE3451A3F29CD3352360FF72165C54237E44D01006390805D493B0D06F51DB ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
16:05:00.0003 0x2270  AmdK8 - ok
16:05:00.0108 0x2270  [ E1D8F96772F6BBE990B435580CA9C33B, 13EAF541BAB26EAB758521EAE7FC70D591B2BD2F6CB33E78D7F58FB169DDDF0C ] Amsp            C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
16:05:00.0147 0x2270  Amsp - ok
16:05:00.0196 0x2270  [ 8C85C812569DF851E7A2159147323DFA, 609E21232609F8FED98BCC7971890B5E2C94C897D162CE9C20B9DF7EFF27ADD0 ] ApfiltrService  C:\Windows\system32\DRIVERS\Apfiltr.sys
16:05:00.0218 0x2270  ApfiltrService - ok
16:05:00.0278 0x2270  [ 7C8ECAAD76EA1D076A450C8303D9BD98, 90904B2BE380A51BDCEDADA530214CE5321C06456E10F5985B40E3282902BEF6 ] Appinfo         C:\Windows\System32\appinfo.dll
16:05:00.0332 0x2270  Appinfo - ok
16:05:00.0572 0x2270  [ F401929EE0CC92BFE7F15161CA535383, 61E1C0630B8BBC65C51121D5DC7F095C59B475F39BB7B0DC68133EF7D9D0A29D ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:05:00.0594 0x2270  Apple Mobile Device - ok
16:05:00.0644 0x2270  [ BA8417D4765F3988FF921F30F630E303, 876A8F34E578020DD9EDD64F7F77A0A3B4592EC568830B500D7EA844D3159C72 ] arc             C:\Windows\system32\drivers\arc.sys
16:05:00.0668 0x2270  arc - ok
16:05:00.0709 0x2270  [ 9D41C435619733B34CC16A511E644B11, DEFFBBB5ECE33B7DF949DF979188AF3B6674E7580FC069397AB756EA84E24822 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
16:05:00.0734 0x2270  arcsas - ok
16:05:01.0002 0x2270  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:05:01.0025 0x2270  aspnet_state - ok
16:05:01.0076 0x2270  [ 22D13FF3DAFEC2A80634752B1EAA2DE6, 503F7E5F1B14D3F7AEAB0982E812B19DABE38FD4104D93922F50F0B2D19BECFB ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:05:01.0144 0x2270  AsyncMac - ok
16:05:01.0167 0x2270  [ F988BB0690CD660318037908E9B8DBF7, E536F371AB31B69FB0AA619C0C04B031A17C89064E90D3C57ED45E280A117C65 ] atapi           C:\Windows\system32\drivers\atapi.sys
16:05:01.0190 0x2270  atapi - ok
16:05:01.0260 0x2270  [ 39992718707C9391F1B670D8A2B23EDD, A5E057993070AD89A5716F19BFBD5CF629CD87DF32CB723757AFD0884BEC4D7F ] atashost        C:\Windows\SysWOW64\atashost.exe
16:05:01.0287 0x2270  atashost - ok
16:05:01.0373 0x2270  [ 79318C744693EC983D20E9337A2F8196, 94226786EF8A101C2E805C6BA3C1CF46628BAF1AFCECBC1FAB7A7E7E5E642608 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:05:01.0431 0x2270  AudioEndpointBuilder - ok
16:05:01.0471 0x2270  [ 79318C744693EC983D20E9337A2F8196, 94226786EF8A101C2E805C6BA3C1CF46628BAF1AFCECBC1FAB7A7E7E5E642608 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
16:05:01.0548 0x2270  AudioSrv - ok
16:05:01.0679 0x2270  [ A2494901E7226B356B8C1005C45F1C5F, A4A7076D40B012BB415C4B661B8C45671B853330746E278D080EC96596EEECBE ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
16:05:01.0705 0x2270  BBSvc - ok
16:05:01.0748 0x2270  [ 63B1CBBAE4790B5BAC98F01BF9449722, 0A49B9FCEF33B38132B0AB8A9D7591A46856E82BC2123841E27A895817D92695 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
16:05:01.0774 0x2270  BBUpdate - ok
16:05:01.0820 0x2270  [ A7C9995BA861FCE78B2CEAAE61D39FD7, 47BB7487EF6FA61D2A6BA6E260A7CAD4CABF1BB52DAFE2D1E2C3F0C94507C49C ] BCM42RLY        C:\Windows\system32\drivers\BCM42RLY.sys
16:05:01.0835 0x2270  BCM42RLY - ok
16:05:01.0941 0x2270  [ D32F962B71FEE6BDAAEE630BB2C17280, C0CB6F7AB4C7014B6D7DC2EC8689CB3D407C79BAD56CE0826A49E59D0ED890B6 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
16:05:02.0089 0x2270  BCM43XX - ok
16:05:02.0163 0x2270  Beep - ok
16:05:02.0240 0x2270  [ FFB96C2589FFA60473EAD78B39FBDE29, 6A2792753E2CB580672B3107C0DBB9D26B6DAA14B37D5EC314BD0E304197E03E ] BFE             C:\Windows\System32\bfe.dll
16:05:02.0365 0x2270  BFE - ok
16:05:02.0487 0x2270  [ 6D316F4859634071CC25C4FD4589AD2C, 73F69AC9E505F3B11A3CCFF8571930229A9058E672CD008A4BF26C0189564EAE ] BITS            C:\Windows\system32\qmgr.dll
16:05:02.0691 0x2270  BITS - ok
16:05:02.0753 0x2270  [ 79FEEB40056683F8F61398D81DDA65D2, 5EA3016194F71A2A2177C2B5129E82738EC621ACAD269809F4C131B72CFEB6C6 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
16:05:02.0859 0x2270  blbdrive - ok
16:05:03.0070 0x2270  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:05:03.0181 0x2270  Bonjour Service - ok
16:05:03.0256 0x2270  [ 2348447A80920B2493A9B582A23E81E1, 50F9242B7104607E633ABAF4E0A213C1C1226BF81F7FB4E216A9E878247B868C ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:05:03.0360 0x2270  bowser - ok
16:05:03.0425 0x2270  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
16:05:03.0514 0x2270  BrFiltLo - ok
16:05:03.0563 0x2270  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
16:05:03.0637 0x2270  BrFiltUp - ok
16:05:03.0695 0x2270  [ A1B39DE453433B115B4EA69EE0343816, 61441E7E9D5259A5987DBD3FC8D4E3221A57F42C7CC0F94DB48E80EEF96CA5D4 ] Browser         C:\Windows\System32\browser.dll
16:05:03.0771 0x2270  Browser - ok
16:05:03.0810 0x2270  [ F0F0BA4D815BE446AA6A4583CA3BCA9B, E0A5DB5A0C7D6AF93ED45F34D2597F77982DFF41E4FDAC827FE5D80323ADED60 ] Brserid         C:\Windows\system32\drivers\brserid.sys
16:05:03.0988 0x2270  Brserid - ok
16:05:04.0015 0x2270  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
16:05:04.0115 0x2270  BrSerWdm - ok
16:05:04.0144 0x2270  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
16:05:04.0345 0x2270  BrUsbMdm - ok
16:05:04.0381 0x2270  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
16:05:04.0442 0x2270  BrUsbSer - ok
16:05:04.0467 0x2270  [ E0777B34E05F8A82A21856EFC900C29F, A7ACE3C65D1773C50ACD98A13B3ADBDD2A6052D7F5D124CB6EE6E7C22151A424 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
16:05:04.0551 0x2270  BTHMODEM - ok
16:05:04.0578 0x2270  catchme - ok
16:05:04.0594 0x2270  [ B4D787DB8D30793A4D4DF9FEED18F136, 2A956F7DCFE61E556F30BDA6D45592A05533541D6ED321C251C1C05F6CEA6DDC ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:05:04.0660 0x2270  cdfs - ok
16:05:04.0729 0x2270  [ C025AA69BE3D0D25C7A2E746EF6F94FC, F4754B23CC256ADF92FDD42A9BA80F1ACB74834A58FCBEA2C52650FAFC7F9483 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
16:05:04.0792 0x2270  cdrom - ok
16:05:04.0860 0x2270  [ 5A268127633C7EE2A7FB87F39D748D56, 45C530A0EE0108543A75B9427F77EBB5E8350AE16C235763B6F32E72CE15C449 ] CertPropSvc     C:\Windows\System32\certprop.dll
16:05:04.0912 0x2270  CertPropSvc - ok
16:05:04.0934 0x2270  [ 02EA568D498BBDD4BA55BF3FCE34D456, 5A418B156CBB48D14E0F6B6AE6E03B8CD97AABE838F260757014479566C63F17 ] circlass        C:\Windows\system32\drivers\circlass.sys
16:05:05.0003 0x2270  circlass - ok
16:05:05.0052 0x2270  [ 3DCA9A18B204939CFB24BEA53E31EB48, 73CEDE020A6C8269EE8847A4E43071FD231179DA9430DE2983263B8345AD92B7 ] CLFS            C:\Windows\system32\CLFS.sys
16:05:05.0118 0x2270  CLFS - ok
16:05:05.0232 0x2270  [ 6B6943A0CA56B47D6FB2EE476890854F, 6DA779879487F4A187DF54B0362642643D7871AA8F7E30992D781F558C50F052 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:05:05.0255 0x2270  clr_optimization_v2.0.50727_32 - ok
16:05:05.0331 0x2270  [ 753049933D5326D835F4FCACDF4AD5E3, 715BEE09C19BCBCAD2A93E4725DB3A1FDD8E2FEFFF6E0C3D2F98FC607FED5D3A ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:05:05.0360 0x2270  clr_optimization_v2.0.50727_64 - ok
16:05:05.0496 0x2270  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:05:05.0670 0x2270  clr_optimization_v4.0.30319_32 - ok
16:05:05.0695 0x2270  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:05:05.0841 0x2270  clr_optimization_v4.0.30319_64 - ok
16:05:05.0888 0x2270  [ B52D9A14CE4101577900A364BA86F3DF, A8AA928DDF5FE3861973D4EA03A5B700E99138236F1E8FF594293B9705BF470C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
16:05:05.0932 0x2270  CmBatt - ok
16:05:05.0963 0x2270  [ E5D5499A1C50A54B5161296B6AFE6192, 20A8A0478918063A9EE81565F21F4ACCAA7B6A8B2E9E084099879D85574BAB3E ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:05:05.0979 0x2270  cmdide - ok
16:05:06.0001 0x2270  [ 7FB8AD01DB0EABE60C8A861531A8F431, E19353C686B07A0DBBA92CFCC88AB9B6BEBAF389416B78F4470BA673E7CD73C3 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
16:05:06.0019 0x2270  Compbatt - ok
16:05:06.0025 0x2270  COMSysApp - ok
16:05:06.0032 0x2270  [ A8585B6412253803CE8EFCBD6D6DC15C, C3906B080D3BB06CB976FD98C62CBA97DAE74970A5559D51EF5111D773949322 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
16:05:06.0051 0x2270  crcdisk - ok
16:05:06.0109 0x2270  [ 5AAC48EAF8EACF247DB44FB61B900D89, D20FCD5C71CA18F284D3DFD0CED37F6888A296E76B7B0563F2F4668CF90FE752 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:05:06.0176 0x2270  CryptSvc - ok
16:05:06.0258 0x2270  [ BA8E5B2291C01EF71CA80E25F0C79D55, 913C85EC00752AEEE2E29C6664085865DA45A091789C0F8CB015208D69F1915A ] ctxusbm         C:\Windows\system32\DRIVERS\ctxusbm.sys
16:05:06.0357 0x2270  ctxusbm - ok
16:05:06.0442 0x2270  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF, 3BE4B8EE22FA55D3A17D3718781C8BCA631C78F7928092561F6B79BB60E7D7FE ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:05:06.0614 0x2270  DcomLaunch - ok
16:05:06.0698 0x2270  [ 8B722BA35205C71E7951CDC4CDBADE19, 39720A60DFD0532F7E1A1976240E9828559BF9E0C6D1CFBF4D911965BFD94158 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:05:06.0787 0x2270  DfsC - ok
16:05:07.0022 0x2270  [ C647F468F7DE343DF8C143655C5557D4, E2D35FE49C408B952D8FE0C7EF70D42798229D30B89CEF9858BAC9F4F9E98EF2 ] DFSR            C:\Windows\system32\DFSR.exe
16:05:07.0641 0x2270  DFSR - ok
16:05:07.0794 0x2270  [ 3ED0321127CE70ACDAABBF77E157C2A7, 10973BD0AEF9597A4EA0A4947BDE922F9168F33D6ED97BFFEE6176AADAD78980 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
16:05:07.0919 0x2270  Dhcp - ok
16:05:07.0955 0x2270  [ B0107E40ECDB5FA692EBF832F295D905, 76466BB9E4F12436ECCCB9D89EB20762B4785F82F02591B51A735A590E248264 ] disk            C:\Windows\system32\drivers\disk.sys
16:05:07.0987 0x2270  disk - ok
16:05:08.0059 0x2270  [ 06230F1B721494A6DF8D47FD395BB1B0, F6CA8270740E01D9CE2FE8E34BC067C7EDC15BA610F461860E1D17D135C8A379 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:05:08.0107 0x2270  Dnscache - ok
16:05:08.0171 0x2270  [ DB29915209770D8B59654345EC2D943A, 3D55C5F86E8FC46A82ECA4CBE30DE1C53AB9F6CD79D1597571667774DD86ABD2 ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
16:05:08.0219 0x2270  DockLoginService - detected UnsignedFile.Multi.Generic ( 1 )
16:05:08.0417 0x2270  Detect skipped due to KSN trusted
16:05:08.0417 0x2270  DockLoginService - ok
16:05:08.0465 0x2270  [ 1A7156DD1E850E9914E5E991E3225B94, 99FF0C7125B01FCB0B92DC44756AE8FAA486F2E7F38DC6204F7EFE5918F8480A ] dot3svc         C:\Windows\System32\dot3svc.dll
16:05:08.0557 0x2270  dot3svc - ok
16:05:08.0612 0x2270  [ 1583B39790DB3EAEC7EDB0CB0140C708, F94F9AE7054A38602CD25D4E10FE7C7B574BD9ED8440C3FDAA7275A1D1E663E7 ] DPS             C:\Windows\system32\dps.dll
16:05:08.0707 0x2270  DPS - ok
16:05:08.0776 0x2270  [ F1A78A98CFC2EE02144C6BEC945447E6, D2E2AA13BE6319F967002476A5D3CF09B1B44350576DD8E1C1C531854F53B488 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:05:08.0803 0x2270  drmkaud - ok
