Jump to content

Fawst

Members
  • Posts

    19
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thank you very much for everything! I'm pretty sure this was due to someone using an infected USB drive so I'm going to put that to an end. I have zero desire to go through this (or put anyone else like yourself through it) again!
  2. I think I might be all set! I reinstalled MSE and after it updated the definitions, there was nothing found on the scan.
  3. Nothing showed up on a MBAM scan, which is good! The only issue I can see is that Microsoft Security Essentials is stopped and when I try to start it, it says that the Security Essentials service isn't installed. Do I need to uninstall and reinstall MSE? Or is there a better option available to use?
  4. It seems like I may have been using a newer version than the one you gave instructions for as some of the requests were not available. For instance, Complete Scan didn't provide an option for choosing drives, it chose everything on its own. It also moved the two incurable files automatically, I had no option to click on the image you posted. Also, I saved the .csv file, but it was pretty sparse. There was a notification that a log file was saved, but it's a 23mb .txt file. I'm posting the .csv contents below: OTL(1).exe;C:\Documents and Settings\Diane\Desktop;Trojan.Siggen4.6108;Incurable.Moved.; OTL(1).exe;C:\Documents and Settings\Diane\DoctorWeb\Quarantine;Trojan.Siggen4.6108;Incurable.Moved.;
  5. MBAM found rootkit.0access again, but once I rebooted and ran MBAM a second time, nothing was detected. Here's the MBAM log from the first run when it found rootkit.0access: Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.21.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Diane :: DIANE [administrator] 6/21/2012 12:10:22 PM mbam-log-2012-06-21 (12-10-22).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 206695 Time elapsed: 1 minute(s), 21 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\Diane\0.6109149139324841.exe (Rootkit.0Access) -> Quarantined and deleted successfully. (end)
  6. Here's the OTL fix log: All processes killed ========== OTL ========== Folder C:\ProgramData\B7E85889000153270000620DB4EB2331\ not found. C:\Users\Diane\AppData\Local\{947ef688-a38b-5d5b-9079-8be3981bb954}\@ moved successfully. ========== FILES ========== C:\Users\Diane\AppData\Local\{947ef688-a38b-5d5b-9079-8be3981bb954}\U folder moved successfully. C:\Users\Diane\AppData\Local\{947ef688-a38b-5d5b-9079-8be3981bb954}\L folder moved successfully. C:\Users\Diane\AppData\Local\{947ef688-a38b-5d5b-9079-8be3981bb954} folder moved successfully. < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Diane\Desktop\cmd.bat deleted successfully. C:\Users\Diane\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Diane ->Temp folder emptied: 199876635 bytes ->Temporary Internet Files folder emptied: 105781910 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 14606706 bytes ->Flash cache emptied: 2963 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 6295 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 2982022 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 308.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.50.0 log created on 06212012_120023 Files\Folders moved on Reboot... C:\Users\Diane\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot...
  7. Logs incoming: 11:18:15.0662 3584 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32 11:18:15.0896 3584 ============================================================ 11:18:15.0896 3584 Current date / time: 2012/06/21 11:18:15.0896 11:18:15.0896 3584 SystemInfo: 11:18:15.0896 3584 11:18:15.0896 3584 OS Version: 6.1.7601 ServicePack: 1.0 11:18:15.0896 3584 Product type: Workstation 11:18:15.0896 3584 ComputerName: DIANE 11:18:15.0896 3584 UserName: Diane 11:18:15.0896 3584 Windows directory: C:\Windows 11:18:15.0896 3584 System windows directory: C:\Windows 11:18:15.0896 3584 Running under WOW64 11:18:15.0896 3584 Processor architecture: Intel x64 11:18:15.0896 3584 Number of processors: 4 11:18:15.0896 3584 Page size: 0x1000 11:18:15.0896 3584 Boot type: Normal boot 11:18:15.0896 3584 ============================================================ 11:18:16.0566 3584 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 11:18:16.0582 3584 ============================================================ 11:18:16.0582 3584 \Device\Harddisk0\DR0: 11:18:16.0582 3584 MBR partitions: 11:18:16.0582 3584 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x192D000 11:18:16.0582 3584 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1941000, BlocksNum 0x23AE8AB0 11:18:16.0582 3584 ============================================================ 11:18:16.0598 3584 C: <-> \Device\Harddisk0\DR0\Partition1 11:18:16.0598 3584 ============================================================ 11:18:16.0598 3584 Initialize success 11:18:16.0598 3584 ============================================================ 11:18:55.0941 1408 ============================================================ 11:18:55.0941 1408 Scan started 11:18:55.0941 1408 Mode: Manual; SigCheck; TDLFS; 11:18:55.0941 1408 ============================================================ 11:18:56.0362 1408 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 11:18:56.0440 1408 1394ohci - ok 11:18:56.0487 1408 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 11:18:56.0503 1408 ACPI - ok 11:18:56.0503 1408 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 11:18:56.0581 1408 AcpiPmi - ok 11:18:56.0659 1408 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 11:18:56.0674 1408 AdobeFlashPlayerUpdateSvc - ok 11:18:56.0705 1408 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 11:18:56.0737 1408 adp94xx - ok 11:18:56.0752 1408 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 11:18:56.0768 1408 adpahci - ok 11:18:56.0783 1408 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 11:18:56.0799 1408 adpu320 - ok 11:18:56.0815 1408 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 11:18:56.0893 1408 AeLookupSvc - ok 11:18:56.0939 1408 AERTFilters (3ac22a3dfa8a050e35f0e3cd99d0cdf2) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe 11:18:57.0017 1408 AERTFilters - ok 11:18:57.0064 1408 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 11:18:57.0111 1408 AFD - ok 11:18:57.0158 1408 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 11:18:57.0173 1408 agp440 - ok 11:18:57.0189 1408 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 11:18:57.0220 1408 ALG - ok 11:18:57.0251 1408 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 11:18:57.0267 1408 aliide - ok 11:18:57.0283 1408 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 11:18:57.0283 1408 amdide - ok 11:18:57.0314 1408 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 11:18:57.0361 1408 AmdK8 - ok 11:18:57.0376 1408 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 11:18:57.0392 1408 AmdPPM - ok 11:18:57.0423 1408 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 11:18:57.0439 1408 amdsata - ok 11:18:57.0454 1408 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 11:18:57.0470 1408 amdsbs - ok 11:18:57.0485 1408 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 11:18:57.0501 1408 amdxata - ok 11:18:57.0532 1408 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 11:18:57.0657 1408 AppID - ok 11:18:57.0673 1408 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 11:18:57.0735 1408 AppIDSvc - ok 11:18:57.0766 1408 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 11:18:57.0813 1408 Appinfo - ok 11:18:57.0844 1408 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll 11:18:57.0891 1408 AppMgmt - ok 11:18:57.0907 1408 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 11:18:57.0922 1408 arc - ok 11:18:57.0922 1408 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 11:18:57.0938 1408 arcsas - ok 11:18:57.0953 1408 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 11:18:58.0016 1408 AsyncMac - ok 11:18:58.0031 1408 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 11:18:58.0047 1408 atapi - ok 11:18:58.0094 1408 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 11:18:58.0156 1408 AudioEndpointBuilder - ok 11:18:58.0172 1408 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 11:18:58.0203 1408 AudioSrv - ok 11:18:58.0265 1408 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 11:18:58.0328 1408 AxInstSV - ok 11:18:58.0359 1408 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 11:18:58.0406 1408 b06bdrv - ok 11:18:58.0421 1408 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 11:18:58.0453 1408 b57nd60a - ok 11:18:58.0484 1408 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 11:18:58.0499 1408 BDESVC - ok 11:18:58.0515 1408 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 11:18:58.0546 1408 Beep - ok 11:18:58.0609 1408 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 11:18:58.0655 1408 BFE - ok 11:18:58.0702 1408 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll 11:18:58.0765 1408 BITS - ok 11:18:58.0811 1408 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 11:18:58.0843 1408 blbdrive - ok 11:18:58.0874 1408 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 11:18:58.0905 1408 bowser - ok 11:18:58.0967 1408 BPowMon (1ad28a8a753e4bd8fdb4f5f857ace561) C:\Program Files\Broadcom\BPowMon\BPowMon.exe 11:18:58.0983 1408 BPowMon - ok 11:18:58.0999 1408 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 11:18:59.0045 1408 BrFiltLo - ok 11:18:59.0045 1408 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 11:18:59.0061 1408 BrFiltUp - ok 11:18:59.0077 1408 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 11:18:59.0139 1408 BridgeMP - ok 11:18:59.0155 1408 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 11:18:59.0201 1408 Browser - ok 11:18:59.0217 1408 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 11:18:59.0248 1408 Brserid - ok 11:18:59.0248 1408 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 11:18:59.0279 1408 BrSerWdm - ok 11:18:59.0295 1408 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 11:18:59.0342 1408 BrUsbMdm - ok 11:18:59.0342 1408 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 11:18:59.0373 1408 BrUsbSer - ok 11:18:59.0373 1408 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 11:18:59.0404 1408 BTHMODEM - ok 11:18:59.0420 1408 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 11:18:59.0467 1408 bthserv - ok 11:18:59.0498 1408 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 11:18:59.0545 1408 cdfs - ok 11:18:59.0591 1408 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 11:18:59.0607 1408 cdrom - ok 11:18:59.0654 1408 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 11:18:59.0701 1408 CertPropSvc - ok 11:18:59.0716 1408 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 11:18:59.0732 1408 circlass - ok 11:18:59.0779 1408 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 11:18:59.0794 1408 CLFS - ok 11:18:59.0841 1408 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 11:18:59.0857 1408 clr_optimization_v2.0.50727_32 - ok 11:18:59.0888 1408 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 11:18:59.0903 1408 clr_optimization_v2.0.50727_64 - ok 11:18:59.0966 