16:05:08.0846 0x2270  [ 3EEF0B3489EDBF725564E17C77CABAFD, 991765159A07F159FA1D78632C1EABE9E3ACE02B06A41B2F47C80E89817041E3 ] dsNcAdpt        C:\Windows\system32\DRIVERS\dsNcAdpt.sys
16:05:08.0880 0x2270  dsNcAdpt - ok
16:05:08.0968 0x2270  [ 362CCEF305F45829316D62D3410F2062, 35033749E9B6B5AFC9C8C305F4AA1597E9776D465E7BBC24A20E836B7BEF0D73 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:05:09.0071 0x2270  DXGKrnl - ok
16:05:09.0179 0x2270  [ 17D40652EF3E55EEAE187A89DF40965A, D49D45E64D52FE0FD10A3A5F537A5F7AA4387BE862A1A5544565A1D5D3CDAAE5 ] e1express       C:\Windows\system32\DRIVERS\e1e6032e.sys
16:05:09.0261 0x2270  e1express - ok
16:05:09.0299 0x2270  [ 264CEE7B031A9D6C827F3D0CB031F2FE, 50CAD28A73D29E7E04A45330146CF713BA17101215955009121E36D43CD5C536 ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
16:05:09.0377 0x2270  E1G60 - ok
16:05:09.0431 0x2270  [ C2303883FD9BE49DC36A6400643002EA, F062D1D6D503CF5195BDE8C1DC75B541F559CB8175ADABCDB7690E9F1CA3EA4E ] EapHost         C:\Windows\System32\eapsvc.dll
16:05:09.0570 0x2270  EapHost - ok
16:05:09.0638 0x2270  [ 5F94962BE5A62DB6E447FF6470C4F48A, D00F9B3315DE8610BBE93FFD3CA3E2CF5B10697C518FC25FA4274CC6894D022B ] Ecache          C:\Windows\system32\drivers\ecache.sys
16:05:09.0674 0x2270  Ecache - ok
16:05:09.0764 0x2270  [ 14CE384D2E27B64C256BDA4DC39C312D, D5FA9C2BB162F1C22E419D33671B8202AAC245A87F6B183B97F83F5BFA165B41 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:05:09.0920 0x2270  ehRecvr - ok
16:05:09.0956 0x2270  [ B93159C1313D66FDFBBE876F5189CD52, 51E39160EA56F6B08449267EDF2A0F604612663768D2348DE23554AB07BDBB62 ] ehSched         C:\Windows\ehome\ehsched.exe
16:05:09.0994 0x2270  ehSched - ok
16:05:10.0028 0x2270  [ F5EE2527D74449868E3C3227A59BCD28, 11640E97EE9D8F9A5DC3FEA6BA7A737AA796A7235C7F5C7EF1ABFB51C9D730D3 ] ehstart         C:\Windows\ehome\ehstart.dll
16:05:10.0112 0x2270  ehstart - ok
16:05:10.0166 0x2270  [ C4636D6E10469404AB5308D9FD45ED07, 367D958D19F672395462206F27C1E138386C2F37B0FA77546F4217CF16D05C84 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
16:05:10.0251 0x2270  elxstor - ok
16:05:10.0328 0x2270  [ A9B18B63A4FD6BAAB83326706D857FAB, 7721CC67C0F8CE3060D0EB35A10E4ADC1E3CB470C0797B17D606060C270F96D7 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
16:05:10.0472 0x2270  EMDMgmt - ok
16:05:10.0566 0x2270  [ 1E345F2A2D95DA3190596E691CDE9342, 9D1D48F3B749ADA598D155E11E63CD52A4EEABF9BE92A1D997D25D07CF350084 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
16:05:10.0708 0x2270  EPSON_PM_RPCV4_01 - ok
16:05:10.0722 0x2270  [ BC3A58E938BB277E46BF4B3003B01ABD, 2BB054E632A96951DAB25B3BE8541AEC1B97A7739FC8D0E34BE8B9295600C8FC ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:05:10.0793 0x2270  ErrDev - ok
16:05:10.0889 0x2270  [ E12F22B73F153DECE721CD45EC05B4AF, 41887EEF4BB024329B4079AD50FC5FB705F0EB8BAF6C93A8242DC2A73D3AFD86 ] EventSystem     C:\Windows\system32\es.dll
16:05:11.0050 0x2270  EventSystem - ok
16:05:11.0107 0x2270  [ 486844F47B6636044A42454614ED4523, 3E24E78584B199C0FAA59613EEB7DF67B3B878B277A0130C7A3FF608C130BA2F ] exfat           C:\Windows\system32\drivers\exfat.sys
16:05:11.0151 0x2270  exfat - ok
16:05:11.0203 0x2270  [ 1A4BEE34277784619DDAF0422C0C6E23, 3223E1B5DD4866D8E09F1B465FF82C911DDEE5B01B084543086E47B11D2AEA77 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:05:11.0300 0x2270  fastfat - ok
16:05:11.0361 0x2270  [ 81B79B6DF71FA1D2C6D688D830616E39, 62F8BC0DB918A49B10A5BE1724A2E2F17FA7D8208D5D86822FACB2DCD97B3591 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
16:05:11.0467 0x2270  fdc - ok
16:05:11.0497 0x2270  [ BB9267ACACD8B7533DD936C34A0CBA5E, 32DE6E10ABA540D62F0D8AE30DE8769D7BF29E547838BEBE67C04183CC0B32C7 ] fdPHost         C:\Windows\system32\fdPHost.dll
16:05:11.0572 0x2270  fdPHost - ok
16:05:11.0600 0x2270  [ 300C80931EABBE1DB7591C516EFE8D0F, F031DA96B06B6FA8E0AD56D5E10E5A5882765C3FF258A4DE06A47EC34829FF04 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:05:11.0700 0x2270  FDResPub - ok
16:05:11.0715 0x2270  [ 457B7D1D533E4BD62A99AED9C7BB4C59, 3933907DE163F8D3A81ED25169B693D723296C437C7C990BFE9DEFD60F7635FD ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:05:11.0773 0x2270  FileInfo - ok
16:05:11.0794 0x2270  [ D421327FD6EFCCAF884A54C58E1B0D7F, C2F3B72EA36BA8B74A30E128C088307CA768FDBE232BFA216CD78B0F9B7AF18A ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:05:11.0856 0x2270  Filetrace - ok
16:05:11.0879 0x2270  [ 230923EA2B80F79B0F88D90F87B87EBD, 1F3287970FEC73011F3B675C447BF0CA35416490D4740C6960595B091181059C ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
16:05:11.0944 0x2270  flpydisk - ok
16:05:11.0989 0x2270  [ E3041BC26D6930D61F42AEDB79C91720, 3556C033BB78445EC8B2F98A82455914764AFC70CBFF634DDBD3539885A1E457 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:05:12.0033 0x2270  FltMgr - ok
16:05:12.0090 0x2270  [ 6CD6BB45BD3E0EEF6CE496BF52854FF1, 939630A1EEAB79DD5AA3D9272B9EDC0550BC06D40C9B398815FCFF4AC12A7F2C ] FlyUsb          C:\Windows\system32\DRIVERS\FlyUsb.sys
16:05:12.0155 0x2270  FlyUsb - ok
16:05:12.0292 0x2270  [ F937F278E44138C0386FA1DE69B1F72B, 49180522CCCB5377B5B3A7EF8B9697FBE19A1E5D84BC282D24C39B3D52698851 ] FontCache       C:\Windows\system32\FntCache.dll
16:05:12.0545 0x2270  FontCache - ok
16:05:12.0639 0x2270  [ BC5B0BE5AF3510B0FD8C140EE42C6D3E, B21CA5F14BDB6CFD97A24C28BB2AD0D704C46058F13B01FF4203514FE8B92591 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:05:12.0665 0x2270  FontCache3.0.0.0 - ok
16:05:12.0726 0x2270  [ 5779B86CD8B32519FBECB136394D946A, 68A395CD2287D22CB5C8CFE5A3006A61AC0C3FDAADF166C93240FF83C0315DCF ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:05:12.0817 0x2270  Fs_Rec - ok
16:05:12.0861 0x2270  [ C8E416668D3DC2BE3D4FE4C79224997F, 7DBC8E7687179A649638F606C9584F2E8EC2065762997CDF151F9BB99FA8D535 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
16:05:12.0891 0x2270  gagp30kx - ok
16:05:13.0013 0x2270  [ BC4D691A2F3339FE89726D4959C79996, B78982B213BF81214783016E13030478DC1CCBEEFEE3CAA4ADD65DDC8F08E7D9 ] GameConsoleService C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
16:05:13.0131 0x2270  GameConsoleService - ok
16:05:13.0228 0x2270  [ E403AACF8C7BB11375122D2464560311, 0427B8FFD999D256EA1A5135F218692959A7577CB32354D3087CF0FB4F0577DF ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:05:13.0243 0x2270  GEARAspiWDM - ok
16:05:13.0401 0x2270  [ A0E1B575BA8F504968CD40C0FAEB2384, F64A24A5A93F4E757882E97C65DA612F07A87F4DDD2E10C1AB0250AFA03BCEF1 ] gpsvc           C:\Windows\System32\gpsvc.dll
16:05:13.0526 0x2270  gpsvc - ok
16:05:13.0678 0x2270  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:05:13.0694 0x2270  gupdate - ok
16:05:13.0703 0x2270  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:05:13.0722 0x2270  gupdatem - ok
16:05:13.0794 0x2270  [ F942C5820205F2FB453243EDFEC82A3D, 17A6A3DCF884FB524C93F2477D97E9F2B8E547709F8F2AEA93BEEA322B62E914 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
16:05:13.0919 0x2270  HDAudBus - ok
16:05:13.0964 0x2270  [ B4881C84A180E75B8C25DC1D726C375F, C0BEDBF43EFB0DD442A1D7985EA4A7493671648954B7D1840E30FB2FC46589A4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
16:05:14.0061 0x2270  HidBth - ok
16:05:14.0089 0x2270  [ 4E77A77E2C986E8F88F996BB3E1AD829, 1748676EB038A145405080B829DF4156C2596691BE5C67FD8269BE8D9351B400 ] HidIr           C:\Windows\system32\drivers\hidir.sys
16:05:14.0161 0x2270  HidIr - ok
16:05:14.0210 0x2270  [ 59361D38A297755D46A540E450202B2A, ED97800A3FF9B90EC58BC5122C42B53F46D9C157EFE488481E8677ED7058E33D ] hidserv         C:\Windows\System32\hidserv.dll
16:05:14.0265 0x2270  hidserv - ok
16:05:14.0294 0x2270  [ 443BDD2D30BB4F00795C797E2CF99EDF, BCE1A241AE5CCE3E1C65CCF07ECB4305C7106F2EFFD51F2C519EB00026B474C4 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:05:14.0331 0x2270  HidUsb - ok
16:05:14.0370 0x2270  [ B12F367EA39C0795FD57E31242CE1A5A, 498439FE4D1217211EB6C1AC35CDA5D59F3AE8F06AF5E41EE9FDB0DC559FBE27 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:05:14.0416 0x2270  hkmsvc - ok
16:05:14.0452 0x2270  [ D7109A1E6BD2DFDBCBA72A6BC626A13B, 6141B6645F4152A326ECA8AD0DD04CB38C9EDA395BDF6FF260AB17CB86FC4C87 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
16:05:14.0470 0x2270  HpCISSs - ok
16:05:14.0587 0x2270  [ A3E5E2967011E94A61499DF7A777FAC8, 4632AC66AA9257C1427A52C915B3FBE92336CB53A0231312B6AED9290FE7EE81 ] HPSupportSolutionsFrameworkService C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
16:05:14.0607 0x2270  HPSupportSolutionsFrameworkService - ok
16:05:14.0687 0x2270  [ 098F1E4E5C9CB5B0063A959063631610, 36B02A738413E4745978E3E90D9CE8ABC08376BEE411008A4312A752CB4A2E13 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:05:14.0799 0x2270  HTTP - ok
16:05:14.0818 0x2270  [ DA94C854CEA5FAC549D4E1F6E88349E8, 10BEB47DB90F55BD1792C2041E49ED13E4E52BCC11BE6599F6DA8D91B79CC8D1 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
16:05:14.0841 0x2270  i2omp - ok
16:05:14.0863 0x2270  [ CBB597659A2713CE0C9CC20C88C7591F, A2BAC75F7247D871842A32EAA7594D338E728D1BFEAEA3C1FCDBF65F007BC06A ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
16:05:14.0927 0x2270  i8042prt - ok
16:05:15.0011 0x2270  [ 7B96206E4BDD2FE582F0DBC46F5F410E, D27BB43E7EE0C2905FF23C48DBF6F492873F65CAD467F13A2731EB7D3A0CE5DC ] IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
16:05:15.0051 0x2270  IAANTMON - ok
16:05:15.0105 0x2270  [ 07FB761600EFF44AF02C35B8B57E5863, 77266CF3A21BA73722C3868214F3B062C534B3C38DB2591C26E2E9F56FA70FD1 ] iaStor          C:\Windows\system32\drivers\iastor.sys
16:05:15.0144 0x2270  iaStor - ok
16:05:15.0179 0x2270  [ 3E3BF3627D886736D0B4E90054F929F6, 95A138B65DC9133E92F53A529C7AD897D8823EFAED343756549FDF6C8C749CD0 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
16:05:15.0206 0x2270  iaStorV - ok
16:05:15.0406 0x2270  [ A9AA69F749AC1D318151E77372CC83DB, 2A50A4D6ED22F5F6CB5DC56A639D904AD71E511DC744A6F6C3D1D4D39756AF31 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:05:15.0515 0x2270  idsvc - ok
16:05:15.0925 0x2270  [ D4A887F145E96FA9F08C1D1D67EA6546, CAD0959CF2C69262DD17E6B6CAF3AE1D3D9690FDCDC10A037740A8EBEF2565EB ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
16:05:16.0877 0x2270  igfx - ok
16:05:16.0971 0x2270  [ 8C3951AD2FE886EF76C7B5027C3125D3, 85CF7231756E02BD9E5F4378F3FC794394A072B8028F27827F83ACE9EE554499 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
16:05:16.0999 0x2270  iirsp - ok
16:05:17.0126 0x2270  [ 0401A380C88754B2399F8043AC9B2BF9, BFF3B53FAFAE6622AA9F74BAA4A3D522C06E2D732B88916766603B9FE8D0D77F ] IKEEXT          C:\Windows\System32\ikeext.dll
16:05:17.0280 0x2270  IKEEXT - ok
16:05:17.0380 0x2270  [ DF797A12176F11B2D301C5B234BB200E, 384343636B21CA7EDF28EFD1B6728EAB1508CA49CE48FF3DC0D91DB843C0C73E ] intelide        C:\Windows\system32\drivers\intelide.sys
16:05:17.0408 0x2270  intelide - ok
16:05:17.0431 0x2270  [ BFD84AF32FA1BAD6231C4585CB469630, 33E0842F2D0879B02C115301174FCB19ED3AAF7B1B8E6284839CE16DE56476EA ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:05:17.0528 0x2270  intelppm - ok