1408 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 11:18:59.0966 1408 clr_optimization_v4.0.30319_32 - ok 11:19:00.0013 1408 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 11:19:00.0013 1408 clr_optimization_v4.0.30319_64 - ok 11:19:00.0044 1408 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 11:19:00.0059 1408 CmBatt - ok 11:19:00.0091 1408 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 11:19:00.0106 1408 cmdide - ok 11:19:00.0122 1408 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 11:19:00.0153 1408 CNG - ok 11:19:00.0169 1408 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 11:19:00.0184 1408 Compbatt - ok 11:19:00.0215 1408 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 11:19:00.0262 1408 CompositeBus - ok 11:19:00.0278 1408 COMSysApp - ok 11:19:00.0293 1408 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 11:19:00.0309 1408 crcdisk - ok 11:19:00.0340 1408 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll 11:19:00.0387 1408 CryptSvc - ok 11:19:00.0418 1408 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys 11:19:00.0465 1408 CSC - ok 11:19:00.0512 1408 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll 11:19:00.0543 1408 CscService - ok 11:19:00.0590 1408 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 11:19:00.0621 1408 DcomLaunch - ok 11:19:00.0683 1408 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 11:19:00.0730 1408 defragsvc - ok 11:19:00.0777 1408 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 11:19:00.0824 1408 DfsC - ok 11:19:00.0871 1408 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 11:19:00.0917 1408 Dhcp - ok 11:19:00.0933 1408 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 11:19:00.0980 1408 discache - ok 11:19:00.0995 1408 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 11:19:01.0011 1408 Disk - ok 11:19:01.0042 1408 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 11:19:01.0073 1408 Dnscache - ok 11:19:01.0120 1408 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 11:19:01.0151 1408 dot3svc - ok 11:19:01.0183 1408 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 11:19:01.0214 1408 DPS - ok 11:19:01.0245 1408 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 11:19:01.0261 1408 drmkaud - ok 11:19:01.0307 1408 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 11:19:01.0339 1408 DXGKrnl - ok 11:19:01.0354 1408 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 11:19:01.0401 1408 EapHost - ok 11:19:01.0495 1408 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 11:19:01.0573 1408 ebdrv - ok 11:19:01.0651 1408 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 11:19:01.0682 1408 EFS - ok 11:19:01.0744 1408 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 11:19:01.0791 1408 ehRecvr - ok 11:19:01.0822 1408 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 11:19:01.0853 1408 ehSched - ok 11:19:01.0900 1408 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 11:19:01.0931 1408 elxstor - ok 11:19:01.0947 1408 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 11:19:01.0978 1408 ErrDev - ok 11:19:02.0009 1408 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 11:19:02.0056 1408 EventSystem - ok 11:19:02.0072 1408 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 11:19:02.0103 1408 exfat - ok 11:19:02.0119 1408 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 11:19:02.0165 1408 fastfat - ok 11:19:02.0228 1408 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 11:19:02.0290 1408 Fax - ok 11:19:02.0306 1408 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 11:19:02.0321 1408 fdc - ok 11:19:02.0337 1408 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 11:19:02.0384 1408 fdPHost - ok 11:19:02.0384 1408 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 11:19:02.0431 1408 FDResPub - ok 11:19:02.0462 1408 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 11:19:02.0477 1408 FileInfo - ok 11:19:02.0493 1408 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 11:19:02.0524 1408 Filetrace - ok 11:19:02.0540 1408 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 11:19:02.0555 1408 flpydisk - ok 11:19:02.0587 1408 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 11:19:02.0602 1408 FltMgr - ok 11:19:02.0649 1408 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 11:19:02.0727 1408 FontCache - ok 11:19:02.0774 1408 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 11:19:02.0789 1408 FontCache3.0.0.0 - ok 11:19:02.0836 1408 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 11:19:02.0836 1408 FsDepends - ok 11:19:02.0867 1408 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 11:19:02.0883 1408 Fs_Rec - ok 11:19:02.0914 1408 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 11:19:02.0930 1408 fvevol - ok 11:19:02.0945 1408 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 11:19:02.0961 1408 gagp30kx - ok 11:19:03.0008 1408 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 11:19:03.0055 1408 gpsvc - ok 11:19:03.0070 1408 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 11:19:03.0117 1408 hcw85cir - ok 11:19:03.0148 1408 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 11:19:03.0179 1408 HDAudBus - ok 11:19:03.0195 1408 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 11:19:03.0211 1408 HidBatt - ok 11:19:03.0211 1408 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 11:19:03.0242 1408 HidBth - ok 11:19:03.0257 1408 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 11:19:03.0289 1408 HidIr - ok 11:19:03.0320 1408 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll 11:19:03.0351 1408 hidserv - ok 11:19:03.0398 1408 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 11:19:03.0398 1408 HidUsb - ok 11:19:03.0429 1408 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 11:19:03.0491 1408 hkmsvc - ok 11:19:03.0507 1408 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 11:19:03.0523 1408 HomeGroupListener - ok 11:19:03.0554 1408 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 11:19:03.0569 1408 HomeGroupProvider - ok 11:19:03.0601 1408 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 11:19:03.0616 1408 HpSAMD - ok 11:19:03.0663 1408 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 11:19:03.0710 1408 HTTP - ok 11:19:03.0741 1408 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 11:19:03.0741 1408 hwpolicy - ok 11:19:03.0788 1408 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 11:19:03.0803 1408 i8042prt - ok 11:19:03.0850 1408 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 11:19:03.0866 1408 iaStorV - ok 11:19:03.0944 1408 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 11:19:03.0975 1408 idsvc - ok 11:19:04.0240 1408 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys 11:19:04.0459 1408 igfx - ok 11:19:04.0537 1408 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 11:19:04.0552 1408 iirsp - ok 11:19:04.0615 1408 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 11:19:04.0677 1408 IKEEXT - ok 11:19:04.0739 1408 IntcAzAudAddService (5ba1779e2c84fde2a5e201fff9c42c9c) C:\Windows\system32\drivers\RTKVHD64.sys 11:19:04.0771 1408 IntcAzAudAddService - ok 11:19:04.0849 1408 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 11:19:04.0864 1408 intelide - ok 11:19:04.0880 1408 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 11:19:04.0911 1408 intelppm - ok 11:19:04.0927 1408 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 11:19:04.0973 1408 IPBusEnum - ok 11:19:05.0005 1408 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 11:19:05.0036 1408 IpFilterDriver - ok 11:19:05.0067 1408 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 11:19:05.0129 1408 iphlpsvc - ok 11:19:05.0145 1408 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 11:19:05.0161 1408 IPMIDRV - ok 11:19:05.0192 1408 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 11:19:05.0239 1408 IPNAT - ok 11:19:05.0254 1408 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 11:19:05.0270 1408 IRENUM - ok 11:19:05.0301 1408 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 11:19:05.0317 1408 isapnp - ok 11:19:05.0332 1408 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 11:19:05.0348 1408 iScsiPrt - ok 11:19:05.0395 1408 k57nd60a (d85f3f18e44f7447b5f1ba5c85baeb7c) C:\Windows\system32\DRIVERS\k57nd60a.sys 11:19:05.0410 1408 k57nd60a - ok 11:19:05.0426 1408 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 11:19:05.0441 1408 kbdclass - ok 11:19:05.0457 1408 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 11:19:05.0488 1408 kbdhid - ok 11:19:05.0504 1408 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 11:19:05.0519 1408 KeyIso - ok 11:19:05.0535 1408 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 11:19:05.0551 1408 KSecDD - ok 11:19:05.0551 1408 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 11:19:05.0566 1408 KSecPkg - ok 11:19:05.0582 1408 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 11:19:05.0629 1408 ksthunk - ok 11:19:05.0660 1408 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 11:19:05.0707 1408 KtmRm - ok 11:19:05.0753 1408 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll 11:19:05.0800 1408 LanmanServer - ok 11:19:05.0816 1408 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 11:19:05.0863 1408 LanmanWorkstation - ok 11:19:05.0878 1408 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 11:19:05.0941 1408 lltdio - ok 11:19:05.0972 1408 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 11:19:06.0034 1408 lltdsvc - ok 11:19:06.0050 1408 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 11:19:06.0081 1408 lmhosts - ok 11:19:06.0143 1408 LMIGuardianSvc (d55a7d0553c7102f63872936c7a9d9db) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe 11:19:06.0159 1408 LMIGuardianSvc - ok 11:19:06.0190 1408 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys 11:19:06.0190 1408 LMIInfo - ok 11:19:06.0221 1408 LMIMaint (a7d256c8847df6e88bddb55f87e54f46) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe 11:19:06.0237 1408 LMIMaint - ok 11:19:06.0237 1408 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys 11:19:06.0253 1408 lmimirr - ok 11:19:06.0253 1408 LMIRfsClientNP - ok 11:19:06.0268 1408 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys 11:19:06.0284 1408 LMIRfsDriver - ok 11:19:06.0315 1408 LogMeIn (d3760bc17e1755091b7120cf32dbf56b) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe 11:19:06.0331 1408 LogMeIn - ok 11:19:06.0346 1408 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 11:19:06.0362 1408 LSI_FC - ok 11:19:06.0362 1408 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 11:19:06.0377 1408 LSI_SAS - ok 11:19:06.0393 1408 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 11:19:06.0409 1408 LSI_SAS2 - ok 11:19:06.0409 1408 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 11:19:06.0424 1408 LSI_SCSI - ok 11:19:06.0440 1408 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 11:19:06.0487 1408 luafv - ok 11:19:06.0502 1408 mbamchameleon (08aa34bc5f95f4fdd58dd7528a9c63cc) C:\Windows\system32\drivers\mbamchameleon.sys 11:19:06.0518 1408 mbamchameleon - ok 11:19:06.0533 1408 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 11:19:06.0549 1408 Mcx2Svc - ok 11:19:06.0565 1408 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 11:19:06.0580 1408 megasas - ok 11:19:06.0580 1408 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 11:19:06.0611 1408 MegaSR - ok 11:19:06.0658 1408 Microsoft SharePoint Workspace Audit Service - ok 11:19:06.0689 1408 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 11:19:06.0736 1408 MMCSS - ok 11:19:06.0736 1408 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 11:19:06.0783 1408 Modem - ok 11:19:06.0814 1408 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 11:19:06.0845 1408 monitor - ok 11:19:06.0877 1408 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 11:19:06.0892 1408 mouclass - ok 11:19:06.0908 1408 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 11:19:06.0939 1408 mouhid - ok 11:19:06.0955 1408 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 11:19:06.0970 1408 mountmgr - ok 11:19:07.0033 1408 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys 11:19:07.0048 1408 MpFilter - ok 11:19:07.0079 1408 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 11:19:07.0095 1408 mpio - ok 11:19:07.0095 1408 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 11:19:07.0126 1408 mpsdrv - ok 11:19:07.0204 1408 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 11:19:07.0251 1408 MpsSvc - ok 11:19:07.0267 1408 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 11:19:07.0298 1408 MRxDAV - ok 11:19:07.0313 1408 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 11:19:07.0360 1408 mrxsmb - ok 11:19:07.0391 1408 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 11:19:07.0423 1408 mrxsmb10 - ok 11:19:07.0438 1408 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 11:19:07.0438 1408 mrxsmb20 - ok 11:19:07.0469 1408 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 11:19:07.0485 1408 msahci - ok 11:19:07.0501 1408 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 11:19:07.0516 1408 msdsm - ok 11:19:07.0547 1408 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 11:19:07.0563 1408 MSDTC - ok 11:19:07.0594 1408 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 11:19:07.0625 1408 Msfs - ok 11:19:07.0657 1408 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 11:19:07.0688 1408 mshidkmdf - ok 11:19:07.0703 1408 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 11:19:07.0703 1408 msisadrv - ok 11:19:07.0719 1408 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 11:19:07.0766 1408 MSiSCSI - ok 11:19:07.0766 1408 msiserver - ok 11:19:07.0797 1408 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 11:19:07.0828 1408 MSKSSRV - ok 11:19:07.0828 1408 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 11:19:07.0875 1408 MSPCLOCK - ok 11:19:07.0891 1408 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 11:19:07.0922 1408 MSPQM - ok 11:19:07.0953 1408 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 11:19:07.0969 1408 MsRPC - ok 11:19:08.0000 1408 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 11:19:08.0015 1408 mssmbios - ok 11:19:08.0015 1408 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 11:19:08.0062 1408 MSTEE - ok 11:19:08.0062 1408 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 11:19:08.0078 1408 MTConfig - ok 11:19:08.0093 1408 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 11:19:08.0109 1408 Mup - ok 11:19:08.0140 1408 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 11:19:08.0203 1408 napagent - ok 11:19:08.0234 1408 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 11:19:08.0249 1408 NativeWifiP - ok 11:19:08.0281 1408 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 11:19:08.0312 1408 NDIS - ok 11:19:08.0312 1408 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 11:19:08.0359 1408 NdisCap - ok 11:19:08.0359 1408 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 11:19:08.0405 1408 NdisTapi - ok 11:19:08.0421 1408 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 11:19:08.0468 1408 Ndisuio - ok 11:19:08.0499 1408 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 11:19:08.0546 1408 NdisWan - ok 11:19:08.0577 1408 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 11:19:08.0624 1408 NDProxy - ok 11:19:08.0655 1408 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 11:19:08.0702 1408 NetBIOS - ok 11:19:08.0733 1408 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 11:19:08.0780 1408 NetBT - ok 11:19:08.0795 1408 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 11:19:08.0811 1408 Netlogon - ok 11:19:08.0842 1408 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 11:19:08.0905 1408 Netman - ok 11:19:08.0920 1408 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 11:19:08.0967 1408 netprofm - ok 11:19:09.0014 1408 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 11:19:09.0029 1408 NetTcpPortSharing - ok 11:19:09.0061 1408 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 11:19:09.0061 1408 nfrd960 - ok 11:19:09.0107 1408 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys 11:19:09.0123 1408 NisDrv - ok 11:19:09.0170 1408 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe 11:19:09.0185 1408 NisSrv - ok 11:19:09.0232 1408 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 11:19:09.0279 1408 NlaSvc - ok 11:19:09.0310 1408 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 11:19:09.0341 1408 Npfs - ok 11:19:09.0357 1408 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 11:19:09.0404 1408 nsi - ok 11:19:09.0404 1408 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 11:19:09.0451 1408 nsiproxy - ok 11:19:09.0529 1408 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 11:19:09.0575 1408 Ntfs - ok 11:19:09.0653 1408 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 11:19:09.0685 1408 Null - ok 11:19:09.0731 1408 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 11:19:09.0731 1408 nvraid - ok 11:19:09.0747 1408 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 11:19:09.0763 1408 nvstor - ok 11:19:09.0794 1408 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 11:19:09.0809 1408 nv_agp - ok 11:19:09.0841 1408 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 11:19:09.0872 1408 ohci1394 - ok 11:19:09.0919 1408 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 11:19:09.0934 1408 ose - ok 11:19:10.0075 1408 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 11:19:10.0199 1408 osppsvc - ok 11:19:10.0277 1408 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 11:19:10.0309 1408 p2pimsvc - ok 11:19:10.0324 1408 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 11:19:10.0340 1408 p2psvc - ok 11:19:10.0371 1408 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 11:19:10.0387 1408 Parport - ok 11:19:10.0418 1408 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 11:19:10.0433 1408 partmgr - ok 11:19:10.0449 1408 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 11:19:10.0465 1408 PcaSvc - ok 11:19:10.0496 1408 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 11:19:10.0511 1408 pci - ok 11:19:10.0527 1408 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 11:19:10.0543 1408 pciide - ok 11:19:10.0558 1408 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 11:19:10.0574 1408 pcmcia - ok 11:19:10.0589 1408 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 11:19:10.0605 1408 pcw - ok 11:19:10.0621 1408 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 11:19:10.0667 1408 PEAUTH - ok 11:19:10.0714 1408 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll 11:19:10.0777 1408 PeerDistSvc - ok 11:19:10.0808 1408 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 11:19:10.0839 1408 PerfHost - ok 11:19:10.0933 1408 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 11:19:10.0979 1408 pla - ok 11:19:11.0026 1408 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 11:19:11.0057 1408 PlugPlay - ok 11:19:11.0073 1408 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 11:19:11.0104 1408 PNRPAutoReg - ok 11:19:11.0120 1408 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 11:19:11.0135 1408 PNRPsvc - ok 11:19:11.0182 1408 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys 11:19:11.0198 1408 Point64 - ok 11:19:11.0229 1408 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 11:19:11.0291 1408 PolicyAgent - ok 11:19:11.0307 1408 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 11:19:11.0354 1408 Power - ok 11:19:11.0401 1408 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 11:19:11.0432 1408 PptpMiniport - ok 11:19:11.0447 1408 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 11:19:11.0463 1408 Processor - ok 11:19:11.0494 1408 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll 11:19:11.0541 1408 ProfSvc - ok 11:19:11.0572 1408 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 11:19:11.0572 1408 ProtectedStorage - ok 11:19:11.0603 1408 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 11:19:11.0650 1408 Psched - ok 11:19:11.0728 1408 QBCFMonitorService (ee46f431b25c14778d2e89d6f10f1d65) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe 11:19:11.0744 1408 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - warning 11:19:11.0744 1408 QBCFMonitorService - detected UnsignedFile.Multi.Generic (1) 11:19:11.0775 1408 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe 11:19:11.0791 1408 QBFCService ( UnsignedFile.Multi.Generic ) - warning 11:19:11.0791 1408 QBFCService - detected UnsignedFile.Multi.Generic (1) 11:19:11.0837 1408 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 11:19:11.0884 1408 ql2300 - ok 11:19:11.0947 1408 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 11:19:11.0962 1408 ql40xx - ok 11:19:11.0993 1408 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 11:19:12.0009 1408 QWAVE - ok 11:19:12.0025 1408 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 11:19:12.0056 1408 QWAVEdrv - ok 11:19:12.0056 1408 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 11:19:12.0103 1408 RasAcd - ok 11:19:12.0134 1408 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 11:19:12.0165 1408 RasAgileVpn - ok 11:19:12.0181 1408 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 11:19:12.0212 1408 RasAuto - ok 11:19:12.0243 1408 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 11:19:12.0290 1408 Rasl2tp - ok 11:19:12.0305 1408 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 11:19:12.0337 1408 RasMan - ok 11:19:12.0368 1408 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 11:19:12.0399 1408 RasPppoe - ok 11:19:12.0415 1408 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 11:19:12.0446 1408 RasSstp - ok 11:19:12.0477 1408 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 11:19:12.0508 1408 rdbss - ok 11:19:12.0524 1408 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 11:19:12.0539 1408 rdpbus - ok 11:19:12.0555 1408 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 11:19:12.0586 1408 RDPCDD - ok 11:19:12.0617 1408 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys 11:19:12.0649 1408 RDPDR - ok 11:19:12.0664 1408 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 11:19:12.0711 1408 RDPENCDD - ok 11:19:12.0742 1408 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 11:19:12.0773 1408 RDPREFMP - ok 11:19:12.0805 1408 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys 11:19:12.0836 