16:05:17.0576 0x2270  [ 5624BC1BC5EEB49C0AB76A8114F05EA3, BD5AA534D8A923AF4D205EEC6DA55A3DC5F915E5F3223BF23F24C09824FA90B6 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:05:17.0672 0x2270  IPBusEnum - ok
16:05:17.0712 0x2270  [ D8AABC341311E4780D6FCE8C73C0AD81, 141E8032A934777567E6DAC35FB1C77C40D9B6EE477F17F872F35833A8F57F72 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:05:17.0785 0x2270  IpFilterDriver - ok
16:05:17.0857 0x2270  [ BF0DBFA9792C5C14FA00F61C75116C1B, 24C14DCAF57013F1C238E3C123279737420A714EB29CB69239C9838C9A269A59 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:05:17.0956 0x2270  iphlpsvc - ok
16:05:17.0966 0x2270  IpInIp - ok
16:05:18.0003 0x2270  [ 9C2EE2E6E5A7203BFAE15C299475EC67, E51628ECAB9CCCBCE02801C5E71406487A280765FEE318D14B0C227141B87658 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
16:05:18.0113 0x2270  IPMIDRV - ok
16:05:18.0138 0x2270  [ B7E6212F581EA5F6AB0C3A6CEEEB89BE, C29D7F392116BB09F7047A90702331F200DACFB3C94E7F912932971E0B7F0413 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
16:05:18.0233 0x2270  IPNAT - ok
16:05:18.0331 0x2270  [ A9AB99EE7D39725EAFEC82732D2B3271, 962F231608C36BA0B2EAE5981BB9BAC85B6CAA3A5F656D786B97D9B421A831A6 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
16:05:18.0417 0x2270  iPod Service - ok
16:05:18.0450 0x2270  [ 8C42CA155343A2F11D29FECA67FAA88D, 699F06D25C5F270CE1194F4D350CB0BE22C6AB609EECF35D066C034AC380BEE3 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:05:18.0517 0x2270  IRENUM - ok
16:05:18.0541 0x2270  [ 0672BFCEDC6FC468A2B0500D81437F4F, A0322B569C309F258684AFECCD52924A33F363186261730469245B7FA357C645 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:05:18.0560 0x2270  isapnp - ok
16:05:18.0610 0x2270  [ E4FDF99599F27EC25D2CF6D754243520, 9139E708EE30F10652C9A458BD58B0343A3C05E84CD3E71FA0B0E4123503CF7B ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
16:05:18.0636 0x2270  iScsiPrt - ok
16:05:18.0651 0x2270  [ 63C766CDC609FF8206CB447A65ABBA4A, D9CA006FA852C95E90E8A0837E296FCBFD76246DA8AFDE563863D5F95BDFEC52 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
16:05:18.0668 0x2270  iteatapi - ok
16:05:18.0699 0x2270  [ 1281FE73B17664631D12F643CBEA3F59, B27571A0348CDF81DC102A61712CBA9A4AF7AC0015A7702B0DE73AD4E4646853 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
16:05:18.0729 0x2270  iteraid - ok
16:05:18.0749 0x2270  [ 423696F3BA6472DD17699209B933BC26, 00C2EAA1A8E9D422D178B7678598743234930C1858D76C632F079EF789BB56C3 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
16:05:18.0768 0x2270  kbdclass - ok
16:05:18.0786 0x2270  [ BF8783A5066CFECF45095459E8010FA7, 90845E1A154189258B2754C4FF8E6732AA462FF3777E8DFBAF8246C7C5B2740D ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
16:05:18.0862 0x2270  kbdhid - ok
16:05:18.0957 0x2270  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] KeyIso          C:\Windows\system32\lsass.exe
16:05:19.0043 0x2270  KeyIso - ok
16:05:19.0105 0x2270  [ 88956AD9FA510848AD176777A6C6C1F5, 8F2FBF7E70F836C2C11EE5ABCAFE3E51DC26E953DDFBEE3C1B4AA8E58EBDCF5E ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:05:19.0173 0x2270  KSecDD - ok
16:05:19.0224 0x2270  [ 1D419CF43DB29396ECD7113D129D94EB, 21ECCE9D17F055C7B5066110864E10C99291CE50B389C545371333904CE2DBB5 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
16:05:19.0289 0x2270  ksthunk - ok
16:05:19.0350 0x2270  [ 1FAF6926F3416D3DA05C5B265491BDAE, 3989E18522691CC3820092033E00ED39D08861DFB369AA0DFFF4B379E48EA1F0 ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:05:19.0465 0x2270  KtmRm - ok
16:05:19.0520 0x2270  [ 50C7A3CB427E9BB5ED0708A669956AB5, 3DAD1C01AE58FE2C6134283B19118E2F3C884DDFFBAE4A46B7B5E4FB1A2567A1 ] LanmanServer    C:\Windows\System32\srvsvc.dll
16:05:19.0618 0x2270  LanmanServer - ok
16:05:19.0664 0x2270  [ CAF86FC1388BE1E470F1A7B43E348ADB, 9E9AE0B617D1031E8462524802A2D997AE7C944A7D00D403FF903145A7FEB761 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:05:19.0728 0x2270  LanmanWorkstation - ok
16:05:20.0193 0x2270  [ 32F1B95C60042F3D95FC8AB43559B3B1, 52652B1CE93C6B9DC12E56B5D4C44F45042901D89D21974BFE1D7116BFADEE74 ] LeapFrog Connect Device Service C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
16:05:20.0856 0x2270  LeapFrog Connect Device Service - ok
16:05:20.0920 0x2270  [ 96ECE2659B6654C10A0C310AE3A6D02C, 3322E87B9F64C3ACBCB634F2390AAB212FA7695383BF01F0092A803871BF19B2 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:05:21.0032 0x2270  lltdio - ok
16:05:21.0087 0x2270  [ 961CCBD0B1CCB5675D64976FAE37D092, 258378BE76A13E4368C9587E6A22727721E4B267B0D26D3D3E333B3B2A5A0611 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:05:21.0200 0x2270  lltdsvc - ok
16:05:21.0220 0x2270  [ A47F8080CACC23C91FE823AD19AA5612, 161575406D158D6D5C9220F1E82C0CC19108C74ADC35C509BAF9B0C414EFD8EE ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:05:21.0324 0x2270  lmhosts - ok
16:05:21.0367 0x2270  [ ACBE1AF32D3123E330A07BFBC5EC4A9B, 0E17E4DD30B5AF8F269EF8EA003836C9E16273262A050B9BE3ED802DD3AC9319 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
16:05:21.0387 0x2270  LSI_FC - ok
16:05:21.0414 0x2270  [ 799FFB2FC4729FA46D2157C0065B3525, AB462A34D061C113DA12641C45159A58D0AEA1C440233D061A20DF99586CFA93 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
16:05:21.0435 0x2270  LSI_SAS - ok
16:05:21.0463 0x2270  [ F445FF1DAAD8A226366BFAF42551226B, 92B63E15363F1EAE8A54D4E74ED21669D0A9FE99C654671556C58456228278B1 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
16:05:21.0485 0x2270  LSI_SCSI - ok
16:05:21.0515 0x2270  [ 52F87B9CC8932C2A7375C3B2A9BE5E3E, 2EB22DD418D4934BDD22C5DB49D5D06178EC0419AB5CC28DD544CA91823987B0 ] luafv           C:\Windows\system32\drivers\luafv.sys
16:05:21.0580 0x2270  luafv - ok
16:05:21.0601 0x2270  lxcy_device - ok
16:05:21.0682 0x2270  [ F92B0E478C0FAA6D6661E6E977247E60, 8B26B57C2C60C98CD6273ACA126B2CD0356ADB13A59FEC12882357A6B973123C ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
16:05:21.0699 0x2270  MBAMProtector - ok
16:05:21.0828 0x2270  [ D84AEA3F3329D622DFC1297DDDF6163B, 316FE56CC30ED1473A917253F46B79EAA12F4ABD5B4B1ADB03929DFEE940F577 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
16:05:22.0062 0x2270  MBAMScheduler - ok
16:05:22.0120 0x2270  [ 4F45ED469906494F9BF754E476390DBD, D8FF6AFD73D8C191F5732DF9737E6F83B2B52B06A3A6CD4CC6EAC9464CBB2772 ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
16:05:22.0366 0x2270  MBAMService - ok
16:05:22.0447 0x2270  [ 8A50D5304E6AE48664CF5838EC32F647, C76943FABEE1B5E1B641AA610668CCD4227E2C4B191DD30B79D3AB31A9E8B5BE ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
16:05:22.0470 0x2270  MBAMSwissArmy - ok
16:05:22.0551 0x2270  [ 3C88AB26DEDCD50396240CA37D5085AF, 2513CBD3CA303CB9B424659F2F5E89B22CA4E724DCEB31B4A0DA1A5B731A9A39 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
16:05:22.0571 0x2270  MBAMWebAccessControl - ok
16:05:22.0663 0x2270  [ 76A58DF02BD4EA29F189B82D0BEF17F8, B3A96AABE050BB332ECD9AF7C35D08B468AC459D30FF4D49B609BA3F95ECEEDA ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:05:22.0690 0x2270  Mcx2Svc - ok
16:05:22.0735 0x2270  [ 5C5CD6AACED32FB26C3FB34B3DCF972F, 34A66C21FA79800D3CDE933CFA71343218F94D67AAE763EA0B53AC49060CB6D0 ] megasas         C:\Windows\system32\drivers\megasas.sys
16:05:22.0755 0x2270  megasas - ok
16:05:22.0809 0x2270  [ 859BC2436B076C77C159ED694ACFE8F8, 4AEA57A8B9EACEC1B8DED3ECC95621C56E6D65CFE2DA9F07DAF7C7BAD132B624 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
16:05:22.0855 0x2270  MegaSR - ok
16:05:22.0961 0x2270  [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
16:05:22.0978 0x2270  Microsoft Office Groove Audit Service - ok
16:05:22.0989 0x2270  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A, 18B0E3E83E41C80809E8140F4C90AB051566C84DD891EA411746EA74E6EAF053 ] MMCSS           C:\Windows\system32\mmcss.dll
16:05:23.0057 0x2270  MMCSS - ok
16:05:23.0106 0x2270  [ 59848D5CC74606F0EE7557983BB73C2E, EA6ACF0619DE1E4272AEDC69F2E66E29DA499E8E8094243C9EF735FD8369229D ] Modem           C:\Windows\system32\drivers\modem.sys
16:05:23.0193 0x2270  Modem - ok
16:05:23.0223 0x2270  [ C247CC2A57E0A0C8C6DCCF7807B3E9E5, 357811D1B8F70828F6432879F59DAB916FBB55673B3473D879382DE33CFB3FAF ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:05:23.0302 0x2270  monitor - ok
16:05:23.0326 0x2270  [ 9367304E5E412B120CF5F4EA14E4E4F1, F87EBACEE27A50E6610FDCB4BD3001C35A99FEE6D63D643FF2CBF0D484CD082C ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:05:23.0349 0x2270  mouclass - ok
16:05:23.0391 0x2270  [ C2C2BD5C5CE5AAF786DDD74B75D2AC69, B77E4A7511923E7BD35A177A40B4E461AC9CB050D6F0575D4799DEF85DA6DA38 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:05:23.0464 0x2270  mouhid - ok
16:05:23.0486 0x2270  [ 11BC9B1E8801B01F7F6ADB9EAD30019B, 1BAF820C0AB1B70A114E767B2155A58BF86CD0D9CF582813C1635A86BE3A7A05 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
16:05:23.0511 0x2270  MountMgr - ok
16:05:23.0601 0x2270  [ 707E98CC15C2224C078C9E71FF1889BC, 958416FE081436FDBF7F2BEBBB2795C54CC4F3F349D6DF463296A7BBA3404F13 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:05:23.0680 0x2270  MozillaMaintenance - ok
16:05:23.0746 0x2270  [ F8276EB8698142884498A528DFEA8478, C0FF504F721F1D00F42CFE783D4F32C6728518F64646F5C5C11BA3A4824815BB ] mpio            C:\Windows\system32\drivers\mpio.sys
16:05:23.0770 0x2270  mpio - ok
16:05:23.0828 0x2270  [ C92B9ABDB65A5991E00C28F13491DBA2, D1233381A9E4262F0AB396BBDB7DE402D4370805E11EB8A118C846F6E9474098 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:05:23.0885 0x2270  mpsdrv - ok
16:05:23.0986 0x2270  [ 897E3BAF68BA406A61682AE39C83900C, 13F61D5C22BED061BE7C2669CCCAA2BAD4A0CE83800DF57A50306DE0A476FC27 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:05:24.0122 0x2270  MpsSvc - ok
16:05:24.0160 0x2270  [ 3C200630A89EF2C0864D515B7A75802E, AA4A312E7A28FCE7A944747BADB809CAAD3D67899EBBE663D473621DB25B140A ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
16:05:24.0247 0x2270  Mraid35x - ok
16:05:24.0313 0x2270  [ 7C1DE4AA96DC0C071611F9E7DE02A68D, 8B248A82324FB23C64D41FA91BCC22093DE44C48D688E5995C484A7072A6EC08 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:05:24.0346 0x2270  MRxDAV - ok
16:05:24.0410 0x2270  [ 1485811B320FF8C7EDAD1CAEBB1C6C2B, 9F157AAA1A793EF7E52817E4126B774C17FFA0036DADCF10A024FDC068F94F67 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:05:24.0474 0x2270  mrxsmb - ok
16:05:24.0518 0x2270  [ 3B929A60C833FC615FD97FBA82BC7632, 40EEBEB43F42A1A37FAA529E0C21984426F90C1EEFE1EF9BB2F696164595F91D ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:05:24.0575 0x2270  mrxsmb10 - ok
16:05:24.0587 0x2270  [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3, 197F70E24D2BBDEC35C2D5BC442267ACC4C5AE3FD5BB30A0928976BE9758C942 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:05:24.0647 0x2270  mrxsmb20 - ok
16:05:24.0719 0x2270  [ 730B784962D22D2C6481EAE2370E7C8C, D797363808125247CFCE49E5E427193B95292260B70CDB882331CD9F58F8979B ] msahci          C:\Windows\system32\drivers\msahci.sys
16:05:24.0737 0x2270  msahci - ok