1408 RDPWD - ok 11:19:12.0867 1408 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 11:19:12.0883 1408 rdyboost - ok 11:19:12.0898 1408 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 11:19:12.0945 1408 RemoteAccess - ok 11:19:12.0976 1408 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 11:19:13.0023 1408 RemoteRegistry - ok 11:19:13.0023 1408 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 11:19:13.0070 1408 RpcEptMapper - ok 11:19:13.0101 1408 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 11:19:13.0132 1408 RpcLocator - ok 11:19:13.0163 1408 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll 11:19:13.0195 1408 RpcSs - ok 11:19:13.0226 1408 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 11:19:13.0257 1408 rspndr - ok 11:19:13.0288 1408 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys 11:19:13.0304 1408 s3cap - ok 11:19:13.0319 1408 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 11:19:13.0335 1408 SamSs - ok 11:19:13.0366 1408 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 11:19:13.0366 1408 sbp2port - ok 11:19:13.0413 1408 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 11:19:13.0444 1408 SCardSvr - ok 11:19:13.0460 1408 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 11:19:13.0507 1408 scfilter - ok 11:19:13.0553 1408 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 11:19:13.0631 1408 Schedule - ok 11:19:13.0663 1408 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 11:19:13.0694 1408 SCPolicySvc - ok 11:19:13.0694 1408 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 11:19:13.0741 1408 SDRSVC - ok 11:19:13.0787 1408 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 11:19:13.0834 1408 secdrv - ok 11:19:13.0850 1408 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 11:19:13.0897 1408 seclogon - ok 11:19:13.0912 1408 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll 11:19:13.0959 1408 SENS - ok 11:19:13.0975 1408 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 11:19:14.0006 1408 SensrSvc - ok 11:19:14.0021 1408 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 11:19:14.0037 1408 Serenum - ok 11:19:14.0068 1408 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 11:19:14.0084 1408 Serial - ok 11:19:14.0115 1408 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 11:19:14.0131 1408 sermouse - ok 11:19:14.0162 1408 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 11:19:14.0209 1408 SessionEnv - ok 11:19:14.0240 1408 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 11:19:14.0271 1408 sffdisk - ok 11:19:14.0287 1408 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 11:19:14.0302 1408 sffp_mmc - ok 11:19:14.0318 1408 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 11:19:14.0349 1408 sffp_sd - ok 11:19:14.0349 1408 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 11:19:14.0365 1408 sfloppy - ok 11:19:14.0411 1408 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 11:19:14.0458 1408 SharedAccess - ok 11:19:14.0489 1408 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 11:19:14.0536 1408 ShellHWDetection - ok 11:19:14.0552 1408 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 11:19:14.0567 1408 SiSRaid2 - ok 11:19:14.0567 1408 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 11:19:14.0583 1408 SiSRaid4 - ok 11:19:14.0599 1408 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 11:19:14.0645 1408 Smb - ok 11:19:14.0677 1408 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 11:19:14.0708 1408 SNMPTRAP - ok 11:19:14.0708 1408 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 11:19:14.0723 1408 spldr - ok 11:19:14.0770 1408 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 11:19:14.0801 1408 Spooler - ok 11:19:14.0911 1408 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 11:19:15.0020 1408 sppsvc - ok 11:19:15.0098 1408 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 11:19:15.0145 1408 sppuinotify - ok 11:19:15.0176 1408 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 11:19:15.0223 1408 srv - ok 11:19:15.0254 1408 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 11:19:15.0285 1408 srv2 - ok 11:19:15.0301 1408 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 11:19:15.0332 1408 srvnet - ok 11:19:15.0347 1408 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 11:19:15.0394 1408 SSDPSRV - ok 11:19:15.0425 1408 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 11:19:15.0457 1408 SstpSvc - ok 11:19:15.0472 1408 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 11:19:15.0488 1408 stexstor - ok 11:19:15.0503 1408 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys 11:19:15.0519 1408 StillCam - ok 11:19:15.0566 1408 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 11:19:15.0597 1408 stisvc - ok 11:19:15.0628 1408 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys 11:19:15.0644 1408 storflt - ok 11:19:15.0659 1408 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll 11:19:15.0691 1408 StorSvc - ok 11:19:15.0722 1408 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys 11:19:15.0737 1408 storvsc - ok 11:19:15.0753 1408 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 11:19:15.0769 1408 swenum - ok 11:19:15.0925 1408 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 11:19:15.0987 1408 swprv - ok 11:19:16.0049 1408 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 11:19:16.0112 1408 SysMain - ok 11:19:16.0190 1408 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 11:19:16.0205 1408 TabletInputService - ok 11:19:16.0221 1408 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 11:19:16.0268 1408 TapiSrv - ok 11:19:16.0283 1408 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 11:19:16.0330 1408 TBS - ok 11:19:16.0408 1408 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 11:19:16.0471 1408 Tcpip - ok 11:19:16.0549 1408 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 11:19:16.0580 1408 TCPIP6 - ok 11:19:16.0642 1408 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 11:19:16.0673 1408 tcpipreg - ok 11:19:16.0689 1408 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 11:19:16.0720 1408 TDPIPE - ok 11:19:16.0767 1408 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 11:19:16.0783 1408 TDTCP - ok 11:19:16.0814 1408 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 11:19:16.0845 1408 tdx - ok 11:19:16.0876 1408 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 11:19:16.0892 1408 TermDD - ok 11:19:16.0923 1408 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 11:19:16.0985 1408 TermService - ok 11:19:17.0017 1408 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 11:19:17.0048 1408 Themes - ok 11:19:17.0079 1408 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 11:19:17.0110 1408 THREADORDER - ok 11:19:17.0110 1408 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 11:19:17.0157 1408 TrkWks - ok 11:19:17.0188 1408 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 11:19:17.0219 1408 TrustedInstaller - ok 11:19:17.0251 1408 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 11:19:17.0297 1408 tssecsrv - ok 11:19:17.0329 1408 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 11:19:17.0360 1408 TsUsbFlt - ok 11:19:17.0391 1408 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 11:19:17.0438 1408 tunnel - ok 11:19:17.0453 1408 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 11:19:17.0469 1408 uagp35 - ok 11:19:17.0500 1408 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 11:19:17.0547 1408 udfs - ok 11:19:17.0563 1408 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 11:19:17.0578 1408 UI0Detect - ok 11:19:17.0609 1408 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 11:19:17.0609 1408 uliagpkx - ok 11:19:17.0641 1408 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 11:19:17.0672 1408 umbus - ok 11:19:17.0672 1408 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 11:19:17.0687 1408 UmPass - ok 11:19:17.0719 1408 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll 11:19:17.0734 1408 UmRdpService - ok 11:19:17.0750 1408 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 11:19:17.0797 1408 upnphost - ok 11:19:17.0828 1408 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys 11:19:17.0859 1408 usbccgp - ok 11:19:17.0890 1408 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 11:19:17.0921 1408 usbcir - ok 11:19:17.0937 1408 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys 11:19:17.0953 1408 usbehci - ok 11:19:17.0984 1408 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 11:19:18.0015 1408 usbhub - ok 11:19:18.0062 1408 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 11:19:18.0077 1408 usbohci - ok 11:19:18.0093 1408 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 11:19:18.0124 1408 usbprint - ok 11:19:18.0124 1408 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 11:19:18.0171 1408 USBSTOR - ok 11:19:18.0202 1408 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 11:19:18.0218 1408 usbuhci - ok 11:19:18.0249 1408 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 11:19:18.0280 1408 UxSms - ok 11:19:18.0311 1408 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 11:19:18.0327 1408 VaultSvc - ok 11:19:18.0343 1408 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 11:19:18.0343 1408 vdrvroot - ok 11:19:18.0389 1408 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 11:19:18.0436 1408 vds - ok 11:19:18.0467 1408 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 11:19:18.0483 1408 vga - ok 11:19:18.0499 1408 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 11:19:18.0545 1408 VgaSave - ok 11:19:18.0561 1408 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 11:19:18.0577 1408 vhdmp - ok 11:19:18.0608 1408 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 11:19:18.0623 1408 viaide - ok 11:19:18.0655 1408 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys 11:19:18.0670 1408 vmbus - ok 11:19:18.0701 1408 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys 11:19:18.0717 1408 VMBusHID - ok 11:19:18.0733 1408 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 11:19:18.0748 1408 volmgr - ok 11:19:18.0779 1408 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 11:19:18.0795 1408 volmgrx - ok 11:19:18.0842 1408 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 11:19:18.0857 1408 volsnap - ok 11:19:18.0904 1408 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys 11:19:18.0904 1408 vpcbus - ok 11:19:18.0951 1408 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys 11:19:18.0982 1408 vpcnfltr - ok 11:19:18.0998 1408 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys 11:19:19.0029 1408 vpcusb - ok 11:19:19.0045 1408 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys 11:19:19.0060 1408 vpcvmm - ok 11:19:19.0076 1408 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 11:19:19.0091 1408 vsmraid - ok 11:19:19.0138 1408 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 11:19:19.0216 1408 VSS - ok 11:19:19.0279 1408 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 11:19:19.0294 1408 vwifibus - ok 11:19:19.0325 1408 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 11:19:19.0357 1408 W32Time - ok 11:19:19.0372 1408 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 11:19:19.0403 1408 WacomPen - ok 11:19:19.0435 1408 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 11:19:19.0481 1408 WANARP - ok 11:19:19.0481 1408 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 11:19:19.0513 1408 Wanarpv6 - ok 11:19:19.0575 1408 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 11:19:19.0622 1408 WatAdminSvc - ok 11:19:19.0684 1408 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 11:19:19.0747 1408 wbengine - ok 11:19:19.0825 1408 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 11:19:19.0840 1408 WbioSrvc - ok 11:19:19.0871 1408 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 11:19:19.0903 1408 wcncsvc - ok 11:19:19.0918 1408 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 11:19:19.0949 1408 WcsPlugInService - ok 11:19:19.0981 1408 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 11:19:19.0981 1408 Wd - ok 11:19:20.0012 1408 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 11:19:20.0027 1408 Wdf01000 - ok 11:19:20.0043 1408 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 11:19:20.0121 1408 WdiServiceHost - ok 11:19:20.0121 1408 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 11:19:20.0137 1408 WdiSystemHost - ok 11:19:20.0183 1408 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 11:19:20.0215 1408 WebClient - ok 11:19:20.0230 1408 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 11:19:20.0277 1408 Wecsvc - ok 11:19:20.0293 1408 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 11:19:20.0339 1408 wercplsupport - ok 11:19:20.0355 1408 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 11:19:20.0402 1408 WerSvc - ok 11:19:20.0449 1408 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 11:19:20.0480 1408 WfpLwf - ok 11:19:20.0495 1408 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 11:19:20.0511 1408 WIMMount - ok 11:19:20.0527 1408 WinDefend - ok 11:19:20.0527 1408 WinHttpAutoProxySvc - ok 11:19:20.0589 1408 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 11:19:20.0636 1408 Winmgmt - ok 11:19:20.0698 1408 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 11:19:20.0792 1408 WinRM - ok 11:19:20.0979 1408 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 11:19:21.0010 1408 Wlansvc - ok 11:19:21.0119 1408 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 11:19:21.0182 1408 wlidsvc - ok 11:19:21.0244 1408 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 11:19:21.0260 1408 WmiAcpi - ok 11:19:21.0322 1408 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 11:19:21.0353 1408 wmiApSrv - ok 11:19:21.0369 1408 WMPNetworkSvc - ok 11:19:21.0385 1408 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 11:19:21.0416 1408 WPCSvc - ok 11:19:21.0447 1408 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 11:19:21.0463 1408 WPDBusEnum - ok 11:19:21.0494 1408 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 11:19:21.0525 1408 ws2ifsl - ok 11:19:21.0541 1408 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll 11:19:21.0572 1408 wscsvc - ok 11:19:21.0572 1408 WSearch - ok 11:19:21.0650 1408 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll 11:19:21.0759 1408 wuauserv - ok 11:19:21.0837 1408 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 11:19:21.0868 1408 WudfPf - ok 11:19:21.0899 1408 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 11:19:21.0946 1408 WUDFRd - ok 11:19:21.0962 1408 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 11:19:21.0993 1408 wudfsvc - ok 11:19:22.0024 1408 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 11:19:22.0055 1408 WwanSvc - ok 11:19:22.0071 1408 XnetSrvc (65ce22c63a0b3c9f2577e4fac44d08da) C:\Windows\system32\xnetsrvc.exe 11:19:22.0087 1408 XnetSrvc - ok 11:19:22.0102 1408 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0 11:19:22.0305 1408 \Device\Harddisk0\DR0 - ok 11:19:22.0305 1408 Boot (0x1200) (e02464838de4413330e5d67477b75192) \Device\Harddisk0\DR0\Partition0 11:19:22.0305 1408 \Device\Harddisk0\DR0\Partition0 - ok 11:19:22.0336 1408 Boot (0x1200) (350844d92513917d742870d3bf272813) \Device\Harddisk0\DR0\Partition1 11:19:22.0336 1408 \Device\Harddisk0\DR0\Partition1 - ok 11:19:22.0336 1408 ============================================================ 11:19:22.0336 1408 Scan finished 11:19:22.0336 1408 ============================================================ 11:19:22.0352 1228 Detected object count: 2 11:19:22.0352 1228 Actual detected object count: 2 11:19:50.0120 1228 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - skipped by user 11:19:50.0120 1228 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Skip 11:19:50.0120 1228 QBFCService ( UnsignedFile.Multi.Generic ) - skipped by user 11:19:50.0120 1228 QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Skip 11:21:30.0022 2780 Deinitialize success aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-06-21 11:22:03 ----------------------------- 11:22:03.562 OS Version: Windows x64 6.1.7601 Service Pack 1 11:22:03.562 Number of processors: 4 586 0x170A 11:22:03.562 ComputerName: DIANE UserName: Diane 11:22:04.982 Initialize success 11:22:58.350 AVAST engine defs: 12062100 11:23:03.451 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 11:23:03.451 Disk 0 Vendor: ST3320418AS CC45 Size: 305245MB BusType: 3 11:23:03.482 Disk 0 MBR read successfully 11:23:03.482 Disk 0 MBR scan 11:23:03.482 Disk 0 Windows VISTA default MBR code 11:23:03.482 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63 11:23:03.498 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 12890 MB offset 81920 11:23:03.513 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 292305 MB offset 26480640 11:23:03.529 Disk 0 scanning C:\Windows\system32\drivers 11:23:13.154 Service scanning 11:23:30.002 Modules scanning 11:23:30.002 Disk 0 trace - called modules: 11:23:30.018 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 11:23:30.018 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d84060] 11:23:30.033 3 CLASSPNP.SYS[fffff880021bc43f] -> nt!IofCallDriver -> [0xfffffa8004672d10] 11:23:30.033 5 ACPI.sys[fffff880017ab7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004687060] 11:23:30.704 AVAST engine scan C:\Windows 11:23:32.529 AVAST engine scan C:\Windows\system32 11:26:05.784 AVAST engine scan C:\Windows\system32\drivers 11:26:17.063 AVAST engine scan C:\Users\Diane 11:27:26.436 AVAST engine scan C:\ProgramData 11:27:52.675 Scan finished successfully 11:28:28.852 Disk 0 MBR has been saved successfully to "C:\Users\Diane\Desktop\MBR.dat" 11:28:28.852 The log file has been saved successfully to "C:\Users\Diane\Desktop\aswMBR.txt" OTL logfile created on: 6/21/2012 11:31:11 AM - Run 2 OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Diane\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.97 Gb Total Physical Memory | 2.77 Gb Available Physical Memory | 69.88% Memory free 7.93 Gb Paging File | 6.77 Gb Available in Paging File | 85.33% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285.45 Gb Total Space | 234.52 Gb Free Space | 82.16% Space Free | Partition Type: NTFS Drive Z: | 454.02 Gb Total Space | 432.68 Gb Free Space | 95.30% Space Free | Partition Type: NTFS Computer Name: DIANE | User Name: Diane | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/06/21 11:29:48 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Diane\Desktop\OTL(1).exe PRC - [2012/02/04 09:52:02 | 001,155,432 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe PRC - [2012/02/04 08:40:44 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2009/11/19 17:15:54 | 000,201,984 | ---- | M] () [On_Demand | Running] -- C:\Windows\SysNative\xnetsrvc.exe -- (XnetSrvc) SRV:64bit: - [2009/08/17 17:40:54 | 000,117,568 | ---- | M] (Broadcom Corp.) [Auto | Running] -- C:\Program Files\Broadcom\BPowMon\BPowMon.exe -- (BPowMon) SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009/03/31 18:01:34 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV - [2012/06/19 14:01:01 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/05/21 09:23:57 | 000,147,336 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint) SRV - [2012/05/21 09:23:37 | 000,375,176 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc) SRV - [2012/02/04 08:40:44 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService) SRV - [2010/12/08 10:41:47 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/06/19 16:06:16 | 000,033,096 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon) DRV:64bit: - [2012/05/21 09:23:37 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP) DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/04/13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 09:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2010/11/20 09:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 07:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2010/11/20 07:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010/05/31 11:31:10 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver) DRV:64bit: - [2010/05/31 11:30:44 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr) DRV:64bit: - [2009/08/21 16:50:48 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2010/05/31 11:31:10 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {C27266D7-DA1B-4B4B-BC98-A24B51456743} IE:64bit: - HKLM\..\SearchScopes\{C27266D7-DA1B-4B4B-BC98-A24B51456743}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A96AC96-50C9-4704-B685-51D6BBD14FE5} IE - HKLM\..\SearchScopes\{6A96AC96-50C9-4704-B685-51D6BBD14FE5}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-943651884-426696246-2160020666-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKU\S-1-5-21-943651884-426696246-2160020666-1001\..\SearchScopes,DefaultScope = {65FDC139-AD4C-4F14-A475-D38B478ADAC0} IE - HKU\S-1-5-21-943651884-426696246-2160020666-1001\..\SearchScopes\{65FDC139-AD4C-4F14-A475-D38B478ADAC0}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKU\S-1-5-21-943651884-426696246-2160020666-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}:6.0.32 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/15 11:34:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/15 11:34:43 | 000,000,000 | ---D | M] [2010/09/21 10:19:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Diane\AppData\Roaming\Mozilla\Extensions [2010/09/21 10:19:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Diane\AppData\Roaming\Mozilla\Firefox\Profiles\ttmjef0z.default\extensions [2012/05/15 12:07:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/05/15 12:07:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} O1 HOSTS File: ([2012/06/20 12:46:27 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKU\S-1-5-21-943651884-426696246-2160020666-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [XeroxMercuryBackgroundTask] C:\Windows\SysNative\x856Mbgnd.exe () O4 - HKLM..\Run: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.) O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\SysWow64\grpconv.exe (Microsoft Corporation) O4 - Startup: C:\Users\Diane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_47808157.lnk = C:\Users\Diane\AppData\Local\Temp\_uninst_47808157.bat () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-21-943651884-426696246-2160020666-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-943651884-426696246-2160020666-1001\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-21-943651884-426696246-2160020666-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O15 - HKU\S-1-5-21-943651884-426696246-2160020666-1001\..Trusted Domains: bankofamerica.