16:05:24.0772 0x2270  [ 264BBB4AAF312A485F0E44B65A6B7202, 1DF36540C77D5D885B6C2EE91F0446864D8E6D6CFED87A9ED0765E76FE05E102 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:05:24.0794 0x2270  msdsm - ok
16:05:24.0832 0x2270  [ 7EC02CE772F068ED0BEAFA3DA341A9BC, 3B5B4EA0BF1D1E57F4DF74A569304A5EE41821F5E2F352760B8C9CA82C6D8292 ] MSDTC           C:\Windows\System32\msdtc.exe
16:05:24.0904 0x2270  MSDTC - ok
16:05:24.0961 0x2270  [ 704F59BFC4512D2BB0146AEC31B10A7C, F7712944DDC192C47953D577BE31B79B4D11217305B1C3D0DCA31B1518CB8DCB ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:05:25.0034 0x2270  Msfs - ok
16:05:25.0066 0x2270  [ 00EBC952961664780D43DCA157E79B27, 4F8F5718D8574A128E0F6CD54C9BE59A93A7638A5689A8FF68D0C81D3E67808F ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:05:25.0087 0x2270  msisadrv - ok
16:05:25.0123 0x2270  [ 366B0C1F4478B519C181E37D43DCDA32, A98E2BC397FAD7D90653F55AC283CACAE7465D7F10A198D715046B1D896AF246 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:05:25.0207 0x2270  MSiSCSI - ok
16:05:25.0213 0x2270  msiserver - ok
16:05:25.0232 0x2270  [ 0EA73E498F53B96D83DBFCA074AD4CF8, E3DDE34FCFF272E06CD8DA836F8D79E2515885715D4A7CD7BF8D97D7A4E0E781 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:05:25.0295 0x2270  MSKSSRV - ok
16:05:25.0340 0x2270  [ 52E59B7E992A58E740AA63F57EDBAE8B, A89F607B330BA1F42CA9FF01EF289BBD088350CF376568E58CB9865F1DA6CD72 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:05:25.0402 0x2270  MSPCLOCK - ok
16:05:25.0432 0x2270  [ 49084A75BAE043AE02D5B44D02991BB2, 4CD2692D191035CE9D18F4D21F054FF8C3F9CF2734464EA33EAB480A28AD447F ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:05:25.0499 0x2270  MSPQM - ok
16:05:25.0548 0x2270  [ DC6CCF440CDEDE4293DB41C37A5060A5, 768D08A67508E1CE69B67642A5E5A639C0DD1E93C956C56ECC5A56B0E502C953 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:05:25.0590 0x2270  MsRPC - ok
16:05:25.0609 0x2270  [ 855796E59DF77EA93AF46F20155BF55B, 75DFCEE16A9D94EDF74295B9686D92552817E8A00958917CB0E17089EDCF6A97 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
16:05:25.0628 0x2270  mssmbios - ok
16:05:25.0656 0x2270  [ 86D632D75D05D5B7C7C043FA3564AE86, 96911FBC106B91E76598EE110B5147D4C55E42C9194E857F866B6B395E78D2CB ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:05:25.0715 0x2270  MSTEE - ok
16:05:25.0743 0x2270  [ 0CC49F78D8ACA0877D885F149084E543, 984DDCB52F0DFC1B26C6504FE500E8D9C2CA7F79ED34608AE9866A0915B8BA67 ] Mup             C:\Windows\system32\Drivers\mup.sys
16:05:25.0767 0x2270  Mup - ok
16:05:25.0833 0x2270  [ A5B10C845E7538C60C0F5D87A57CB3F5, 2B4E16702591C59BC2CA2B99DBB504BAB4F4EF0835B0D9C7453D340CBF0BDF16 ] napagent        C:\Windows\system32\qagentRT.dll
16:05:25.0906 0x2270  napagent - ok
16:05:25.0990 0x2270  [ 2007B826C4ACD94AE32232B41F0842B9, 6267D165C3C8C5F83194890A6DBF71226D4B891AECD1D06F7AEB5D738C3DC9CA ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:05:26.0044 0x2270  NativeWifiP - ok
16:05:26.0179 0x2270  [ 9D1CCE440552500DED3A62F9D779CDB4, C6B3B1C891A8BA3F91CC1EC21919C4F80F4C9CAF88971AB6CA11F09820601EBD ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
16:05:26.0463 0x2270  NAUpdate - ok
16:05:26.0542 0x2270  [ 65950E07329FCEE8E6516B17C8D0ABB6, 4429D9FF9B6E376D28D8FA4906B7554DF566EC23E455E3166C496B579622F204 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:05:26.0631 0x2270  NDIS - ok
16:05:26.0683 0x2270  [ 64DF698A425478E321981431AC171334, C43177CB60F5D58E1FF7A31E9BE5DA7D92C4B25235867DD65BADC069EDF023F3 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:05:26.0717 0x2270  NdisTapi - ok
16:05:26.0731 0x2270  [ 8BAA43196D7B5BB972C9A6B2BBF61A19, 8AFFB26F6E8CF67F562818BBFE12FB448E4FCDF9B68858B625681565DE30DDC1 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:05:26.0808 0x2270  Ndisuio - ok
16:05:26.0868 0x2270  [ F8158771905260982CE724076419EF19, B86FFA790A30ED614A11C87F4D738C913EFC0924DC14750D544001D4E9556071 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:05:26.0941 0x2270  NdisWan - ok
16:05:26.0965 0x2270  [ 9CB77ED7CB72850253E973A2D6AFDF49, C3C15B317A7F7AE68B7BC62343962C47F075240F252727811DB4BEE443F9103F ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:05:27.0030 0x2270  NDProxy - ok
16:05:27.0061 0x2270  [ A499294F5029A7862ADC115BDA7371CE, 6BE0AAFE4EB59E056A929D6C1A009D8DFD547025481108CEFB12E5D6F86DBE14 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:05:27.0133 0x2270  NetBIOS - ok
16:05:27.0186 0x2270  [ FC2C792EBDDC8E28DF939D6A92C83D61, 9EDF8B56E2B47C31457074DA371B604E5F7EB2B3B5CD4688CBEEDD5B266D119B ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
16:05:27.0257 0x2270  netbt - ok
16:05:27.0285 0x2270  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] Netlogon        C:\Windows\system32\lsass.exe
16:05:27.0311 0x2270  Netlogon - ok
16:05:27.0354 0x2270  [ 9B63B29DEFC0F3115A559D2597BF5D75, 297319D3F2E97CB34464EA59D8FD96AC2B8B1A4F2AEE666937F16A041128021F ] Netman          C:\Windows\System32\netman.dll
16:05:27.0437 0x2270  Netman - ok
16:05:27.0494 0x2270  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:05:27.0589 0x2270  NetMsmqActivator - ok
16:05:27.0597 0x2270  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:05:27.0620 0x2270  NetPipeActivator - ok
16:05:27.0654 0x2270  [ 7846D0136CC2B264926A73047BA7688A, 6F56CC1B17095C378D98B58A92F9EDA2D009529DDB6F60E815D85C7606C8EDC0 ] netprofm        C:\Windows\System32\netprofm.dll
16:05:27.0741 0x2270  netprofm - ok
16:05:27.0750 0x2270  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:05:27.0773 0x2270  NetTcpActivator - ok
16:05:27.0781 0x2270  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:05:27.0831 0x2270  NetTcpPortSharing - ok
16:05:27.0858 0x2270  [ 4AC08BD6AF2DF42E0C3196D826C8AEA7, 8D7DE921E14BAF09D7E2704CFB2FB1C8A78A46DAF86CDF7A347C5D113A8C110B ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
16:05:27.0875 0x2270  nfrd960 - ok
16:05:27.0903 0x2270  [ F145BF4C4668E7E312069F81EF847CFC, C4926EFB41FE2813E90D83456C6CB8F3157D835391B443C7E26168F4E1D67DC7 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:05:27.0982 0x2270  NlaSvc - ok
16:05:28.0021 0x2270  [ B298874F8E0EA93F06EC40AA8D146478, 275D769E5EFD3153985DAF84C5B22B9D65428E09AB41099901ABDD03B3A2625D ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:05:28.0089 0x2270  Npfs - ok
16:05:28.0146 0x2270  [ ACB62BAA1C319B17752553DF3026EEEB, 5A309DF390A097245250BB64AD5F8575BECA601E0A122DDCB494C67D3D9EA089 ] nsi             C:\Windows\system32\nsisvc.dll
16:05:28.0220 0x2270  nsi - ok
16:05:28.0250 0x2270  [ 1523AF19EE8B030BA682F7A53537EAEB, B000630CE4B562D39B5EE4148409B2E01D8924D33D27607B24ADC901357E7AA5 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:05:28.0318 0x2270  nsiproxy - ok
16:05:28.0427 0x2270  [ 2ACCAA3C3C55370A32F17B3595E1A217, 8539A293A5E1EBA2CC0FA9E999099D3B6B035D41069398AE17D737BBE4D9FEA8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:05:28.0653 0x2270  Ntfs - ok
16:05:28.0730 0x2270  [ D4012918D3A3847B44B888D56BC095D6, BE78F54CA01E8C37FD9129AA2869CCFE84BA8F5ED015486019305C7F40AE3B1B ] NuidFltr        C:\Windows\system32\DRIVERS\NuidFltr.sys
16:05:28.0753 0x2270  NuidFltr - ok
16:05:28.0773 0x2270  [ DD5D684975352B85B52E3FD5347C20CB, BB03C50D5178643550C024130E20FD9A023AE110B3C85A2D6E18FB8DBB3A12E4 ] Null            C:\Windows\system32\drivers\Null.sys
16:05:28.0853 0x2270  Null - ok
16:05:28.0881 0x2270  [ 2C040B7ADA5B06F6FACADAC8514AA034, EF32F7C411090230ED1D95B2D01E8464DCC89D72EFD94BBC8DF6856D00B1A783 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:05:28.0914 0x2270  nvraid - ok
16:05:28.0945 0x2270  [ F7EA0FE82842D05EDA3EFDD376DBFDBA, 0ED0543A5331C0D8BBFD1BE3174482ED1B3EE70CA41CE8CE5C81977C37B3D129 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:05:28.0999 0x2270  nvstor - ok
16:05:29.0021 0x2270  [ 19067CA93075EF4823E3938A686F532F, 81339372E90CE9E2594461146A82B62452CF9DB3FF53381D30F6922059EDCF99 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:05:29.0055 0x2270  nv_agp - ok
16:05:29.0061 0x2270  NwlnkFlt - ok
16:05:29.0073 0x2270  NwlnkFwd - ok
16:05:29.0123 0x2270  [ 706F5504AF9F28C8641DAB5EDDFDE03B, 33E54EB93F5B1AC32981580EA2474CEC7AC06F0BEDAB5E07AE988F027CAACCFE ] OA009Ufd        C:\Windows\system32\DRIVERS\OA009Ufd.sys
16:05:29.0165 0x2270  OA009Ufd - ok
16:05:29.0192 0x2270  [ 4BB946D5A9BC62B45D58108D29AE2E7D, 0D810BEDFC85E45C32905C0DC9A0963EE10A903BEF4198CB6B70189092099230 ] OA009Vid        C:\Windows\system32\DRIVERS\OA009Vid.sys
16:05:29.0261 0x2270  OA009Vid - ok
16:05:29.0382 0x2270  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:05:29.0443 0x2270  odserv - ok
16:05:29.0528 0x2270  [ 7B58953E2F263421FDBB09A192712A85, 50F2E667BDD477514BC5B9513E3E8837F4964CFE96ADE849ED6DBE1D7BEA4928 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:05:29.0632 0x2270  ohci1394 - ok
16:05:29.0681 0x2270  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:05:29.0702 0x2270  ose - ok
16:05:29.0783 0x2270  [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
16:05:29.0959 0x2270  p2pimsvc - ok
16:05:30.0021 0x2270  [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:05:30.0116 0x2270  p2psvc - ok
16:05:30.0190 0x2270  [ AECD57F94C887F58919F307C35498EA0, CD8E8B54A445EF0DC485D5F221588875C98328596F64EE03B2D8BD0B860504FB ] Parport         C:\Windows\system32\drivers\parport.sys
16:05:30.0285 0x2270  Parport - ok
16:05:30.0332 0x2270  [ B43751085E2ABE389DA466BC62A4B987, 167CB6B18B6B7B74A229A976833E1FBE6D51C9C0EB8A23C92FC2465B692DF383 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:05:30.0354 0x2270  partmgr - ok
16:05:30.0396 0x2270  [ 9AB157B374192FF276C1628FBDBA2B0E, E63E2EE1ABEEC5234F4F1318757EDB4A7567057B1DF1A2414C8698D47062B6AC ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:05:30.0454 0x2270  PcaSvc - ok
16:05:30.0506 0x2270  [ 47AB1E0FC9D0E12BB53BA246E3A0906D, 82B452D614B535FAD3AFEEA06DFBBF8F7C5031563A2558CFA04F9B94C76E45DF ] pci             C:\Windows\system32\drivers\pci.sys
16:05:30.0531 0x2270  pci - ok
16:05:30.0546 0x2270  [ 8D618C829034479985A9ED56106CC732, 9F3773A5184064092920FA2C88CCF5BFE44C63573B443E67230C4F596B7884C2 ] pciide          C:\Windows\system32\drivers\pciide.sys
16:05:30.0564 0x2270  pciide - ok
16:05:30.0591 0x2270  [ 037661F3D7C507C9993B7010CEEE6288, A7B415675B14FD755D0167BBA458A902AA9ABFC4343A1B887289D31DE8A55285 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
16:05:30.0614 0x2270  pcmcia - ok
16:05:30.0654 0x2270  [ 58865916F53592A61549B04941BFD80D, 3511AF2EFD06636E144C36ECA8C7AA1A33C269EDB10A6D879AA25D9E11359AA9 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:05:30.0824 0x2270  PEAUTH - ok
16:05:30.0915 0x2270  [ 0ED8727EA0172860F47258456C06CAEA, 3CDAA1044E412EC4303CEABD36A8C7BADA2D6C6692E09B8FE440709E3F4F0166 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
16:05:30.0980 0x2270  PerfHost - ok
16:05:31.0075 0x2270  [ E9E68C1A0F25CF4A7AC966EEA74EE89E, 6C6903A856C29AD690FDA1B74ADB2222C3453FBE2B364245FA61D53C77C586C0 ] pla             C:\Windows\system32\pla.dll
16:05:31.0260 0x2270  pla - ok