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-943651884-426696246-2160020666-1001\..Trusted Domains: bankofamerica.com ([cashproonline] https in Trusted sites) O15 - HKU\S-1-5-21-943651884-426696246-2160020666-1001\..Trusted Domains: bankofamerica.com ([cashproonlineca] * in Trusted sites) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=928 (Performance Viewer Activex Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.226 68.87.73.242 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31120606-A45E-49C5-A557-DAEC54016CD2}: DhcpNameServer = 68.87.71.226 68.87.73.242 O18:64bit: - Protocol\Handler\intu-help-qb3 - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\qbwc - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/06/21 11:30:35 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Diane\Desktop\OTL(1).exe [2012/06/21 11:21:52 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Diane\Desktop\aswMBR.exe [2012/06/21 09:34:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/06/21 08:45:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2012/06/20 15:13:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012/06/20 13:06:27 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/06/20 12:09:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/06/20 12:09:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/06/20 12:09:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/06/20 12:07:54 | 000,000,000 | ---D | C] -- C:\ComboFix [2012/06/20 12:07:00 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/06/20 12:06:01 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/06/20 12:02:53 | 004,563,504 | R--- | C] (Swearware) -- C:\Users\Diane\Desktop\ComboFix.exe [2012/06/20 10:44:29 | 000,000,000 | ---D | C] -- C:\_OTL [2012/06/20 08:46:12 | 002,128,472 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Diane\Desktop\tdsskiller.exe [2012/06/19 16:36:30 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Diane\Desktop\dds.com [2012/06/19 14:10:16 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA% [2012/06/19 14:00:40 | 000,000,000 | ---D | C] -- C:\ProgramData\B7E85889000153270000620DB4EB2331 [2012/05/29 09:46:49 | 000,000,000 | ---D | C] -- C:\Users\Diane\Documents\HR ========== Files - Modified Within 30 Days ========== [2012/06/21 11:33:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/06/21 11:29:48 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Diane\Desktop\OTL(1).exe [2012/06/21 11:28:28 | 000,000,512 | ---- | M] () -- C:\Users\Diane\Desktop\MBR.dat [2012/06/21 11:20:37 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Diane\Desktop\aswMBR.exe [2012/06/21 11:17:54 | 002,128,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Diane\Desktop\tdsskiller.exe [2012/06/21 09:45:35 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/21 09:45:35 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/06/21 09:45:00 | 000,733,884 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/06/21 09:45:00 | 000,630,806 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/06/21 09:45:00 | 000,109,012 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/06/21 09:40:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/06/21 09:40:00 | 3193,544,704 | -HS- | M] () -- C:\hiberfil.sys [2012/06/21 09:21:11 | 000,189,952 | ---- | M] () -- C:\Users\Diane\0.6109149139324841.exe [2012/06/21 08:45:33 | 000,001,007 | ---- | M] () -- C:\Users\Diane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_47808157.lnk [2012/06/21 08:41:46 | 137,525,896 | ---- | M] () -- C:\Users\Diane\Desktop\setup_11.0.0.1245.x01_2012_06_19_21_12.exe [2012/06/20 12:46:27 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/06/20 12:02:44 | 004,563,504 | R--- | M] (Swearware) -- C:\Users\Diane\Desktop\ComboFix.exe [2012/06/19 16:35:19 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Diane\Desktop\dds.com [2012/06/19 16:06:16 | 000,033,096 | ---- | M] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2012/06/19 11:21:37 | 000,000,586 | ---- | M] () -- C:\Users\Diane\Desktop\Batchbc78f.iif [2012/06/14 03:27:11 | 000,431,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/06/05 11:56:22 | 000,000,338 | ---- | M] () -- C:\Users\Diane\Desktop\Batch3587b.iif [2012/05/29 13:39:10 | 000,082,618 | ---- | M] () -- C:\Users\Diane\Desktop\AllianceSphere.pdf [2012/05/29 13:36:13 | 003,833,856 | ---- | M] (Amyuni Technologies http://www.amyuni.com) -- C:\Windows\SysWow64\cdintf300.dll [2012/05/29 13:32:25 | 006,642,728 | ---- | M] () -- C:\Users\Diane\Desktop\PDF_Utility.exe [2012/05/29 13:23:26 | 000,000,090 | ---- | M] () -- C:\Windows\QBChanUtil_Trigger.ini [2012/05/29 12:22:54 | 001,635,059 | ---- | M] () -- C:\Users\Diane\Desktop\Amex May.pdf [2012/05/29 11:04:00 | 000,000,417 | ---- | M] () -- C:\Users\Diane\Desktop\Batch97ba2.iif [2012/05/22 12:46:02 | 005,571,836 | ---- | M] () -- C:\Users\Diane\Documents\Tag Fees.tif ========== Files Created - No Company Name ========== [2012/06/21 11:28:28 | 000,000,512 | ---- | C] () -- C:\Users\Diane\Desktop\MBR.dat [2012/06/21 09:21:11 | 000,189,952 | ---- | C] () -- C:\Users\Diane\0.6109149139324841.exe [2012/06/21 08:45:33 | 000,001,007 | ---- | C] () -- C:\Users\Diane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_47808157.lnk [2012/06/21 08:44:14 | 137,525,896 | ---- | C] () -- C:\Users\Diane\Desktop\setup_11.0.0.1245.x01_2012_06_19_21_12.exe [2012/06/20 12:09:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/06/20 12:09:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/06/20 12:09:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/06/20 12:09:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/06/20 12:09:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/06/19 15:21:35 | 000,033,096 | ---- | C] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2012/06/19 11:21:37 | 000,000,586 | ---- | C] () -- C:\Users\Diane\Desktop\Batchbc78f.iif [2012/06/05 11:56:21 | 000,000,338 | ---- | C] () -- C:\Users\Diane\Desktop\Batch3587b.iif [2012/05/29 13:39:09 | 000,082,618 | ---- | C] () -- C:\Users\Diane\Desktop\AllianceSphere.pdf [2012/05/29 13:32:11 | 006,642,728 | ---- | C] () -- C:\Users\Diane\Desktop\PDF_Utility.exe [2012/05/29 12:22:54 | 001,635,059 | ---- | C] () -- C:\Users\Diane\Desktop\Amex May.pdf [2012/05/29 11:04:00 | 000,000,417 | ---- | C] () -- C:\Users\Diane\Desktop\Batch97ba2.iif [2012/05/22 12:46:26 | 005,571,836 | ---- | C] () -- C:\Users\Diane\Documents\Tag Fees.tif [2012/05/15 11:38:03 | 000,007,632 | ---- | C] () -- C:\Users\Diane\AppData\Local\Resmon.ResmonCfg [2012/01/10 19:23:36 | 000,002,048 | -HS- | C] () -- C:\Users\Diane\AppData\Local\{947ef688-a38b-5d5b-9079-8be3981bb954}\@ [2010/09/21 10:44:48 | 000,749,796 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010/09/21 09:15:32 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini [2010/08/14 02:17:49 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2010/08/14 02:17:49 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2010/08/14 01:26:35 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2010/08/14 01:26:35 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2010/07/28 21:08:46 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2010/07/28 21:08:44 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2010/07/28 21:08:42 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin ========== LOP Check ========== [2010/09/21 11:04:37 | 000,000,000 | ---D | M] -- C:\Users\Diane\AppData\Roaming\Xerox [2009/07/14 01:08:49 | 000,017,660 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report >
  8. That took a while. Here's the log: Status: Deleted (events: 5) 6/21/2012 9:27:40 AM Deleted Trojan program HEUR:Trojan.Win32.Generic C:\_OTL\MovedFiles\06202012_104429\C_Users\Diane\AppData\Roaming\opops.dll High 6/21/2012 9:41:13 AM Deleted Trojan program Backdoor.Win64.ZAccess.bp C:\Users\Diane\AppData\Local\{947ef688-a38b-5d5b-9079-8be3981bb954}\n High 6/21/2012 9:41:13 AM Deleted Trojan program Backdoor.Win32.ZAccess.mbg c:\Users\Diane\AppData\Local\{947ef688-a38b-5d5b-9079-8be3981bb954}\U\00000001.@ High 6/21/2012 9:41:13 AM Deleted Trojan program Backdoor.Win64.ZAccess.bm c:\Users\Diane\AppData\Local\{947ef688-a38b-5d5b-9079-8be3981bb954}\U\80000000.@ High 6/21/2012 9:41:13 AM Deleted Trojan program Backdoor.Win64.ZAccess.bn c:\Users\Diane\AppData\Local\{947ef688-a38b-5d5b-9079-8be3981bb954}\U\800000cb.@ High Status: Disinfected (events: 7) 6/21/2012 9:33:18 AM Disinfected Trojan program Rootkit.Boot.SST.b \Device\Harddisk0\DR0 High 6/21/2012 9:49:29 AM Disinfected Trojan program Trojan-Spy.Win32.Zbot.csnm Outlook\dianel@strategic-alliances.com\Top of Outlook data file\Inbox\Art\[From:Art Canter][subject:FW: IRS Notification IRS: Penalty For The Failure To File Income Tax Returns ID: N57XC5FVBOSU5EQ6HV5IJ][Time:2011/12/12 12:19:25]/IRS-Penalty-Income-Tax-Warning-Notification-11824937492PWB4B.zip High 6/21/2012 9:49:29 AM Disinfected Trojan program Trojan-Spy.Win32.Zbot.csnm Outlook\dianel@strategic-alliances.com\Top of Outlook data file\Inbox\Art\[From:Art Canter][subject:FW: IRS Notification IRS: Penalty For The Failure To File Income Tax Returns ID: N57XC5FVBOSU5EQ6HV5IJ][Time:2011/12/12 12:19:25]/IRS-Penalty-Income-Tax-Warning-Notification-11824937492PWB4B.zip/IRS-Penalty-Income-Tax-Warning-Notification.exe High 6/21/2012 9:49:59 AM Disinfected Trojan program Backdoor.Win32.Bredolab.ude Outlook\dianel@strategic-alliances.com\Top of Outlook data file\Inbox\Art\[From:Art Canter][subject:FW: Deposit Posted][Time:2011/12/19 16:52:33]/USAA_Deposit_Details_122011_741400262.zip High 6/21/2012 9:49:59 AM Disinfected Trojan program Backdoor.Win32.Bredolab.ude Outlook\dianel@strategic-alliances.com\Top of Outlook data file\Inbox\Art\[From:Art Canter][subject:FW: Deposit Posted][Time:2011/12/19 16:52:33]/USAA_Deposit_Details_122011_741400262.zip/USAA_Deposit_Posted_Details_122012.exe High 6/21/2012 9:54:10 AM Disinfected Trojan program Trojan-Dropper.Win32.Injector.bsve Outlook\dianel@strategic-alliances.com\Top of Outlook data file\Inbox\Lori\[From:Lori Gold][subject:FW: ConEdison Billing Summary as of Jan 12][Time:2012/01/12 12:01:28]/Billing-Summary-ConEdison-4905927-Jan2012.zip High 6/21/2012 9:54:09 AM Disinfected Trojan program Trojan-Dropper.Win32.Injector.bsve Outlook\dianel@strategic-alliances.com\Top of Outlook data file\Inbox\Lori\[From:Lori Gold][subject:FW: ConEdison Billing Summary as of Jan 12][Time:2012/01/12 12:01:28]/Billing-Summary-ConEdison-4905927-Jan2012.zip/Your-Billing-Summary-Jan2012-ConEdison.exe High
  9. I noticed stack overflow messages so I'm not sure if the system is totally clean yet. I won't be in the office to check it again for another 14 hours or so, but I'll give an update once I am!
  10. Unfortunately, yes. That's all that was in the log.txt file. It looks like it didn't create a log file for post-scan, since the time stamp on this one is from 3:13, which is right around when I started the scan. Should I run it again?
  11. Didn't take that long, thankfully! Here's the data from the log.txt file (it found and cleaned 6 files, is this log incomplete?): ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK
  12. Well, that took a little while! MBAM found nothing on this run, seems like a step in the right direction. Here are the logs: Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.20.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Diane :: DIANE [administrator] 6/20/2012 11:59:27 AM mbam-log-2012-06-20 (11-59-27).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 204683 Time elapsed: 1 minute(s), 21 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ComboFix 12-06-20.01 - Diane 06/20/2012 12:16:05.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4061.2695 [GMT -4:00] Running from: c:\users\Diane\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . Infected copy of c:\windows\system32\Services.exe was found and disinfected Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe . . ((((((((((((((((((((((((( Files Created from 2012-05-20 to 2012-06-20 ))))))))))))))))))))))))))))))) . . 2012-06-20 16:43 . 2012-06-20 16:43 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-20 14:44 . 2012-06-20 14:44 -------- d-----w- C:\_OTL 2012-06-19 19:21 . 2012-06-19 20:06 33096 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2012-06-19 18:10 . 2012-06-19 18:10 -------- d-sh--w- c:\windows\system32\%APPDATA% 2012-06-19 18:00 . 2012-06-19 18:00 -------- d-----w- c:\programdata\B7E85889000153270000620DB4EB2331 2012-06-19 07:37 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B269F30A-E508-466C-9CBD-E007E1BD4CE5}\mpengine.dll 2012-06-18 07:37 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-06-13 11:12 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll 2012-06-13 11:12 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-06-13 11:12 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-13 11:12 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-13 11:12 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-06-13 11:12 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-06-13 11:12 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-06-12 15:02 . 2012-05-15 15:41 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-06-12 15:02 . 2012-05-15 15:41 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5D39944F-0174-4BE6-8D93-293959193E7A}\gapaengine.dll 2012-05-22 14:26 . 2012-05-22 14:49 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-05-22 14:26 . 2012-05-22 14:27 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-05-22 14:11 . 2012-05-22 14:11 -------- d-----w- c:\windows\system32\appmgmt . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-19 18:01 . 2012-04-10 15:19 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-19 18:01 . 2011-07-14 13:52 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-29 17:36 . 2010-12-14 15:59 3833856 ----a-w- c:\windows\SysWow64\cdintf300.dll 2012-05-21 13:23 . 2010-10-05 17:14 34688 ----a-w- c:\windows\system32\LMIport.dll 2012-05-21 13:23 . 2010-10-05 17:14 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2012-05-21 13:23 . 2010-10-05 17:14 80768 ----a-w- c:\windows\system32\LMIinit.dll 2012-05-15 16:06 . 2012-05-15 16:06 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-05-15 16:06 . 2010-08-14 03:34 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-05-04 18:33 . 2012-04-10 15:33 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-03-30 11:35 . 2012-05-09 10:12 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-10-19 1439496] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-2-4 1155432] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-19 257224] R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160] S2 BPowMon;Broadcom Power monitoring service;c:\program files\Broadcom\BPowMon\BPowMon.exe [2009-08-17 117568] S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-05-21 375176] S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-05-31 15928] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x] S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x] S3 XnetSrvc;XnetSrvc;c:\windows\system32\xnetsrvc.exe [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-06-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 18:01] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-12 8114720] "XeroxMercuryBackgroundTask"="c:\windows\system32\x856Mbgnd.exe" [2009-11-19 106752] "LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-05-31 57928] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.yahoo.com/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105 Trusted Zone: bankofamerica.com Trusted Zone: bankofamerica.com\cashproonline Trusted Zone: bankofamerica.com\cashproonlineca TCP: DhcpNameServer = 68.87.71.226 68.87.73.242 FF - ProfilePath - c:\users\Diane\AppData\Roaming\Mozilla\Firefox\Profiles\ttmjef0z.default\ FF - prefs.js: browser.search.selectedEngine - FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} . - - - - ORPHANS REMOVED - - - - . SafeBoot-MsMpSvc . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe . ************************************************************************** . Completion time: 2012-06-20 13:05:53 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-20 17:05 . Pre-Run: 253,074,104,320 bytes free Post-Run: 252,571,303,936 bytes free . - - End Of File - - 65E2544262F404B805209647A1C20EAE
  13. Done. Here is the log: All processes killed ========== OTL ========== Prefs.js: "Ask.com" removed from browser.search.order.1 Prefs.js: "Ask.com" removed from browser.search.selectedEngine 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_USERS\S-1-5-21-943651884-426696246-2160020666-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry value HKEY_USERS\S-1-5-21-943651884-426696246-2160020666-1001\Software\Microsoft\Windows\CurrentVersion\Run\\opops deleted successfully. C:\Users\Diane\AppData\Roaming\opops.dll moved successfully. C:\Users\Diane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum folder moved successfully. File C:\Users\Diane\AppData\Roaming\opops.dll not found. Folder C:\ProgramData\B7E85889000153270000620DB4EB2331\ not found. C:\Windows\Installer\{947ef688-a38b-5d5b-9079-8be3981bb954}\U\800000cb.@ moved successfully. C:\Windows\Installer\{947ef688-a38b-5d5b-9079-8be3981bb954}\U\80000000.@ moved successfully. C:\Windows\Installer\{947ef688-a38b-5d5b-9079-8be3981bb954}\U\00000001.@ moved successfully. C:\Windows\Installer\{947ef688-a38b-5d5b-9079-8be3981bb954}\@ moved successfully. C:\Users\Diane\AppData\Local\{947ef688-a38b-5d5b-9079-8be3981bb954}\@ moved successfully. ========== FILES ========== C:\Windows\Installer\{947ef688-a38b-5d5b-9079-8be3981bb954}\U folder moved successfully. C:\Windows\Installer\{947ef688-a38b-5d5b-9079-8be3981bb954}\L folder moved successfully. Folder move failed. C:\Windows\Installer\{947ef688-a38b-5d5b-9079-8be3981bb954} scheduled to be moved on reboot. C:\Users\Diane\AppData\Local\{947ef688-a38b-5d5b-9079-8be3981bb954}\U folder moved successfully. C:\Users\Diane\AppData\Local\{947ef688-a38b-5d5b-9079-8be3981bb954}\L folder moved successfully. C:\Users\Diane\AppData\Local\{947ef688-a38b-5d5b-9079-8be3981bb954} folder moved successfully. < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Diane\Desktop\cmd.bat deleted successfully. C:\Users\Diane\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56504 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Diane ->Temp folder emptied: 91735249 bytes ->Temporary Internet Files folder emptied: 42142822 bytes ->Java cache emptied: 143826 bytes ->Flash cache emptied: 75621 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 304619600 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 56968126 bytes RecycleBin emptied: 30729808 bytes Total Files Cleaned = 502.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.50.0 log created on 06202012_104429 Files\Folders moved on Reboot... C:\Windows\Installer\{947ef688-a38b-5d5b-9079-8be3981bb954}\U folder moved successfully. C:\Windows\Installer\{947ef688-a38b-5d5b-9079-8be3981bb954} folder moved successfully. C:\Users\Diane\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot...
  14. Here are the OTL and Extras logs: OTL logfile created on: 6/20/2012 10:11:23 AM - Run 1 OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Diane\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.97 Gb Total Physical Memory | 2.82 Gb Available Physical Memory | 71.17% Memory free 7.93 Gb Paging File | 6.64 Gb Available in Paging File | 83.80% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285.45 Gb Total Space | 235.82 Gb Free Space | 82.61% Space Free | Partition Type: NTFS Computer Name: DIANE | User Name: Diane | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/06/20 10:06:32 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Diane\Desktop\OTL.exe PRC - [2012/02/04 09:52:02 | 001,155,432 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe PRC - [2012/02/04 08:40:44 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2009/11/19 17:15:54 | 000,201,984 | ---- | M] () [On_Demand | Running] -- C:\Windows\SysNative\xnetsrvc.exe -- (XnetSrvc) SRV:64bit: - [2009/08/17 17:40:54 | 000,117,568 | ---- | M] (Broadcom Corp.) [Auto | Running] -- C:\Program Files\Broadcom\BPowMon\BPowMon.exe -- (BPowMon) SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009/03/31 18:01:34 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV - [2012/06/19 14:01:01 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/05/21 09:23:57 | 000,147,336 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint) SRV - [2012/05/21 09:23:37 | 000,375,176 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc) SRV - [2012/02/04 08:40:44 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService) SRV - [2010/12/08 10:41:47 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/06/19 16:06:16 | 000,033,096 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon) DRV:64bit: - [2012/05/21 09:23:37 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP) DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/04/13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 09:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2010/11/20 09:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 07:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2010/11/20 07:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010/05/31 11:31:10 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver) DRV:64bit: - [2010/05/31 11:30:44 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr) DRV:64bit: - [2009/08/21 16:50:48 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2010/05/31 11:31:10 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {C27266D7-DA1B-4B4B-BC98-A24B51456743} IE:64bit: - HKLM\..\SearchScopes\{C27266D7-DA1B-4B4B-BC98-A24B51456743}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A96AC96-50C9-4704-B685-51D6BBD14FE5} IE - HKLM\..\SearchScopes\{6A96AC96-50C9-4704-B685-51D6BBD14FE5}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-943651884-426696246-2160020666-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1 IE - HKU\S-1-5-21-943651884-426696246-2160020666-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKU\S-1-5-21-943651884-426696246-2160020666-1001\..\SearchScopes,DefaultScope = {65FDC139-AD4C-4F14-A475-D38B478ADAC0} IE - HKU\S-1-5-21-943651884-426696246-2160020666-1001\..\SearchScopes\{65FDC139-AD4C-4F14-A475-D38B478ADAC0}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKU\S-1-5-21-943651884-426696246-2160020666-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}:6.0.32 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/15 11:34:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/15 11:34:43 | 000,000,000 | ---D | M] [2010/09/21 10:19:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Diane\AppData\Roaming\Mozilla\Extensions [2010/09/21 10:19:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Diane\AppData\Roaming\Mozilla\Firefox\Profiles\ttmjef0z.default\extensions [2012/05/15 12:07:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/05/15 12:07:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-943651884-426696246-2160020666-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-943651884-426696246-2160020666-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [XeroxMercuryBackgroundTask] C:\Windows\SysNative\x856Mbgnd.exe () O4 - HKLM..\Run: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-943651884-426696246-2160020666-1001..\Run: [opops] C:\Users\Diane\AppData\Roaming\opops.dll (Duplex Secure Ltd.