16:05:31.0311 0x2270  [ FE6B0F59215C9FD9F9D26539C58C8B82, 52CF8BE31A28430226D117EB80974AEAE5EA07F39DE881164232D44BF67FF752 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:05:31.0355 0x2270  PlugPlay - ok
16:05:31.0406 0x2270  [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
16:05:31.0538 0x2270  PNRPAutoReg - ok
16:05:31.0595 0x2270  [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
16:05:31.0673 0x2270  PNRPsvc - ok
16:05:31.0779 0x2270  [ 89A5560671C2D8B4A4B51F3E1AA069D8, 07DEE5D73DDE09F954E2E13BB5603F0033829B6199C81A7C1709D94AB92B351E ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:05:31.0833 0x2270  PolicyAgent - ok
16:05:31.0885 0x2270  [ 23386E9952025F5F21C368971E2E7301, F7241C1799A8AA0E9106B101B841670304DC695FD8D290C690CE0ED5C13BC514 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:05:31.0948 0x2270  PptpMiniport - ok
16:05:31.0990 0x2270  [ 5080E59ECEE0BC923F14018803AA7A01, 2E201511821AECCF056962399AFA3533ED765A3E7FD30E7B38A6D13837367E69 ] Processor       C:\Windows\system32\drivers\processr.sys
16:05:32.0049 0x2270  Processor - ok
16:05:32.0090 0x2270  [ E058CE4FC2449D8BFA14739C83B7FF2A, 6ACA086D5E0EF3C3EAEBD78010E50739BBA7CA05E937FFF3A4F2AD22FD57B54A ] ProfSvc         C:\Windows\system32\profsvc.dll
16:05:32.0129 0x2270  ProfSvc - ok
16:05:32.0142 0x2270  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:05:32.0163 0x2270  ProtectedStorage - ok
16:05:32.0218 0x2270  [ C5AB7F0809392D0DA027F4A2A81BFA31, B5BC9712AD93661A77AF4D67DB5F05C58A93CF7CDD6F7BA20568C0A9F4630321 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
16:05:32.0255 0x2270  PSched - ok
16:05:32.0295 0x2270  [ 46851BC18322DA70F3F2299A1007C479, B2F0744F8B3AC0569D713773B8639EC225B80DD4C7D45C6B18423C52AFFAF17C ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
16:05:32.0311 0x2270  PxHlpa64 - ok
16:05:32.0420 0x2270  [ 0B83F4E681062F3839BE2EC1D98FD94A, 47E1B8014C59981693F5544872AF00383528AAEF0C6FE9AE8C45A6359EFB067D ] ql2300          C:\Windows\system32\drivers\ql2300.sys
16:05:32.0580 0x2270  ql2300 - ok
16:05:32.0603 0x2270  [ E1C80F8D4D1E39EF9595809C1369BF2A, 5C18F8366049C690FC8AA4A992AA0765A6607F72E0EF889A5F3757E59FB1C143 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
16:05:32.0628 0x2270  ql40xx - ok
16:05:32.0666 0x2270  [ 90574842C3DA781E279061A3EFF91F07, F87DE7355DAA4FACF2126A0427C08BAAD9E647E0B02EE5447746BE969B28DA8D ] QWAVE           C:\Windows\system32\qwave.dll
16:05:32.0769 0x2270  QWAVE - ok
16:05:32.0805 0x2270  [ E8D76EDAB77EC9C634C27B8EAC33ADC5, 171A3C5D5C3C5845C3BF9A4BCD88E744B025C910AC2F528D0E7D66F173FF0BED ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:05:32.0869 0x2270  QWAVEdrv - ok
16:05:33.0079 0x2270  [ 2A09A6B271D1F50ADF5E33B37D460DE6, 138C28AFD8622AB8E85D2FC9354D1168FEE86557E309704871681E1AAF4F2F0A ] R300            C:\Windows\system32\DRIVERS\atikmdag.sys
16:05:33.0489 0x2270  R300 - ok
16:05:33.0515 0x2270  [ 1013B3B663A56D3DDD784F581C1BD005, 36B83F234C2D6A6112BC8B5EF0AB5075EE98AC0BED702C37E4C1C3D17EB49956 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:05:33.0601 0x2270  RasAcd - ok
16:05:33.0650 0x2270  [ B2AE18F847D07F0044404DDF7CB04497, 24B1D5E1D0621160640264656E3D447C611DEE1B0EE308971EF85F0AC3D9F7DD ] RasAuto         C:\Windows\System32\rasauto.dll
16:05:33.0721 0x2270  RasAuto - ok
16:05:33.0756 0x2270  [ AC7BC4D42A7E558718DFDEC599BBFC2C, E059EB9472FDDB73AF09FFEBA58D8284AFCDAB1516E0C5759980E60C892F8126 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:05:33.0793 0x2270  Rasl2tp - ok
16:05:33.0823 0x2270  [ 3AD83E4046C43BE510DE681588ACB8AF, C5445A23F35395B3EA3974C0D5E314E23D900C694D31F7B7A83FE9027D95A91C ] RasMan          C:\Windows\System32\rasmans.dll
16:05:33.0901 0x2270  RasMan - ok
16:05:33.0944 0x2270  [ 4517FBF8B42524AFE4EDE1DE102AAE3E, F01C8A773A637B66192BD16DDE467CAECC6E62853DBDB507FF3FC67B4B388988 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:05:34.0010 0x2270  RasPppoe - ok
16:05:34.0056 0x2270  [ C6A593B51F34C33E5474539544072527, 8182C1D15CDC164363D3DD355197160167A00BA9FA833AA444317D06344EF7CE ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:05:34.0083 0x2270  RasSstp - ok
16:05:34.0148 0x2270  [ 322DB5C6B55E8D8EE8D6F358B2AAABB1, 07B89F701594F680F50A885B923521763A6131104CEE63D422E1C359C23AE2F6 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:05:34.0212 0x2270  rdbss - ok
16:05:34.0269 0x2270  [ 603900CC05F6BE65CCBF373800AF3716, 83B010D51D1087673CF15FD0A992FD91CC910A073FEA9A8F20F6124B6E5489F2 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:05:34.0320 0x2270  RDPCDD - ok
16:05:34.0372 0x2270  [ C045D1FB111C28DF0D1BE8D4BDA22C06, 572986C93B982387EE94797A1EDE1C6C444B0F1078AC8201099452BFA021458F ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
16:05:34.0478 0x2270  rdpdr - ok
16:05:34.0484 0x2270  [ CAB9421DAF3D97B33D0D055858E2C3AB, 66C353CD310A91FAB0D0871ACCE71110595B63536560D0331DA70B1E33AC45BE ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:05:34.0528 0x2270  RDPENCDD - ok
16:05:34.0590 0x2270  [ AE4BD9E1C33D351D8E607FC81F15160C, AD785CA72B7C6EB9F94B2E797C758C0F804DB26EE056DDC6D4F85BB562A02EA4 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:05:34.0661 0x2270  RDPWD - ok
16:05:34.0693 0x2270  [ C612B9557DA73F70D41F8A6FBC8E5344, D7D11F202066F848FBD3F26D9FF915C7F3D68F30631393B2049F3AC5A40FD108 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:05:34.0772 0x2270  RemoteAccess - ok
16:05:34.0825 0x2270  [ 44B9D8EC2F3EF3A0EFB00857AF70D861, A45D8024A242456A73337C91663A3E1633BF163234CDFD5DF86840F31FFFE84D ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:05:34.0894 0x2270  RemoteRegistry - ok
16:05:34.0963 0x2270  [ 5790BCA445CC40DF8B38C2C48608AAC2, E8CC273ECF44B6638FEC7AF443745C04E03580B5C6ECFE45648F18BA2B9B89E7 ] RimUsb          C:\Windows\system32\Drivers\RimUsb_AMD64.sys
16:05:35.0043 0x2270  RimUsb - ok
16:05:35.0108 0x2270  [ 182DEB193D2F7B785086AF4F081540FC, 4400188ED188FFAEF73A7370A1E84BE89910A089AA3688BFC0B40764FAC1B7B5 ] RosettaStoneDaemon C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
16:05:35.0390 0x2270  RosettaStoneDaemon - detected UnsignedFile.Multi.Generic ( 1 )
16:05:36.0058 0x2270  Detect skipped due to KSN trusted
16:05:36.0058 0x2270  RosettaStoneDaemon - ok
16:05:36.0209 0x2270  [ F46C457840D4B7A4DAAFEE739CE04102, 94E946036240B3BAFF17C4A49745E29E492ABBC7BE5110741B212DF4D7F45B84 ] RpcLocator      C:\Windows\system32\locator.exe
16:05:36.0274 0x2270  RpcLocator - ok
16:05:36.0344 0x2270  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF, 3BE4B8EE22FA55D3A17D3718781C8BCA631C78F7928092561F6B79BB60E7D7FE ] RpcSs           C:\Windows\system32\rpcss.dll
16:05:36.0482 0x2270  RpcSs - ok
16:05:36.0543 0x2270  [ 22A9CB08B1A6707C1550C6BF099AAE73, 46A9D40A03DC0B6C93274C0C1CDB132B2339E76E77CAB0F12AEDAD4C31822B91 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:05:36.0597 0x2270  rspndr - ok
16:05:36.0638 0x2270  [ BA9306C027A92A7ED685F7C6E2D2B00B, 9089F2F351259323E3BD11CCBEFAC76D1B264DB7D4EBD7D7BCA36B202F867C00 ] RTSTOR          C:\Windows\system32\drivers\RTSTOR64.SYS
16:05:36.0745 0x2270  RTSTOR - ok
16:05:36.0778 0x2270  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] SamSs           C:\Windows\system32\lsass.exe
16:05:36.0812 0x2270  SamSs - ok
16:05:36.0843 0x2270  [ CD9C693589C60AD59BBBCFB0E524E01B, F9EBD4FF4C712A563B1120D123012E41105D31402BE45D6F8C8DA71155D64ECB ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:05:36.0874 0x2270  sbp2port - ok
16:05:36.0939 0x2270  [ FD1CDCF108D5EF3366F00D18B70FB89B, 5BCE3A9D5DC0B6937A734264C5B8DE0E6B8F77A869A118F94D57E662AAB28FE2 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:05:37.0087 0x2270  SCardSvr - ok
16:05:37.0324 0x2270  [ 0F838C811AD295D2A4489B9993096C63, 3DF2F973359249735810CB5AD52E05126A93A1C7D9F6274ACB018A0A125846BD ] Schedule        C:\Windows\system32\schedsvc.dll
16:05:37.0516 0x2270  Schedule - ok
16:05:37.0645 0x2270  [ 5A268127633C7EE2A7FB87F39D748D56, 45C530A0EE0108543A75B9427F77EBB5E8350AE16C235763B6F32E72CE15C449 ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:05:37.0917 0x2270  SCPolicySvc - ok
16:05:37.0998 0x2270  [ 4FF71B076A7760FE75EA5AE2D0EE0018, DDDBC9530120F8C1AB449076F6F06F74354149B4C458E6682F957628EE795DE8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:05:38.0072 0x2270  SDRSVC - ok
16:05:38.0198 0x2270  [ 60FA1521CB40626672DE924D22D16FE2, 81CF88BE530DEE025BD7C66DDF1CADE961478BEF431AEA39AF1284A9931023EE ] Seagate Dashboard Services C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
16:05:38.0318 0x2270  Seagate Dashboard Services - ok
16:05:38.0389 0x2270  [ 721E4006E9067369A75BF8DE2DF18506, 316D8C416645D435355E53E1BA942C0C70839DB6E0FE59CC4DD8BFF5AB99084D ] Seagate MobileBackup Service C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
16:05:38.0471 0x2270  Seagate MobileBackup Service - ok
16:05:38.0501 0x2270  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:05:38.0562 0x2270  secdrv - ok
16:05:38.0593 0x2270  [ 5ACDCBC67FCF894A1815B9F96D704490, FE0247A8BEDB860EBD46A9D49C641D0B9AA24EE34132CDDADC9F5A605238FDA7 ] seclogon        C:\Windows\system32\seclogon.dll
16:05:38.0658 0x2270  seclogon - ok
16:05:38.0689 0x2270  [ 90973A64B96CD647FF81C79443618EED, 1D3CB7F724B7EADA6443DF07B258EE7FB7FEC92C2A7A9D3C57F6A220EF0DDDC4 ] SENS            C:\Windows\system32\sens.dll
16:05:38.0762 0x2270  SENS - ok
16:05:38.0788 0x2270  [ F71BFE7AC6C52273B7C82CBF1BB2A222, 8C7F0E426B266DBBFE4BBE3333A33C338209BD8BE0E434A98D0D2CFD78D3F758 ] Serenum         C:\Windows\system32\drivers\serenum.sys
16:05:38.0883 0x2270  Serenum - ok
16:05:38.0925 0x2270  [ E62FAC91EE288DB29A9696A9D279929C, 9B6A420556532F7F8D55FB6580A592A43BEA579A068B970C741A23DB079ECAD1 ] Serial          C:\Windows\system32\drivers\serial.sys
16:05:39.0027 0x2270  Serial - ok
16:05:39.0050 0x2270  [ A842F04833684BCEEA7336211BE478DF, 9D964AEA237C44898098AC9C2D043F00C66EDA7D73C381D616737C01A9D0FF45 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
16:05:39.0126 0x2270  sermouse - ok
16:05:39.0164 0x2270  [ A8E4A4407A09F35DCCC3771AF590B0C4, F56ECE42CE81098FCCBCDFBBF006C3FB9EDD29C62F03C4EAE012EE690669481B ] SessionEnv      C:\Windows\system32\sessenv.dll
16:05:39.0239 0x2270  SessionEnv - ok
16:05:39.0274 0x2270  [ 14D4B4465193A87C127933978E8C4106, A5C3F2F09E9A0715529B05AC1020EF0F432121E129447795257087E0D6A812FC ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
16:05:39.0398 0x2270  sffdisk - ok
16:05:39.0426 0x2270  [ 7073AEE3F82F3D598E3825962AA98AB2, 82A959A0970CBA8CC16D44736ED12158E59E138484F3F53EBDD3A4C02DA3700D ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:05:39.0495 0x2270  sffp_mmc - ok
16:05:39.0501 0x2270  [ 35E59EBE4A01A0532ED67975161C7B82, 4F4296B8903FCD06439CC8BF93C703852E523834F09CF9121FDA729A988AF11B ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
16:05:39.0547 0x2270  sffp_sd - ok
16:05:39.0581 0x2270  [ 6B7838C94135768BD455CBDC23E39E5F, 868E054ED546479DEAD7C2834C7AB080820522C16F5B4BEF0F3B279A33ABA9C8 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
16:05:39.0769 0x2270  sfloppy - ok
16:05:39.0842 0x2270  [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34, 9659C7B5046DE2C0416A74FDE6F798C3E78D38327CB71BAE49D57A8347A9097D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:05:39.0946 0x2270  SharedAccess - ok