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-21-943651884-426696246-2160020666-1001\Software\Policies\Microsoft\Internet Explorer\Recovery present O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-943651884-426696246-2160020666-1001\..Trusted Domains: bankofamerica.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-943651884-426696246-2160020666-1001\..Trusted Domains: bankofamerica.com ([cashproonline] https in Trusted sites) O15 - HKU\S-1-5-21-943651884-426696246-2160020666-1001\..Trusted Domains: bankofamerica.com ([cashproonlineca] * in Trusted sites) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=928 (Performance Viewer Activex Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.226 68.87.73.242 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31120606-A45E-49C5-A557-DAEC54016CD2}: DhcpNameServer = 68.87.71.226 68.87.73.242 O18:64bit: - Protocol\Handler\intu-help-qb3 - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\qbwc - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/06/20 10:10:25 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Diane\Desktop\OTL.exe [2012/06/19 16:36:30 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Diane\Desktop\dds.com [2012/06/19 16:24:15 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Diane\Desktop\tdsskiller.exe [2012/06/19 14:10:16 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA% [2012/06/19 14:04:41 | 000,000,000 | ---D | C] -- C:\Users\Diane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum [2012/06/19 14:00:40 | 000,123,904 | -HS- | C] (Duplex Secure Ltd.) -- C:\Users\Diane\AppData\Roaming\opops.dll [2012/06/19 14:00:40 | 000,000,000 | ---D | C] -- C:\ProgramData\B7E85889000153270000620DB4EB2331 [2012/05/29 09:46:49 | 000,000,000 | ---D | C] -- C:\Users\Diane\Documents\HR [2012/05/22 10:26:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012/05/22 10:26:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012/05/22 10:26:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012/05/22 10:11:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt ========== Files - Modified Within 30 Days ========== [2012/06/20 10:14:13 | 000,733,884 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/06/20 10:14:13 | 000,630,806 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/06/20 10:14:13 | 000,109,012 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/06/20 10:08:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/06/20 10:08:26 | 3193,544,704 | -HS- | M] () -- C:\hiberfil.sys [2012/06/20 10:06:32 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Diane\Desktop\OTL.exe [2012/06/20 09:05:13 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/20 09:05:13 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/06/19 16:35:19 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Diane\Desktop\dds.com [2012/06/19 16:33:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/06/19 16:18:11 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Diane\Desktop\tdsskiller.exe [2012/06/19 16:06:16 | 000,033,096 | ---- | M] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2012/06/19 14:00:27 | 000,123,904 | -HS- | M] (Duplex Secure Ltd.) -- C:\Users\Diane\AppData\Roaming\opops.dll [2012/06/19 11:21:37 | 000,000,586 | ---- | M] () -- C:\Users\Diane\Desktop\Batchbc78f.iif [2012/06/14 03:27:11 | 000,431,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/06/05 11:56:22 | 000,000,338 | ---- | M] () -- C:\Users\Diane\Desktop\Batch3587b.iif [2012/05/29 13:39:10 | 000,082,618 | ---- | M] () -- C:\Users\Diane\Desktop\AllianceSphere.pdf [2012/05/29 13:36:13 | 003,833,856 | ---- | M] (Amyuni Technologies http://www.amyuni.com) -- C:\Windows\SysWow64\cdintf300.dll [2012/05/29 13:32:25 | 006,642,728 | ---- | M] () -- C:\Users\Diane\Desktop\PDF_Utility.exe [2012/05/29 13:23:26 | 000,000,090 | ---- | M] () -- C:\Windows\QBChanUtil_Trigger.ini [2012/05/29 12:22:54 | 001,635,059 | ---- | M] () -- C:\Users\Diane\Desktop\Amex May.pdf [2012/05/29 11:04:00 | 000,000,417 | ---- | M] () -- C:\Users\Diane\Desktop\Batch97ba2.iif [2012/05/22 12:46:02 | 005,571,836 | ---- | M] () -- C:\Users\Diane\Documents\Tag Fees.tif [2012/05/22 11:22:04 | 002,785,958 | ---- | M] () -- C:\Users\Diane\Documents\ASAP CC Authorization.tif [2012/05/22 10:50:01 | 000,001,290 | ---- | M] () -- C:\Users\Diane\Desktop\Spybot - Search & Destroy.lnk [2012/05/22 09:10:05 | 000,000,782 | ---- | M] () -- C:\Users\Diane\Desktop\Batchf51f4.iif [2012/05/21 14:28:18 | 002,785,958 | ---- | M] () -- C:\Users\Diane\Desktop\Molly Form.tif ========== Files Created - No Company Name ========== [2012/06/20 08:57:23 | 000,022,016 | ---- | C] () -- C:\Windows\Installer\{947ef688-a38b-5d5b-9079-8be3981bb954}\U\800000cb.@ [2012/06/19 15:21:35 | 000,033,096 | ---- | C] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2012/06/19 14:01:07 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{947ef688-a38b-5d5b-9079-8be3981bb954}\U\80000000.@ [2012/06/19 14:01:07 | 000,001,648 | ---- | C] () -- C:\Windows\Installer\{947ef688-a38b-5d5b-9079-8be3981bb954}\U\00000001.@ [2012/06/19 11:21:37 | 000,000,586 | ---- | C] () -- C:\Users\Diane\Desktop\Batchbc78f.iif [2012/06/05 11:56:21 | 000,000,338 | ---- | C] () -- C:\Users\Diane\Desktop\Batch3587b.iif [2012/05/29 13:39:09 | 000,082,618 | ---- | C] () -- C:\Users\Diane\Desktop\AllianceSphere.pdf [2012/05/29 13:32:11 | 006,642,728 | ---- | C] () -- C:\Users\Diane\Desktop\PDF_Utility.exe [2012/05/29 12:22:54 | 001,635,059 | ---- | C] () -- C:\Users\Diane\Desktop\Amex May.pdf [2012/05/29 11:04:00 | 000,000,417 | ---- | C] () -- C:\Users\Diane\Desktop\Batch97ba2.iif [2012/05/22 12:46:26 | 005,571,836 | ---- | C] () -- C:\Users\Diane\Documents\Tag Fees.tif [2012/05/22 11:22:25 | 002,785,958 | ---- | C] () -- C:\Users\Diane\Documents\ASAP CC Authorization.tif [2012/05/22 10:26:32 | 000,001,290 | ---- | C] () -- C:\Users\Diane\Desktop\Spybot - Search & Destroy.lnk [2012/05/22 09:10:04 | 000,000,782 | ---- | C] () -- C:\Users\Diane\Desktop\Batchf51f4.iif [2012/05/21 14:28:33 | 002,785,958 | ---- | C] () -- C:\Users\Diane\Desktop\Molly Form.tif [2012/05/15 11:38:03 | 000,007,632 | ---- | C] () -- C:\Users\Diane\AppData\Local\Resmon.ResmonCfg [2012/01/10 19:23:36 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{947ef688-a38b-5d5b-9079-8be3981bb954}\@ [2012/01/10 19:23:36 | 000,002,048 | -HS- | C] () -- C:\Users\Diane\AppData\Local\{947ef688-a38b-5d5b-9079-8be3981bb954}\@ [2010/09/21 10:44:48 | 000,749,796 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010/09/21 09:15:32 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini [2010/08/14 02:17:49 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2010/08/14 02:17:49 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2010/08/14 01:26:35 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2010/08/14 01:26:35 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2010/07/28 21:08:46 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2010/07/28 21:08:44 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2010/07/28 21:08:42 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin ========== LOP Check ========== [2010/09/21 11:04:37 | 000,000,000 | ---D | M] -- C:\Users\Diane\AppData\Roaming\Xerox [2009/07/14 01:08:49 | 000,016,656 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Extras logfile created on: 6/20/2012 10:11:23 AM - Run 1 OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Diane\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.97 Gb Total Physical Memory | 2.82 Gb Available Physical Memory | 71.17% Memory free 7.93 Gb Paging File | 6.64 Gb Available in Paging File | 83.80% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285.45 Gb Total Space | 235.82 Gb Free Space | 82.61% Space Free | Partition Type: NTFS Computer Name: DIANE | User Name: Diane | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 "AutoUpdateDisableNotify" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java 6 Update 20 (64-bit) "{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}" = Microsoft IntelliPoint 8.1 "{5DB87A63-9420-48CC-9F9A-B8801D38D6B5}" = Broadcom Management Programs "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{975DFE7C-8E56-45BC-A329-401E6B1F8102}" = Dell Backup and Recovery Manager "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client "{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}" = Broadcom Gigabit NetLink Controller "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1 "Microsoft Security Client" = Microsoft Security Essentials [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks "{0700E22B-A422-40A5-BD20-04BF618CA0F9}" = QuickBooks Pro 2010 "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java 6 Update 32 "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5D112C61-C8D0-4718-8DD7-B9115EB9AF90}" = LogMeIn "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4 "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Mozilla Firefox (3.6.23)" = Mozilla Firefox (3.6.23) "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "WinLiveSuite_Wave3" = Windows Live Essentials ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 6/12/2012 9:01:24 AM | Computer Name = DIANE | Source = QuickBooks | ID = 4 Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance Hand Error - 6/13/2012 12:30:34 AM | Computer Name = DIANE | Source = SideBySide | ID = 16842787 Description = Activation context generation failed for "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. Error - 6/13/2012 12:30:38 AM | Computer Name = DIANE | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "c:\program files (x86)\spybot - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid. Error - 6/14/2012 12:30:35 AM | Computer Name = DIANE | Source = SideBySide | ID = 16842787 Description = Activation context generation failed for "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. Error - 6/14/2012 12:30:38 AM | Computer Name = DIANE | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "c:\program files (x86)\spybot - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid. Error - 6/15/2012 12:30:30 AM | Computer Name = DIANE | Source = SideBySide | ID = 16842787 Description = Activation context generation failed for "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. Error - 6/15/2012 12:30:33 AM | Computer Name = DIANE | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "c:\program files (x86)\spybot - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid. Error - 6/16/2012 12:30:11 AM | Computer Name = DIANE | Source = SideBySide | ID = 16842787 Description = Activation context generation failed for "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. Error - 6/16/2012 12:30:12 AM | Computer Name = DIANE | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "c:\program files (x86)\spybot - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid. Error - 6/17/2012 12:30:12 AM | Computer Name = DIANE | Source = SideBySide | ID = 16842787 Description = Activation context generation failed for "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. [ System Events ] Error - 5/15/2012 11:56:45 AM | Computer Name = DIANE | Source = DCOM | ID = 10005 Description = Error - 5/15/2012 11:56:45 AM | Computer Name = DIANE | Source = Service Control Manager | ID = 7038 Description = The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: %%50 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error - 5/15/2012 11:56:45 AM | Computer Name = DIANE | Source = Service Control Manager | ID = 7000 Description = The UPnP Device Host service failed to start due to the following error: %%1069 Error - 5/15/2012 11:57:04 AM | Computer Name = DIANE | Source = Ntfs | ID = 262199 Description = The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume . Error - 5/15/2012 11:58:58 AM | Computer Name = DIANE | Source = Ntfs | ID = 262199 Description = The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume . Error - 5/15/2012 12:04:30 PM | Computer Name = DIANE | Source = Ntfs | ID = 262199 Description = The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume . Error - 5/22/2012 10:51:28 AM | Computer Name = DIANE | Source = Ntfs | ID = 262199 Description = The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume . Error - 5/22/2012 10:52:28 AM | Computer Name = DIANE | Source = Ntfs | ID = 262199 Description = The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume . Error - 5/22/2012 11:12:22 AM | Computer Name = DIANE | Source = Ntfs | ID = 262199 Description = The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume . Error - 5/23/2012 11:02:00 AM | Computer Name = DIANE | Source = Ntfs | ID = 262199 Description = The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume . < End of report >
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.