16:05:40.0156 0x2270  [ 56793271ECDEDD350C5ADD305603E963, 7A29407C1C550FF3A6A3544811ABD971E9C760B984A7E64D5A1440C69D6AF483 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:05:40.0273 0x2270  ShellHWDetection - ok
16:05:40.0288 0x2270  [ 7A5DE502AEB719D4594C6471060A78B3, E8E16DF8AFFC230FBB1A5938925D464A1BA776184B8C020B37669EE2105DB9F2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
16:05:40.0318 0x2270  SiSRaid2 - ok
16:05:40.0352 0x2270  [ 3A2F769FAB9582BC720E11EA1DFB184D, 83EEBCE37E8709FCE15FB44F546C727C56064ED49B73A471EA33480573558419 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
16:05:40.0372 0x2270  SiSRaid4 - ok
16:05:40.0435 0x2270  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
16:05:41.0009 0x2270  SkypeUpdate - ok
16:05:41.0154 0x2270  [ A9A27A8E257B45A604FDAD4F26FE7241, C5A1056522EE2BA7B70D34E391477A0E9351569CEF28B875172F4B363F6D4177 ] slsvc           C:\Windows\system32\SLsvc.exe
16:05:41.0471 0x2270  slsvc - ok
16:05:41.0547 0x2270  [ FD74B4B7C2088E390A30C85A896FC3AF, 897F1F89A4DDB356CF6E59EFBC32A2081C0CADE283793DB6879D263F7B2E313F ] SLUINotify      C:\Windows\system32\SLUINotify.dll
16:05:41.0591 0x2270  SLUINotify - ok
16:05:41.0656 0x2270  [ 290B6F6A0EC4FCDFC90F5CB6D7020473, 971888FE760641FF86165B9876E6FC12DBC309C0FED2734C60B9E0EBC078AAE0 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:05:41.0721 0x2270  Smb - ok
16:05:41.0759 0x2270  [ F8F47F38909823B1AF28D60B96340CFF, EFD948EE09F22F9F373A98BA6D9BC519FD9244986E4BE7B2BACD92D3C145AD1D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:05:41.0785 0x2270  SNMPTRAP - ok
16:05:41.0835 0x2270  [ 386C3C63F00A7040C7EC5E384217E89D, DD8766BCBD77EC6F67979A8B37B943A3A0E5478CE3FB129BF8FCA29B66529721 ] spldr           C:\Windows\system32\drivers\spldr.sys
16:05:41.0857 0x2270  spldr - ok
16:05:41.0917 0x2270  [ F66FF751E7EFC816D266977939EF5DC3, 689BDD0B442830E162F2F9A8EFBD0E137F518C7F0CD92EDF4A43EFBA188B69F4 ] Spooler         C:\Windows\System32\spoolsv.exe
16:05:41.0973 0x2270  Spooler - ok
16:05:42.0065 0x2270  [ 880A57FCCB571EBD063D4DD50E93E46D, D46BA584D1C33F17C4156127742FA470AA044C4BCE9E6A209E5B1F3A44C73350 ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:05:42.0225 0x2270  srv - ok
16:05:42.0264 0x2270  [ A1AD14A6D7A37891FFFECA35EBBB0730, AE00950D330EE4C05F5AA9BC7E63E974766D8E93B607CB3E683C727E8A65049D ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:05:42.0380 0x2270  srv2 - ok
16:05:42.0511 0x2270  [ 4BED62F4FA4D8300973F1151F4C4D8A7, 1835895B3E837F8862F7F669DFBDF5EAB627E5656377624474C17E92CF440D2A ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:05:42.0587 0x2270  srvnet - ok
16:05:42.0634 0x2270  [ 192C74646EC5725AEF3F80D19FF75F6A, 8F24FF139A46B1F837356B9D682526107D7BADCFA510842FEACB6F06C02D93D9 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:05:42.0752 0x2270  SSDPSRV - ok
16:05:42.0876 0x2270  [ 2EE3FA0308E6185BA64A9A7F2E74332B, EC6A15281685E6CDEADABDFD08C4AF980AD3B404C945EB121D7F90AFCA3D6849 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:05:42.0980 0x2270  SstpSvc - ok
16:05:43.0215 0x2270  [ 2080477F89F82FBD12436BF9770E29A1, EE6FA2E521A4A0EFCFFE4CD78404CD12BF6502BEC6A2709AD10CE401B23AEE77 ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe
16:05:43.0309 0x2270  STacSV - ok
16:05:43.0368 0x2270  [ 3281204B2E6049100D0FF04270C2AEA5, 2B6F98866B04537E41AE2E3BEAD63BB9D4F33B839A4CACFE3DB0926FDFAAE91E ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
16:05:43.0516 0x2270  STHDA - ok
16:05:43.0797 0x2270  [ 15825C1FBFB8779992CB65087F316AF5, E9431C016D209A7322C0586F11EEF0AB461AB5822960287BB1D0FBC30183614D ] stisvc          C:\Windows\System32\wiaservc.dll
16:05:43.0953 0x2270  stisvc - ok
16:05:44.0000 0x2270  [ 1D0063597C3666404FCF97698ABEB019, 352A63C97F930499BC598C2A398663377D7CCD4A42770E35635C90EDC4DA530A ] stllssvr        C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
16:05:44.0094 0x2270  stllssvr - ok
16:05:44.0129 0x2270  [ 8A851CA908B8B974F89C50D2E18D4F0C, 27EA13E50B5B72ABF6C5B7B7D34A7154A12BB27B1C1B2EEFCAA36A96010DB4DC ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
16:05:44.0156 0x2270  swenum - ok
16:05:44.0222 0x2270  [ 6DE37F4DE19D4EFD9C48C43ADDBC949A, 9C3714238571704CEE2AD4F1E15029243E00B494345C41F74EFDF3F0328CC9EA ] swprv           C:\Windows\System32\swprv.dll
16:05:44.0320 0x2270  swprv - ok
16:05:44.0346 0x2270  [ 2F26A2C6FC96B29BEFF5D8ED74E6625B, 0227EAF144BC35AA4FF2535E8C9974C0609B7634EE45F4166B9F88F79B17BBF1 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
16:05:44.0373 0x2270  Symc8xx - ok
16:05:44.0395 0x2270  [ A909667976D3BCCD1DF813FED517D837, 0874DD4C1CA7AE2E519EBB45433BC9F11A574408F5D2F9E23A340CA76512F5CE ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
16:05:44.0423 0x2270  Sym_hi - ok
16:05:44.0439 0x2270  [ 36887B56EC2D98B9C362F6AE4DE5B7B0, 7349FABACB633A9EEE3D4E241A5F443C28D23CC87F21EAAB3F1711644AA21D7C ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
16:05:44.0478 0x2270  Sym_u3 - ok
16:05:44.0594 0x2270  [ 92D7A8B0F87B036F17D25885937897A6, 6759BAB11E5FBB143BE13DF1611AE5D41D379DF423D881E92E910DF6A37CBA85 ] SysMain         C:\Windows\system32\sysmain.dll
16:05:44.0765 0x2270  SysMain - ok
16:05:44.0811 0x2270  [ 005CE42567F9113A3BCCB3B20073B029, B1831D71410AD6E7DEB59D26BF6D2D07D2F6112936D6A6FDA57E9296ADA4076D ] TabletInputService C:\Windows\System32\TabSvc.dll
16:05:44.0886 0x2270  TabletInputService - ok
16:05:44.0966 0x2270  [ CC2562B4D55E0B6A4758C65407F63B79, C6AD05B345C699A715EC13830D8EA6EE9822F4B713D15B1F29AC044674A0F498 ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:05:45.0010 0x2270  TapiSrv - ok
16:05:45.0139 0x2270  [ CDBE8D7C1E201B911CDC346D06617FB5, 16D5965E32A109DA38D77F4B6281081569D78371B2F522DE51100967F8776C7A ] TBS             C:\Windows\System32\tbssvc.dll
16:05:45.0218 0x2270  TBS - ok
16:05:45.0399 0x2270  [ 00F77C4555FFABC21ADDB3160B2F574A, 292D3D9FC923283A25717831C5F1EA3046CB09F4F1B342BB93A506E68B9D4090 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:05:45.0656 0x2270  Tcpip - ok
16:05:45.0770 0x2270  [ 00F77C4555FFABC21ADDB3160B2F574A, 292D3D9FC923283A25717831C5F1EA3046CB09F4F1B342BB93A506E68B9D4090 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
16:05:45.0975 0x2270  Tcpip6 - ok
16:05:46.0053 0x2270  [ C7E72A4071EE0200E3C075DACFB2B334, 925A68FD021C7957792F31E9D69A31C180BEB878CD93D2C3E2BE463F58011A6C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:05:46.0147 0x2270  tcpipreg - ok
16:05:46.0177 0x2270  [ 1D8BF4AAA5FB7A2761475781DC1195BC, A28E972E9331BAD685D4C786FDE221565E0AD3E222B24B9182B7FA916BFCD9C8 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:05:46.0268 0x2270  TDPIPE - ok
16:05:46.0314 0x2270  [ 7F7E00CDF609DF657F4CDA02DD1C9BB1, 42A408E82D4017D27D3B0BBBA02BF4B21DEC060C89849785ED65962D18029B65 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:05:46.0429 0x2270  TDTCP - ok
16:05:46.0661 0x2270  [ 458919C8C42E398DC4802178D5FFEE27, E38828411DCE0AE2E2BF0D270FD80E47B46EDE4B44DAFD1DF11F54D427EACEB5 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:05:46.0738 0x2270  tdx - ok
16:05:46.0777 0x2270  [ 8C19678D22649EC002EF2282EAE92F98, 551E7EBA54C2345F2B7FD7AAA7ADA4C852C94F1B35E6E4BBEF883BAFA34F6262 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
16:05:46.0808 0x2270  TermDD - ok
16:05:46.0885 0x2270  [ 5CDD30BC217082DAC71A9878D9BFD566, 260D40973F9EEAE9A1890B813D8DCC01A9434D17DCE5DA1D16B72A57DCF59194 ] TermService     C:\Windows\System32\termsrv.dll
16:05:46.0994 0x2270  TermService - ok
16:05:47.0040 0x2270  [ 56793271ECDEDD350C5ADD305603E963, 7A29407C1C550FF3A6A3544811ABD971E9C760B984A7E64D5A1440C69D6AF483 ] Themes          C:\Windows\system32\shsvcs.dll
16:05:47.0088 0x2270  Themes - ok
16:05:47.0105 0x2270  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A, 18B0E3E83E41C80809E8140F4C90AB051566C84DD891EA411746EA74E6EAF053 ] THREADORDER     C:\Windows\system32\mmcss.dll
16:05:47.0163 0x2270  THREADORDER - ok
16:05:47.0233 0x2270  [ 20903580F4BCFD08E8A59310D747190C, A7F2A8F271C4CB6846A4BB008EF5BAD1606E6868B84B7DBF57966614D416BFC9 ] tmactmon        C:\Windows\system32\DRIVERS\tmactmon.sys
16:05:47.0252 0x2270  tmactmon - ok
16:05:47.0315 0x2270  [ B6ECBBBCEE9F1B88BA101F4C0BB58977, BF308B4E6382D6EF88D3A864462A70042F654BE2235F3353C02902D44F63EA9F ] tmcomm          C:\Windows\system32\DRIVERS\tmcomm.sys
16:05:47.0341 0x2270  tmcomm - ok
16:05:47.0391 0x2270  [ 4068D01A407C5F3B9AD3DF523E6BCEF6, DB3999EC8886610A14C8961356D88363BD5E3F006DA372F02CAEAC2468132565 ] TMEBC           C:\Windows\system32\DRIVERS\TMEBC64.sys
16:05:47.0407 0x2270  TMEBC - ok
16:05:47.0464 0x2270  [ 3A10F5BDF66013B13AAB032B549E934D, E3F141471295D351777AA025A1CAF4F17C4E1589FB3A5FB0BB377C6FEA3C3477 ] tmeevw          C:\Windows\system32\DRIVERS\tmeevw.sys
16:05:47.0482 0x2270  tmeevw - ok
16:05:47.0505 0x2270  [ 565EEA0DEF37E5AA66D492F4C1EFDCB7, 8E943EE08A96308906EC8117EE033DCC2DC10A5082C3B142278EE94E278F7969 ] tmevtmgr        C:\Windows\system32\DRIVERS\tmevtmgr.sys
16:05:47.0523 0x2270  tmevtmgr - ok
16:05:47.0595 0x2270  [ C91EB6CEC1A7FE02BB54760ABF79FBA6, 1E3E1ADB59D4F8ED12B9611D21717D38D9135892E506609193A1A32E7113124C ] tmnciesc        C:\Windows\system32\DRIVERS\tmnciesc.sys
16:05:47.0635 0x2270  tmnciesc - ok
16:05:47.0723 0x2270  [ 48951FBFFFCAE52FADFCDFB76ED19749, A0D4B3944DCB8583864A5DC61C0FF7F437409FC4F3437DD3A83E62D9F22BDB25 ] tmtdi           C:\Windows\system32\DRIVERS\tmtdi.sys
16:05:47.0747 0x2270  tmtdi - ok
16:05:47.0785 0x2270  [ F4689F05AF472A651A7B1B7B02D200E7, 3D34B8879DBC69013D1A87A3F47B8A622A60B57F2E962E9F5925C5A01F44640F ] TrkWks          C:\Windows\System32\trkwks.dll
16:05:47.0859 0x2270  TrkWks - ok
16:05:48.0056 0x2270  [ 66328B08EF5A9305D8EDE36B93930369, FD8136BF15AB8D2DB15D011C4F813737D68EED1178462DB8CE40606C16185A30 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:05:48.0114 0x2270  TrustedInstaller - ok
16:05:48.0327 0x2270  [ B2388462329ACD17AF50D8701E0C1B18, 959D7B7CCB526367645BAA11C56C88C9AD741EE338BAD6513C54FC7ED43F3AC0 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:05:48.0442 0x2270  tssecsrv - ok
16:05:48.0498 0x2270  [ 89EC74A9E602D16A75A4170511029B3C, AACD82A6F5FE31FF1315F5CA69E5EB6BD172DD86610F0641177CCC131B542034 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
16:05:48.0564 0x2270  tunmp - ok
16:05:48.0608 0x2270  [ 30A9B3F45AD081BFFC3BCAA9C812B609, 57204F1F72FEFA086FF1D8A14487D56F4DEDD3C50FBB6903E0C4AC749EA720DE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:05:48.0658 0x2270  tunnel - ok
16:05:48.0685 0x2270  [ FEC266EF401966311744BD0F359F7F56, 6EE0223AEFA7A81BEB155FC0CD4421C2BEBCDCBC9663C23064B0445101114BF8 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
16:05:48.0715 0x2270  uagp35 - ok
16:05:48.0777 0x2270  [ FAF2640A2A76ED03D449E443194C4C34, CC2517DCFE6962EB2EDEB93E44CB53B113974C9C69A050E3F36385C8D78E810B ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:05:48.0876 0x2270  udfs - ok
16:05:48.0917 0x2270  [ 060507C4113391394478F6953A79EEDC, 5D0AE5F1184165289DC8E8CD493607FCB68512CF90F748E3BFD2250655D784D4 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:05:48.0989 0x2270  UI0Detect - ok
16:05:49.0153 0x2270  [ 4EC9447AC3AB462647F60E547208CA00, F304125321B1ECA915EDDBDB6A71EAEF3123DCB5604C9497D72F12E0C1BD5315 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:05:49.0185 0x2270  uliagpkx - ok
16:05:49.0220 0x2270  [ 697F0446134CDC8F99E69306184FBBB4, A741882B8FE403E3A5DECED5D4A2254B14AF40ACECD4DAA3D00D71C2205C2C5F ] uliahci         C:\Windows\system32\drivers\uliahci.sys
16:05:49.0269 0x2270  uliahci - ok
16:05:49.0349 0x2270  [ 31707F09846056651EA2C37858F5DDB0, A619AC4B32EA77AC29458894614870086C4DDB81525ADBCFF1AB8970FC5C257A ] UlSata          C:\Windows\system32\drivers\ulsata.sys
16:05:49.0382 0x2270  UlSata - ok
16:05:49.0414 0x2270  [ 85E5E43ED5B48C8376281BAB519271B7, DBDA4216553F7C5EA0C579346D0A638E62766D5B8FCB1BFF3149BB37BBF978D3 ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
16:05:49.0448 0x2270  ulsata2 - ok
16:05:49.0470 0x2270  [ 46E9A994C4FED537DD951F60B86AD3F4, 256F93ED3BD43B50F0D4489164D959F95AB070CC25A80A46355D2B387D336224 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
16:05:49.0514 0x2270  umbus - ok
16:05:49.0560 0x2270  [ 7093799FF80E9DECA0680D2E3535BE60, 1CBFCCA84CB9212176BF5A1D32334BD54E58A2668A4746252738800468AD4AD4 ] upnphost        C:\Windows\System32\upnphost.dll
16:05:49.0678 0x2270  upnphost - ok
16:05:49.0717 0x2270  [ FB251567F41BC61988B26731DEC19E4B, 6A535F5A18EB43DD2E18AF0A05301630A1D1484B7D85DA79A7CD122DA4D018E2 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
16:05:49.0775 0x2270  USBAAPL64 - ok
16:05:49.0844 0x2270  [ 858CC93477F9A9383E07861892600FF9, C72B25E7F6AF46AC22F8D2A1FA0345B290AAE642442C8A388EA75944334BB289 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:05:49.0919 0x2270  usbccgp - ok
16:05:49.0940 0x2270  [ 9247F7E0B65852C1F6631480984D6ED2, E3360A0EE891B8BADEF5FF53F796C79D6AD218961087F866E451F3B6F278672A ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:05:50.0042 0x2270  usbcir - ok
16:05:50.0084 0x2270  [ 82C3790E4E6F35087EF00994C7A72988, 95FA022BDAC65DCD2DA52C8FCC1F2C186B321F4599F40CB90262E24FD10AE16C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
16:05:50.0120 0x2270  usbehci - ok
16:05:50.0181 0x2270  [ BE2EB33AF6EE2E5DA07EB987E0A321F5, 0FCFABA080C553451AE4FAFB54DFE57639251D97DA204C07EC66F469826F3B46 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:05:50.0249 0x2270  usbhub - ok
16:05:50.0279 0x2270  [ EBA14EF0C07CEC233F1529C698D0D154, FBA35D53A90FD6C3F91DA5ECE10EF29858CB4CB512AA20548225F83E9FE0A23D ] usbohci         C:\Windows\system32\drivers\usbohci.sys
16:05:50.0407 0x2270  usbohci - ok
16:05:50.0547 0x2270  [ 28B693B6D31E7B9332C1BDCEFEF228C1, 6B756E6D7459F755C76BC3F497643F6818F107304B789952B233C6585434F3A8 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:05:50.0591 0x2270  usbprint - ok
16:05:50.0649 0x2270  [ C024814884CE9E6C2E6ED76A63AC3B9A, 39C9EB54998547B0B65EEE6391AA326B02C7CA52FAE9CEB98D538FEC8D9F1858 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
16:05:50.0741 0x2270  usbscan - ok
16:05:50.0784 0x2270  [ B854C1558FCA0C269A38663E8B59B581, 08CC36B33FA2281FC88671BE051863AA8CA911446D24596049DB77FB4CB09EA6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:05:50.0872 0x2270  USBSTOR - ok
16:05:51.0011 0x2270  [ 308F6DDC052C970D679DA37D8A305279, E0F4C3C8F27E21C186289B115ECAB771777BC7E848F29D683C53C9F936F30848 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
16:05:51.0037 0x2270  usbuhci - ok
16:05:51.0095 0x2270  [ D76E231E4850BB3F88A3D9A78DF191E3, 98CAD31C41AD155EA853DF850D94FA29543C3A7D26262D1B6881281D033CEBAF ] UxSms           C:\Windows\System32\uxsms.dll
16:05:51.0134 0x2270  UxSms - ok
16:05:51.0231 0x2270  [ 294945381DFA7CE58CECF0A9896AF327, 67414C6D79D2826BC86BB37349C9D74DB4B667310CBC1ABFD103E26332AE4A00 ] vds             C:\Windows\System32\vds.exe
16:05:51.0418 0x2270  vds - ok
16:05:51.0472 0x2270  [ 916B94BCF1E09873FFF2D5FB11767BBC, 072007FED4EF30C4D7AF8628CBEB2AC99EEAD99D7AB533E90E3748E3D4F11C28 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:05:51.0524 0x2270  vga - ok
16:05:51.0742 0x2270  [ B83AB16B51FEDA65DD81B8C59D114D63, 97D39AA763037752D87216B83896AFD2AD6DFEBB3BCDCED7A9ABFE5706B804C5 ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:05:51.0907 0x2270  VgaSave - ok
16:05:51.0995 0x2270  [ 8294B6C3FDB6C33F24E150DE647ECDAA, FEBD9536EF61F700DFD5D9CB815808C8415D5B23590B3CE17B12D84F4670EA4D ] viaide          C:\Windows\system32\drivers\viaide.sys
16:05:52.0021 0x2270  viaide - ok
16:05:52.0083 0x2270  [ 2B7E885ED951519A12C450D24535DFCA, 249009EBC1D306D51FDFA4A89588462AA2D8B6DF0A20BE250B60DD73200CB7F3 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:05:52.0115 0x2270  volmgr - ok
16:05:52.0241 0x2270  [ CEC5AC15277D75D9E5DEC2E1C6EAF877, EA989E257C4409F9AF3B35C4D7ED9134D930FE3733B077C4F3AA5497796F2CB0 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:05:52.0327 0x2270  volmgrx - ok
16:05:52.0384 0x2270  [ 582F710097B46140F5A89A19A6573D4B, 6F695B17BF476D027D3012352F3D4DFD0E0815823DA51A136767ECEF6D64A1CA ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:05:52.0460 0x2270  volsnap - ok
16:05:52.0506 0x2270  [ A68F455ED2673835209318DD61BFBB0E, 8B2B255E8E2F8B415F7AC0F7F4C423F639DD47737F7CEE0F7C816D9A6893C5F7 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
16:05:52.0540 0x2270  vsmraid - ok
16:05:52.0649 0x2270  [ B75232DAD33BFD95BF6F0A3E6BFF51E1, A8120040F144AD42A39347A615F31BF752634994D4D134E2FAD23FEA9C1D71DF ] VSS             C:\Windows\system32\vssvc.exe
16:05:52.0920 0x2270  VSS - ok
16:05:53.0314 0x2270  [ F14A7DE2EA41883E250892E1E5230A9A, EBCB74BE26437F6FE84A3B41AD034F451D4BD12CA77D4C7A433DB912E7D31593 ] W32Time         C:\Windows\system32\w32time.dll
16:05:53.0449 0x2270  W32Time - ok
16:05:53.0784 0x2270  [ FEF8FE5923FEAD2CEE4DFABFCE3393A7, D682FBF78CF987609AF35A019E7C90CBE02800D7DFC272FFDD71D82AA362FA7A ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
16:05:53.0883 0x2270  WacomPen - ok
16:05:54.0667 0x2270  [ B8E7049622300D20BA6D8BE0C47C0CFD, 57CF218D1F7D505E354A15C552D94E3C5A68C2B07D7A76EBB0C87A0BFF5772D9 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
16:05:54.0748 0x2270  Wanarp - ok
16:05:54.0756 0x2270  [ B8E7049622300D20BA6D8BE0C47C0CFD, 57CF218D1F7D505E354A15C552D94E3C5A68C2B07D7A76EBB0C87A0BFF5772D9 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:05:54.0813 0x2270  Wanarpv6 - ok
16:05:56.0776 0x2270  [ B4E4C37D0AA6100090A53213EE2BF1C1, 67107F542F3C937FA5D9B28BA2EBFE994FFE287F16C0BFCF79AD20B95C13F78B ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:05:56.0959 0x2270  wcncsvc - ok
16:05:57.0017 0x2270  [ EA4B369560E986F19D93F45A881484AC, B61411D64901C9CB8C80402CD1E8808F5A0FACA38206C8D584C7C1019F5ADF5A ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:05:57.0073 0x2270  WcsPlugInService - ok
16:05:57.0108 0x2270  [ 0C17A0816F65B89E362E682AD5E7266E, 6233213D07B234056A1EC6FE1166A65371645269132B428FF3A29DDC0000301A ] Wd              C:\Windows\system32\drivers\wd.sys
16:05:57.0136 0x2270  Wd - ok
16:05:57.0254 0x2270  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:05:57.0457 0x2270  Wdf01000 - ok
16:05:57.0505 0x2270  [ C5EFDA73EBFCA8B02A094898DE0A9276, DE54E06CBE20EB27D88B29C3AE19CDFA0AE4933D6DCD640912C74A1065C9391C ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:05:57.0580 0x2270  WdiServiceHost - ok
16:05:57.0590 0x2270  [ C5EFDA73EBFCA8B02A094898DE0A9276, DE54E06CBE20EB27D88B29C3AE19CDFA0AE4933D6DCD640912C74A1065C9391C ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:05:57.0660 0x2270  WdiSystemHost - ok
16:05:57.0743 0x2270  [ 3E6D05381CF35F75EBB055544A8ED9AC, BEC43932BD6C34406B8850E28178B937BFD9512E49FD9F8C54DA7EE272B478A9 ] WebClient       C:\Windows\System32\webclnt.dll
16:05:57.0791 0x2270  WebClient - ok
16:05:57.0833 0x2270  [ 8D40BC587993F876658BF9FB0F7D3462, 23748E11F5CCE3D4978D748780283FA5A1154F53FF70D924CB2128FF8A4705F7 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:05:57.0902 0x2270  Wecsvc - ok
16:05:57.0930 0x2270  [ 9C980351D7E96288EA0C23AE232BD065, BA627B04C4259716B451F421F5310A69D8DE9407DE496AA0489139125E9DC16A ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:05:57.0969 0x2270  wercplsupport - ok
16:05:57.0984 0x2270  [ 66B9ECEBC46683F47EDC06333C075FEF, 35C33596D97DB65DE0A687644E9AD924AD5FCBAFD83FE4D23E7E58EF4BC4CC87 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:05:58.0057 0x2270  WerSvc - ok
16:05:58.0077 0x2270  WinDefend - ok
16:05:58.0085 0x2270  WinHttpAutoProxySvc - ok
16:05:58.0239 0x2270  [ D2E7296ED1BD26D8DB2799770C077A02, B494719C2DEB7B9D2505866868143C4E4F59B88461920AA49BD9F1251B6571B8 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:05:58.0311 0x2270  Winmgmt - ok
16:05:58.0442 0x2270  [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869, 22D53818F4A4ACE441E121151CFD7CB1EDF5E8303DF9E113C9BB304B418A96EF ] WinRM           C:\Windows\system32\WsmSvc.dll
16:05:58.0698 0x2270  WinRM - ok
16:05:58.0952 0x2270  [ EC339C8115E91BAED835957E9A677F16, 3BBE6D4F1731198E8F0CFEE67C4CCA5C31E6968F8E02EF9E029C1847A26F513B ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:05:59.0246 0x2270  Wlansvc - ok
16:05:59.0496 0x2270  [ 98F138897EF4246381D197CB81846D62, A9FA88475AFBB8883297708608EC7C1AC29F229C3299A84D557172604813A18C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:05:59.0702 0x2270  wlidsvc - ok
16:05:59.0719 0x2270  wltrysvc - ok
16:05:59.0754 0x2270  [ E18AEBAAA5A773FE11AA2C70F65320F5, 9E2F6FC0F46D0EEEBF4BC1E3D8800B3D268079ABF8EDDD70CD21B789883D7390 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
16:05:59.0826 0x2270  WmiAcpi - ok
16:05:59.0867 0x2270  [ 21FA389E65A852698B6A1341F36EE02D, 2D60911EAAE26C4CE3DEF4FAD1EDE093F912209AA90741AAA8B93F06B37DF605 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:05:59.0909 0x2270  wmiApSrv - ok
16:06:00.0002 0x2270  WMPNetworkSvc - ok
16:06:00.0039 0x2270  [ CBC156C913F099E6680D1DF9307DB7A8, FD8B227F445679E31048CA41442A978A98F267FED96E22C235F63C72AEEE2AB0 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:06:00.0485 0x2270  WPCSvc - ok
16:06:00.0554 0x2270  [ 490A18B4E4D53DC10879DEAA8E8B70D9, D069D8C22CF78A0970E85C0B9879E08FF19458FAA75AE447BCF9236731F64252 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:06:00.0711 0x2270  WPDBusEnum - ok
16:06:00.0760 0x2270  [ 5E2401B3FC1089C90E081291357371A9, 224D378EEBFB721CBC24896CAE01B31DC54B6ED82C19C5B954E96D5E98B83C59 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
16:06:00.0836 0x2270  WpdUsb - ok
16:06:01.0235 0x2270  [ A2BFEDF5D926CBED9C5F7BC46169A99C, 4F336C0D1DFBCDF9583F528331300FD377AE6565E0C70D58CD9E6ACE95B7273F ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:06:01.0324 0x2270  WPFFontCache_v0400 - ok
16:06:01.0356 0x2270  [ 8A900348370E359B6BFF6A550E4649E1, 3EAD0B951EAF8E940ED6A79FAAAB7D22ACCF3985795F80206A3A07161D319B39 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:06:01.0440 0x2270  ws2ifsl - ok
16:06:01.0518 0x2270  [ 9EA3E6D0EF7A5C2B9181961052A4B01A, F39BAF1FC7DD1600C0052C2A6AA3BCBC8CA3DA96D1AC7B42B0F2810D051EE1B0 ] wscsvc          C:\Windows\system32\wscsvc.dll
16:06:01.0543 0x2270  wscsvc - ok
16:06:01.0548 0x2270  WSearch - ok
16:06:02.0004 0x2270  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
16:06:02.0310 0x2270  wuauserv - ok
16:06:02.0397 0x2270  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:06:02.0503 0x2270  WudfPf - ok
16:06:02.0530 0x2270  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:06:02.0608 0x2270  WUDFRd - ok
16:06:02.0661 0x2270  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:06:02.0733 0x2270  wudfsvc - ok
16:06:02.0763 0x2270  yksvc - ok
16:06:02.0821 0x2270  [ B681CADB266B151061E7BAA82B0D77B7, 47DBBF63C1912CE966029605276B1146C5834604A100FAC224535489BA130623 ] yukonx64        C:\Windows\system32\DRIVERS\yk60x64.sys
16:06:02.0946 0x2270  yukonx64 - ok
16:06:02.0966 0x2270  ================ Scan global ===============================
16:06:02.0991 0x2270  [ 060DC3A7A9A2626031EB23D90151428D, 4AADA06E83603E9D4894D6CFC8DADB018307B384F438C809D4BC8E22BD937C3B ] C:\Windows\system32\basesrv.dll
16:06:03.0060 0x2270  [ D665D594B7E11133D29D726BDDC7A5B0, 8EE45E719ACB23F388F2BE7E4311588E90DE7CF50988927CF0FED36DE380FACB ] C:\Windows\system32\winsrv.dll
16:06:03.0115 0x2270  [ D665D594B7E11133D29D726BDDC7A5B0, 8EE45E719ACB23F388F2BE7E4311588E90DE7CF50988927CF0FED36DE380FACB ] C:\Windows\system32\winsrv.dll
16:06:03.0214 0x2270  [ 934E0B7D77FF78C18D9F8891221B6DE3, BB1ACD3CD6482D8B7C5931E8733B8094D2CE59C4FBC4012BD0799C8DC367FB74 ] C:\Windows\system32\services.exe
16:06:03.0231 0x2270  [ Global ] - ok
16:06:03.0231 0x2270  ================ Scan MBR ==================================
16:06:03.0299 0x2270  [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
16:06:03.0768 0x2270  \Device\Harddisk0\DR0 - ok
16:06:03.0770 0x2270  ================ Scan VBR ==================================
16:06:03.0826 0x2270  [ 788A50B4F4A90925431BFA83987D3442 ] \Device\Harddisk0\DR0\Partition1
16:06:03.0894 0x2270  \Device\Harddisk0\DR0\Partition1 - ok
16:06:03.0920 0x2270  [ 9BCAAECA8DE25A99D8A039DC44CD56D6 ] \Device\Harddisk0\DR0\Partition2
16:06:03.0946 0x2270  \Device\Harddisk0\DR0\Partition2 - ok
16:06:03.0947 0x2270  ================ Scan generic autorun ======================
16:06:04.0056 0x2270  [ 9959521290A79EFED02655ED1FE4A6DE, B82D67FFD1A8F780214E4AB0EBE1E617300C5DF8D6B69A83A48DD29F676FE64F ] C:\Program Files\DellTPad\Apoint.exe
16:06:04.0165 0x2270  Apoint - ok
16:06:04.0221 0x2270  [ A980BF78AD7E5038EAE5C2E33D57BD4E, E9F057094CAB54990B75BBA261B8CF52879653C2FFB4BDDB5B075CA625113833 ] C:\Windows\system32\igfxtray.exe
16:06:04.0245 0x2270  IgfxTray - ok
16:06:04.0277 0x2270  [ 9C779B50825D82CAF0B4666EA117EEF7, 5E2F553E33517869607587BCD9F32A6ACB61461E057C18D034DC1E2970D979B0 ] C:\Windows\system32\hkcmd.exe
16:06:04.0332 0x2270  HotKeysCmds - ok
16:06:04.0361 0x2270  [ 64A697F13721B70333DD625CCE950929, 6CBBA66DD1C96B4CF49A6984D3219D48830BE3AA0D585E8D27EA98E1157AED23 ] C:\Windows\system32\igfxpers.exe
16:06:04.0382 0x2270  Persistence - ok
16:06:04.0665 0x2270  [ A9DE98DE68187C67E7389ED2E7A42CA1, 4AABFB151A0EF32C705B0C1A74681AE4D24311D87F7574D11F69180C63413FCE ] C:\Windows\system32\WLTRAY.exe
16:06:04.0938 0x2270  Broadcom Wireless Manager UI - detected UnsignedFile.Multi.Generic ( 1 )
16:06:05.0439 0x2270  Detect skipped due to KSN trusted
16:06:05.0439 0x2270  Broadcom Wireless Manager UI - ok
16:06:05.0587 0x2270  [ 2521D0C1B65ACB7752CA365F538949E4, D8A07743222A03AC23B2D58AE0C8FB634B2FA17262CC01A8E4DC88AABB6799B5 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
16:06:05.0609 0x2270  IAAnotif - ok
16:06:05.0675 0x2270  [ 17ED8E35A5302419651A22A0282D80F4, 29469EF59590B3A552A5EE42D54A688B28ADCA82DB4507015F25DD4870B9FD8A ] C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe
16:06:05.0793 0x2270  lxcymon.exe - ok
16:06:05.0806 0x2270  [ E2D5034A8CFB24403FF6374118197794, A427B871E22971097C3C5F37CFE385A1467E1AE5B077D866885D95CE0DB25F2B ] C:\Program Files (x86)\Lexmark 3400 Series\ezprint.exe
16:06:06.0351 0x2270  EzPrint - ok
16:06:06.0354 0x2270  LXCYCATS - ok
16:06:06.0355 0x2270  SysTrayApp - ok
16:06:06.0470 0x2270  [ 7D29051E51113FDA64377BACB26C9D9B, B9EAAC771F58B8908C92AE27A1FBCADA9F08F26B65ED495AADAA033EFC6F363C ] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe
16:06:06.0496 0x2270  Trend Micro Client Framework - ok
16:06:06.0584 0x2270  [ 8BDCB32876740FDFFBB74283B065670C, 2A683F1633ADF43BA3647AEB917F5E71E9FF86585CA8E3E1ECBAB897E5B9FB9C ] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe
16:06:06.0680 0x2270  Dell Webcam Central - detected UnsignedFile.Multi.Generic ( 1 )
16:06:07.0152 0x2270  Detect skipped due to KSN trusted
16:06:07.0152 0x2270  Dell Webcam Central - ok
16:06:07.0245 0x2270  [ 186C9D39541CC0DFFCC454F79AA0B0BF, 71D333B9037362650E5E4DBF4EFA3CFD49034C53F27C7FFDE8DE6149ADB6471D ] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
16:06:07.0273 0x2270  PDVDDXSrv - ok
16:06:07.0417 0x2270  [ 0E34B7BB1FCF22BCC1E394D16F9E992B, 382CA8E6BAC301E2F277F8EDA03D263FF71272796A8EED582C36294EEE9191F9 ] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
16:06:07.0444 0x2270  GrooveMonitor - ok
16:06:07.0536 0x2270  [ 37A28E56FE56DA311A761962043E5824, 03D75A0D456A2C10839730F8019834DE1FE3E7357EE836CF11165EB5E526365D ] C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe
16:06:08.0320 0x2270  FaxCenterServer - ok
16:06:08.0380 0x2270  [ EE9792A8AA80AD58C4F9738D3A301E27, 730708614263D32E83076113C23CB1349765A2052652185B3C6D9E30E9E1DDA9 ] C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe
16:06:08.0678 0x2270  CarboniteSetupLite - ok
16:06:08.0804 0x2270  [ ED7A6D40B20DC34BE06F4AE196AE7D50, 6BE8E459AB2957B443F03419B5A765B61DEB946F1056CEB9C43FB26EB800A835 ] C:\Program Files (x86)\QuickTime\QTTask.exe
16:06:09.0002 0x2270  QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
16:06:09.0461 0x2270  Detect skipped due to KSN trusted
16:06:09.0461 0x2270  QuickTime Task - ok
16:06:09.0580 0x2270  [ A7810B302294793DE88542AAE177D1B1, F0EE3684DBEB0AAAD912DC04D060976D1EAE92489E192BAE900FA0F417AD20A7 ] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
16:06:09.0606 0x2270  ArcSoft Connection Service - ok
16:06:09.0812 0x2270  [ 7D8D4D216F2D68019D5EFABDFF093A23, 628ECF2F893FFA6B633DF0899A40EAF628DDC522395FCF1D9D28BBEB0DDB3597 ] C:\Program Files (x86)\WordPerfect Office X3\Programs\QFSCHD130.EXE
16:06:10.0390 0x2270  QuickFinder Scheduler - detected UnsignedFile.Multi.Generic ( 1 )
16:06:10.0863 0x2270  Detect skipped due to KSN trusted
16:06:10.0863 0x2270  QuickFinder Scheduler - ok
16:06:11.0009 0x2270  [ 20FFD9CA4AF20000665B73F4E56235B4, 35D3B37CA3C6D5D1C0ECC1428145C1D498C22C532CB37B5A8CD27CA71911FE7B ] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
16:06:11.0042 0x2270  ConnectionCenter - ok
16:06:11.0116 0x2270  [ B45F2C4076ACFD9714037B7C69D90167, 560172AAB25C9FABB06C08D7364F1A7EDE398AE24A7528C7EE7099503361C907 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
16:06:11.0140 0x2270  APSDaemon - ok
16:06:11.0254 0x2270  [ 34086F1DBB4065047EA3671CB70505CC, 2C82287A8FD75724CEB95689C7CEF2C5D3EE263E9966E8982EF2F1A97BDCB946 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
16:06:11.0466 0x2270  iTunesHelper - ok
16:06:11.0669 0x2270  [ E66532FD491AD5604C36916715FBA092, 43FA8EF2025E7F1281CA024CB2EB2A433310E1515DCA9359035B3FB4BAE1FA8C ] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
16:06:11.0697 0x2270  Adobe Reader Speed Launcher - ok
16:06:11.0769 0x2270  [ 3CB07566302BCEEB898DE270A0BEC175, B234D1044D8702A0929BB48F729EB5078B44AA7CD574B6482633B51289E70200 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
16:06:11.0860 0x2270  Adobe ARM - ok
16:06:11.0951 0x2270  [ 38FBB26EC0E2136046E8C355400704A8, E7AC58972F8CE4CC84C5B5B4F84BA5DA1AB160E908AF2BC3BC0FCEA29CF9FF97 ] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
16:06:12.0107 0x2270  Monitor - ok
16:06:12.0211 0x2270  [ CE5C9977DA751DDC30952AC4DCBCA788, 295172C4681E9AC27121122CDD2BA6F2A62435917A083CC8490D584CA0164BE6 ] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
16:06:12.0229 0x2270  HP Software Update - ok
16:06:12.0362 0x2270  [ 9C5A0F070196B601D629F5BA9AA921F8, BB77BAD24B44A3CB32CD1FACB758E347BE2F5C49C11E494797635D741867AF2B ] C:\Program Files\Windows Sidebar\sidebar.exe
16:06:12.0514 0x2270  Sidebar - ok
16:06:12.0766 0x2270  [ 4DC5EAFC0E9F08B6DF1DFDDAA4DC1937, 62EEA962106535527F6FDD029DA596D57144A6C4C367DEA910396CD56E058DE6 ] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
16:06:13.0190 0x2270  msnmsgr - ok
16:06:13.0552 0x2270  [ 97B4514B03825596ADF0B622D721C496, C5696C7D6D90186CA1680A39FFDBB441794E5C3DF45F4D5DEB2DC0F6B11177C9 ] C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe
16:06:14.0438 0x2270  SightSpeed - ok
16:06:14.0608 0x2270  [ 193C41CAB9863DBA8B4D182C8E1B246A, FD3DB7B34BCCD7885B5F918F5B02C3C87C249A63929AF203BE5375AC357330FB ] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICKA.EXE
16:06:14.0685 0x2270  EPSON Stylus Photo R280 Series - ok
16:06:14.0944 0x2270  [ 1C46FC1AB600766B8554580204806E84, 015A5ABFBED6D2A6C22B30805B5529AC5F33E0542D8C97AFD3350214778B8333 ] c:\Program Files (x86)\Common Files\InstallShield\UpdateService\isuspm.exe
16:06:15.0038 0x2270  ISUSPM Startup - detected UnsignedFile.Multi.Generic ( 1 )
16:06:15.0627 0x2270  Detect skipped due to KSN trusted
16:06:15.0627 0x2270  ISUSPM Startup - ok
16:06:15.0693 0x2270  [ BD935D4F16C3B49AD58F6071A0AFFCF4, EABF08094D36745A456BA8137E1F893E4F73647CB79D4EE3803926C85F11FFE9 ] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
16:06:15.0710 0x2270  ISUSScheduler - ok
16:06:15.0710 0x2270  DW6 - ok
16:06:15.0752 0x2270  [ 65437DAD4F238EA9549408A783002222, 756C846C2DD8209E9161C2DD701E46DF73E1C757F2B66CAE7A579ADF8EF7E000 ] C:\Windows\ehome\ehTray.exe
16:06:15.0801 0x2270  ehTray.exe - ok
16:06:15.0904 0x2270  [ 4A60D3D71E6DE7245CBB87943710111E, 56E32363985F65283805784F323846747F51DF34F006879CAA6B96E00C13D784 ] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
16:06:15.0921 0x2270  Uploader - ok
16:06:16.0011 0x2270  [ 9C5A0F070196B601D629F5BA9AA921F8, BB77BAD24B44A3CB32CD1FACB758E347BE2F5C49C11E494797635D741867AF2B ] C:\Program Files\Windows Sidebar\sidebar.exe
16:06:16.0179 0x2270  Sidebar - ok
16:06:16.0300 0x2270  [ 9C5A0F070196B601D629F5BA9AA921F8, BB77BAD24B44A3CB32CD1FACB758E347BE2F5C49C11E494797635D741867AF2B ] C:\Program Files\Windows Sidebar\sidebar.exe
16:06:16.0473 0x2270  Sidebar - ok
16:06:16.0478 0x2270  Waiting for KSN requests completion. In queue: 82
16:06:17.0928 0x2270  AV detected via SS2: Trend Micro Titanium Antivirus+, C:\Program Files\Trend Micro\Titanium\wschandler.exe ( 7.0.0.1151 ), 0x41000 ( enabled : updated )
16:06:18.0051 0x2270  Win FW state via NFP2: enabled
16:06:18.0415 0x2270  ============================================================
16:06:18.0415 0x2270  Scan finished
16:06:18.0415 0x2270  ============================================================
16:06:18.0428 0x0658  Detected object count: 0
16:06:18.0428 0x0658  Actual detected object count: 0
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users